页面标题
页面副标题
移动应用安全检测报告
MacroDroid v5.54.7
47
安全评分
安全基线评分
47/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
12
高危
126
中危
6
信息
3
安全
隐私风险评估
6
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
12
中危安全漏洞
126
安全提示信息
6
已通过安全项
3
重点安全关注
0
高危安全漏洞 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危安全漏洞 基本配置配置为信任用户安装的证书。
Scope: *
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.arlosoft.macrodroid.templatestore.ui.search.TemplateSearchActivity][android:host=http://www.macrodroid.com] App Link 资产验证 URL(http://www.macrodroid.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:301)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.arlosoft.macrodroid.templatestore.ui.search.TemplateSearchActivity][android:host=https://www.macrodroid.com] App Link 资产验证 URL(https://www.macrodroid.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:301)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.arlosoft.macrodroid.templatestore.ui.search.TemplateSearchActivity][android:host=http://macrodroid.com] App Link 资产验证 URL(http://macrodroid.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:301)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.arlosoft.macrodroid.templatestore.ui.search.TemplateSearchActivity][android:host=https://macrodroid.com] App Link 资产验证 URL(https://macrodroid.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:301)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/arlosoft/macrodroid/utils/encryption/ExtrasEncryption.java, line(s) 51,83 com/github/javiersantos/licensing/AESObfuscator.java, line(s) 25,29 dev/skomlach/biometric/compat/crypto/CryptographyManagerInterfaceMarshmallowImpl.java, line(s) 40 dev/skomlach/biometric/compat/utils/hardware/BiometricPromptHardware.java, line(s) 67
高危安全漏洞 使用弱加密算法
使用弱加密算法 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/arlosoft/macrodroid/common/SimpleEncryption.java, line(s) 23,30 com/sun/mail/auth/Ntlm.java, line(s) 168
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/arlosoft/macrodroid/HelpActivity.java, line(s) 40,5 com/arlosoft/macrodroid/action/activities/HtmlPreviewActivity.java, line(s) 72,8
高危安全漏洞 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: com/arlosoft/macrodroid/utils/encryption/Encryptor.java, line(s) 44,68
高危安全漏洞 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: xyz/kumaraswamy/autostart/BuildConfig.java, line(s) 3,5
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个6隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 基本配置配置为信任系统证书。
Scope: *
中危安全漏洞 Activity (com.arlosoft.macrodroid.LauncherActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.bubble.BubbleActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.transparentdialog.TransparentDialogActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.PasswordPromptActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.ShortcutDispatchActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.arlosoft.macrodroid.ShortcutDispatchActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.quicksettings.QuickSettingsLongPressActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.arlosoft.macrodroid.quicksettings.QuickSettingsLongPressActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.googleassistant.GoogleAssistantDispatchActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.arlosoft.macrodroid.googleassistant.GoogleAssistantDispatchActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.arlosoft.macrodroid.extras.stopclub.StopClubActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.arlosoft.macrodroid.homescreen.quickrun.QuickRunMacroDialogActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.templatestore.ui.comments.TemplateCommentsActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.templatestore.reportmacro.ReportMacroActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.arlosoft.macrodroid.templatestore.ui.search.TemplateSearchActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.arlosoft.macrodroid.homescreen.quickrun.QuickRunAddMacrosActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.arlosoft.macrodroid.filehandler.FileHandlerProxy) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.arlosoft.macrodroid.editscreen.EditMacroActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.arlosoft.macrodroid.editscreen.favourites.ConfigureFavouritesActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.arlosoft.macrodroid.actionblock.edit.ActionBlockEditActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.arlosoft.macrodroid.triggers.activities.ScanTagActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.TakePictureActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.OcrPictureActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.TorchActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.scene.display.SceneDisplayActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.scene.display.SceneDialogActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.UpdateBrightnessActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.SetVolumeActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.AcceptCallActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.arlosoft.macrodroid.triggers.activities.NFCTriggeredActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.SelectModeActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.SelectForceRunMacroActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.MessageDialogActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.triggers.activities.NotificationButtonNotAssignedActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.VariableValuePrompt) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.ConfirmDialogActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.IfThenConfirmDialogActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.OptionDialogActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.SelectionDialogActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.DummyActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.SetKeyboardPieActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.VoiceInputActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.drawer.ui.DrawerOptionsActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.drawer.ui.DrawerUpdateVariableActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.ScreenOnActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.AuthenticateUserActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.clipboard.ClipboardReadActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.PopUpActionActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.utils.CategoryPasswordPromptActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.DisableMacroDroidPasswordPromptActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.triggers.activities.MediaButtonLongPressActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.arlosoft.macrodroid.triggers.activities.MediaButtonLongPressActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.utils.AccessibilityInfoActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.arlosoft.macrodroid.triggers.activities.ShareTextTriggerActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidOnOffTileService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService1) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService2) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService3) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService4) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService5) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService6) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService7) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService8) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService9) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService10) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService11) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService12) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService13) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService14) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService15) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.quicksettings.MacroDroidTileService16) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_QUICK_SETTINGS_TILE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.MacroDroidAccessibilityServiceJellyBean) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_ACCESSIBILITY_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.action.services.UIInteractionAccessibilityService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_ACCESSIBILITY_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.DataLayerListenerService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.NotificationService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_NOTIFICATION_LISTENER_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.triggers.services.NotificationServiceOreo) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_NOTIFICATION_LISTENER_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.voiceservice.MacroDroidVoiceService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_VOICE_INTERACTION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.voiceservice.MacroDroidVoiceSessionService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_VOICE_INTERACTION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.powermenu.PowerMenuService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_CONTROLS [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.arlosoft.macrodroid.voiceservice.RecognitionServiceTrampoline) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.arlosoft.macrodroid.triggers.receivers.widget.MacroDroidWidgetConfigureActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.arlosoft.macrodroid.action.activities.PendingIntentActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.widget.WidgetProviderCustom) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.widget.WidgetProviderGreen) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.widget.WidgetProviderBlue) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.widget.WidgetProviderRed) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.widget.WidgetProviderYellow) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.widget.WidgetProviderBar) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.arlosoft.macrodroid.ShortcutActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.StartupReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.variables.SetVariableReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.PackageReplacedReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.macro.ContinuePausedActionsHandler) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.action.receivers.AndroidWearActionReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.ShortcutTriggerReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.action.receivers.LocaleTaskerSettingCompleteReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.SleepReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.helper.receiver.HelperResultsReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.triggers.receivers.MacroDroidDeviceAdminReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_DEVICE_ADMIN [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.logging.helper.HelperLogMessageBroadcaseReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.arlosoft.macrodroid.app.EnableMacroDroidReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (rikka.shizuku.ShizukuProvider) 受权限保护,但应检查权限保护级别。
Permission: android.permission.INTERACT_ACROSS_USERS_FULL [android:exported=true] 检测到 Content Provider 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (dev.skomlach.biometric.compat.utils.DeviceUnlockedReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.nearby.exposurenotification.WakeUpService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.nearby.exposurenotification.EXPOSURE_CALLBACK [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.GenericIdpActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.RecaptchaActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 高优先级 Intent(2147483647) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: bsh/engine/BshScriptEngine.java, line(s) 33 com/amazonaws/auth/policy/conditions/ConditionFactory.java, line(s) 8,9,10,11,12,13,14 com/amazonaws/internal/keyvaluestore/AWSKeyValueStore.java, line(s) 244,241 com/arlosoft/macrodroid/action/CustomEntry.java, line(s) 161 com/arlosoft/macrodroid/action/HttpRequestConfig.java, line(s) 718 com/arlosoft/macrodroid/action/SetWallpaperAction.java, line(s) 83 com/arlosoft/macrodroid/action/activities/SelectionDialogActivity.java, line(s) 124 com/arlosoft/macrodroid/categories/Category.java, line(s) 18 com/arlosoft/macrodroid/common/SystemSettingOption.java, line(s) 98 com/arlosoft/macrodroid/data/HomeScreenTileConfig.java, line(s) 23 com/arlosoft/macrodroid/data/SmtpServerConfig.java, line(s) 182 com/arlosoft/macrodroid/data/UserSubscription.java, line(s) 75 com/arlosoft/macrodroid/database/room/BlockedUser.java, line(s) 80 com/arlosoft/macrodroid/database/room/SubscriptionUpdateItem.java, line(s) 165 com/arlosoft/macrodroid/database/room/UserSubscription.java, line(s) 98 com/arlosoft/macrodroid/emailservice/EmailServiceKt.java, line(s) 16,10,13 