页面标题
页面副标题
移动应用安全检测报告
菜鸟应急 v4.1.2
45
安全评分
安全基线评分
45/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
5
高危
16
中危
2
信息
2
安全
隐私风险评估
1
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
5
中危安全漏洞
16
安全提示信息
2
已通过安全项
2
重点安全关注
4
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/lixiangj/ui/activitys/MT10ACT.java, line(s) 218,217 com/lixiangj/ui/activitys/MT7ACT.java, line(s) 199,198 com/lixiangj/ui/activitys/MT9ACT.java, line(s) 330,329
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/just/agentweb/UrlLoaderImpl.java, line(s) 52,5
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: d/g/a/c.java, line(s) 27
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/just/agentweb/AgentWebConfig.java, line(s) 60,10
高危安全漏洞 使用弱加密算法
使用弱加密算法 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: d/s/b/c/b.java, line(s) 33,45 d/s/b/c/r.java, line(s) 40,60,92
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 Broadcast Receiver (com.base.commonlibrary.netstate.NetworkStateReceiver) 未受保护。
存在 intent-filter。 检测到 Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。
中危安全漏洞 Broadcast Receiver (com.lixiangj.gzd.FZGBReceiver) 未受保护。
存在 intent-filter。 检测到 Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。
中危安全漏洞 Activity (com.sina.weibo.sdk.share.ShareResultActivity) 未受保护。
存在 intent-filter。 检测到 Activity 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Activity 被显式导出,存在安全风险。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: d/s/a/d/a/a/c.java, line(s) 57,191,306,185
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: d/m/a/j/d.java, line(s) 5,200,222 d/m/a/j/e.java, line(s) 4,5,15,16,39,40,43,44 d/s/b/b/h1.java, line(s) 5,46,47,25
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: d/n/c/b/a.java, line(s) 47 d/s/b/b/p/b.java, line(s) 28 facadeverify/b.java, line(s) 18
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: b/h/f/b.java, line(s) 58 b/h/j/c.java, line(s) 14,20,20 com/just/agentweb/AgentWebUtils.java, line(s) 278,361 com/lixiangj/gzd/FZGB0Service.java, line(s) 298 d/n/b/d/a/d.java, line(s) 7 d/r/a/a/e/b.java, line(s) 126,72 d/s/b/c/d.java, line(s) 66 d/s/b/c/n.java, line(s) 176,180,194,591 d/t/a/a.java, line(s) 28,20,28 d/t/a/f.java, line(s) 31
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/just/agentweb/AgentWebUtils.java, line(s) 568 d/b/a/r/e.java, line(s) 15 d/g/a/s.java, line(s) 164,182 d/h/a/m/g/a.java, line(s) 1097 d/h/a/n/i.java, line(s) 136 d/m/a/r/e.java, line(s) 182 d/r/a/a/e/d.java, line(s) 10 faceverify/d.java, line(s) 301,345 faceverify/v.java, line(s) 44,64,104,134,173,203,247
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: d/k/a/c/f/a/c.java, line(s) 4 d/n/b/d/a/e.java, line(s) 9 d/s/b/c/r.java, line(s) 6 d/s/b/c/s.java, line(s) 8 faceverify/e.java, line(s) 21
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: b/p/b.java, line(s) 95
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/lixiangj/ui/activitys/MT8ACT.java, line(s) 54,56 d/o/a/i/a/f/a.java, line(s) 105,98
