安全分析报告:
安全分数
安全分数 38/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
2
用户/设备跟踪器
调研结果
高危
4
中危
13
信息
2
安全
0
关注
5
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: n2/d2.java, line(s) 14 n2/u5.java, line(s) 9
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: n2/e5.java, line(s) 43,78
高危 WebView域控制不严格漏洞
WebView域控制不严格漏洞 Files: com/zhky/providentFund/ui/FileActivity.java, line(s) 139,138 com/zhky/providentFund/ui/H5Activity.java, line(s) 91,84 com/zhky/providentFund/ui/WelcomeH5Activity.java, line(s) 108,101 com/zhky/providentFund/ui/home/NewsLinkH5Activity.java, line(s) 156,149 r4/a.java, line(s) 69,46
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Activity设置了TaskAffinity属性
(com.zhky.providentFund.wxapi.WXEntryActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (com.zhky.providentFund.wxapi.WXEntryActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: n2/l2.java, line(s) 16 n2/y2.java, line(s) 8 q8/a.java, line(s) 3 q8/b.java, line(s) 3 r8/a.java, line(s) 3
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: a7/a.java, line(s) 12 com/wildma/pictureselector/a.java, line(s) 46,53 com/zhky/providentFund/ui/MyWebView.java, line(s) 254 com/zhky/providentFund/weight/capture/ToolsFile.java, line(s) 40 h2/e.java, line(s) 83 i4/j.java, line(s) 169 j5/b.java, line(s) 41,40 n2/l1.java, line(s) 46,43 n2/r0.java, line(s) 247,248 r4/i.java, line(s) 40 z6/h.java, line(s) 486 z6/k.java, line(s) 51 z6/p.java, line(s) 116
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/zhky/providentFund/weight/capture/ToolsFile.java, line(s) 40 jxl/write/biff/FileDataOutput.java, line(s) 16
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/zhky/providentFund/ui/login/LoginActivity.java, line(s) 919 i4/p.java, line(s) 153,171 n2/d1.java, line(s) 195 z6/p.java, line(s) 96
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/zhky/providentFund/ui/home/NoticeDetailsActivity.java, line(s) 7,169 n/p.java, line(s) 5,209 n2/f5.java, line(s) 4,149 n2/h5.java, line(s) 3,13 y5/x.java, line(s) 8,9,1220 z6/l.java, line(s) 4,5,28
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/zhky/providentFund/ui/home/NewsLinkH5Activity.java, line(s) 169,164
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/jg/ids/i/i.java, line(s) 145
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: b3/q.java, line(s) 88