com/arlosoft/macrodroid/geofences/GeofenceInfo.java, line(s) 30 com/arlosoft/macrodroid/helper/HelperCommandsKt.java, line(s) 70 com/arlosoft/macrodroid/magictext/data/MagicTextConstants.java, line(s) 543 com/arlosoft/macrodroid/plugins/data/PluginDetail.java, line(s) 309 com/arlosoft/macrodroid/quicksettings/QuickSettingsData.java, line(s) 25,28 com/arlosoft/macrodroid/scene/components/SceneEditTextConfig.java, line(s) 217 com/arlosoft/macrodroid/settings/Settings.java, line(s) 87,88 com/arlosoft/macrodroid/templatestore/model/Comment.java, line(s) 186 com/arlosoft/macrodroid/templatestore/model/MacroTemplate.java, line(s) 359 com/arlosoft/macrodroid/templatestore/model/User.java, line(s) 192 com/arlosoft/macrodroid/translations/api/LocaliseApi.java, line(s) 14,23 com/arlosoft/macrodroid/translations/api/MacroDroidTranslationsApi.java, line(s) 15,24 com/arlosoft/macrodroid/translations/api/OneSkyAppApi.java, line(s) 16,25 com/arlosoft/macrodroid/triggers/BluetoothBeaconTrigger.java, line(s) 78 com/arlosoft/macrodroid/triggers/services/SignalOnOffTriggerServiceKt.java, line(s) 10 com/arlosoft/macrodroid/variables/VariableValue.java, line(s) 1246 com/firebase/ui/auth/IdpResponse.java, line(s) 271 com/firebase/ui/auth/data/remote/GenericIdpSignInHandler.java, line(s) 204 com/giphy/sdk/core/network/api/GPHApiClient.java, line(s) 47 com/giphy/sdk/ui/views/GiphyDialogFragment.java, line(s) 51,54 com/giphy/sdk/ui/views/dialogview/GiphyDialogView.java, line(s) 45,51 com/twofortyfouram/locale/sdk/host/TaskerPlugin.java, line(s) 42 dev/skomlach/biometric/compat/engine/internal/face/lava/FaceVerifyManager.java, line(s) 31 dev/skomlach/biometric/compat/impl/credentials/CredentialsRequestFragment.java, line(s) 31 dev/skomlach/biometric/compat/impl/dialogs/UntrustedAccessibilityFragment.java, line(s) 38 dev/skomlach/biometric/compat/utils/LockType.java, line(s) 35,32 dev/skomlach/biometric/compat/utils/appstate/HomeWatcher.java, line(s) 42,33 io/grpc/internal/TransportFrameUtil.java, line(s) 82 net/dinglisch/android/tasker/TaskerPlugin.java, line(s) 39 org/jsoup/nodes/DocumentType.java, line(s) 9,10 org/osmdroid/tileprovider/modules/DatabaseFileArchive.java, line(s) 55,17
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/afollestad/materialdialogs/folderselector/FileChooserDialog.java, line(s) 226,264 com/afollestad/materialdialogs/folderselector/FolderChooserDialog.java, line(s) 230,260 com/arlosoft/macrodroid/action/RecordMicrophoneAction.java, line(s) 148 com/arlosoft/macrodroid/action/TakePictureAction.java, line(s) 92 com/arlosoft/macrodroid/action/TakeScreenshotAction.java, line(s) 153,190 com/arlosoft/macrodroid/action/activities/TakePictureActivity.java, line(s) 139 com/arlosoft/macrodroid/app/MacroDroidApplication.java, line(s) 657 com/arlosoft/macrodroid/autobackup/ui/local/AutoBackupLocalPresenter.java, line(s) 262,382,460 com/arlosoft/macrodroid/autobackup/worker/AutoBackupWorker.java, line(s) 153 com/arlosoft/macrodroid/common/EventLogging.java, line(s) 42 com/arlosoft/macrodroid/common/PebbleHelper.java, line(s) 63 com/arlosoft/macrodroid/magictext/MagicTextMemoryHelper.java, line(s) 29,81,97,141,157 com/arlosoft/macrodroid/magictext/MagicTextOptions.java, line(s) 505,506,647,648 com/arlosoft/macrodroid/settings/PreferencesFragment.java, line(s) 396,421,425 com/arlosoft/macrodroid/settings/Settings.java, line(s) 798 com/arlosoft/macrodroid/templatestore/ui/profile/ProfileActivity.java, line(s) 640 com/arlosoft/macrodroid/triggers/activities/selecticon/IconSelectFragment.java, line(s) 174,170 com/arlosoft/macrodroid/triggers/services/MacroDroidAccessibilityServiceJellyBean.java, line(s) 628,634 com/arlosoft/macrodroid/utils/FileUtils.java, line(s) 211 com/miguelbcr/ui/rx_paparazzo2/interactors/GetPath.java, line(s) 142 com/miguelbcr/ui/rx_paparazzo2/interactors/ImageUtils.java, line(s) 181,184,184 com/stericson/RootTools/internal/RootToolsInternalMethods.java, line(s) 659,662 com/yalantis/ucrop/util/FileUtils.java, line(s) 68 org/osmdroid/config/DefaultConfigurationProvider.java, line(s) 508 org/osmdroid/tileprovider/util/StorageUtils.java, line(s) 102,103,120,121,140,189,204,205,221,255
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/afollestad/materialdialogs/BuildConfig.java, line(s) 9 com/afollestad/materialdialogs/commons/BuildConfig.java, line(s) 9 com/koushikdutta/async/AsyncSSLSocketWrapper.java, line(s) 64 com/koushikdutta/async/dns/Dns.java, line(s) 137,145,129 com/tencent/soter/core/model/CertUtil.java, line(s) 15 dev/skomlach/common/network/PingConfig.java, line(s) 26 dev/skomlach/common/protection/HookDetection.java, line(s) 201 fi/iki/elonen/NanoHTTPD.java, line(s) 1662 io/grpc/okhttp/u.java, line(s) 371,379,388,384
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/amazonaws/util/Md5Utils.java, line(s) 18,61 com/arlosoft/macrodroid/common/SerialCalculator.java, line(s) 10 com/arlosoft/macrodroid/extensions/StringExtensionsKt.java, line(s) 130 com/koushikdutta/async/http/spdy/b.java, line(s) 164 com/koushikdutta/async/util/FileCache.java, line(s) 100 com/stericson/RootTools/internal/a.java, line(s) 49 com/sun/mail/auth/Ntlm.java, line(s) 141 com/sun/mail/pop3/b.java, line(s) 487 com/sun/mail/smtp/DigestMD5.java, line(s) 86 com/tencent/soter/core/model/SoterCoreUtil.java, line(s) 14 crashguard/android/library/h2.java, line(s) 77 dev/skomlach/biometric/compat/engine/internal/AbstractBiometricModule.java, line(s) 205 dev/skomlach/biometric/compat/engine/internal/face/hihonor/impl/HihonorFaceRecognizeManager.java, line(s) 88 dev/skomlach/biometric/compat/engine/internal/face/huawei/impl/HuaweiFaceRecognizeManager.java, line(s) 88
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/stericson/RootTools/internal/RootToolsInternalMethods.java, line(s) 803,845,803,845 dev/skomlach/common/protection/HookDetection.java, line(s) 114,140,176
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/arlosoft/macrodroid/database/Database.java, line(s) 6,7,8,9,481 com/arlosoft/macrodroid/database/a.java, line(s) 4,5,14,15,16,17,18,19,26,27,29,31,33,35,36,38,40,42,44,45,47,49,51,53,54,55,57,59,60,62,63,65,67 crashguard/android/library/e0.java, line(s) 5,112 crashguard/android/library/j2.java, line(s) 5,89 crashguard/android/library/k.java, line(s) 5,51,56 crashguard/android/library/l.java, line(s) 5,53 crashguard/android/library/o4.java, line(s) 5,6,41 crashguard/android/library/q1.java, line(s) 5,105,106,110 crashguard/android/library/s5.java, line(s) 5,71,76,80,84 crashguard/android/library/u.java, line(s) 5,96,101,105 crashguard/android/library/y0.java, line(s) 5,107,108,112 crashguard/android/library/y4.java, line(s) 5,109 dev/skomlach/biometric/compat/engine/internal/face/miui/impl/Miui3DFaceManagerImpl.java, line(s) 8,1195 org/osmdroid/tileprovider/modules/DatabaseFileArchive.java, line(s) 4,5,92 org/osmdroid/tileprovider/modules/SqlTileWriter.java, line(s) 5,6,7,215,588 org/osmdroid/tileprovider/modules/SqliteArchiveTileWriter.java, line(s) 5,31