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: d/d/a/l/d.java, line(s) 72 d/d/a/l/j/d.java, line(s) 33 d/d/a/l/j/p.java, line(s) 87 d/d/a/l/j/w.java, line(s) 78 faceverify/j.java, line(s) 37,34
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.amap.com.lixiangj.mjyp.app.api.v2.apikey" : "0bsdfvdd0" 308203773082025fa003020102020448bb959d300d06092a864886f70d01010b0500306b310b300906035504061302636e31123010060355040813094775616e67646f6e673111300f060355040713085368656e7a68656e3110300e060355040a130754656e63656e74310c300a060355040b13034d4947311530130603550403130c4d696e676875204875616e673020170d3136303532313039353730335a180f32303731303232323039353730335a306b310b300906035504061302636e31123010060355040813094775616e67646f6e673111300f060355040713085368656e7a68656e3110300e060355040a130754656e63656e74310c300a060355040b13034d4947311530130603550403130c4d696e676875204875616e6730820122300d06092a864886f70d01010105000382010f003082010a02820101008c58deabefe95f699c6322f9a75620873b490d26520c7267eb8382a91da625a5876b2bd617116eb40b371c4f88c988c1ba73052caaa9964873c94b7755c3429fca47a6677229fb2e72908d3b17df82f1ebe70447b94c1e5b0a763dad8948312180322657325306f01e423e0409ef3a59e5c0e0b9c765a2322699a2dec2d4dbe58ec15f41752516192169d9596169f5bf08eaf8aab9893240ad679e82fc92b97d2ae98b28021dc5a752f0a69437ea603c541e6753cea52dbc8e8043fe21fd5da46066c92e0714905dfad3116f35aca52b13871c57481459aa4ca255a6482ba972bd17af90d0d2c21a57ef65376bbd4ce7078e6047060640669f3867fdc69fbb750203010001a321301f301d0603551d0e0416041450fb9b6362e829797b1b29ca55e6d5e082e93ff3300d06092a864886f70d01010b050003820101004952ffbfba7c00ee9b84f44b05ec62bc2400dc769fb2e83f80395e3fbb54e44d56e16527413d144f42bf8f21fa443bc42a7a732de9d5124df906c6d728e75ca94eefc918080876bd3ce6cb5f7f2d9cc8d8e708033afc1295c7f347fb2d2098be2e4a79220e9552171d5b5f8f59cff4c6478cc41dce24cbe942305757488d37659d3265838ee54ebe44fccbd1bec93d809f950034f5ef292f20179554d22f5856c03b4d44997fcb9b3579e16a49218fce0e2e6bfe1fd4aa0ab39f548344c244c171c203baff1a730883aaf4506b6865a45c3c9aba40c6326d4152b6ce09cc058864bec1d6422e83dad9496b83fb252b4bfb30d3a6badf996099793e11f9af618d 3082023f308201a8a00302010202044c46914a300d06092a864886f70d01010505003064310b30090603550406130238363110300e060355040813074265696a696e673110300e060355040713074265696a696e673110300e060355040a130754656e63656e74310c300a060355040b13035753443111300f0603550403130873616d75656c6d6f301e170d3130303732313036313835305a170d3430303731333036313835305a3064310b30090603550406130238363110300e060355040813074265696a696e673110300e060355040713074265696a696e673110300e060355040a130754656e63656e74310c300a060355040b13035753443111300f0603550403130873616d75656c6d6f30819f300d06092a864886f70d010101050003818d0030818902818100c209077044bd0d63ea00ede5b839914cabcc912a87f0f8b390877e0f7a2583f0d5933443c40431c35a4433bc4c965800141961adc44c9625b1d321385221fd097e5bdc2f44a1840d643ab59dc070cf6c4b4b4d98bed5cbb8046e0a7078ae134da107cdf2bfc9b440fe5cb2f7549b44b73202cc6f7c2c55b8cfb0d333a021f01f0203010001300d06092a864886f70d010105050003818100b007db9922774ef4ccfee81ba514a8d57c410257e7a2eba64bfa17c9e690da08106d32f637ac41fbc9f205176c71bde238c872c3ee2f8313502bee44c80288ea4ef377a6f2cdfe4d3653c145c4acfedbfbadea23b559d41980cc3cdd35d79a68240693739aabf5c5ed26148756cf88264226de394c8a24ac35b712b120d4d23a 