安全分析报告:
安全分数
安全分数 42/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
5
用户/设备跟踪器
调研结果
高危
6
中危
24
信息
2
安全
1
关注
17
高危 使用弱加密算法
使用弱加密算法 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/coloros/mcssdk/f/c.java, line(s) 13,23 com/tencent/mm/sdk/platformtools/LogHelper.java, line(s) 58
高危 WebView域控制不严格漏洞
WebView域控制不严格漏洞 Files: com/ainemo/android/activity/TestActivity.java, line(s) 153,141,152,157,158 com/ainemo/android/activity/business/WebPageActivity.java, line(s) 2497,2484,2496,2501,2502,2616,2618 com/ainemo/android/activity/business/actions/WebBusinessActivity.java, line(s) 1287,1276,1297,1298,1299 com/meeting/call/activity/XylinkMeetingActivity.java, line(s) 1227,1223 com/meeting/call/widget/call/addmore/h/f0.java, line(s) 598,585,597,602,603 com/tencent/wework/api/view/H5Activity.java, line(s) 40,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/ainemo/android/activity/business/actions/WebBusinessActivity.java, line(s) 1137,1136
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: org/acra/util/j.java, line(s) 14,15,16,17,4
高危 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: com/tencent/wework/api/utils/OpenDataUtils.java, line(s) 98,152
高危 应用程序包含隐私跟踪程序
此应用程序有多个5隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
中危 应用程序可以安装在有漏洞的已更新 Android 版本上
Android 5.0-5.0.2, [minSdk=21] 该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。
中危 应用程序数据存在被泄露的风险
未设置[android:allowBackup]标志 这个标志 [android:allowBackup]应该设置为false。默认情况下它被设置为true,允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (com.ainemo.android.activity.business.apsharescreen.ApShareScreenActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.ainemo.android.activity.MainActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.meeting.call.activity.XylinkMeetingActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.ainemo.android.activity.login.LoginActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.ainemo.android.activity.login.VerificationLoginActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.ainemo.android.activity.login.OtherLoginActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Broadcast Receiver (vulture.module.network.NetstateChangeReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.xiaomi.push.service.receivers.NetworkStatusReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.xiaomi.push.service.receivers.PingReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.xylink.push.xiaomi.XMPushReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Service (com.ainemo.android.service.NemoAppService) 未被保护。
存在一个intent-filter。 发现 Service与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Service是显式导出的。
中危 Service (com.xylink.push.oppo.OppoPushService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.coloros.mcs.permission.SEND_MCS_MESSAGE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/ainemo/android/activity/business/WebPageActivity.java, line(s) 121 com/ainemo/android/activity/business/actions/QrCodeCaptureActivity.java, line(s) 63 com/ainemo/android/business/BusinessModuleProcessor.java, line(s) 152 com/ainemo/android/view/VerifyCode.java, line(s) 16 com/meeting/call/manager/n.java, line(s) 42 com/meeting/call/widget/call/addmore/h/f0.java, line(s) 55 com/meeting/chat/utils/photo/b.java, line(s) 21 com/tencent/mm/sdk/platformtools/Util.java, line(s) 57 com/tencent/wxop/stat/a.java, line(s) 11 com/tencent/wxop/stat/common/l.java, line(s) 35 e/h/b/e/p0.java, line(s) 109 io/xylink/rtc/internal/http/utils/SignatureUtils.java, line(s) 9
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/ainemo/android/activity/MainActivity.java, line(s) 486,489 com/ainemo/android/activity/business/KeyNemoEventActivity.java, line(s) 68,69 com/ainemo/android/activity/business/WebPageActivity.java, line(s) 165,775,157,775 com/ainemo/android/activity/business/actions/QrCodeCaptureActivity.java, line(s) 70,89 com/ainemo/android/business/H5PageManager.java, line(s) 293 com/ainemo/android/business/apsharescreen/wifi/WifiAdmin.java, line(s) 191,234,168 com/ainemo/android/business/apsharescreen/wifi/WifiProxyManager.java, line(s) 91 com/ainemo/android/db/po/MyFolderData.java, line(s) 13 com/ainemo/android/db/po/XyVideoFolderData.java, line(s) 13 com/ainemo/android/enterprise/CreateEnterpriseActivity.java, line(s) 637 com/ainemo/android/enterprise/i.java, line(s) 315,317,722,728,730 com/ainemo/android/intent/IntentHandleUtils.java, line(s) 36 