中危 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 QImtleSI6IiVzIiwicGxhdGZvcm0iOiJhbmRyb2lkIiwiZGl1IjoiJXMiLCJhZGl1IjoiJXMiLCJwa2ciOiIlcyIsIm1vZGVsIjoiJXMiLCJhcHBuYW1lIjoiJXMiLCJhcHB2ZXJzaW9uIjoiJXMiLCJzeXN2ZXJzaW9uIjoiJXMi FB923EE67A8B4032DAA517DD8CD7A26FF7C25B0C3663F92A0B61251C4FFFA858DF169D61321C3E7919CB67DF8EFEC827 WYW5kcm9pZC5uZXQuY29ubi5DT05ORUNUSVZJVFlfQ0hBTkdF 234de1f76f587fb8db7e3b02800945b5 SWjJuYVh2eEMwSzVmNklFSmh0UXpVb2xtOVM4eU9Ua3E EYW5kcm9pZC5wZXJtaXNzaW9uLkFDQ0VTU19DT0FSU0VfTE9DQVRJT04= WY29tLnVvZGlzLm9wZW5kZXZpY2UuT1BFTklEU19TRVJWSUNF EYW5kcm9pZC5wZXJtaXNzaW9uLkFDQ0VTU19XSUZJX1NUQVRF C6K+35Zyo6auY5b635byA5pS+5bmz5Y+w5a6Y572R5LiK5Y+R6LW35oqA5pyv5ZKo6K+i5bel5Y2V4oCUPui0puWPt+S4jktleemXrumimO+8jOWSqOivoklOVkFMSURfVVNFUl9LRVnlpoLkvZXop6PlhrM= 53E53D46011A6BBAEA4FAE5442E659E0577CDD336F930C28635C322FB3F51C3C63F7FBAC9EAE448DFA2E5E5D716C4807 ADgAJQBdABEAbgAJAHcAFQCMAEEAzQBFARIAIQEzADkBbAA9AakAoQJKATEDewAJA4QADQORABFLWVc1a2NtOXBaQzV2Y3k1VFpYSjJhV05sVFdGdVlXZGxjZz09UVoyVjBVMlZ5ZG1salpRPT1JY0dodmJtVT1VYVhCb2IyNWxjM1ZpYVc1bWJ3PT1NWTI5dExtRnVaSEp2YVdRdWFXNTBaWEp1WVd3dWRHVnNaWEJvYjI1NUxrbFVaV3hsY0dodmJua2tVM1IxWWc9PVFZMjl0TG1GdVpISnZhV1F1YVc1MFpYSnVZV3d1ZEdWc1pYQm9iMjU1TGtsUWFHOXVaVk4xWWtsdVptOGtVM1IxWWc9PUdWRkpCVGxOQlExUkpUMDVmWjJWMFJHVjJhV05sU1dRPUVZMjl0TG1GdVpISnZhV1F1YVc1MFpYSnVZV3d1ZEdWc1pYQm9iMjU1TGtsVVpXeGxjR2h2Ym5rPUlZMjl0TG1GdVpISnZhV1F1YVc1MFpYSnVZV3d1ZEdWc1pYQm9iMjU1TGtsUWFHOXVaVk4xWWtsdVptOD1FSW10bGVTSTZJaVZ6SWl3aWNHeGhkR1p2Y20waU9pSmhibVJ5YjJsa0lpd2laR2wxSWpvaUpYTWlMQ0p3YTJjaU9pSWxjeUlzSW0xdlpHVnNJam9pSlhNaUxDSmhjSEJ1WVcxbElqb2lKWE1pTENKaGNIQjJaWEp6YVc5dUlqb2lKWE1pTENKemVYTjJaWEp6YVc5dUlqb2lKWE1pTEE9PVNJbXRsZVNJNklpVnpJaXdpY0d4aGRHWnZjbTBpT2lKaGJtUnliMmxrSWl3aVpHbDFJam9pSlhNaUxDSnRZV01pT2lJbGN5SXNJblJwWkNJNklpVnpJaXdpZFcxcFpIUWlPaUlsY3lJc0ltMWhiblZtWVdOMGRYSmxJam9pSlhNaUxDSmtaWFpwWTJVaU9pSWxjeUlzSW5OcGJTSTZJaVZ6SWl3aWNHdG5Jam9pSlhNaUxDSnRiMlJsYkNJNklpVnpJaXdpWVhCd2RtVnljMmx2YmlJNklpVnpJaXdpWVhCd2JtRnRaU0k2SWlWeklpd2liMkZwWkNJNklpVnpJaXdpWVdScGRTSTZJaVZ6SWl3aWIzTmZkbVZ5SWpvaUpYTWlMQ0poWVdsa0lqb2lKWE1pSVlXbGtQUT09TWZITmxjbWxoYkQwPVFZVzVrY205cFpGOXBaQT09 IaHR0cDovL2xvZ3MuYW1hcC5jb20vd3MvbG9nL3VwbG9hZD9wcm9kdWN0PSVzJnR5cGU9JXMmcGxhdGZvcm09JXMmY2hhbm5lbD0lcyZzaWduPSVz EYWN0aW9uLmNvbS5oZXl0YXAub3BlbmlkLk9QRU5fSURfU0VSVklDRQ WYW5kcm9pZC5wZXJtaXNzaW9uLlJFQURfUEhPTkVfU1RBVEU= 668319f11506def6208d6afe320dfd52 D2FF99A88BEB04683D89470D4FA72B1749DA456AB0D0F1A476477CE5A6874F53A9106423D905F9D808C0FCE8E7F1E04AC642F01FE41D0C7D933971F45CBA72B7 WYW5kcm9pZC5wZXJtaXNzaW9uLldSSVRFX1NFVFRJTkdT SY29tLmhleXRhcC5vcGVuaWQuSWRlbnRpZnlTZXJ2aWNl 9a571aa113ad987d626c0457828962e6 QY29tLnNhbXN1bmcuYW5kcm9pZC5kZXZpY2VpZHNlcnZpY2UuRGV2aWNlSWRTZXJ2aWNl EYW5kcm9pZC5wZXJtaXNzaW9uLkFDQ0VTU19GSU5FX0xPQ0FUSU9O EYW5kcm9pZC5wZXJtaXNzaW9uLldSSVRFX0VYVEVSTkFMX1NUT1JBR0U= WYW5kcm9pZC5wZXJtaXNzaW9uLkNIQU5HRV9XSUZJX1NUQVRF