30820253308201bca00302010202044bbb0361300d06092a864886f70d0101050500306d310e300c060355040613054368696e61310f300d06035504080c06e58c97e4baac310f300d06035504070c06e58c97e4baac310f300d060355040a0c06e885bee8aeaf311b3019060355040b0c12e697a0e7babfe4b89ae58aa1e7b3bbe7bb9f310b30090603550403130251513020170d3130303430363039343831375a180f32323834303132303039343831375a306d310e300c060355040613054368696e61310f300d06035504080c06e58c97e4baac310f300d06035504070c06e58c97e4baac310f300d060355040a0c06e885bee8aeaf311b3019060355040b0c12e697a0e7babfe4b89ae58aa1e7b3bbe7bb9f310b300906035504031302515130819f300d06092a864886f70d010101050003818d0030818902818100a15e9756216f694c5915e0b529095254367c4e64faeff07ae13488d946615a58ddc31a415f717d019edc6d30b9603d3e2a7b3de0ab7e0cf52dfee39373bc472fa997027d798d59f81d525a69ecf156e885fd1e2790924386b2230cc90e3b7adc95603ddcf4c40bdc72f22db0f216a99c371d3bf89cba6578c60699e8a0d536950203010001300d06092a864886f70d01010505000381810094a9b80e80691645dd42d6611775a855f71bcd4d77cb60a8e29404035a5e00b21bcc5d4a562482126bd91b6b0e50709377ceb9ef8c2efd12cc8b16afd9a159f350bb270b14204ff065d843832720702e28b41491fbc3a205f5f2f42526d67f17614d8a974de6487b2c866efede3b4e49a0f916baa3c1336fd2ee1b1629652049 09ce2f7bfb9243debf2c2efe05a1d047 7504f3f0-aca8-4636-b486-e396559d3efb MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3DtFIIG5OhLgYu4lA3GAx4DAhLyag2HSd2lsr1L66hH9SdefhaknsujWnumk+yNMYlQFdDnJ1Z8A4kj6zLJYRnNLyUeU0tI9uMlPr6AGbdiaV85BoK0YXJY6pxEw3w55ooznTjMswIRyv93o8fBKWx/7mEnsrayE8VITzHroIuQIDAQAB f4qgkb85q4pMRMChLeC7uSn2wwTWGXrs fd4ddd72c85fd5fe2913be520df32ed0 30820239308201a2a00302010202044c96f48f300d06092a864886f70d01010505003060310b300906035504061302434e310b300906035504081302474431123010060355040713094775616e677a686f753110300e060355040a130754656e63656e74310b3009060355040b130233473111300f0603550403130857696c736f6e57753020170d3130303932303035343334335a180f32303635303632333035343334335a3060310b300906035504061302434e310b300906035504081302474431123010060355040713094775616e677a686f753110300e060355040a130754656e63656e74310b3009060355040b130233473111300f0603550403130857696c736f6e577530819f300d06092a864886f70d010101050003818d0030818902818100b56e79dbb1185a79e52d792bb3d0bb3da8010d9b87da92ec69f7dc5ad66ab6bfdff2a6a1ed285dd2358f28b72a468be7c10a2ce30c4c27323ed4edcc936080e5bedc2cbbca0b7e879c08a631182793f44bb3ea284179b263410c298e5f6831032c9702ba4a74e2ccfc9ef857f12201451602fc8e774ac59d6398511586c83d1d0203010001300d06092a864886f70d0101050500038181002475615bb65b8d8786b890535802948840387d06b1692ff3ea47ef4c435719ba1865b81e6bfa6293ce31747c3cd6b34595b485cc1563fd90107ba5845c28b95c79138f0dec288940395bc10f92f2b69d8dc410999deb38900974ce9984b678030edfba8816582f56160d87e38641288d8588d2a31e20b89f223d788dd35cc9c8 