com/ainemo/android/j/l0.java, line(s) 139,142,197,214,181 com/ainemo/android/net/bean/ConferenceRankBean.java, line(s) 80 com/ainemo/android/net/bean/FaceImageInfo.java, line(s) 47 com/ainemo/android/net/bean/WeekSummaryBean.java, line(s) 79 com/ainemo/android/p/d.java, line(s) 433,729,726 com/ainemo/android/rest/model/AiUserInfoResponse.java, line(s) 106 com/ainemo/android/rest/model/CloudMeetingRoom.java, line(s) 115 com/ainemo/android/rest/model/CmrFolderVideo.java, line(s) 439 com/ainemo/android/rest/model/CmrRestData.java, line(s) 106 com/ainemo/android/rest/model/LoginInfoUtil.java, line(s) 8 com/ainemo/android/rest/model/LoginParams.java, line(s) 145,145 com/ainemo/android/rest/model/LoginRequest.java, line(s) 86 com/ainemo/android/rest/model/LoginResponse.java, line(s) 196,196 com/ainemo/android/rest/model/RegisterParams.java, line(s) 117 com/ainemo/android/rest/model/UserInfoOFWebPage.java, line(s) 220,220 com/ainemo/android/rest/model/VodFile.java, line(s) 344 com/ainemo/android/rest/model/json/CustomizationState.java, line(s) 194,194,194 com/ainemo/android/utils/CheckUtil.java, line(s) 10 com/ainemo/android/utils/PerferConstant.java, line(s) 15 com/ainemo/shared/call/CallConst.java, line(s) 100,213,207,185 com/ainemo/shared/call/ContentStateInfo.java, line(s) 81 com/bumptech/glide/load/e.java, line(s) 63 com/bumptech/glide/load/engine/c.java, line(s) 33 com/bumptech/glide/load/engine/n.java, line(s) 94 com/bumptech/glide/load/engine/u.java, line(s) 64 com/meeting/chat/enity/MessageInfo.java, line(s) 187 com/serenegiant/usb/USBMonitor.java, line(s) 777 com/tencent/mm/sdk/contact/RContact.java, line(s) 25 com/tencent/mm/sdk/conversation/RConversation.java, line(s) 16 com/tencent/mm/sdk/conversation/RConversationStorage.java, line(s) 8 com/tencent/mm/sdk/message/RMsgInfoStorage.java, line(s) 10 com/tencent/mm/sdk/openapi/ConstantsAPI.java, line(s) 11 com/tencent/mm/sdk/platformtools/KVConfig.java, line(s) 28 com/tencent/mm/sdk/platformtools/LocaleUtil.java, line(s) 22,30 com/tencent/mm/sdk/platformtools/Util.java, line(s) 952,1102 com/tencent/mm/sdk/plugin/MMPluginAPIImpl.java, line(s) 163,128,168 com/tencent/mm/sdk/plugin/MMPluginProviderConstants.java, line(s) 21,46,32,124,24 com/tencent/wxop/stat/StatSpecifyReportedInfo.java, line(s) 50 com/xylink/net/bean/request/LoginParams.java, line(s) 107,107 com/xylink/net/bean/response/NetUserDevice.java, line(s) 244 com/xylink/net/bean/response/NetUserProfile.java, line(s) 202 com/xylink/net/manager/g.java, line(s) 767 io/xylink/rtc/Settings.java, line(s) 201 io/xylink/rtc/internal/http/model/LoginResponse.java, line(s) 126 io/xylink/rtc/internal/model/define/CallConst.java, line(s) 185,61,46,160 io/xylink/rtc/internal/model/define/Constants.java, line(s) 36,27,14,29 io/xylink/rtc/internal/model/define/ErrorCode.java, line(s) 7 io/xylink/rtc/model/define/SocketProxyValidateResult.java, line(s) 9 org/acra/collector/m.java, line(s) 32
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/ainemo/android/activity/business/ImageViewerActivity.java, line(s) 158,430 com/ainemo/android/activity/business/NemoCircleSettingActivity.java, line(s) 322,382 com/ainemo/android/activity/business/WebPageActivity.java, line(s) 267,268,1518,1621 com/ainemo/android/activity/business/actions/UserProfileActivity.java, line(s) 168 com/ainemo/android/activity/call/view/content/ContentGLTextureView.java, line(s) 129 com/ainemo/android/activity/call/view/content/SliceBitmapMgr.java, line(s) 34 com/ainemo/android/activity/call/view/svc/OpenGLES2View.java, line(s) 75,94 com/ainemo/android/activity/call/view/svc/OpenGLTextureView.java, line(s) 68 com/ainemo/android/activity/login/FillUserInfoActivity.java, line(s) 99,130 com/ainemo/android/activity/z/d/o0.java, line(s) 97 com/ainemo/android/business/WelcomeImageManager.java, line(s) 82 com/ainemo/android/i/a.java, line(s) 34,42,50,58 com/ainemo/android/m/a/g.java, line(s) 31 com/ainemo/android/utils/ClientConfigUtils.java, line(s) 28,143 com/ainemo/android/utils/CommonUtils.java, line(s) 32 com/ainemo/android/utils/DownZipFileTask.java, line(s) 107 com/ainemo/android/utils/DownloadContactZipFile.java, line(s) 25,28 com/ainemo/android/utils/InsertContactDataToDB.java, line(s) 34 com/meeting/call/activity/ImageViewerActivity.java, line(s) 151 com/meeting/call/activity/a3.java, line(s) 27 com/meeting/call/manager/p.java, line(s) 28,28 com/meeting/call/whiteBoard/XylinkWhiteboardView.java, line(s) 