WY29tLmFuZHJvaWQuaWQuaW1wbC5JZFByb3ZpZGVySW1wbA EYW5kcm9pZC5wZXJtaXNzaW9uLldSSVRFX1NFQ1VSRV9TRVRUSU5HUw== EYW5kcm9pZC5wZXJtaXNzaW9uLlJFQURfUEhPTkVfU1RBVEU= QY29udGVudDovL2NvbS52aXZvLnZtcy5JZFByb3ZpZGVyL0lkZW50aWZpZXJJZC9PQUlE fe643c382e5c3b3962141f1a2e815a78 AYW5kcm9pZC5wZXJtaXNzaW9uLkFDQ0VTU19ORVRXT1JLX1NUQVRF SYW5kcm9pZC5vcy5zdG9yYWdlLlN0b3JhZ2VWb2x1bWU EYW5kcm9pZC5wZXJtaXNzaW9uLlJFQURfRVhURVJOQUxfU1RPUkFHRQ== 6ac9403db386283ef864c164683a6980 WYW5kcm9pZC5wZXJtaXNzaW9uLkFDQ0VTU19MT0NBVElPTl9FWFRSQV9DT01NQU5EUw==
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a0/c.java, line(s) 17 a3/a.java, line(s) 94,93 a4/i.java, line(s) 149 a6/b.java, line(s) 360,87,367 a6/c.java, line(s) 34 a6/h.java, line(s) 260,345 a6/l.java, line(s) 75 b1/e.java, line(s) 29,33,37 b1/k.java, line(s) 23 b3/a0.java, line(s) 39,40 b3/j.java, line(s) 589,161,263,588,418 b3/k.java, line(s) 133,134 b3/m.java, line(s) 18,157 b3/r.java, line(s) 160 c/a.java, line(s) 55 c3/g.java, line(s) 157,193,161,198 c3/h.java, line(s) 50,54,65,163,207,49,53,64,95,103,128,158,175,194,206,96,104,148,180,195 c6/e.java, line(s) 88,130,153,221,263,286,353,395,418,483,525,548 cc/shinichi/library/view/ImagePreviewActivity.java, line(s) 278 cc/shinichi/library/view/subsampling/SubsamplingScaleImageView.java, line(s) 1001,272,276,409,413,496,634,643,672,677,1717 cc/shinichi/library/view/subsampling/decoder/SkiaPooledImageRegionDecoder.java, line(s) 151 com/ctc/wstx/sw/EncodingXmlWriter.java, line(s) 603,674 com/download/library/NotificationCancelReceiver.java, line(s) 23 com/github/ihsg/patternlocker/PatternLockerView.java, line(s) 105 com/just/agentweb/AgentWebView.java, line(s) 42,126 com/shockwave/pdfium/PdfiumCore.java, line(s) 30,196,200 com/zhky/baseui/activity/BaseActivity.java, line(s) 564,436,746,900 com/zhky/providentFund/api/FrameInvokeServiceClient.java, line(s) 52,54,69,109,111,126,156,158,162,224,226,230,66,123,188,202,260,274,287,288 com/zhky/providentFund/impl/core/DetectionUtils.java, line(s) 40,43 com/zhky/providentFund/ui/FileActivity.java, line(s) 59 com/zhky/providentFund/ui/MainActivity.java, line(s) 415,418 com/zhky/providentFund/ui/MyWebView.java, line(s) 70,96,104,111,144,154,238 com/zhky/providentFund/ui/WelcomeH5Activity.java, line(s) 84 com/zhky/providentFund/ui/face/FaceActivity.java, line(s) 110,112,132,140,48 com/zhky/providentFund/ui/face/FaceView22Activity.java, line(s) 349,351,83,94,208,272 com/zhky/providentFund/ui/face/FaceViewActivity.java, line(s) 82,93,252,316 com/zhky/providentFund/ui/face/FaceViewHeadActivity.java, line(s) 