308202eb30820254a00302010202044d36f7a4300d06092a864886f70d01010505003081b9310b300906035504061302383631123010060355040813094775616e67646f6e673111300f060355040713085368656e7a68656e31353033060355040a132c54656e63656e7420546563686e6f6c6f6779285368656e7a68656e2920436f6d70616e79204c696d69746564313a3038060355040b133154656e63656e74204775616e677a686f7520526573656172636820616e6420446576656c6f706d656e742043656e7465723110300e0603550403130754656e63656e74301e170d3131303131393134333933325a170d3431303131313134333933325a3081b9310b300906035504061302383631123010060355040813094775616e67646f6e673111300f060355040713085368656e7a68656e31353033060355040a132c54656e63656e7420546563686e6f6c6f6779285368656e7a68656e2920436f6d70616e79204c696d69746564313a3038060355040b133154656e63656e74204775616e677a686f7520526573656172636820616e6420446576656c6f706d656e742043656e7465723110300e0603550403130754656e63656e7430819f300d06092a864886f70d010101050003818d0030818902818100c05f34b231b083fb1323670bfbe7bdab40c0c0a6efc87ef2072a1ff0d60cc67c8edb0d0847f210bea6cbfaa241be70c86daf56be08b723c859e52428a064555d80db448cdcacc1aea2501eba06f8bad12a4fa49d85cacd7abeb68945a5cb5e061629b52e3254c373550ee4e40cb7c8ae6f7a8151ccd8df582d446f39ae0c5e930203010001300d06092a864886f70d0101050500038181009c8d9d7f2f908c42081b4c764c377109a8b2c70582422125ce545842d5f520aea69550b6bd8bfd94e987b75a3077eb04ad341f481aac266e89d3864456e69fba13df018acdc168b9a19dfd7ad9d9cc6f6ace57c746515f71234df3a053e33ba93ece5cd0fc15f3e389a3f365588a9fcb439e069d3629cd7732a13fff7b891499 308202ad30820216a00302010202044c26cea2300d06092a864886f70d010105050030819a310b3009060355040613023836311530130603550408130c4265696a696e672043697479311530130603550407130c4265696a696e67204369747931263024060355040a131d515a6f6e65205465616d206f662054656e63656e7420436f6d70616e7931183016060355040b130f54656e63656e7420436f6d70616e79311b301906035504031312416e64726f696420515a6f6e65205465616d301e170d3130303632373034303830325a170d3335303632313034303830325a30819a310b3009060355040613023836311530130603550408130c4265696a696e672043697479311530130603550407130c4265696a696e67204369747931263024060355040a131d515a6f6e65205465616d206f662054656e63656e7420436f6d70616e7931183016060355040b130f54656e63656e7420436f6d70616e79311b301906035504031312416e64726f696420515a6f6e65205465616d30819f300d06092a864886f70d010101050003818d003081890281810082d6aca037a9843fbbe88b6dd19f36e9c24ce174c1b398f3a529e2a7fe02de99c27539602c026edf96ad8d43df32a85458bca1e6fbf11958658a7d6751a1d9b782bf43a8c19bd1c06bdbfd94c0516326ae3cf638ac42bb470580e340c46e6f306a772c1ef98f10a559edf867f3f31fe492808776b7bd953b2cba2d2b2d66a44f0203010001300d06092a864886f70d0101050500038181006003b04a8a8c5be9650f350cda6896e57dd13e6e83e7f891fc70f6a3c2eaf75cfa4fc998365deabbd1b9092159edf4b90df5702a0d101f8840b5d4586eb92a1c3cd19d95fbc1c2ac956309eda8eef3944baf08c4a49d3b9b3ffb06bc13dab94ecb5b8eb74e8789aa0ba21cb567f538bbc59c2a11e6919924a24272eb79251677 ab05c5fe1172477aa023e3046a6abbd2 MCwwDQYJKoZIhvcNAQEBBQADGwAwGAIRAMRB/Q0hTCD+XtnQhpQJefUCAwEAAQ== 3b16eb5bad02449eb8c1c728dc1f46ac b20292cc45269854c712
