安全分析报告:
安全分数
安全分数 44/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
1
用户/设备跟踪器
调研结果
高危
4
中危
17
信息
2
安全
1
关注
0
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/pichillilorenzo/flutter_inappwebview/InAppWebViewMethodHandler.java, line(s) 1017,6 com/pichillilorenzo/flutter_inappwebview/in_app_browser/InAppBrowserActivity.java, line(s) 366,17,18 com/pichillilorenzo/flutter_inappwebview/in_app_webview/FlutterWebView.java, line(s) 158,10,11 j/a/f/j/p3.java, line(s) 324,10,11
高危 使用弱加密算法
使用弱加密算法 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: m/a/a.java, line(s) 34,59
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: f/g/a/a/h4/b1/d.java, line(s) 85 f/h/a/b/c/g.java, line(s) 51 f/k/a/a.java, line(s) 21 m/a/a.java, line(s) 34,59
中危 应用程序数据存在被泄露的风险
未设置[android:allowBackup]标志 这个标志 [android:allowBackup]应该设置为false。默认情况下它被设置为true,允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Broadcast Receiver (com.dexterous.flutterlocalnotifications.ScheduledNotificationBootReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (androidx.work.impl.background.systemalarm.RescheduleReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/dexterous/flutterlocalnotifications/FlutterLocalNotificationsPlugin.java, line(s) 111 com/dexterous/flutterlocalnotifications/models/NotificationDetails.java, line(s) 51,65 com/pichillilorenzo/flutter_inappwebview/credential_database/URLCredentialContract.java, line(s) 8,10 com/pichillilorenzo/flutter_inappwebview/types/URLCredential.java, line(s) 82 e/d/b/b.java, line(s) 11 f/b/a/m/h.java, line(s) 75 f/b/a/m/o/d.java, line(s) 35 f/b/a/m/o/p.java, line(s) 98 f/b/a/m/o/x.java, line(s) 82 f/f/a/d/g/f.java, line(s) 41 f/g/a/a/f4/n/b.java, line(s) 72
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/pichillilorenzo/flutter_inappwebview/credential_database/CredentialDatabaseHelper.java, line(s) 4,5,18 e/t/a/g/a.java, line(s) 5,6,7,8,73 f/g/a/a/l4/u0/h.java, line(s) 6,24 f/g/a/a/l4/u0/n.java, line(s) 7,8,81 f/g/a/a/z3/d.java, line(s) 6,7,29 f/g/a/a/z3/e.java, line(s) 6,57 f/o/a/c.java, line(s) 7,8,761
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: e/f/k/a.java, line(s) 127 e/f/k/b.java, line(s) 198 f/e/b/a.java, line(s) 59 f/f/a/d/h/e.java, line(s) 302,451 j/a/f/e/a.java, line(s) 102,111 j/a/f/f/b.java, line(s) 71 q/a/a/a/a/a.java, line(s) 89
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: e/j/a/a.java, line(s) 1802 e/p/b.java, line(s) 132 e/r/n.java, line(s) 42 f/e/a/b.java, line(s) 87,153 f/l/a/k.java, line(s) 253 j/a/f/c/e.java, line(s) 314
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: f/g/a/a/h4/a1/d.java, line(s) 14 f/g/a/a/h4/s0.java, line(s) 4 f/g/a/a/l4/u0/u.java, line(s) 13 k/t/a.java, line(s) 3 k/t/b.java, line(s) 3 k/t/d/a.java, line(s) 3
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: f/h/a/b/c/e.java, line(s) 16
中危 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "library_zxingandroidembedded_authorWebsite" : "https://journeyapps.com/" "library_zxingandroidembedded_author" : "JourneyApps" edef8ba9-79d6-4ace-a3c8-27dcd51d21ed 16a09e667f3bcc908b2fb1366ea957d3e3adec17512775099da2f590b0667322a 9a04f079-9840-4286-ab92-e65be0885f95 VGhpcyBpcyB0aGUgcHJlZml4IGZvciBCaWdJbnRlZ2Vy