242,244,147,208,219 com/zhky/providentFund/ui/home/NewsLinkH5Activity.java, line(s) 97 com/zhky/providentFund/ui/home/NoticeDetailsActivity.java, line(s) 135 com/zhky/providentFund/ui/loan/MyPDFActivity.java, line(s) 55 com/zhky/providentFund/ui/login/LoginActivity.java, line(s) 930 com/zhky/providentFund/ui/working/WorkingHkjhcxActivity.java, line(s) 136 com/zhky/providentFund/ui/working/deduct/LoanDeductStep2Activity.java, line(s) 400,481 com/zhky/providentFund/ui/working/lhjy/LhjykhActivity.java, line(s) 850,1095 com/zhky/providentFund/ui/working/order/WorkingOrderActivity.java, line(s) 304,388,472,556,640 com/zhky/providentFund/ui/workingorg/bgqc/OrgBgqcActivity.java, line(s) 525,527,242,321 com/zhky/providentFund/ui/workingorg/bgqc/OrgBgqcDwhjActivity.java, line(s) 625,668 com/zhky/providentFund/ui/workingorg/bgqc/OrgBgqcJstzActivity.java, line(s) 307 com/zhky/providentFund/ui/workingorg/bgqc/OrgBgqcMoreActivity.java, line(s) 190,267 com/zhky/providentFund/ui/workingorg/bgqc/OrgBgqcQueryActivity.java, line(s) 271,350 com/zhky/providentFund/ui/workingorg/bjqc/OrgBjqcActivity.java, line(s) 699,701,809,855 com/zhky/providentFund/ui/workingorg/dwxh/OrgDwxhActivity.java, line(s) 376 com/zhky/providentFund/ui/workingorg/dwyw/OrgDwywTab1Activity.java, line(s) 457,521,586 com/zhky/providentFund/ui/workingorg/dwyw/OrgDwywTab2Activity.java, line(s) 431,528 com/zhky/providentFund/ui/workingorg/dwyw/OrgDwywTab3Activity.java, line(s) 247 com/zhky/providentFund/ui/workingorg/gryw/OrgGrywActivity.java, line(s) 482,603,726,929,1135,1845 com/zhky/providentFund/ui/workingorg/jbxx/OrgJbxxDwActivity.java, line(s) 317,577 com/zhky/providentFund/ui/workingorg/jbxx/OrgJbxxGrActivity.java, line(s) 574 com/zhky/providentFund/ui/workingorg/jbxx/OrgJbxxGrQuery2Activity.java, line(s) 191,362 com/zhky/providentFund/ui/workingorg/jbxx/OrgJbxxGrQueryActivity.java, line(s) 410 com/zhky/providentFund/ui/workingorg/ndjxd/OrgNdjxdDwActivity.java, line(s) 153 com/zhky/providentFund/ui/workingorg/ndjxd/OrgNdjxdGrActivity.java, line(s) 149 com/zhky/providentFund/ui/workingorg/wtyw/OrgWtywActivity.java, line(s) 742,806,868,933,994,1054,1116,1182,2040 com/zhky/providentFund/weight/CalendarView.java, line(s) 269 com/zhky/providentFund/weight/ShadowLayout.java, line(s) 90 com/zhky/providentFund/weight/capture/CameraPreview.java, line(s) 55,70,142,186,244 com/zhky/providentFund/weight/capture/CircleCameraLayout.java, line(s) 82 com/zhky/providentFund/weight/capture/FaceHelper.java, line(s) 18,21,42,59,80,36,52,57,64,65,68 