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: b/b/k/e.java, line(s) 1433,607,613,1074,1458,1660 b/b/k/g.java, line(s) 97 b/b/k/h.java, line(s) 45,55,70,80,97,109,121,130,143,157,169 b/b/k/j.java, line(s) 60,75 b/b/l/a/a.java, line(s) 101 b/b/p/g.java, line(s) 146,192,249 b/b/p/j/i.java, line(s) 369 b/b/p/j/j.java, line(s) 199 b/b/q/b0.java, line(s) 81,118,333,100,151,204,217,269,272,337,340,393 b/b/q/c0.java, line(s) 29 b/b/q/i0.java, line(s) 262,266 b/b/q/k0.java, line(s) 103 b/b/q/l0.java, line(s) 81 b/b/q/n0.java, line(s) 24,35,53,55,57 b/b/q/o.java, line(s) 74,88,102,111,247,421 b/b/q/r.java, line(s) 147 b/b/q/w.java, line(s) 24,58 b/b/q/x$a.java, line(s) 17 b/b/q/x$b.java, line(s) 17 b/b/q/x$f.java, line(s) 17 b/b/q/x.java, line(s) 102,299 b/f/a/a/c.java, line(s) 60 b/f/a/b/a.java, line(s) 46 b/f/a/b/d$a.java, line(s) 50 b/f/a/b/f$a.java, line(s) 127 b/f/a/b/f.java, line(s) 187,238 b/f/a/b/g$g.java, line(s) 31,33 b/f/a/b/h.java, line(s) 32,57 b/f/a/b/i$a.java, line(s) 92,97 b/f/a/b/k$a.java, line(s) 51 b/f/a/b/l$a.java, line(s) 80 b/f/a/b/m.java, line(s) 178,182,186 b/f/a/b/n.java, line(s) 406 b/f/a/b/q.java, line(s) 395,404,605,652,832,870,209,226,128,250,595,596,641 b/f/a/b/r$g.java, line(s) 31,33 b/f/a/b/s$e.java, line(s) 31,33 b/f/a/b/s.java, line(s) 292 b/f/a/b/t.java, line(s) 337 b/f/b/d.java, line(s) 388 b/f/b/j/d.java, line(s) 303 b/f/c/a.java, line(s) 214,114,191,263 b/f/c/b.java, line(s) 595,1597,957,1058,610,616,992,1638,1641 b/f/c/f.java, line(s) 99,205 b/h/e/c.java, line(s) 87,228 b/h/e/f.java, line(s) 27 b/h/e/j.java, line(s) 62,76,80 b/h/e/m.java, line(s) 62 b/h/f/d/a.java, line(s) 42 b/h/f/d/b.java, line(s) 74 b/h/f/d/f.java, line(s) 85,93 b/h/g/c.java, line(s) 509,514 b/h/g/e.java, line(s) 71 b/h/g/f.java, line(s) 42,73 b/h/g/g.java, line(s) 53,216 b/h/g/j.java, line(s) 52,55 b/h/g/k.java, line(s) 92 b/h/g/l/a.java, line(s) 97,106,164,174 b/h/g/l/e.java, line(s) 38,58 b/h/j/c.java, line(s) 22 b/h/j/h.java, line(s) 20 b/h/l/b.java, line(s) 38,49,51,62,64,84,87 b/h/m/b.java, line(s) 24 b/h/n/b.java, line(s) 62 b/h/n/b0$b.java, line(s) 32,44,51,60 b/h/n/c0/c.java, line(s) 135 b/h/n/f.java, line(s) 21,30 b/h/n/h.java, line(s) 14 b/h/n/t.java, line(s) 536 b/h/n/u.java, line(s) 22,33 b/h/n/w.java, line(s) 20,35,56,83,104,125,146 b/h/o/c.java, line(s) 27,36 b/h/o/h.java, line(s) 34,43 b/h/o/i.java, line(s) 288,279 b/j/b/c.java, line(s) 140 b/k/a/a.java, line(s) 470,731,1045,434,442,501,508,592,712,716 b/l/a/a.java, line(s) 107,170,179,191 b/l/a/b.java, line(s) 99 b/l/a/d.java, line(s) 220,228,247,342,350 b/l/a/j.java, line(s) 2027,2028,2036,2044,327,335,394,601,644,730,1234,1316,1319,1393,1409,1439,1458,1478,1578,1585,1601,1613,1750,1760,1766,1866,1903,1981,2052,2055,2064,2074,2241,2252,2310 b/l/a/l.java, line(s) 44,55 b/l/a/m.java, line(s) 87 b/o/a/b$a.java, line(s) 37,51,58,80,44 b/o/a/b.java, line(s) 38,57,159,165,186 b/p/a.java, line(s) 276,315,366,368,151,158,160,166,298,300,309,312,355,64,95,154,162,169,180,189,201,261,279 b/p/b.java, line(s) 53,63,65,96,112,179,181,191,203,207,209,214,219,261,283,89,175,183,199,271,287,302 b/t/f0.java, line(s) 34,43,45 b/t/h.java, line(s) 54,66,81 b/t/p0.java, line(s) 38,116 