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/arlosoft/macrodroid/common/SerialCalculator.java, line(s) 43 com/arlosoft/macrodroid/upgrade/Security.java, line(s) 30 com/arlosoft/macrodroid/upgrade/billing/b.java, line(s) 33 com/arlosoft/macrodroid/utils/encryption/Encryptor.java, line(s) 28 com/koushikdutta/async/http/WebSocketImpl.java, line(s) 102
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/amazonaws/retry/PredefinedRetryPolicies.java, line(s) 9 com/arlosoft/macrodroid/action/SetVariableAction.java, line(s) 69 com/arlosoft/macrodroid/action/screenshot/CaptureService.java, line(s) 11 com/arlosoft/macrodroid/advert/AdvertActivity.java, line(s) 20 com/arlosoft/macrodroid/settings/Settings.java, line(s) 52 com/firebase/ui/auth/util/data/SessionUtils.java, line(s) 4 com/giphy/sdk/ui/ConstantsKt.java, line(s) 6 com/github/javiersantos/piracychecker/utils/SaltUtils.java, line(s) 9 com/hanks/htextview/typer/TyperTextView.java, line(s) 10 com/koushikdutta/async/dns/Dns.java, line(s) 20 com/koushikdutta/async/util/FileCache.java, line(s) 18 com/sun/mail/auth/Ntlm.java, line(s) 12 io/github/rosemoe/sora/widget/CodeEditor.java, line(s) 137 io/github/rosemoe/sora/widget/snippet/variable/RandomBasedSnippetVariableResolver.java, line(s) 4 io/grpc/internal/DnsNameResolver.java, line(s) 32 io/grpc/internal/ExponentialBackoffPolicy.java, line(s) 5 io/grpc/internal/PickFirstLeafLoadBalancer.java, line(s) 23 io/grpc/internal/PickFirstLoadBalancer.java, line(s) 13 io/grpc/internal/j0.java, line(s) 23 io/grpc/okhttp/f.java, line(s) 70 io/grpc/util/OutlierDetectionLoadBalancer.java, line(s) 27 io/grpc/util/RoundRobinLoadBalancer.java, line(s) 16 j$/util/concurrent/ThreadLocalRandom.java, line(s) 10 org/jsoup/helper/DataUtil.java, line(s) 17 org/osmdroid/tileprovider/tilesource/BitmapTileSourceBase.java, line(s) 9
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/arlosoft/macrodroid/action/services/UploadPhotoService.java, line(s) 91 com/arlosoft/macrodroid/bugreporting/ReportBugActivity.java, line(s) 543 com/arlosoft/macrodroid/firebase/FirestoreHelper.java, line(s) 466 com/sun/mail/pop3/e.java, line(s) 11 fi/iki/elonen/NanoHTTPD.java, line(s) 315,1365,1381 org/zeroturnaround/zip/ZipUtil.java, line(s) 1229 org/zeroturnaround/zip/Zips.java, line(s) 158,167 org/zeroturnaround/zip/transform/FileZipEntryTransformer.java, line(s) 32,34
中危安全漏洞 向Firebase上传文件
向Firebase上传文件 Files: com/arlosoft/macrodroid/firebase/FirestoreHelper.java, line(s) 297,26
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/evgenii/jsevaluator/WebViewWrapper.java, line(s) 24,22
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-2580011423857090~5572500361" 凭证信息=> "com.google.android.geo.API_KEY" : "@string/maps_key_v2_universal" 凭证信息=> "com.crashlytics.ApiKey" : "9922b540bc40134f7b6aeb28b822fdda484668b4" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Parool" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Geslo" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Nyckel" "variable_dictionary_key" : "Klucz" "variable_dictionary_key" : "Pagrindinis" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Iphasiwedi" "animation_name_paws" : "Pattes" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Wagwoordsleutel" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Wagwoord" "animation_name_paws" : "Patas" "select_icons_user" : "Usuario" "smtp_username" : "Username" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Palavra-passe" "com.google.firebase.crashlytics.mapping_file_id" : "8e46145e0b8a4c9d9555ee290f1ed9b6" "twitter_consumer_secret" : "cvxTiGth538SF0jqOSXPd3wEGY8WFdmPTaI4QNVggjvIvnHH1f" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Adgangskode" "quick_keyboard_change" : "Snabbtangentbordsbyte" "username" : "Gebruikersnaam" "smtp_username" : "Benutzername" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Contrasinal" "firebase_web_host" : "CHANGE-ME" "select_icons_user" : "Utilizzatore" "firebase_database_url" : "https://macrodroid-production.firebaseio.com" "username" : "Benutzername" "variable_dictionary_key" : "Nyckel" "select_icons_user" : "User" "select_icons_user" : "Benutzer" "facebook_app_id" : "276514135752339" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Contrasenya" "animation_name_paws" : "Paws" "maps_key_v2_universal" : "AIzaSyD54agSH4WJI0Tdaf4JJlknfoaebgyUY3o" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Toegangssleutel" "google_crash_reporting_api_key" : "AIzaSyDld0rmBm4u9kufAY0m7i6aBaINVvod58M" "http_request_basic_authorization_title" : "Basisberechtigung" "password_protection" : "Passwortschutz" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Heslo" "webhook_caller_ip_address" : "Webhook-Anrufer-IP-Adresse" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Sandi" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Parole" "library_piracychecker_authorWebsite" : "https://github.com/javiersantos" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Nenosiri" "variable_dictionary_key" : "cheie" "variable_dictionary_key" : "Chiave" "variable_dictionary_key" : "Chave" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Klucz" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Passwort" "variable_dictionary_key" : "Kunci" "select_icons_user" : "Pengguna" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Sarbide-gakoa" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Salasana" "smtp_username" : "Gebruikersnaam" "animation_name_paws" : "Tlapky" "password" : "Sandi" "password" : "Contrasenya" "twitter_consumer_key" : "trfRjDyxtteiIGveHUmMAFoyt" "password" : "Wachtwoord" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Wachtwoord" "google_api_key" : "AIzaSyDld0rmBm4u9kufAY0m7i6aBaINVvod58M" "variable_dictionary_key" : "Sleutel" "select_icons_user" : "Vartotojas" "password" : "Passwort" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" "quick_keyboard_change" : "Tastaturwechsel" "animation_name_paws" : "Cakar" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Passord" "select_icons_user" : "Utilizator" "variable_dictionary_key" : "Kulcs" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Senha" "username" : "Username" "email_password" : "E-mail-wachtwoord" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Zaporka" "select_icons_user" : "Utilisateur" "animation_name_paws" : "Pfoten" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Kod" "variable_dictionary_key" : "Clave" "select_icons_user" : "Usuari" "http_request_basic_authorization_title" : "Basis-authentificatie" "maps_key" : "0ju_Q-Lkk9NVNwh8kye1-4jLmLRHiiQsWzrRY0Q" "google_app_id" : "1:1032558389409:android:35e9bc7e7fe70c0f" "password" : "Senha" "select_icons_user" : "Gebruiker" "animation_name_paws" : "Zampe" "password" : "Heslo" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Pasahitza" "animation_name_paws" : "Mancsok" "password" : "Password" "variable_dictionary_key" : "Anahtar" "compass" : "Compass" "animation_name_paws" : "Tassar" "maps_key_v2" : "AIzaSyDLR21Jhr2YbjBFJFS_XVEhKt2Y00iAhNI" "variable_dictionary_key" : "Key" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Parol" "animation_name_paws" : "Pootjes" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Avainkoodi" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Lozinka" 