安全分析报告:
安全分数
安全分数 53/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
0
用户/设备跟踪器
调研结果
高危
1
中危
4
信息
1
安全
1
关注
0
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
中危 应用程序数据存在被泄露的风险
未设置[android:allowBackup]标志 这个标志 [android:allowBackup]应该设置为false。默认情况下它被设置为true,允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: i1/f.java, line(s) 43 v/g.java, line(s) 79 x/d.java, line(s) 37 x/p.java, line(s) 95 x/x.java, line(s) 84
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: t3/a.java, line(s) 3 t3/b.java, line(s) 3 u3/a.java, line(s) 3
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: j1/e.java, line(s) 293,451
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a0/a.java, line(s) 169,166 b0/c.java, line(s) 16,15 b0/d.java, line(s) 44,43 b0/g.java, line(s) 104,103 b0/t.java, line(s) 67,70 b0/u.java, line(s) 64,69,82,98,65,70,85,101 b0/v.java, line(s) 35,34 b1/a.java, line(s) 12 com/lyokone/location/FlutterLocationService.java, line(s) 130,137,140,204,211,220,228 com/lyokone/location/a.java, line(s) 235 com/lyokone/location/b.java, line(s) 29,35 com/lyokone/location/c.java, line(s) 175,164 com/lyokone/location/d.java, line(s) 32,21 d0/l.java, line(s) 78,79 e0/c.java, line(s) 65,64,74,88,89 e0/e.java, line(s) 15,16 e0/g0.java, line(s) 209,216,260,319,208,215,257,318 e0/j.java, line(s) 174,181,273,283,295,308,326,342,352,361,374,379,173,180,272,282,294,307,325,335,340,344,350,354,373,378 e0/q.java, line(s) 110,128,327,109,127,192,259,295,326,193,260,401 e0/r.java, line(s) 44,50,45,51 e0/u.java, line(s) 86,119,125,131,137,143,150,156,164,120,126,132,138,144,151,157,165,87 f1/b.java, line(s) 280 h2/a.java, line(s) 67,71 i0/a.java, line(s) 87,92,97,106,88,93,98,107 i0/d.java, line(s) 21,22 i0/j.java, line(s) 39,42 j/d.java, line(s) 369,371,377,380,128 j/e.java, line(s) 197 j/f.java, line(s) 185,80,100,112,113,128,132 j1/a.java, line(s) 625,630,666,670,675,682 j1/d.java, line(s) 577,582,589 j4/a.java, line(s) 120,184,189,203,208,229,235,240 k0/d.java, line(s) 49,62,67,72,48,55,61,66,71,56 m0/k.java, line(s) 157,15,288,114 m2/b.java, line(s) 85,360,415 n/b.java, line(s) 81 n1/a.java, line(s) 23,33,43,53 n2/c.java, line(s) 134,172,178,193 p0/b.java, line(s) 20 q1/f.java, line(s) 114,162,169 q1/i.java, line(s) 49,92,98,107,110 q1/j.java, line(s) 43 q1/m.java, line(s) 26 q1/t.java, line(s) 44 q1/x.java, line(s) 25 q2/b.java, line(s) 10,14,28,32 r0/a.java, line(s) 72,73 s/a.java, line(s) 20 s/q.java, line(s) 58,92,96,158,161,403,416,422,430,258 s/s.java, line(s) 311,315,320 s/u.java, line(s) 60 s1/c0.java, line(s) 49 t/b.java, line(s) 406 t1/a.java, line(s) 18 t1/a0.java, line(s) 98,101,127,130,133,164,172 t1/c.java, line(s) 198,216,375,379,383,389 t1/c1.java, line(s) 53,58 t1/d0.java, line(s) 26 t1/g1.java, line(s) 50 t1/p0.java, line(s) 35 t1/s0.java, line(s) 101 t1/t0.java, line(s) 28 t1/u0.java, line(s) 20 t1/w0.java, line(s) 45 u/d.java, line(s) 76,103,75,102 u/e.java, line(s) 544,565,583,543,564,582 v0/b.java, line(s) 80 w/c.java, line(s) 111,110 w/e.java, line(s) 58,117,57,116 w0/a.java, line(s) 55 w1/b.java, line(s) 57,68 x/h.java, line(s) 610,298,313,609,405 x/i.java, line(s) 51,52 x/k.java, line(s) 14,214 x/q.java, line(s) 165 x/z.java, line(s) 76,118,66,75,117,67 x1/f.java, line(s) 166,62,69,144,153,180 y/i.java, line(s) 110,150,111,151 y/k.java, line(s) 125,166,177,189,89,124,134,155,165,176,188,219,226,95,135,220,227,156 z/e.java, line(s) 45,55,69,75,106,46,70,58,76,107 z/i.java, line(s) 123,107
安全 此应用程序没有隐私跟踪程序
此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。