b/u/a/a/i.java, line(s) 112,115 com/contrarywind/view/WheelView.java, line(s) 339 com/cyl/musicapi/dsbridge/DWebView$InnerJavascriptInterface.java, line(s) 14 com/just/agentweb/AgentWebUtils.java, line(s) 143,116,117,123,136 com/just/agentweb/AgentWebView.java, line(s) 57,83,92,235,40,223,227 com/just/agentweb/DefaultChromeClient.java, line(s) 244,249 com/just/agentweb/JsCallJava.java, line(s) 132,65,41,80 com/just/agentweb/JsCallback.java, line(s) 69 com/just/agentweb/LogUtils.java, line(s) 10,26,39,16,34 com/liaoinstan/springview/widget/SpringHelper.java, line(s) 33 com/lixiangj/gzd/FZGBReceiver.java, line(s) 23,26,32,34,37,43 com/lixiangj/ui/activitys/MT10ACT.java, line(s) 231,244 com/lixiangj/ui/activitys/MT7ACT.java, line(s) 205,226,214,228 com/lixiangj/ui/activitys/MT8ACT.java, line(s) 28 com/lixiangj/ui/activitys/MT9ACT.java, line(s) 117,123,336,340,356 com/lixiangj/ui/activitys/W0ACT.java, line(s) 1207,1247 com/wildma/pictureselector/PictureSelectActivity.java, line(s) 92,95 d/b/a/r/d.java, line(s) 17,28,45 d/d/a/c.java, line(s) 280,289,238,279,286,241 d/d/a/j/a.java, line(s) 288 d/d/a/k/d.java, line(s) 91,119,90,118 d/d/a/k/e.java, line(s) 56,72,89,55,71,88 d/d/a/l/i/b.java, line(s) 50,49 d/d/a/l/i/j.java, line(s) 74,97,73,96,100,106,113,110,114 d/d/a/l/i/l.java, line(s) 51,50 d/d/a/l/i/p/c.java, line(s) 96,95 d/d/a/l/i/p/e.java, line(s) 55,54 d/d/a/l/j/a0/e.java, line(s) 34,40,67,77,35,68,41,80 d/d/a/l/j/a0/i.java, line(s) 100,84 d/d/a/l/j/b0/a$c$a.java, line(s) 11,8 d/d/a/l/j/b0/b.java, line(s) 38,37 d/d/a/l/j/h.java, line(s) 356,177,191,355,300 d/d/a/l/j/i.java, line(s) 58,59 d/d/a/l/j/k.java, line(s) 17,60 d/d/a/l/j/y.java, line(s) 75,76 d/d/a/l/j/z/j.java, line(s) 147,187,148,188 d/d/a/l/j/z/k.java, line(s) 90,101,170,205,89,100,129,136,151,169,179,194,204,130,137,157,180,195 d/d/a/l/k/c.java, line(s) 15,14 d/d/a/l/k/d.java, line(s) 40,39 d/d/a/l/k/f.java, line(s) 90,89 d/d/a/l/k/s.java, line(s) 81,84 d/d/a/l/k/t.java, line(s) 35,34 d/d/a/l/l/a$a.java, line(s) 73,74 d/d/a/l/l/d/d.java, line(s) 15,16 d/d/a/l/l/d/k.java, line(s) 99,312,98,178,311,389,414,179,244,390 d/d/a/l/l/d/l.java, line(s) 35,41,36,42 d/d/a/l/l/d/p.java, line(s) 77,78 d/d/a/l/l/d/x.java, line(s) 106,111,123,132,139,107,112,124,133,140,141,142,146 d/d/a/l/l/d/z.java, line(s) 118,115 d/d/a/l/l/h/a.java, line(s) 30,50,55,60,31,51,56,61 d/d/a/l/l/h/d.java, line(s) 21,22 d/d/a/l/l/h/j.java, line(s) 37,40 d/d/a/m/e$a.java, line(s) 22,21 d/d/a/m/e.java, line(s) 38,54,39,55 d/d/a/m/f.java, line(s) 11,10 d/d/a/m/k.java, line(s) 150,151,162 d/d/a/m/m.java, line(s) 92,93 d/d/a/m/n.java, line(s) 135,142,136,143 d/d/a/n/e.java, line(s) 52,59,70,75,51,58,63,69,74,64 d/d/a/p/g.java, line(s) 99,20,409,433 d/d/a/p/i/i$a.java, line(s) 38,120,121,39 d/d/a/q/b.java, line(s) 19 d/d/a/r/l/a$e.java, line(s) 31,32 d/g/a/i.java, line(s) 306 d/g/a/s.java, line(s) 154,149 d/h/a/m/g/a.java, line(s) 1031,1032,1033,1034 d/i/g/a.java, line(s) 44,53 d/i/g/b.java, line(s) 45,19 d/i/g/c.java, line(s) 37,52,55,57,63,72 d/i/g/m$a.java, line(s) 