308201dd30820146020101300d06092a864886f70d010105050030373116301406035504030c0d416e64726f69642044656275673110300e060355040a0c07416e64726f6964310b3009060355040613025553301e170d3136303932333230333735305a170d3436303931363230333735305a30373116301406035504030c0d416e64726f69642044656275673110300e060355040a0c07416e64726f6964310b300906035504061302555330819f300d06092a864886f70d010101050003818d00308189028181008a2ee13707155166313e78ccc314621c061d717a2f11dd2a2505c7c903ed9e89ccfc4769d953a866039ef1212a6cd923dcb5d77d5b43920cf6f84505c68a2e8de9e76647b7b4771c1f9e01468228e42deac8d4676c12f792e708f9452e205267fed553ba65a93abe48a019bf20f5b35f875dc26bbb87575a533f30d74d7e8cad0203010001300d06092a864886f70d010105050003818100470bd7e3b5b40e639326b241c9005fb3d24cc4180e2e04cc34b54db42b737b401847a5d499cd822e3d85360baa320d16d1ac97f4dc9b86eeab9ae62f019dec13dc707ea41ff11e47e2e2a71e05d7be65235d11574e50cbb165db568466abb5d00a60370b29dd59b47ac6140a12957f85c8eb087adf53c54560300f598545db19 308201dd30820146020101300d06092a864886f70d010105050030373116301406035504030c0d416e64726f69642044656275673110300e060355040a0c07416e64726f6964310b3009060355040613025553301e170d3138303331383036333030365a170d3438303331303036333030365a30373116301406035504030c0d416e64726f69642044656275673110300e060355040a0c07416e64726f6964310b300906035504061302555330819f300d06092a864886f70d010101050003818d003081890281810086912f222f6b68d99c49efd92ece90934d8f371720a9152f81668d5a9ff7aa72e35d026dadecc529023a946cf3f01231250ab272bd7f94f863efd3df697b80db143f42a01f9d27899e4d893fd63ff8db65232e44152dd96cf70369fd8cd1de83e3b505328248b57b47ef6dcaa9892a6c4367728c1b1f09526858dd628a5c6cbd0203010001300d06092a864886f70d0101050500038181000496ccc7b1517cc0dbaf6d95b939d9eefe63e4f8edc3792f72f906401456eba658d8f229ad8107dc4636b43eb8e549d727bde2eef0e75ad0f7d73945d4b03b41c697047a9bfd7786d7a2ddd7c63e2755efad4f38b1526ff5cf56f06bc636b2a18ab34416aab560d484fa8cf600834c6643eaf98fca26d46e15008c00411043ce 1b341ffe23b5298676d535fcabd3d0d7 1415926535897932384626433832795028841971693993751058209749445923078164062862089986280348253421170679 m683OutlinedTextDisplayoYZfOzg CTajhLNE6Y2t3JZypo7ioiAmjv1GtGbzGlia50p5N7V5mQJNUjH5WKpqEuEh+jCA 0273a52eb7f9dc18f1f886eb0af21ec7 3082035a30820242a00302010202044e8aeb6d300d06092a864886f70d0101050500306e310b300906035504061302554b3110300e06035504081307556e6b6e6f776e3110300e06035504071307556e6b6e6f776e3111300f060355040a130841726c6f736f66743110300e060355040b1307556e6b6e6f776e311630140603550403130d4a616d69652048696767696e733020170d3131313030343131313830355a180f32323835303731393131313830355a306e310b300906035504061302554b3110300e06035504081307556e6b6e6f776e3110300e06035504071307556e6b6e6f776e3111300f060355040a130841726c6f736f66743110300e060355040b1307556e6b6e6f776e311630140603550403130d4a616d69652048696767696e7330820122300d06092a864886f70d01010105000382010f003082010a0282010100b3bf1433e9b0aa40caff86c949de86bff550e6a787b36bbe88e2695d9baf1ed6c69e07b335ef8d74ec059a78b9c47289511ab916ca9010a67d61585a84cdb449bb49d223b9f638d57245d49253a92a56082bae5cbf7461ed36040ccfe2e1889d6a7a756433fdb8199ff066e66e09b45d6a2a3096678e03b1e00f7f5769f9923388eb94479f77e225cf9ca0bd0d4c04390c639fdcd0f32fc19117067d6b5ede4d4ddb3466fc73fde545a8e73714f976d5747784a1fd9441b7d8e514924f3ce458e54851721d99b75e229dc4fb75c245fb3e6170f95314fb342a9402a412752efc273d00ad658c92bc957109df7855926fc7e9c4871fc9904c562da00045da47110203010001300d06092a864886f70d0101050500038201010047286c6988858644d6549f99af2ae3cd8393bcf5fcca83551a8d46154ab3953026767181292573515c6b9ea7d69d5e236bda06da67c40f8ee2d82d6ebbff9c40cf94f8b19996c8a9ac8b08c7bd4f11494325ef08e2f7a04824b1bf2aa0827ed02158f399d245d5d47ad34dcecc27bf505068cf2430784a6c9f2669d0d1d0921b632c32a84a397f7096ef1ecbac8d703a886dff922a085239386c41ba7450d7e03ba03d60aa4c79c4994358a6f41f89ff87b9f6a073b55589f3b55a636bbabc65777691142940d5367dbb1f3629eff7c6d00abc44392d79264c834525b261f7c958712171ff6c94dce6df90b24bf810cc28e4d8939b5988cbcbd92174f9202f8e tgLRb4bjuZVA8xvQ9uHNs8UtpBIOiUcagzvtKyyfCofk5U5sNb54GgVVYxa6p4A1ObdJv1jjlUOnzR8keX5LsAM4Ia7xeqiFh0GER4l0ulVChy d8cabbe23fb9ee0f252a4c87380216c8 yHTAZeApn5rh6Uzfx06Gv6eHdM34YL Y29tLmFuZHJvaWQudmVuZGluZy5saWNlbnNpbmcuSUxpY2Vuc2luZ1NlcnZpY2U= 740EE8B0-C879-4D02-82DD-5B9B5C62A29B 70d1d4c1-5ea3-4bd5-a7eb-3eb685e7bb2d aa45bc25-0261-4de3-a2b7-981406097d47 1tlElroQgRxbbHOVXlvZ3WRJneeupimg 308201e53082014ea003020102020451dc007d300d06092a864886f70d01010505003037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f6964204465627567301e170d3133303730393132323232315a170d3433303730323132323232315a3037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f696420446562756730819f300d06092a864886f70d010101050003818d0030818902818100850e2bc667b811cf3b4aad9ab181aeb761507f0110fb345089ce452651c98580d8fcb0da8af6cf2d51d245c4ebd509cf832b42ee084e10ff8706714ee0def21fcf936b4ff9a14a3c99b944f69158a150718f5c32d66665b7c287742ccba2c7b266250fddcdf5b8f7b3c20e5b4a0c0721143143a2763c54802de3ef5d949701750203010001300d06092a864886f70d010105050003818100498928c82f0ec0cfce4ae49ce76ba65127066880a2780e3617ed7a3258c5e9d3dcc789441afde78a4a62e50c8c46c3043c7260774522f3bdb8226c83ec2964477b93451a3434c03b989c2259e886aa1517d64e1fe9b32785d74d3ac9b8e39993b18f75186c7cd26cf22b2228e0e4d9d650bbae4fcefcbe2abb89ef6ffb00d71a b45c8a48e8cde42df7af076dbfbe12fb 7fc56270e7a70fa81a5935b72eacbe29 u+XPLmq9KMEe4KeJgXXecQ/OyABmZxDClVTNXYyjrwFooJRqWU8AfWnZxEnntge2K6LRxlYts74= W1zcp5YuPDw8mIQDVCH2uQY7qs2ejdZj5LIgIz4CbQ0wg53rlwE7DDQM6MNUgZLnzNmMSMfFrpE7 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 D/NWBiug1Nkcs0NvDDo2HUdZ+Kp+WkyiaMsY63gBZtF7j7iWc7lRl5hGk9kqzGo9 I8pYnZE07/TjxFlB1bTJ4OmI62zRNH4u