445 com/meeting/call/widget/effects/virtualbg/j.java, line(s) 29 com/meeting/chat/utils/photo/b.java, line(s) 73,71 com/serenegiant/usb/USBMonitor.java, line(s) 992 com/tencent/mm/sdk/platformtools/Util.java, line(s) 254,255 com/tencent/wxop/stat/common/l.java, line(s) 487,488 com/xylink/util/file/FileManager.java, line(s) 19,23,27,31 com/xylink/util/file/FileUtils.java, line(s) 180,293,335,353,355,357 com/xylink/util/file/ToolKitFileProvider.java, line(s) 121,139 e/k/a/a/a/a/b.java, line(s) 19,21,33,42 io/xylink/rtc/internal/media/b.java, line(s) 33 io/xylink/rtc/internal/n1/e.java, line(s) 29,33,37,41 io/xylink/rtc/internal/opengl/OpenGLTextureView.java, line(s) 84 vulture/module/call/sdk/OpenGLRenderManager.java, line(s) 66
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: c/j/a/c.java, line(s) 6,46 c/j/a/i/a.java, line(s) 6,7,8,9,10,113 com/ainemo/android/db/helper/NewsDBHelper.java, line(s) 4,125 com/ainemo/android/db/helper/UserDBHelper.java, line(s) 5,111 com/tencent/wxop/stat/au.java, line(s) 7,199 com/tencent/wxop/stat/bc.java, line(s) 6,7,102
中危 IP地址泄露
IP地址泄露 Files: com/ainemo/android/business/BusinessModuleProcessor.java, line(s) 4697 com/ainemo/android/business/apsharescreen/data/socket/ApSocketConst.java, line(s) 3 com/tencent/wwapi/a.java, line(s) 5 com/tencent/wxop/stat/a.java, line(s) 68,63,66,57,60,64,67,65,61,58,62,59 com/tencent/wxop/stat/common/l.java, line(s) 183,175 e/d/a/e/b/j.java, line(s) 25 e/d/a/e/f/k.java, line(s) 42 e/d/a/f/b.java, line(s) 59 io/xylink/rtc/internal/model/Networks.java, line(s) 14
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/ainemo/android/utils/AESUtils.java, line(s) 86 com/ainemo/android/utils/SecurityCodeUtils.java, line(s) 42 com/tencent/mm/algorithm/d.java, line(s) 109,136,189,208 com/tencent/wework/api/WWAPIImpl.java, line(s) 281 com/tencent/wework/api/WWAPIImplLocal.java, line(s) 307 com/tencent/wxop/stat/common/l.java, line(s) 144 e/l/g/a.java, line(s) 40 io/xylink/rtc/internal/http/utils/a.java, line(s) 19,33,159
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: io/xylink/rtc/internal/http/utils/a.java, line(s) 43 j/d/a/a/a/a.java, line(s) 130
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/ainemo/android/activity/TestActivity.java, line(s) 148,143 com/ainemo/android/activity/business/WebPageActivity.java, line(s) 2491,2486 com/ainemo/android/activity/business/actions/WebBusinessActivity.java, line(s) 1300,1278 com/meeting/call/widget/call/ConfAnswerView.java, line(s) 250,253 com/meeting/call/widget/call/addmore/h/f0.java, line(s) 592,587
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "str_meeting_pwd" : "入會密碼" "user_name" : "用户名" "xylink_click_link_call_pwd" : "入会密码:" "cmr_pwd" : "入会密码" "string_not_pwd_tip" : "未設置入會密碼" "string_set_user_password" : "請設置6至16位的登錄密碼" "normal_conf_session_exceed" : "您呼叫的会议已达到最大支持人数,请联系管理员购买或使用超大型会议室。" "delete_account_password" : "登錄密碼" "normal_office_nemo_session_exceed" : "您呼叫的會議已達最大支持人數。 設備加入企業通訊錄,可支持更多方會議。 如需更多支持請呼叫客服終端號’288288’咨詢。" "string_sensitive_key" : "聊天內容含違規信息,請修改後發送" "sms_pwdreset_enter_sms" : "请输入验证码" "login_other_author" : "認證機構登錄" "str_settings_site_path_private" : "私有線路" "ent_conf_session_exceed" : "云会议室%s已达企业允许呼入的上限" "str_set_meeting_pwd" : "設置密碼" "cmr_share_user" : "Owner:%s" "pwd_reset_succeed" : "密码重置成功" "str_call_no_authority" : "没有呼叫权限" "enterprise_has_other_user" : "企業存在其他終端和用戶" "conf_session_exceed" : "當前會議人數已滿,請加入企業通訊錄, 購買更多會議端口,詳情請咨詢本地經銷商。" "large_conf_session_exceed" : "您呼叫的會議已達到最大支持人數,請聯系管理員購買或使用超大型會議室。" "en_nemo_session_exceed_low_balance" : "企業會議容量使用現在達到上限, 無法加入會議。請聯系管理員%s%s購買更多會議端口。" "srt_password_pwd_same" : "您修改的密碼與上次相同,請重新輸入修改密碼" "sms_pwd_dialog" : "可通過短信驗證碼重置密碼,即將發送驗證碼到" "user_name" : "UserName" "user_profile_password" : "修改密码" "input_pwd_tip" : "请输入6至16位新的登录密码" "login_account_pwd_string" : "賬號密碼登錄" "str_call_no_authority" : "沒有呼叫權限" "cmr_pwd" : "入會密碼" "MuteByUser" : "對方忙,暫時關閉視頻" "app_session_exceed" : "当前通话人数已满。请使用终端或云会议室召开多方视频会议。" "xylink_login_forget_password" : "忘记密码" "string_not_pwd_tip" : "未设置入会密码" "dialog_kicked_out_security_key_invalid" : "您的登录认证已失效,请重新登录" "str_no_meeting_pwd" : "沒有密碼" "user_name" : "用戶名" "sms_pwdreset_title" : "重置密码" "delete_account_password" : "登录密码" "string_sensitive_key" : "聊天内容含违规信息,请修改后发送" "pwd_reset_succeed" : "密碼重置成功" "string_allow_private_group_chat" : "允許群聊和私聊" "string_host_pwd_meeting_tip" : "請輸入主持密碼" "en_nemo_session_exceed_low_balance" : "会议容量使用现在达到上限, 无法加入会议。