com/zhky/providentFund/weight/capture/ToolsFile.java, line(s) 135 com/zhky/providentFund/wxapi/WXEntryActivity.java, line(s) 47 com/zp/z_file/ui/ZFileQWActivity.java, line(s) 300 com/zp/z_file/ui/ZFileVideoPlayer.java, line(s) 57,104,261,70,199,272,298 d3/e.java, line(s) 28,38,68,101,29,69,41,102 d3/j.java, line(s) 85,70 d7/a.java, line(s) 33 d7/f.java, line(s) 34 e0/l.java, line(s) 187,222 e3/a.java, line(s) 47,46 f1/b.java, line(s) 50 f1/c0.java, line(s) 1104,1045,1103,437 f1/e0.java, line(s) 20,31 f1/i0.java, line(s) 133,154,592,604,611,620,45,122 f1/m.java, line(s) 30,43,93,154,210,228,251 f3/c.java, line(s) 39,38 f3/e.java, line(s) 98,97 f3/s.java, line(s) 95,96 g/f.java, line(s) 145,183,197,205,334 g7/d.java, line(s) 37 g7/g.java, line(s) 67,85 h1/d.java, line(s) 28 h2/d.java, line(s) 364,376,390,399 h3/a.java, line(s) 71,82 i3/b.java, line(s) 13,23 i3/h.java, line(s) 20,26,23,27 i3/i.java, line(s) 153,161,238,248,262,272,298,316,324,329,338,341,346,353,150,158,237,247,259,271,297,315,319,328,337,340,345,352 i3/l.java, line(s) 27,31,28,32 i3/p.java, line(s) 59,65,71,77,83,90,96,115,124,60,66,72,78,84,91,97,125,116 i3/v.java, line(s) 79,88,95,80,89,96,97,98,102 i4/f.java, line(s) 90,146,208 i4/g.java, line(s) 61,76,324 i4/j.java, line(s) 180,297,357,287,346,425,431,695,714,720 j1/c.java, line(s) 397 j4/c.java, line(s) 70 j4/e.java, line(s) 92 j7/a.java, line(s) 102,118 jxl/common/log/SimpleLogger.java, line(s) 11,12,17,18,37,38,46,47 k1/b.java, line(s) 29,52 k1/c.java, line(s) 70 k5/a.java, line(s) 89 k7/o.java, line(s) 103 l7/c.java, line(s) 95,164 m0/d.java, line(s) 230 m3/a.java, line(s) 59,166,173,180,67,169,176,183 m3/g.java, line(s) 47,48 m7/e.java, line(s) 147,449,736,925,131,237 m7/f.java, line(s) 25,17 m7/g.java, line(s) 58,52 m7/h.java, line(s) 46 m7/n.java, line(s) 52,58 m7/x.java, line(s) 33 m7/z.java, line(s) 30 n2/a6.java, line(s) 52 n2/b1.java, line(s) 106,107,108,114,115,116,125,126,127,133,134,135,144,145,146,152,153,154,409,417 n2/b6.java, line(s) 52 n2/c.java, line(s) 82 n2/f6.java, line(s) 28 n2/i.java, line(s) 58,78 n2/j.java, line(s) 33 o1/a.java, line(s) 294,736,824,904,988,1063,1115,1135,1148,1180,1197,1266,1308,1318,1327,1333,1373,1393,1399,90,758,769,868,877,1056 o2/a.java, line(s) 92,97,116 o3/d.java, line(s) 41,38,70,91,71,92 o3/k.java, line(s) 220,221,228 o3/n.java, line(s) 71,78,72,79 o7/c.java, line(s) 281 o7/g.java, line(s) 165 org/greenrobot/eventbus/Logger.java, line(s) 30,35 org/greenrobot/eventbus/util/ErrorDialogConfig.java, line(s) 43 org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 