eyJhbGciOiJSUzI1NiIsIng1YyI6WyJNSUlDNlRDQ0FkRUNBU293RFFZSktvWklodmNOQVFFTEJRQXdEekVOTUFzR0ExVUVBd3dFVW05dmREQWVGdzB4TkRFeE1UZ3hOalUwTUROYUZ3MHpOREV4TVRNeE5qVTBNRE5hTUdZeEN6QUpCZ05WQkFZVEFsVlRNUk13RVFZRFZRUUlEQXBEWVd4cFptOXlibWxoTVJZd0ZBWURWUVFIREExTmIzVnVkR0ZwYmlCV2FXVjNNUlF3RWdZRFZRUUtEQXRIYjI5bmJHVWdTVzVqTGpFVU1CSUdBMVVFQXd3TFptOXZMbUpoY2k1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDekZWS0pPa3FUbXl5ak1IV0JPckxkcFltYzBFY3ZHM01vaGFWK1VKclZySTJTRHlrWThZV1NrVEt6OUJLbUY4SFAvR2pQUERzMzE4NENlajliMVdleXZWQjhSajNndUgzb0wrc0pUM3U5VjJ5NHp5bzV4TzZGV01CWUVRNlg4RGtHbFl0VHA1dGhlWWJSclhORUx1bDRsRitMdEhUQ2FBQU5STWtPbDBORW9MYTZCUmhPRzY4Z0ZmSUF4eDVsVDhSRUU5dXR2UHV5K3JDYUJIbmZIT1BmOHBuMExTdmNlQmlqU0lGb1MzWTVjcmpQVmp5aVBBWlVIV25IVEZBaWxmSG5wTEJsR3hwQ3lsZVBRaE1LclBjZ3ZEb0Q5bmQwTEE2eFlMRjdEUFhYU2E4RkxPK2ZQVjhDTkpDQXNGdXE5UmxmMlR0M1NqTHRXUll1aDVMdWN0UDdBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFFc01BQlpsKzhSbGswaHFCa3RzRHVycmk0bkYvMDdDblNCZS96VWJUaVloTXByN1ZSSURsSExvZTVsc2xMaWxmWHp2YXltY01GZUgxdUJ4TndoZjdJTzdXdkl3UWVVSFNWK3JIeU55Z1RUaWVPMEpuOEh3KzRTQ29oSEFkTXZENXVXRXduM0x2K1c0eTdPaGFTYnpsaFZDVkNuRkxWS2ljQmF5VVhIdGRKWEpJQ29rUjQraC9XTk03ZzBpS1RoYWtaT3lmYjhoMXBoeTdUTVRWbFBGS3JjVkRvNW05K0dodFBDNFBOakdMb2s2ci9qeDlDSU9DYXBJcWk4ZlhKRU94S3ZpbFllQVlxZmpXdmh4MDBqdUVVQkhycENROHdUNFRBK0xsSTAyY1J6NXJ4VzRGUUF6MU5kb0c5SFpEWldhK05ORlRaZEFtdFdQSk1MZCs4TDhzbDQ9IiwiTUlJQzhUQ0NBZG1nQXdJQkFnSUpBTU5JMTVIckd5bGtNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1BOHhEVEFMQmdOVkJBTU1CRkp2YjNRd0hoY05NVFF4TVRFNE1UWTFOREF6V2hjTk16UXhNVEV6TVRZMU5EQXpXakFQTVEwd0N3WURWUVFEREFSU2IyOTBNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXplVU5jNGJTV0hoT1RVKzVNUS9sT21talFXcGZCaStGSnV4dm9lT21Rd2k2ZnJQS0tzYUtLWUdmQ1RQbEtFMGRtckVQOTVibmkvcUw1eEFwUDE3b3JqVWU2S1J0SkF3Rk5JNUVaYWRJZmpiaC9xKzg1QzFDcDJCUzJZbXVaUXpYWkhQNjN5eUJwMDVZY2JNS3dDQkhYYUFnWWJtVFRrKzQrMXBqTnBIUDZZaUYyZ0NQdlNmem9rR3loYnZCcW5QYm5UZEk5dzZmak5CWUFici91Qk9UVTB2SzRrdHpsV2s1bHZzbTUxZTh2c0xTcVdob0hBRHEwQXJpQWVsVTRTSHNTQUNrUlVRU3hXVjBLNWh6VHY0ZWN2Q2JHOWRza2lEQ3dXZyt1VFJTb0FGZVpPaE9OTDAwMHE3VmV5M0RaVGNMbDgvTzROUVZhWlI1aUFnVldsV2Nzd0lEQVFBQm8xQXdUakFkQmdOVkhRNEVGZ1FVc2ltbElSRGNKUjBvZlI3b004S3dIRk9IK3NJd0h3WURWUjBqQkJnd0ZvQVVzaW1sSVJEY0pSMG9mUjdvTThLd0hGT0grc0l3REFZRFZSMFRCQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFXUWw4U21iUW9CVjN0ak9KOHpNbGNOMHhPUHBTU05ieDBnN0VML2RRZ0pwZXQwTWNXNjJSSGxnUUFPS2JTM1BSZW8ybnNSQi9aUnlZRHU0aTEzWkhaOGJNc0dPRVM0QlFwejEzbXRtWGc5UmhzWHFMMGVEWWZCY2pqdGxydVVieGhuQUxwNFZOMXpWZHlXQVBDajBldTNNeHBnTVdjeW41MFFtaUpTai9FcXUvbExodmUvd0t2akc1V2huVjh1UktSdUZiRmN0MERIQUhNblpxRkhjR1M1U28wY1luU2ZLNWZiQlJOZWxHZmxocGJiUHAwVjBhWGlxaW5xRDBZZTNPYVpkRnErMnJQMW9DL2E1L091NExzcFkzYjVvRDlyRU5keTdicTBLZXdQRnRnUHZVa0pySjNUemJpd3ZwZ2haN3pHMjZibko1STd1YzR5MVZ1anFhT0E9PSJdfQ 71828182845904523536028747135266249775724709369995957496696762772407663 4dab81a6-d2fc-458a-992c-7a1f3b96a970 adb97ac6-f780-4a41-8475-ce661b574999 cf1e816a-9db0-4511-bbb8-f60c48ca8fac 308201e53082014ea00302010202044f173620300d06092a864886f70d01010505003037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f6964204465627567301e170d3132303131383231313430385a170d3432303131303231313430385a3037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f696420446562756730819f300d06092a864886f70d010101050003818d0030818902818100b0270c96325dcb34ce75c5f27e58a6e39750d3fb81baa35e920ad1410f7471386b7f3a546e15a6d16069544c0af8cb3c6ad267d67c15c3b979329d782c54e6fa4ada9d47155c934f95bcf744f87f1a917971d401540c7fd5d29540bace27d494d2b2ec92170510544c0219ad444ce5561b7cc7ecd1a654b5ae5340b18ba6b9c90203010001300d06092a864886f70d01010505000381810099f61c4c0f7b738b8ee284dbe794f316d0621f5573fdf1252aad4f601fa2a88452a9a3666d8d9932b67d19188f8dcf0e9c6a85c80c5a410891f56b692b20db6c521b852ca90b76f77a9bb568743b3e16bd4927b65d6f6ff01aaff584d829a165a51e100613f3e0efe54618eef4ee484e8428f8008563dab9e2ce2ea5abf04dbe eWzIsJF4PExQap9HK6Vlz8DGlgGwoiLCtyOEK0Bfu
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: bsh/CommandLineReader.java, line(s) 21 bsh/Console.java, line(s) 11,18,8 bsh/Interpreter.java, line(s) 174,184,186,188,210,243,245,247 bsh/Parser.java, line(s) 2716 bsh/Remote.java, line(s) 43,47,29,40,74,83,85,87,89,126 bsh/SimpleNode.java, line(s) 32 bsh/classpath/BshClassPath.java, line(s) 403,417,426,576 bsh/classpath/ClassManagerImpl.java, line(s) 206 bsh/util/ClassBrowser.java, line(s) 434,444 bsh/util/Httpd.java, line(s) 23 bsh/util/HttpdConnection.java, line(s) 76,108 bsh/util/JConsole.java, line(s) 212 bsh/util/JDemoApplet.java, line(s) 27,30 bsh/util/Sessiond.java, line(s) 22 bsh/util/SessiondConnection.java, line(s) 29 com/afollestad/materialdialogs/MaterialDialog.java, line(s) 1811 com/amazonaws/logging/AndroidLog.java, line(s) 28,93,35,41,46,51,56,61,100,79,114 com/araujo/jordan/excuseme/AutoPermissionHandler.java, line(s) 158 com/araujo/jordan/excuseme/ExcuseMe.java, line(s) 218,324 com/arlosoft/macrodroid/action/AndroidWearAction.java, line(s) 171,190 com/arlosoft/macrodroid/action/ForwardSMSAction.java, line(s) 105 com/arlosoft/macrodroid/action/LaunchAppActivityAction.java, line(s) 153 com/arlosoft/macrodroid/action/MakeCallAction.java, line(s) 269 com/arlosoft/macrodroid/action/RecordMicrophoneAction.java, line(s) 312 com/arlosoft/macrodroid/action/SetBluetoothAction.java, line(s) 289 com/arlosoft/macrodroid/action/SetWallpaperAction.java, line(s) 537 com/arlosoft/macrodroid/action/hotspot/MyOreoWifiManager.java, line(s) 72 com/arlosoft/macrodroid/action/services/AndroidWearService.java, line(s) 158 com/arlosoft/macrodroid/action/services/UploadLocationService.java, line(s) 52 com/arlosoft/macrodroid/action/services/UploadMessageService.java, line(s) 52 com/arlosoft/macrodroid/action/services/UploadPhotoService.java, line(s) 54 com/arlosoft/macrodroid/celltowers/CellTowerGroupStore.java, line(s) 73 com/arlosoft/macrodroid/common/MacroDroidVariableStore.java, line(s) 296 com/arlosoft/macrodroid/common/Util.java, line(s) 248 com/arlosoft/macrodroid/drawer/ui/DrawerLogViewHolder.java, line(s) 435,479 com/arlosoft/macrodroid/drawer/ui/DrawerOptionsActivity.java, line(s) 824,826 com/arlosoft/macrodroid/macro/MacroStore.java, line(s) 2183 com/arlosoft/macrodroid/scene/display/SceneDesignerActivity.java, line(s) 2267 com/arlosoft/macrodroid/scene/display/SceneOverlayDisplayService.java, line(s) 808 com/arlosoft/macrodroid/triggers/activities/LocationChooserActivity.java, line(s) 283 com/arlosoft/macrodroid/triggers/activities/LocationChooserOSMActivity.java, line(s) 276 com/arlosoft/macrodroid/triggers/activities/ScanTagActivity.java, line(s) 94,55 com/arlosoft/macrodroid/triggers/services/NFCTriggeredService.java, line(s) 47 com/arlosoft/macrodroid/uicomponent/htmltextview/HtmlAssetsImageGetter.java, line(s) 24 com/arlosoft/macrodroid/uicomponent/htmltextview/HtmlHttpImageGetter.java, line(s) 131 com/arlosoft/macrodroid/uicomponent/htmltextview/HtmlResImageGetter.java, line(s) 27 com/arlosoft/macrodroid/upgrade/billing/BillingDataSource.java, line(s) 