请联系管理员%s%s购买更多会议端口。" "string_incorrect_meeting_pwd" : "主持密碼不正確" "normal_home_nemo_session_exceed" : "当前通话人数已达上限,您无法加入。" "str_reset_init_pwd" : "企業管理員重置您的密碼,請重新登錄" "str_settings_site_path_private" : "私有线路" "login_account_pwd_string" : "Password" "sms_pwd_title" : "手机验证码重置密码" "app_session_exceed" : "當前通話人數已滿。請使用終端或雲會議室召開多方視頻會議。" "sms_pwdreset_enter_sms" : "請輸入驗證碼" "srt_password_pwd_same" : "您修改的密码与上次相同,请重新输入修改的密码" "login_failure_accound_pwd_no_match" : "登錄失敗,用戶名或密碼不正確" "login_failure_accound_pwd_no_match" : "登录失败,用户名或密码不正确" "office_nemo_session_exceed" : "當前通話人數已滿。如需更多人通話,請使用雲會議室。手機端下載小魚易連app,註冊即可獲得。" "exit_circle_user" : "(用户已退出)" "login_other_author" : "认证机构登录" "string_set_meeting_pwd_tip" : "为保证会议安全请设置入会密码" "session_exceed_limit_time_out" : "您的服务可用分钟数不足,无法呼叫。" "str_meeting_pwd" : "入会密码" "str_reset_init_pwd" : "企业管理员重置您的密码,请重新登录" "dialog_kicked_out_security_key_invalid" : "您的登錄認證已失效,請重新登錄" "user_conf_session_exceed" : "云会议室%s已达允许呼入的上限" "input_room_pwd" : "請輸入密碼" "cmr_share_user" : "發起人:%s" "login_account_pwd_string" : "账号密码登录" "MuteByUser" : "对方忙,暂时关闭视频" "str_set_meeting_pwd" : "设置密码" "string_allow_private_group_chat" : "允许群聊和私聊" "str_no_meeting_pwd" : "没有密码" "office_nemo_session_exceed" : "当前通话人数已满。如需更多人通话,请使用云会议室。" "string_private_chat_tip" : "(私聊)" "conf_session_exceed_limit_time" : "當前會議人數已超限,30分鐘後將自動結束。 請加入企業通訊錄,可支持更多方會議。" "xylink_login_forget_password" : "忘記密碼" "normal_home_nemo_session_exceed" : "當前通話人數已達上限,您無法加入。" "str_conference_password" : "會議密碼:" "str_conference_password" : "Password:" "large_conf_session_exceed" : "您呼叫的会议已达到最大支持人数,请联系管理员购买或使用超大型会议室。" "sms_pwdreset_title" : "重置密碼" "enterprise_has_other_user" : "企业存在其他终端和用户" "unknown_user" : "未知用户" "str_conference_password" : "会议密码:" "user_conf_session_exceed" : "雲會議室%s已達允許呼入的上限" "conf_session_exceed_limit_time" : "当前会议人数已超限,30分钟后将自动结束。 请加入通讯录,可支持更多方会议。" "string_host_pwd_meeting_tip" : "请输入主持密码" "session_exceed_limit_time_out" : "您的服務可用分鐘數不足,無法呼叫。" "home_nemo_session_exceed" : "呼叫无法接通,终端在家最多支持4方通话。" "sms_pwd_dialog" : "可通过短信验证码重置密码,即将发送验证码到" "string_incorrect_meeting_pwd" : "主持密码不正确" "en_conf_session_exceed_low_balance" : "當前會議人數已滿,請聯系企業管理員%s%s, 及時為企業帳戶充值,或購買更多會議端口。" "normal_conf_session_exceed" : "您呼叫的會議已達到最大支持人數,請聯系管理員購買或使用超大型會議室。" "normal_office_nemo_session_exceed" : "您呼叫的会议已达最大支持人数。 设备加入通讯录,可支持更多方会议。 如需更多支持请呼叫客服终端号’288288’咨询。" "delete_from_enterprise_user" : "從企業移除" "str_meeting_pwd_explain" : "請輸入6位數字,作為入會密碼" "unknown_user" : "未知用戶" "sms_pwd_title" : "手機驗證碼重置密碼" "input_pwd_tip" : "請輸入6至16位新的登錄密碼" "home_nemo_session_exceed" : "呼叫無法接通,終端在家最多支持4方通話。" "delete_account_password" : "Password" "string_set_meeting_pwd_tip" : "為保證會議安全請設置入會密碼" "home_nemo_session_exceed_limit_time" : "終端在家僅支持4方通話,當前通話人數已超限,30分鐘後將自動結束。" "normal_en_nemo_session_exceed" : "您呼叫的會議已達最大支持人數,請聯系企業IT管理員%s%s,購買超大型雲會議室。" "cmr_share_user" : "发起人:%s" "string_set_user_password" : "请设置6至16位的登录密码" "dep_conf_session_exceed" : "雲會議室%s已達部門允許呼入的上限" "dep_conf_session_exceed" : "云会议室%s已达部门允许呼入的上限" "en_conf_session_exceed_low_balance" : "当前会议人数已满,请联系管理员%s%s, 及时为帐户充值,或购买更多会议端口。" "conf_session_exceed" : "当前会议人数已满。请加入通讯录, 购买更多会议端口,详情请咨询本地经销商。" "str_meeting_pwd_explain" : "请输入6位数字,作为入会密码" "user_profile_password" : "修改密碼" "normal_en_nemo_session_exceed" : "您呼叫的会议已达最大支持人数,请联系IT管理员%s%s,购买超大型云会议室。" "delete_from_enterprise_user" : "从企业移除" "xylink_click_link_call_pwd" : "入會密碼:" "input_room_pwd" : "请输入密码" "exit_circle_user" : "(用戶已退出)" "home_nemo_session_exceed_limit_time" : "终端在家仅支持4方通话,当前通话人数已超限,30分钟后将自动结束。" "ent_conf_session_exceed" : "雲會議室%s已達企業允許呼入的上限" 30820122300d06092a864886f70d01010105000382010f003082010a0282010100c54db230ca0e0f37b105a3cd364dd20c76d3574a781f884aeb7d7548fb33928eaafe7cf9d94b3dcb553bbb9e61821738b359da9f8cf1e9281cfbf84 b0df1dcca5fda619b6f7f459f2ff8d70ddb7b601592fe29fcae58c028f319b3b12495e67aa5390942a997 B374B823AD2BF3F216AC8F67B86CE189 afa1a3005a15a672000048 d2cef93010963d9273440efe6a05dd8d 0f8FACa5ced0984927f294ff0AFe297d a8b415e86234c6584c9aee90fcc6f2d6 2f470a21df8d9998000202 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 ae30b4adf83f45aa8c5ce1c4993d7219 6X8Y4XdM2Vhvn0KfzcEatGnWaNU= 