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/jhomlala/better_player/CacheWorker.java, line(s) 42,55,114,119 com/jhomlala/better_player/ImageWorker.java, line(s) 106,118,142 com/pichillilorenzo/flutter_inappwebview/JavaScriptBridgeInterface.java, line(s) 79 com/pichillilorenzo/flutter_inappwebview/ServiceWorkerManager.java, line(s) 61 com/pichillilorenzo/flutter_inappwebview/Util.java, line(s) 243,227 com/pichillilorenzo/flutter_inappwebview/chrome_custom_tabs/CustomTabsHelper.java, line(s) 76 com/pichillilorenzo/flutter_inappwebview/content_blocker/ContentBlockerHandler.java, line(s) 198,279 com/pichillilorenzo/flutter_inappwebview/in_app_browser/InAppBrowserActivity.java, line(s) 273,362 com/pichillilorenzo/flutter_inappwebview/in_app_browser/InAppBrowserManager.java, line(s) 156 com/pichillilorenzo/flutter_inappwebview/in_app_webview/DisplayListenerProxy.java, line(s) 40 com/pichillilorenzo/flutter_inappwebview/in_app_webview/FlutterWebView.java, line(s) 76,147 com/pichillilorenzo/flutter_inappwebview/in_app_webview/InAppWebView.java, line(s) 1075 com/pichillilorenzo/flutter_inappwebview/in_app_webview/InAppWebViewChromeClient.java, line(s) 1077,1128,218,589,632,686,741,801,862,930,993 com/pichillilorenzo/flutter_inappwebview/in_app_webview/InAppWebViewClient.java, line(s) 132,220,295,381,436,517,553,611 com/pichillilorenzo/flutter_inappwebview/in_app_webview/InAppWebViewRenderProcessClient.java, line(s) 36,68 com/pichillilorenzo/flutter_inappwebview/in_app_webview/InputAwareWebView.java, line(s) 42,50,58,83,130 com/yalantis/ucrop/UCropActivity.java, line(s) 498 e/b/k/g.java, line(s) 2190,1135,1141,1767,2153,2437 e/b/k/i.java, line(s) 95 e/b/k/k.java, line(s) 46,56,71,81,98,110,122,131,144,158,170 e/b/k/n.java, line(s) 56,71 e/b/o/g.java, line(s) 152,199,261 e/b/o/j/i.java, line(s) 401 e/b/o/j/j.java, line(s) 274 e/b/p/b0.java, line(s) 114,143,148,153,871 e/b/p/c1.java, line(s) 392,397 e/b/p/e1.java, line(s) 108 e/b/p/f0.java, line(s) 102,116,130,139,282,466 e/b/p/f1.java, line(s) 83 e/b/p/h1.java, line(s) 23,34,52,54,56 e/b/p/o0.java, line(s) 346,464,183,188,195,257,552 e/b/p/q0.java, line(s) 116,148 e/b/p/r0.java, line(s) 182,45,57,95,124,382 e/b/p/v0.java, line(s) 94,132,358,114,167,227,241,294,297,364,367,419 e/b/p/w0.java, line(s) 29 e/b/p/y.java, line(s) 47 e/c0/e.java, line(s) 141,153,158,163,170,182,189,198,208,247,252,261,267,273,283,290 e/c0/l.java, line(s) 21,23,32,34,43,45,54,56,65,67 e/f/j/c.java, line(s) 83,236 e/f/j/f.java, line(s) 26,35,49,58 e/f/j/h.java, line(s) 30 e/f/j/l.java, line(s) 64,78,82 e/f/j/m.java, line(s) 169,182,188,243,270,280,291,299,168,181,187,242,269,279,290,298,122,191,237,261 e/f/j/q.java, line(s) 60 e/f/k/e/c.java, line(s) 57 e/f/k/e/d.java, line(s) 64 e/f/k/e/h.java, line(s) 293,311,317,128,137,247 e/f/l/d.java, line(s) 566,571 e/f/l/f.java, line(s) 68 e/f/l/g.java, line(s) 39,71 e/f/l/h.java, line(s) 56,222 e/f/l/k.java, line(s) 82,85 e/f/l/l.java, line(s) 97 e/f/l/m/a.java, line(s) 62,71,129,139 e/f/l/m/e.java, line(s) 40,63 e/f/p/d.java, line(s) 27,31,35 e/f/p/e.java, line(s) 23 e/f/r/b.java, line(s) 