489,509,870,885,890,919,930,981,991,998,1448,1485,874,895,1483,1495,862,898 com/arlosoft/macrodroid/upgrade/billing/b.java, line(s) 42,47,64,24,39,51,58 com/arlosoft/macrodroid/utils/RootHelper.java, line(s) 30 com/arlosoft/macrodroid/utils/SingleLiveEvent.java, line(s) 40 com/arlosoft/macrodroid/widget/DragLinearLayout.java, line(s) 544 com/fingerprints/service/FingerprintManager.java, line(s) 390,111,425,443,455,514,541,543,571,613 com/firebase/ui/auth/AuthUI.java, line(s) 860,193,281,640,695,963,1014,1017 com/firebase/ui/auth/data/remote/GoogleSignInHandler.java, line(s) 94 com/firebase/ui/auth/ui/email/EmailLinkFragment.java, line(s) 58 com/firebase/ui/auth/util/CredentialUtils.java, line(s) 20,24 com/firebase/ui/auth/util/data/TaskFailureLogger.java, line(s) 17 com/firebase/ui/auth/viewmodel/ResourceObserver.java, line(s) 51 com/firebase/ui/auth/viewmodel/email/EmailProviderResponseHandler.java, line(s) 56,83 com/firebase/ui/auth/viewmodel/smartlock/SmartLockHandler.java, line(s) 60,39 com/getpebble/android/kit/PebbleKit.java, line(s) 70 com/giphy/sdk/core/network/engine/DefaultNetworkSession.java, line(s) 150 com/giphy/sdk/core/threading/ApiTask.java, line(s) 118 com/github/javiersantos/licensing/APKExpansionPolicy.java, line(s) 41,57,75,88 com/github/javiersantos/licensing/LibraryChecker.java, line(s) 106,127,132,141,190,53,64,69,77,166,179,184,170,239 com/github/javiersantos/licensing/PreferenceObfuscator.java, line(s) 33 com/github/javiersantos/licensing/ServerManagedPolicy.java, line(s) 35,51,69,82 com/github/javiersantos/licensing/util/URIQueryDecoder.java, line(s) 29 com/h6ah4i/android/widget/advrecyclerview/draggable/RecyclerViewDragDropManager.java, line(s) 354 com/h6ah4i/android/widget/advrecyclerview/draggable/c.java, line(s) 177 com/hihonor/android/facerecognition/HwFaceManagerFactory.java, line(s) 30,36,40,44,47 com/huawei/facerecognition/HwFaceManagerFactory.java, line(s) 20,25,29,33,36 com/iab/omid/library/giphy/d/c.java, line(s) 11 com/jaredrummler/android/colorpicker/ColorPickerDialog.java, line(s) 454,467 com/koushikdutta/async/AsyncNetworkSocket.java, line(s) 184 com/koushikdutta/async/AsyncServer.java, line(s) 83,111,300,988,162,165,168,185,651,685,726,792 com/koushikdutta/async/ByteBufferList.java, line(s) 364 com/koushikdutta/async/PushParser.java, line(s) 223 com/koushikdutta/async/Util.java, line(s) 208 com/koushikdutta/async/http/AsyncHttpRequest.java, line(s) 160,251,252,167,180 com/koushikdutta/async/http/HybiParser.java, line(s) 374 com/koushikdutta/async/http/cache/b.java, line(s) 62 com/koushikdutta/async/http/server/AsyncHttpServerRequestImpl.java, line(s) 79 com/koushikdutta/ion/Ion.java, line(s) 421,422,424 com/koushikdutta/ion/bitmap/IonBitmapCache.java, line(s) 109,110,120,121,122 com/koushikdutta/ion/conscrypt/ConscryptMiddleware.java, line(s) 57 com/koushikdutta/ion/cookie/CookieMiddleware.java, line(s) 109 com/koushikdutta/ion/gif/GifDecoder.java, line(s) 383 com/koushikdutta/ion/k.java, line(s) 7 com/koushikdutta/ion/l.java, line(s) 556 com/miguelbcr/ui/rx_paparazzo2/entities/FileData.java, line(s) 25,28 com/miguelbcr/ui/rx_paparazzo2/interactors/GetPath.java, line(s) 90 com/miguelbcr/ui/rx_paparazzo2/interactors/ImageUtils.java, line(s) 62,300 com/miguelbcr/ui/rx_paparazzo2/interactors/SaveFile.java, line(s) 58 com/samsung/android/sdk/pass/Spass.java, line(s) 53 com/samsung/android/sdk/pass/SpassFingerprint.java, line(s) 210,215,231,240,275,524,143,171,465,546,640,651 com/samsung/android/sdk/pass/support/SdkSupporter.java, line(s) 32 com/samsung/android/sdk/pass/support/v1/FingerprintManagerProxyFactory.java, line(s) 73 com/stericson/RootShell/RootShell.java, line(s) 318,323 com/stericson/RootShell/containers/RootClass.java, line(s) 230,143,227,296 com/stericson/RootTools/RootTools.java, line(s) 279 com/stericson/RootTools/internal/RootToolsInternalMethods.java, line(s) 314,319,324 com/stericson/RootTools/internal/Runner.java, line(s) 41 com/stericson/RootTools/internal/a.java, line(s) 32,41,72,79 com/sun/activation/registries/LogSupport.java, line(s) 25,32 com/sun/mail/imap/protocol/BODYSTRUCTURE.java, line(s) 40,44,52,65,69,75,80,88,93,100,105,109,117,123,131,138,151,155,160,168,172,176,182,191,195,203,216,221,227,239,247,256,260,270,276,284,291,299,326,336,343,347 com/sun/mail/imap/protocol/ENVELOPE.java, line(s) 31,50,54,57,61,65,69,73,77,82,86,110 com/tbruyelle/rxpermissions2/RxPermissionsFragment.java, line(s) 49 com/tencent/soter/core/model/SLogger.java, line(s) 24,33,56 com/twofortyfouram/locale/sdk/host/TaskerPlugin.java, line(s) 299,190,194,205,226,239,253,273,278 com/twofortyfouram/log/Lumberjack.java, line(s) 136,130,133,139 com/yalantis/ucrop/UCropActivity.java, line(s) 534 com/yalantis/ucrop/task/BitmapCropTask.java, line(s) 95 com/yalantis/ucrop/task/BitmapLoadTask.java, line(s) 162,176,183,215 com/yalantis/ucrop/util/BitmapLoadUtils.java, line(s) 102,112 com/yalantis/ucrop/util/FileUtils.java, line(s) 76 com/yalantis/ucrop/util/ImageHeaderParser.java, line(s) 160,172,182,202,220,222,240,245,252,258,274,277,294,297 com/yalantis/ucrop/view/TransformImageView.java, line(s) 63,220 crashguard/android/library/e5.java, line(s) 40,39 crashguard/android/library/n0.java, line(s) 43,125 curtains/view/WindowManagerSpy.java, line(s) 64,125 dagger/android/AndroidInjection.java, line(s) 47 de/greenrobot/event/EventBus.java, line(s) 106,115,117,436 de/greenrobot/event/b.java, line(s) 47 de/greenrobot/event/util/AsyncExecutor.java, line(s) 88 de/greenrobot/event/util/ErrorDialogManager.java, line(s) 144 dev/skomlach/biometric/compat/engine/internal/face/lava/FaceVerifyManager.java, line(s) 112,118,133,150,154,203,209 dev/skomlach/biometric/compat/utils/logging/BiometricLoggerImpl.java, line(s) 67,104 dev/skomlach/common/logging/LogCat.java, line(s) 77,106 eu/davidea/fastscroller/FastScroller.java, line(s) 367 eu/davidea/flexibleadapter/SelectableAdapter.java, line(s) 93 eu/davidea/flexibleadapter/common/FlexibleItemAnimator.java, line(s) 465,473 eu/davidea/flexibleadapter/helpers/ActionModeHelper.java, line(s) 115,124 eu/davidea/flexibleadapter/helpers/StickyHeaderHelper.java, line(s) 86,217,322,289,165,168,62 eu/davidea/flexibleadapter/helpers/UndoHelper.java, line(s) 115,121,128,148,47,92,142 eu/davidea/flexibleadapter/utils/Log.java, line(s) 56,126,62,68,114,120,132,138 eu/davidea/flexibleadapter/utils/Logger.java, line(s) 19,49,12,18,24,25,30,36,42,48,54,60,37,43,55,61 eu/davidea/viewholders/FlexibleViewHolder.java, line(s) 72,85,104,114,117,150,163,160 fi/iki/elonen/util/ServerRunner.java, line(s) 15,18,24 io/github/rosemoe/sora/graphics/GraphicTextRow.java, line(s) 341 io/github/rosemoe/sora/lang/analysis/AsyncIncrementalAnalyzeManager.java, line(s) 