36,60 d/i/g/m.java, line(s) 69,104,65,73,76,96,113,125,130,145,150 d/k/a/a/d/c.java, line(s) 137 d/k/a/c/a/a/e/c/g.java, line(s) 31 d/k/a/c/c/a0.java, line(s) 23 d/k/a/c/c/c.java, line(s) 107,153,160 d/k/a/c/c/f.java, line(s) 81,68,100,112,122,136,139,141,145 d/k/a/c/c/g.java, line(s) 35,67 d/k/a/c/c/j/l/d1.java, line(s) 23,37 d/k/a/c/c/j/l/e0.java, line(s) 120,443 d/k/a/c/c/j/l/f.java, line(s) 260,374 d/k/a/c/c/j/l/h0.java, line(s) 41 d/k/a/c/c/j/l/i0.java, line(s) 32 d/k/a/c/c/j/l/w0.java, line(s) 52 d/k/a/c/c/k/a.java, line(s) 17 d/k/a/c/c/k/c.java, line(s) 323,270,274,278,284,349 d/k/a/c/c/k/c0.java, line(s) 96,99,102,105,108,111,122,125,128,131,162,167 d/k/a/c/c/k/c1.java, line(s) 94 d/k/a/c/c/k/d1.java, line(s) 32 d/k/a/c/c/k/e1.java, line(s) 32 d/k/a/c/c/k/f0.java, line(s) 26 d/k/a/c/c/k/g1.java, line(s) 41,57 d/k/a/c/c/k/m1.java, line(s) 52,58 d/k/a/c/c/k/p1.java, line(s) 38 d/k/a/c/c/k/z0.java, line(s) 30 d/k/a/c/c/l/a.java, line(s) 43,48,35 d/k/a/c/c/m/a.java, line(s) 75,86 d/k/a/c/c/n/f.java, line(s) 18,17 d/k/a/c/c/p.java, line(s) 28 d/k/a/c/c/w.java, line(s) 42 d/k/a/c/g/b/a.java, line(s) 71,75 d/k/a/d/d0/a.java, line(s) 538 d/k/a/d/f0/d.java, line(s) 95,127 d/k/a/d/g0/b.java, line(s) 83 d/k/a/d/i0/h.java, line(s) 514 d/k/a/d/m/h.java, line(s) 51 d/n/a/a.java, line(s) 104,53,38 d/n/b/d/d/a.java, line(s) 37 d/o/a/i/b/d/c/a.java, line(s) 37 d/q/a/a/a.java, line(s) 10,17,21,23,25 d/r/a/a/e/c.java, line(s) 11,18 d/s/a/c/d/a.java, line(s) 52 d/s/a/c/d/d.java, line(s) 50 d/s/a/c/g/a.java, line(s) 97,102,107,128,111,134,144,147,82,140 d/s/a/c/g/b.java, line(s) 36 d/s/a/e/g.java, line(s) 23,31,19,37,27 d/s/b/a/a/a.java, line(s) 42,44 d/s/b/a/a/b.java, line(s) 50,52 d/s/b/a/a/c.java, line(s) 73,77 d/s/b/a/a/e.java, line(s) 86,102,105,114,125 d/s/b/c/b.java, line(s) 37,49 d/s/b/c/u.java, line(s) 48 d/u/a/b.java, line(s) 7,11 g/a.java, line(s) 11 g/b.java, line(s) 11 l/a/a/f$b.java, line(s) 7,11 m/n/d/e.java, line(s) 23 m/q/c.java, line(s) 87 n/a/a/a/a/e/a.java, line(s) 7,11,15
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/lixiangj/ui/activitys/N0ACT$b.java, line(s) 4,20
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: d/s/a/d/a/a/c.java, line(s) 354,23,23,23,23,23
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: d/n/b/d/a/a.java, line(s) 33,42,33,42 d/n/b/d/a/b.java, line(s) 32,41,32,41
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (service.weibo.com) 通信。
{'ip': '49.7.37.75', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ijljlkjzxcv-1324028813.cos.ap-guangzhou.myqcloud.com) 通信。
{'ip': '27.155.119.140', 'country_short': 'CN', 'country_long': '中国', 'region': '福建', 'city': '福州', 'latitude': '26.061390', 'longitude': '119.306107'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (nice800.com) 通信。
{'ip': '43.132.110.135', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (jzlwjfanjzxcv.s3.ap-east-1.amazonaws.com) 通信。
{'ip': '52.95.161.58', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
综合安全基线评分总结
菜鸟应急 v4.1.2
Android APK
45
综合安全评分
中风险