308202eb30820254a00302010202044d36f7a4300d06092a864886f70d01010505003081b9310b300906035504061302383631123010060355040813094775616e67646f6e673111300f060355040713085368656e7a68656e31353033060355040a132c54656e63656e7420546563686e6f6c6f6779285368656e7a68656e2920436f6d70616e79204c696d69746564313a3038060355040b133154656e63656e74204775616e677a686f7520526573656172636820616e6420446576656c6f706d656e742043656e7465723110300e0603550403130754656e63656e74301e170d3131303131393134333933325a170d3431303131313134333933325a3081b9310b300906035504061302383631123010060355040813094775616e67646f6e673111300f060355040713085368656e7a68656e31353033060355040a132c54656e63656e7420546563686e6f6c6f6779285368656e7a68656e2920436f6d70616e79204c696d69746564313a3038060355040b133154656e63656e74204775616e677a686f7520526573656172636820616e6420446576656c6f706d656e742043656e7465723110300e0603550403130754656e63656e7430819f300d06092a864886f70d010101050003818d0030818902818100c05f34b231b083fb1323670bfbe7bdab40c0c0a6efc87ef2072a1ff0d60cc67c8edb0d0847f210bea6cbfaa241be70c86daf56be08b723c859e52428a064555d80db448cdcacc1aea2501eba06f8bad12a4fa49d85cacd7abeb68945a5cb5e061629b52e3254c373550ee4e40cb7c8ae6f7a8151ccd8df582d446f39ae0c5e930203010001300d06092a864886f70d0101050500038181009c8d9d7f2f908c42081b4c764c377109a8b2c70582422125ce545842d5f520aea69550b6bd8bfd94e987b75a3077eb04ad341f481aac266e89d3864456e69fba13df018acdc168b9a19dfd7ad9d9cc6f6ace57c746515f71234df3a053e33ba93ece5cd0fc15f3e389a3f365588a9fcb439e069d3629cd7732a13fff7b891499 99A7B5BDA8615128675831C01F208344 5cb6f21f61f56423f0000bcd 011A40266C8C75D181DDD8E4DDC50075 F5BF8B3B1B616EFEF88681716C061BA4 66430e4a0cc01e77c8983cb507aeb8e3 ff80808163a476b10163ba8d21ea07a5 5cb6f1ec0cafb2bba8000461 6d9cb3bc7556dd97467aabae448f037737a0ef7b
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: c/d/b/b.java, line(s) 47,105,122 c/d/b/c.java, line(s) 30,116 c/d/b/e.java, line(s) 108 c/e/b/a.java, line(s) 597,941,944,1096,1102,2795,2838,1388,1396,1429,1441,1453,1465,1477,1489,1501,1513,1525,1532,1543,1555,959,966,1018,1538,1906,1914,1946,2005,2097,2106,2317,2320,2328,2369,2398,2401,2408,2441,2467,2470,2778,2780,2884 c/g/a/a.java, line(s) 257,325,333 c/h/b/a.java, line(s) 166,171,178,182,198,208 c/i/a.java, line(s) 425,489,500 c/j/a/d.java, line(s) 33,77,80,70,84 com/ainemo/android/activity/TestActivity.java, line(s) 56,61,67,72,81,107,113,119,130,196,202,210,218,224,231,237 com/ainemo/android/activity/call/view/svc/ZoomGesturedDetector.java, line(s) 288 com/ainemo/android/activity/login/AnonymousAttendConferenceActivity.java, line(s) 139 com/ainemo/android/activity/login/ForgetPwdActivity.java, line(s) 154 com/ainemo/android/business/BusinessModule.java, line(s) 2155,1282,1294,1307 com/ainemo/android/business/BusinessModuleProcessor.java, line(s) 2233,2353,2685 com/ainemo/android/business/H5PageManager.java, line(s) 344 com/ainemo/android/business/apsharescreen/protocal/ApScanCodeThreadManager.java, line(s) 62,67,84,105,123,136,139,183 com/ainemo/android/business/apsharescreen/protocal/ApSharePresenter.java, line(s) 378,506 com/ainemo/android/business/apsharescreen/protocal/ThreadPool.java, line(s) 20,32 com/ainemo/android/business/apsharescreen/wifi/WifiAdmin.java, line(s) 75,311,318,125,400,43,45,48,366,67,102,134,168 com/ainemo/android/db/contact/SaveContactFunction.java, line(s) 164 com/ainemo/android/extension/i.java, line(s) 120,127,139 com/ainemo/android/f/d/d.java, line(s) 222 com/ainemo/android/j/k0.java, line(s) 418,1381 com/ainemo/android/k/c.java, line(s) 42 com/ainemo/android/manager/c.java, line(s) 120,133,147 com/ainemo/android/p/d.java, line(s) 240,369 com/ainemo/android/p/e/b.java, line(s) 88,130,135,90,93,96,107,177,193,74,174,180,190 com/ainemo/android/utils/AESUtils.java, line(s) 60 com/ainemo/android/utils/ScreenSwitchUtils.java, line(s) 51,59,61,48 com/ainemo/android/view/ClipZoomImageView.java, line(s) 88 com/ainemo/android/view/widget/danmaku/DanmakuView.java, line(s) 93,99 com/ainemo/android/view/widget/meeting/WheelUtils.java, line(s) 46 com/ainemo/dragoon/ddshare/DDShareActivity.java, line(s) 21,28,34,40,42 com/bumptech/glide/GeneratedAppGlideModuleImpl.java, line(s) 14,15,13 com/bumptech/glide/c.java, line(s) 357,366,171,170,245,356,363,246 com/bumptech/glide/load/engine/DecodeJob.java, line(s) 153,516,576 com/bumptech/glide/load/engine/GlideException.java, line(s) 115 com/bumptech/glide/load/engine/bitmap_recycle/j.java, line(s) 175,236,176,237 com/bumptech/glide/load/engine/bitmap_recycle/k.java, line(s) 144,168,264,284,81,143,167,177,214,221,263,273,283,87,178,215,222,274 com/bumptech/glide/load/engine/g.java, line(s) 59,60 com/bumptech/glide/load/engine/i.java, line(s) 28,258 com/bumptech/glide/load/engine/w.java, line(s) 109,110 