413 io/github/rosemoe/sora/lang/analysis/SimpleAnalyzeManager.java, line(s) 86 io/github/rosemoe/sora/lang/format/AsyncFormatter.java, line(s) 48 io/github/rosemoe/sora/lang/styling/StylesUtils.java, line(s) 23,44,51,60,65 io/github/rosemoe/sora/text/SpanRecycler.java, line(s) 32,40,37 io/github/rosemoe/sora/util/Logger.java, line(s) 32,51,67,75,36,55,43,63,71,79 io/github/rosemoe/sora/util/ViewUtils.java, line(s) 30 io/github/rosemoe/sora/widget/CodeEditor.java, line(s) 408,636,674,1895,2158,2288,2609,3244,3480,3219 io/github/rosemoe/sora/widget/EditorRenderer.java, line(s) 1554,1561 io/github/rosemoe/sora/widget/component/EditorAutoCompletion.java, line(s) 126 io/github/rosemoe/sora/widget/component/Magnifier.java, line(s) 62 io/github/rosemoe/sora/widget/snippet/SnippetController.java, line(s) 511 io/grpc/android/AndroidChannelBuilder.java, line(s) 116,219,222,226 io/grpc/internal/z.java, line(s) 1667 io/grpc/okhttp/internal/Platform.java, line(s) 461 me/drakeet/support/toast/a.java, line(s) 40,35 me/weishu/reflection/BootstrapClass.java, line(s) 21 me/zhanghai/android/materialprogressbar/BaseProgressLayerDrawable.java, line(s) 80 me/zhanghai/android/materialprogressbar/MaterialProgressBar.java, line(s) 245,249,384 net/dinglisch/android/tasker/TaskerPlugin.java, line(s) 319,187,191,202,223,236,250,270,275 org/altbeacon/beacon/logging/c.java, line(s) 15,38,20,43,29,52 org/altbeacon/beacon/logging/d.java, line(s) 16,41,21,46,31,56 org/altbeacon/beacon/logging/e.java, line(s) 15,37,28,50 org/joni/WarnCallback.java, line(s) 13 org/joni/bench/AbstractBench.java, line(s) 13,20,28,39,41 org/joni/f.java, line(s) 496,590 org/lsposed/hiddenapibypass/HiddenApiBypass.java, line(s) 90,363 org/metalev/multitouch/controller/MultiTouchController.java, line(s) 373 org/osmdroid/config/DefaultConfigurationProvider.java, line(s) 509 org/osmdroid/tileprovider/MapTileCache.java, line(s) 116 org/osmdroid/tileprovider/MapTileProviderBase.java, line(s) 87,294,301 org/osmdroid/tileprovider/cachemanager/CacheManager.java, line(s) 236,549 org/osmdroid/tileprovider/modules/ArchiveFileFactory.java, line(s) 39,42,45 org/osmdroid/tileprovider/modules/DatabaseFileArchive.java, line(s) 65,80,98 org/osmdroid/tileprovider/modules/GEMFFileArchive.java, line(s) 42 org/osmdroid/tileprovider/modules/MBTilesFileArchive.java, line(s) 48 org/osmdroid/tileprovider/modules/MapTileFilesystemProvider.java, line(s) 44,40 org/osmdroid/tileprovider/modules/MapTileModuleProviderBase.java, line(s) 170,247 org/osmdroid/tileprovider/modules/MapTileSqlCacheProvider.java, line(s) 44,40 org/osmdroid/tileprovider/modules/OfflineTileProvider.java, line(s) 22 org/osmdroid/tileprovider/modules/SqlTileWriter.java, line(s) 137,221,406,464,472,619,369,547 org/osmdroid/tileprovider/modules/SqliteArchiveTileWriter.java, line(s) 48,148,63,72 org/osmdroid/tileprovider/modules/TileDownloader.java, line(s) 147,320,454,532,666,209,179,230,247,271,294,374,391,410,428,472,488,506,524,594,613,634,654 org/osmdroid/tileprovider/modules/TileWriter.java, line(s) 222 org/osmdroid/tileprovider/modules/ZipFileArchive.java, line(s) 61,78 org/osmdroid/tileprovider/tilesource/BitmapTileSourceBase.java, line(s) 74,78,83,165,163 org/osmdroid/tileprovider/tilesource/CloudmadeTileSource.java, line(s) 19,48 org/osmdroid/tileprovider/util/ManifestUtil.java, line(s) 15,22,25 org/osmdroid/tileprovider/util/StorageUtils.java, line(s) 300,310 org/osmdroid/views/MapView.java, line(s) 349,236,245,247,251,239 org/osmdroid/views/overlay/DefaultOverlayManager.java, line(s) 386,412 org/osmdroid/views/overlay/NonAcceleratedOverlay.java, line(s) 46 org/osmdroid/views/overlay/TilesOverlay.java, line(s) 116,119 org/osmdroid/views/overlay/gridlines/LatLonGridlineOverlay.java, line(s) 150,156,185,190,206,218,250,385 org/osmdroid/views/overlay/infowindow/BasicInfoWindow.java, line(s) 48,65 org/osmdroid/views/overlay/infowindow/InfoWindow.java, line(s) 122 org/osmdroid/views/overlay/infowindow/MarkerInfoWindow.java, line(s) 33 org/osmdroid/views/overlay/mylocation/GpsMyLocationProvider.java, line(s) 112,68,128 rikka/shizuku/Shizuku.java, line(s) 428,434,436 rikka/shizuku/ShizukuProvider.java, line(s) 42,101,126 rikka/shizuku/SystemServiceHelper.java, line(s) 25,35 rx/android/app/a.java, line(s) 29 rx/internal/util/IndexedRingBuffer.java, line(s) 76 rx/internal/util/RxRingBuffer.java, line(s) 49 rx/plugins/RxJavaHooks.java, line(s) 429 splitties/toast/a.java, line(s) 35 timber/log/Timber.java, line(s) 44,62 xyz/kumaraswamy/autostart/Autostart.java, line(s) 75,42
安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/arlosoft/macrodroid/triggers/ClipboardChangeTrigger.java, line(s) 81,5
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/giphy/sdk/analytics/GiphyPingbacks.java, line(s) 57,57 com/giphy/sdk/ui/GPHRecentSearches.java, line(s) 33,33 com/giphy/sdk/ui/GiphyRecents.java, line(s) 36,36 splitties/preferences/PreferencesStorageKt.java, line(s) 55,55
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/giphy/sdk/ui/views/GPHMediaActionsView.java, line(s) 4,176,177 io/github/rosemoe/sora/widget/CodeEditor.java, line(s) 6,1890
安全提示信息 邮件服务器
邮件服务器 Files: com/arlosoft/macrodroid/action/email/withpassword/GMailSender.java, line(s) 27,70
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://macrodroid-production.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/arlosoft/macrodroid/app/di/NetworkingModule.java, line(s) 89,121,132,143,154,165,176,187,197,208,219,230,241,252 com/koushikdutta/async/AsyncSSLSocketWrapper.java, line(s) 262,212,261,260,260 com/koushikdutta/ion/Ion.java, line(s) 105,167,200,243,283 com/sun/mail/util/MailSSLSocketFactory.java, line(s) 59,58,68,57 crashguard/android/library/q.java, line(s) 33,29,31,33,27,19,30,30 fi/iki/elonen/NanoHTTPD.java, line(s) 880,878,880,1683,877,877 io/grpc/okhttp/OkHttpChannelBuilder.java, line(s) 358,429,430,331,357,443,354,356,356 io/grpc/okhttp/OkHttpServerBuilder.java, line(s) 235,236,249 io/grpc/util/AdvancedTlsX509TrustManager.java, line(s) 161,160,218,159,159,177
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/arlosoft/macrodroid/accessibility/AccessibilityServiceMonitor.java, line(s) 108 com/arlosoft/macrodroid/action/CloseApplicationAction.java, line(s) 359 com/arlosoft/macrodroid/action/ConfigureAppNotificationsAction.java, line(s) 214 com/arlosoft/macrodroid/root/RootToolsHelper.java, line(s) 46 com/stericson/RootTools/SanityCheckRootTools.java, line(s) 184,354
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/1032558389409/namespaces/firebase:fetch?key=AIzaSyDld0rmBm4u9kufAY0m7i6aBaINVvod58M ) 已禁用。响应内容如下所示: 响应码是 403
综合安全基线评分总结
MacroDroid v5.54.7
Android APK
47
综合安全评分
中风险