36,48,50,62,64,78,81 e/f/t/a0.java, line(s) 20,31 e/f/t/c0.java, line(s) 14,29,50,77,98,119,140 e/f/t/d.java, line(s) 56 e/f/t/h0.java, line(s) 735,909,538,550,557,566,40,62,900 e/f/t/i.java, line(s) 19,28 e/f/t/j0/c.java, line(s) 122 e/f/t/k0/b.java, line(s) 74 e/f/t/l.java, line(s) 14 e/f/t/z.java, line(s) 1157,1084,1156 e/f/u/c.java, line(s) 24,33 e/f/u/d.java, line(s) 25,34 e/f/u/i.java, line(s) 55,64 e/f/u/k.java, line(s) 52,51 e/i/a/f.java, line(s) 89 e/j/a/a.java, line(s) 283,1069,1205,1369,1489,1492,1501,1507,1535,1556,1570,1586,1619,1636,1643,1646,1688,1695,1706,1723,1728,1735,1979,2064,2111,2290,2342,2389,2485,2505,2511,2617,2732,2824,2908,2925,2943,2950,3140,3192,3212,3225,3273,3330,3338,3366,3405,3429,3498,3537,3542,3548,715,723,757,769,781,793,805,817,829,841,853,860,871,883,90,866,1422,2281,2300,2308,2574,2583,2640,2647,3057,3133,3513,3565,3568,3675 e/j/a/b.java, line(s) 51,55 e/k/d/a.java, line(s) 30,61,70,80 e/k/d/a0.java, line(s) 16 e/k/d/b.java, line(s) 107 e/k/d/b0.java, line(s) 114,191,200,207,216,253,298,309,317,367,374,381,388,412,479,497 e/k/d/c.java, line(s) 495,522,527,894 e/k/d/k.java, line(s) 87,97 e/k/d/m.java, line(s) 683,860,914,389,291,455,636,648,885,1273,1383,1392,1402,1424,1650,1661,1706,1850,1859,1885,2170,2178,112,119,141,148,259,266 e/k/d/p.java, line(s) 47,81,66,74,134,140 e/k/d/t.java, line(s) 78,95,193,215,300,344,363,378,388,513,544,583,686,694,186,281,432,598,728 e/k/d/u.java, line(s) 219,229,270,288,306 e/n/a/b.java, line(s) 37,46,71 e/o/j/a.java, line(s) 24 e/p/a.java, line(s) 321,361,414,416,193,200,202,211,343,345,353,357,403,106,137,196,204,208,224,233,243,306,324 e/p/b.java, line(s) 55,66,68,133,147,171,181,185,187,192,199,241,263,297,299,126,177,251,267,283,293,301 e/r/f.java, line(s) 79,405,412,550 e/r/g.java, line(s) 99,137 e/r/i.java, line(s) 226 e/r/n.java, line(s) 114,117,122 e/t/a/c.java, line(s) 36,39,51,29,43 e/v/b/c.java, line(s) 503,663,677,697 e/w/a.java, line(s) 34 e/x/i0.java, line(s) 35,84 e/x/y.java, line(s) 33,42,44,81,94 e/y/a/a/i.java, line(s) 255,258 f/a/a/j.java, line(s) 17 f/a/a/n.java, line(s) 45,70,74,136,193,199,204 f/a/a/o.java, line(s) 235,239,244 f/a/a/p.java, line(s) 44 f/b/a/b.java, line(s) 275,284,233,274,281,236 f/b/a/k/a.java, line(s) 294 f/b/a/l/d.java, line(s) 96,123,95,122 f/b/a/l/e.java, line(s) 63,84,102,62,83,101 f/b/a/m/n/b.java, line(s) 51,50 f/b/a/m/n/j.java, line(s) 75,101,74,100,104,110,117,114,118 f/b/a/m/n/l.java, line(s) 52,51 f/b/a/m/n/p/c.java, line(s) 99,98 f/b/a/m/n/p/e.java, line(s) 55,88,54,87 f/b/a/m/o/a0/j.java, line(s) 158,197,159,198 f/b/a/m/o/a0/k.java, line(s) 105,117,190,225,104,116,143,150,171,189,199,214,224,144,151,177,200,215 f/b/a/m/o/b0/e.java, line(s) 34,40,69,79,93,35,70,41,82,94 f/b/a/m/o/b0/i.java, line(s) 121,105 f/b/a/m/o/c0/a.java, line(s) 114,111 f/b/a/m/o/c0/b.java, line(s) 38,37 f/b/a/m/o/h.java, line(s) 507,321,335,506,451 f/b/a/m/o/i.java, line(s) 54,55 f/b/a/m/o/k.java, line(s) 14,147 f/b/a/m/o/q.java, line(s) 97 f/b/a/m/o/z.java, line(s) 80,81 f/b/a/m/p/c.java, line(s) 16,15 f/b/a/m/p/d.java, line(s) 43,42 f/b/a/m/p/f.java, line(s) 96,95 f/b/a/m/p/s.java, line(s) 