com/bumptech/glide/load/engine/x/e.java, line(s) 46,65,74,84,102,108,75,103,47,66,85,109 com/bumptech/glide/load/engine/x/l.java, line(s) 87,71 com/bumptech/glide/load/engine/y/a.java, line(s) 146,143 com/bumptech/glide/load/engine/y/b.java, line(s) 43,42 com/bumptech/glide/load/engine/z/a.java, line(s) 88,87 com/bumptech/glide/load/j/b.java, line(s) 31,30 com/bumptech/glide/load/j/j.java, line(s) 62,162,61,65,70,77,161,74,78 com/bumptech/glide/load/j/l.java, line(s) 33,32 com/bumptech/glide/load/j/p/c.java, line(s) 102,101 com/bumptech/glide/load/j/p/e.java, line(s) 49,104,48,103 com/bumptech/glide/load/k/c.java, line(s) 18,17 com/bumptech/glide/load/k/d.java, line(s) 32,31 com/bumptech/glide/load/k/f.java, line(s) 129,128 com/bumptech/glide/load/k/s.java, line(s) 98,99 com/bumptech/glide/load/k/t.java, line(s) 37,36 com/bumptech/glide/load/l/a.java, line(s) 78,79 com/bumptech/glide/load/l/g/a.java, line(s) 111,116,121,130,112,117,122,131 com/bumptech/glide/load/l/g/d.java, line(s) 24,25 com/bumptech/glide/load/l/g/j.java, line(s) 52,53 com/bumptech/glide/load/resource/bitmap/DefaultImageHeaderParser.java, line(s) 200,210,222,300,307,324,331,362,380,384,389,398,401,406,199,209,221,299,306,323,330,361,379,383,388,397,400,405 com/bumptech/glide/load/resource/bitmap/d0.java, line(s) 282,145,150,205,214,221,281,146,151,206,215,222,223,224,228 com/bumptech/glide/load/resource/bitmap/e.java, line(s) 50,49,66,67 com/bumptech/glide/load/resource/bitmap/f.java, line(s) 16,17 com/bumptech/glide/load/resource/bitmap/g0.java, line(s) 184,183 com/bumptech/glide/load/resource/bitmap/o.java, line(s) 350,377,408,213,238,340,349,376,407,214,341,430 com/bumptech/glide/load/resource/bitmap/p.java, line(s) 49,54,50,55 com/bumptech/glide/load/resource/bitmap/u.java, line(s) 60,61 com/bumptech/glide/m/d.java, line(s) 87,298,86,297 com/bumptech/glide/m/f.java, line(s) 432,449,467,430,447,465,495,504 com/bumptech/glide/n/e.java, line(s) 32,31,54,73,55,74 com/bumptech/glide/n/f.java, line(s) 16,15 com/bumptech/glide/n/k.java, line(s) 95,96 com/bumptech/glide/n/l.java, line(s) 144,145,153 com/bumptech/glide/n/n.java, line(s) 45,46 com/bumptech/glide/n/o.java, line(s) 125,134,126,135 com/bumptech/glide/o/e.java, line(s) 22,29,40,45,21,28,33,39,44,34 com/bumptech/glide/q/b.java, line(s) 55 com/bumptech/glide/r/c.java, line(s) 50,49 com/bumptech/glide/r/o/a.java, line(s) 114,115 com/bumptech/glide/request/SingleRequest.java, line(s) 483,70,551,522 com/bumptech/glide/request/j/f.java, line(s) 180,291,292,181 com/bumptech/glide/request/j/r.java, line(s) 168,279,280,169 com/coloros/mcssdk/f/d.java, line(s) 27,55,39,49,115,75,89,33,69,95,109 com/dyhdyh/widget/loading/d/b.java, line(s) 161,169 com/king/zxing/w/b.java, line(s) 187,201,208,95,137,180,102,109,144,39,46,60,53,67,74,116,123,130,151,158,165,194,215 com/meeting/call/manager/p.java, line(s) 86,217,259,211,89,266 com/meeting/call/manager/sharecontent/RecordService.java, line(s) 429 com/meeting/call/manager/sharecontent/floatdialog/ScreenShareFloatView.java, line(s) 101 com/meeting/call/widget/annotation/PaletteView.java, line(s) 217,297 com/meeting/call/widget/danmaku/DanmakuView.java, line(s) 103,109 com/meeting/call/widget/dialog/CallMoreDialog.java, line(s) 322 com/meeting/call/widget/dialog/CallShareDialog.java, line(s) 198 com/meeting/call/widget/share/ShareContentView.java, line(s) 95 com/meeting/call/widget/share/ShareImageView.java, line(s) 301 com/meeting/call/widget/video/CellStateView.java, line(s) 510,521,744 com/meeting/call/widget/video/GalleryVideoGroup.java, line(s) 386,387 com/meeting/call/widget/video/SpeakerVideoGroup.java, line(s) 813,814 com/meeting/call/widget/video/VideoCell.java, line(s) 103,146,161,628,723,748,758,1040,325,613 com/meeting/call/widget/video/VideoCellGroup.java, line(s) 405,421,424 com/meeting/chat/r0/m.java, line(s) 274 com/meeting/chat/r0/o.java, line(s) 23,24,29,34,35,48,49,53,55,61,62 com/meeting/chat/utils/photo/b.java, line(s) 75,83 com/meeting/chat/utils/photo/e.java, line(s) 61 com/meeting/chat/view/ChatEditext.java, line(s) 19 com/meeting/chat/y0/i.java, line(s) 110 com/meeting/chat/y0/j/c.java, line(s) 213,242,243,259 com/meeting/chat/y0/j/g.java, line(s) 173,183 com/serenegiant/usb/DeviceFilter.java, line(s) 105,107 com/serenegiant/usb/USBMonitor.java, line(s) 418,753,760,415,777,781,784,883,914 com/serenegiant/usb/UVCCamera.java, line(s) 230,236,241,247,265,768 