151 org/greenrobot/eventbus/util/ExceptionToResourceMapping.java, line(s) 30 p7/c.java, line(s) 46 q0/a.java, line(s) 101,107 q0/c.java, line(s) 72,74 q0/d.java, line(s) 116,118 q0/e.java, line(s) 152,154 r0/e.java, line(s) 176 r0/f.java, line(s) 426,107,248 r0/g.java, line(s) 28,102 r0/h.java, line(s) 144,149 r0/j.java, line(s) 174 r0/k.java, line(s) 141,249,252,253,258,262,284,297 r0/l.java, line(s) 183,193 r0/n.java, line(s) 787,2049 r3/h.java, line(s) 395,22,369 s0/a.java, line(s) 184,187,188,193,197 s0/b.java, line(s) 205,105,253 s0/d.java, line(s) 84 s1/a.java, line(s) 35 s3/g.java, line(s) 45,91,92,46 t/c.java, line(s) 138,155,327,361,326 t/n0.java, line(s) 12,19,26,33,40,49,59,66 t4/a.java, line(s) 111,50,122,60,76,77,115,107,117 u0/d.java, line(s) 31 u0/f.java, line(s) 31 u2/a.java, line(s) 298 u8/h.java, line(s) 203,211,232,319,240,322 v2/d.java, line(s) 175,202,172,201 v2/e.java, line(s) 97,117,134,96,116,133 w/l.java, line(s) 329,605,321,742,757,779,743 w2/a.java, line(s) 80,79 w3/a.java, line(s) 36,39 x/e.java, line(s) 208,215,319,325,337,830,221,512,1088,959,1089 x0/i.java, line(s) 30 x5/r.java, line(s) 61,64,77,88,107,110,148,151,164,175,194,197,235,238,251,262,281,284,322,325,338,349,368,371 y0/f.java, line(s) 97,102 y0/g.java, line(s) 35 y0/h.java, line(s) 55 y0/i.java, line(s) 42 y0/j.java, line(s) 57,224 y0/n.java, line(s) 79 y2/g.java, line(s) 67,110,146,159,176,277,64,109,145,154,171 y2/h.java, line(s) 319,278,318,346,373,300,359,398 y5/r0.java, line(s) 40 y5/w.java, line(s) 118 y5/x.java, line(s) 162,1050,1054 z0/a.java, line(s) 54,63,80,90 z0/e.java, line(s) 40,63 z5/c.java, line(s) 22 z6/a.java, line(s) 33 z6/f.java, line(s) 81,95,109,119,130
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: k5/a.java, line(s) 4,417,418 u8/h.java, line(s) 5,612,623
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (cgicol.amap.com) 通信。
{'ip': '121.40.224.79', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '台州', 'latitude': '32.492168', 'longitude': '119.910767'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ai.faqrobot.com) 通信。
{'ip': '121.40.224.79', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (adiu.amap.com) 通信。
{'ip': '121.40.224.79', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (da.gjj.guiyang.gov.cn) 通信。
{'ip': '183.61.189.171', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '东莞', 'latitude': '23.048780', 'longitude': '113.745003'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.shumaidata.com) 通信。
{'ip': '121.40.224.79', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}