85,88 f/b/a/m/p/t.java, line(s) 36,35 f/b/a/m/q/a.java, line(s) 75,76 f/b/a/m/q/d/c.java, line(s) 53,52,69,70 f/b/a/m/q/d/d.java, line(s) 14,15 f/b/a/m/q/d/h.java, line(s) 175,193,197,202,211,214,219,251,258,345,355,367,376,384,174,192,196,201,210,213,218,250,257,344,354,366,375,383 f/b/a/m/q/d/j.java, line(s) 198,219,365,187,197,218,364,456,480,188,299,457 f/b/a/m/q/d/k.java, line(s) 40,46,41,47 f/b/a/m/q/d/n.java, line(s) 121,122 f/b/a/m/q/d/x.java, line(s) 160,157 f/b/a/m/q/h/a.java, line(s) 59,84,89,94,60,85,90,95 f/b/a/m/q/h/d.java, line(s) 21,22 f/b/a/m/q/h/j.java, line(s) 38,41 f/b/a/n/e.java, line(s) 33,32,54,70,55,71 f/b/a/n/f.java, line(s) 12,11 f/b/a/n/k.java, line(s) 144,145 f/b/a/n/l.java, line(s) 154,155,163 f/b/a/n/n.java, line(s) 89,90 f/b/a/n/o.java, line(s) 130,137,131,138 f/b/a/o/e.java, line(s) 52,59,70,75,51,58,63,69,74,64 f/b/a/q/j.java, line(s) 107,14,491,515 f/b/a/s/l/a.java, line(s) 59,60 f/c/a/b.java, line(s) 98 f/c/a/g.java, line(s) 133,136 f/e/a/b.java, line(s) 42 f/e/b/a.java, line(s) 154,171 f/f/a/d/c.java, line(s) 210 f/f/a/d/h/b.java, line(s) 782,787,821,825,830,837 f/f/a/d/h/e.java, line(s) 736,741,748 f/f/a/g/d.java, line(s) 19,30,41,52 f/g/a/a/m4/v.java, line(s) 28,34,57,77 f/g/d/s/a/f.java, line(s) 33,73 f/g/d/s/a/h.java, line(s) 40,34 f/g/d/s/a/p/a/a.java, line(s) 12 f/h/a/a.java, line(s) 18 f/h/a/b/c/d.java, line(s) 44,48,32 f/h/a/b/c/g.java, line(s) 37,59,76 f/h/a/c/c/b.java, line(s) 45,49,57,65,114,136,141,71,85 f/h/c/a/a/a/e/c.java, line(s) 7,18,14 f/j/a/g.java, line(s) 131,154,422,984,1008,1057 f/j/a/h.java, line(s) 22 f/j/a/i.java, line(s) 479,534 f/l/a/j.java, line(s) 571,621,96,259,361,436 f/l/a/k.java, line(s) 105,176,259 f/l/a/o.java, line(s) 94 f/l/a/y/e.java, line(s) 80,103,121 f/l/a/y/f.java, line(s) 27,28,32,37,43,62,65,70,79,98,104,107,130,140,142,146,151,163,165,169,182,185,194,197,202 f/l/a/y/g.java, line(s) 43,59,78,95,122,47,66,83,99 f/l/a/y/h.java, line(s) 60,78,310,123,222,252,218,224,266,274 f/l/a/y/l.java, line(s) 27 f/l/a/y/n.java, line(s) 27 f/l/a/y/q.java, line(s) 37,38 f/o/a/c.java, line(s) 284,332,446,459,541,603,619,667,673,684,706,710,752,769,838,880,889,1060,1137,1147,336,863,884,1164 f/o/a/d.java, line(s) 57,68 f/p/a/l/a.java, line(s) 169,103 f/p/a/l/b.java, line(s) 55,159,227,118,121,234,241,247 f/p/a/m/a.java, line(s) 49,98,108 f/p/a/m/c.java, line(s) 73 f/p/a/m/f.java, line(s) 124,141,157,161,166,175,178,183,194,201,235,245,257,266,274,140,156,160,165,174,177,182,193,200,234,244,256,265,273 f/p/a/n/b.java, line(s) 139,59,225 f/q/a/b.java, line(s) 37,118,139 i/a/a/a/a.java, line(s) 67,70 j/a/b.java, line(s) 10,14,24,28,32 j/a/f/a/a.java, line(s) 17,20 j/a/f/c/b.java, line(s) 24 j/a/f/c/g.java, line(s) 36 j/a/f/e/a.java, line(s) 127 j/a/f/h/a.java, line(s) 59,48 j/a/f/h/b.java, line(s) 33,36 j/a/f/h/c.java, line(s) 13,31,46 j/a/f/j/b3.java, line(s) 27,59,80,110,102 j/a/f/j/j2.java, line(s) 76
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: j/a/e/b/b.java, line(s) 4,95,105 j/a/e/e/e.java, line(s) 7,273
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: f/h/c/a/a/a/c.java, line(s) 35,34,31 n/k0/e.java, line(s) 95,94,93,93