com/tencent/mm/sdk/channel/MMessage.java, line(s) 38,42,48,73 com/tencent/mm/sdk/channel/MMessageAct.java, line(s) 36,42 com/tencent/mm/sdk/contact/RContact.java, line(s) 144,252,282 com/tencent/mm/sdk/openapi/GetMessageFromWX.java, line(s) 53 com/tencent/mm/sdk/openapi/SendAuth.java, line(s) 31,75 com/tencent/mm/sdk/openapi/SendMessageToWX.java, line(s) 25 com/tencent/mm/sdk/openapi/WXApiImplV10.java, line(s) 42,69,77,179,230,60,86,129,166,173,198,215,222,227 com/tencent/mm/sdk/openapi/WXAppExtendObject.java, line(s) 66 com/tencent/mm/sdk/openapi/WXEmojiObject.java, line(s) 56 com/tencent/mm/sdk/openapi/WXFileObject.java, line(s) 56 com/tencent/mm/sdk/openapi/WXImageObject.java, line(s) 73 com/tencent/mm/sdk/openapi/WXMediaMessage.java, line(s) 33,109,129 com/tencent/mm/sdk/openapi/WXMusicObject.java, line(s) 29 com/tencent/mm/sdk/openapi/WXTextObject.java, line(s) 21 com/tencent/mm/sdk/openapi/WXVideoObject.java, line(s) 29 com/tencent/mm/sdk/openapi/WXWebpageObject.java, line(s) 20 com/tencent/mm/sdk/platformtools/BackwardSupportUtil.java, line(s) 77,86,127 com/tencent/mm/sdk/platformtools/ChannelUtil.java, line(s) 49,75,84,67,68,73 com/tencent/mm/sdk/platformtools/KVConfig.java, line(s) 117,168,24,28,91,138 com/tencent/mm/sdk/platformtools/LBSManager.java, line(s) 134,36,98,176,180,185,193,201,206,219,253,263,271 com/tencent/mm/sdk/platformtools/LocaleUtil.java, line(s) 86,104,90 com/tencent/mm/sdk/platformtools/Log.java, line(s) 59,173,75,91,132,116,188,130,204 com/tencent/mm/sdk/platformtools/MAlarmHandler.java, line(s) 92,73,116 com/tencent/mm/sdk/platformtools/MMApplicationContext.java, line(s) 26 com/tencent/mm/sdk/platformtools/MMEntryLock.java, line(s) 17,20,26 com/tencent/mm/sdk/platformtools/NetStatusUtil.java, line(s) 161,162,202,203,359,50,53,60,97,116,117,118,119,120,121,122,303 com/tencent/mm/sdk/platformtools/PhoneUtil20Impl.java, line(s) 132 com/tencent/mm/sdk/platformtools/SensorController.java, line(s) 75,84,93,101 com/tencent/mm/sdk/platformtools/SyncTask.java, line(s) 33,36,51 com/tencent/mm/sdk/platformtools/TimeLogger.java, line(s) 29,36,39 com/tencent/mm/sdk/platformtools/TrafficStats.java, line(s) 108,77,81,85,89,92,95 com/tencent/mm/sdk/platformtools/Util.java, line(s) 249,267,857,865,1161,1176,517,551,587,591,631,783,930,1076,1120,1240,134,1102,834,838,846,850,1097 com/tencent/mm/sdk/plugin/MMPluginAPIImpl.java, line(s) 150,154,75 com/tencent/mm/sdk/plugin/MMPluginOAuth.java, line(s) 48,125,55,112,131,77,110 com/tencent/mm/sdk/plugin/MMPluginProviderConstants.java, line(s) 82,102 com/tencent/mm/sdk/storage/ContentProviderDB.java, line(s) 21,29,39,52,58,64,72 com/tencent/mm/sdk/storage/MAutoDBItem.java, line(s) 111 com/tencent/mm/sdk/storage/MAutoStorage.java, line(s) 59,63,77,102 com/tencent/mm/sdk/storage/MStorageEvent.java, line(s) 29 com/tencent/wework/api/WWAPIImplLocal.java, line(s) 811,896,815,900,910,921 com/tencent/wework/api/model/WWMediaConversation.java, line(s) 28,37,42,47,66,81,91 com/tencent/wework/api/model/WWMediaFile.java, line(s) 42,49,52 com/tencent/wework/api/model/WWMediaLink.java, line(s) 19 com/tencent/wework/api/model/WWMediaLocation.java, line(s) 19 com/tencent/wework/api/model/WWMediaMergedConvs.java, line(s) 41,61 com/tencent/wework/api/model/WWMediaMessage.java, line(s) 58,63,70,95 com/tencent/wework/api/model/WWMediaMiniProgram.java, line(s) 30,35 com/tencent/wework/api/model/WWMediaSPHBase.java, line(s) 16 com/tencent/wework/api/model/WWMediaText.java, line(s) 19 com/tencent/wework/api/utils/Log.java, line(s) 24,26,43,45,30,32,18,20,36,38 com/tencent/wework/api/utils/OpenDataUtils.java, line(s) 35,40,165,174,247,271 com/tencent/wework/api/utils/ReflecterHelper.java, line(s) 12,29 com/tencent/wxop/stat/common/StatLogger.java, line(s) 51,80,90,117,156,179 com/tencent/wxop/stat/common/l.java, line(s) 567 com/tencent/wxop/stat/common/r.java, line(s) 24,28,43,59,68,75,82,97,118,131,149,152,143 com/tokenautocomplete/TokenCompleteTextView.java, line(s) 682,697,701 com/xylink/common/b/a.java, line(s) 82,85 com/xylink/common/d/c.java, line(s) 46,76 com/xylink/common/e/b.java, line(s) 135 com/xylink/player/JZResizeTextureView.java, line(s) 36,63,64 com/xylink/player/JZVideoPlayer.java, line(s) 128,139,280,384,655,682,938,1005,1185,979,1039,1047,1174,222,374,397,441,572,587,621,627,645,674,718,728,739,752,760,780,798,804,849,857,863,879,885,904,910,922 com/xylink/player/JZVideoPlayerStandard.java, line(s) 569,657 com/xylink/player/b.java, line(s) 121 com/xylink/player/f.java, line(s) 141 com/xylink/push/xylink/a.java, line(s) 27,32 com/xylink/push/xylink/c.java, line(s) 31,37,43,49,56,59,65,76,82 com/xylink/util/file/a.java, line(s) 56 com/xylink/util/file/b.java, line(s) 47,50 e/a/a/k.java, line(s) 147,192,72,103,206 e/d/a/e/d/a.java, line(s) 21 e/d/a/f/d.java, line(s) 33,28,31,26 e/f/a/a/b.java, line(s) 83,86 e/f/a/a/d.java, line(s) 31,71,76,81,93 e/f/a/a/e/a.java, line(s) 27,38 e/f/a/a/e/c.java, line(s) 34,41,44 e/f/a/a/e/e.java, line(s) 25,38,51,96 e/f/a/a/e/f.java, line(s) 28 e/h/b/e/r0.java, line(s) 65,271 e/h/b/e/v0.java, line(s) 469 e/k/a/a/a/a/b.java, line(s) 18,40,45,26,51 e/k/a/a/a/a/c.java, line(s) 31,45 e/k/a/a/a/a/d.java, line(s) 15,31 e/k/a/a/a/a/e.java, line(s) 13,27 e/k/a/a/a/a/h.java, line(s) 29,19,63,23 e/l/d/a/d/e.java, line(s) 5,49,54,60,65,71,98,104,15,25,38,43,76,81,87,92 e/l/f/a/a.java, line(s) 27,38 e/l/f/a/b.java, line(s) 17,20 e/l/f/a/c.java, line(s) 18,30 e/l/f/a/g.java, line(s) 30,43,56 e/l/f/a/h.java, line(s) 20,56,61,66,78 io/xylink/rtc/internal/http/utils/SignatureUtils.java, line(s) 66,71,72,133,134,135 io/xylink/rtc/internal/opengl/GLTextureView.java, line(s) 67,215,881,654,101,111,125,130,146,166,195 j/d/b/b/a/b.java, line(s) 25,61 j/d/b/c/a/b.java, line(s) 44 j/d/b/c/a/c.java, line(s) 173,58,185,193 j/d/b/c/a/d.java, line(s) 24 k/b/a.java, line(s) 136 org/acra/l/b.java, line(s) 22,52,12,57,27,32,17,37,7,42,47 vulture/nettool/NNTJni.java, line(s) 36
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: e/h/b/b/m.java, line(s) 5,54,84
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: e/l/e/b.java, line(s) 113,178,112,111,111,176,176 io/xylink/rtc/internal/l1/m.java, line(s) 113,178,112,111,111,176,176
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (wx.tenpay.com) 通信。
{'ip': '101.226.137.106', 'country_short': 'CN', 'country_long': 'China', 'region': 'Shanghai', 'city': 'Shanghai', 'latitude': '31.224333', 'longitude': '121.469139'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (matrixtestdev.xylink.com) 通信。
{'ip': '152.136.6.139', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (vip.xylink.com) 通信。
{'ip': '47.93.92.195', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (www.xylink.com) 通信。
{'ip': '39.107.194.137', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (zone.xylink.com) 通信。
{'ip': '182.92.140.194', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (vodupload.xylink.com) 通信。
{'ip': '47.93.155.204', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (Hong Kong) 的服务器 (prdtxlive.xylink.com) 通信。
{'ip': '119.29.125.213', 'country_short': 'HK', 'country_long': 'Hong Kong', 'region': 'Hong Kong', 'city': 'Hong Kong', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (log.xylink.com) 通信。
{'ip': '101.201.58.192', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (www.zaijia.com) 通信。
{'ip': '106.13.244.126', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (edu.xylink.com) 通信。
{'ip': '101.200.124.155', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (cdn.xylink.com) 通信。
{'ip': '122.225.212.212', 'country_short': 'CN', 'country_long': 'China', 'region': 'Guangdong', 'city': 'Shenzhen', 'latitude': '22.545540', 'longitude': '114.068298'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (cloud.xylink.com) 通信。
{'ip': '182.92.140.194', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (dev.zaijia.cn) 通信。
{'ip': '182.92.251.243', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (matrix.xylink.com) 通信。
{'ip': '47.95.69.250', 'country_short': 'CN', 'country_long': 'China', 'region': 'Beijing', 'city': 'Beijing', 'latitude': '39.907501', 'longitude': '116.397232'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (meeting.mwr.cn) 通信。
{'ip': '210.12.196.140', 'country_short': 'CN', 'country_long': 'China', 'region': 'Jilin', 'city': 'Yanji', 'latitude': '42.907501', 'longitude': '129.507782'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (metrics.data.hicloud.com) 通信。
{'ip': '171.15.136.95', 'country_short': 'CN', 'country_long': 'China', 'region': 'Henan', 'city': 'Zhengzhou', 'latitude': '34.757778', 'longitude': '113.648613'}
关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (devcdn.xylink.com) 通信。
{'ip': '58.220.52.201', 'country_short': 'CN', 'country_long': 'China', 'region': 'Jiangsu', 'city': 'Yangzhou', 'latitude': '32.397221', 'longitude': '119.435829'}