安全分析报告: Faran VPN v6.12

安全分数


安全分数 54/100

风险评级


等级

  1. A
  2. B
  3. C
  4. F

严重性分布 (%)


隐私风险

3

用户/设备跟踪器


调研结果

高危 0
中危 16
信息 2
安全 1
关注 1

中危 应用程序已启用明文网络流量 

[android:usesCleartextTraffic=true]
应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。

中危 应用程序数据可以被备份 

[android:allowBackup=true]
这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。

中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。 

Permission: com.google.android.c2dm.permission.SEND [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.DUMP [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.DUMP [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
s7/b.java, line(s) 60
t7/x0.java, line(s) 43

中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 

应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2

Files:
c4/d.java, line(s) 7,66
c4/i.java, line(s) 4,37
c4/j.java, line(s) 4,5,117
d2/i.java, line(s) 5,25
d3/a.java, line(s) 4,338
d4/f.java, line(s) 4,30
d4/i.java, line(s) 4,23
d4/o.java, line(s) 4,5,70
i3/c.java, line(s) 7,155
i3/d.java, line(s) 5,63
j3/f.java, line(s) 11,106
v5/a4.java, line(s) 5,6,7,8,73
v5/b7.java, line(s) 17,18,523
v5/e4.java, line(s) 4,66
v5/j.java, line(s) 5,6,7,81
w1/b.java, line(s) 4,31

中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
com/faran/app/MainActivity.java, line(s) 88
p3/b.java, line(s) 119

中危 IP地址泄露 

IP地址泄露


Files:
com/faran/lib/v2ray/services/V2rayVPNService.java, line(s) 44,45,95,43,95,46
k3/s.java, line(s) 45,81,134,188,242,44,80,133,187,241

中危 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
b3/g.java, line(s) 12
c0/l.java, line(s) 11
e/t0.java, line(s) 29
g8/d.java, line(s) 33
g9/a.java, line(s) 3
g9/b.java, line(s) 5
h9/a.java, line(s) 4
j3/n.java, line(s) 13
o4/p.java, line(s) 9
q8/c.java, line(s) 38
t6/e.java, line(s) 30
v5/i7.java, line(s) 38

中危 SHA-1是已知存在哈希冲突的弱哈希 

SHA-1是已知存在哈希冲突的弱哈希
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
b3/g.java, line(s) 73,75,78,81
k8/b.java, line(s) 69
l8/c.java, line(s) 286
r7/g.java, line(s) 105
v7/b.java, line(s) 569

中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件 

应用程序创建临时文件。敏感信息永远不应该被写进临时文件


Files:
r1/s.java, line(s) 54
r7/l.java, line(s) 129

中危 MD5是已知存在哈希冲突的弱哈希 

MD5是已知存在哈希冲突的弱哈希
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
o4/p.java, line(s) 36
s5/w.java, line(s) 621
v5/i7.java, line(s) 102

中危 应用程序包含隐私跟踪程序 

此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。

中危 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-3940256099942544~3347511713"
"com.google.firebase.crashlytics.mapping_file_id" : "c9e61ad51d9e4182a6f42057ec0e4c46"
"google_api_key" : "AIzaSyCYJ9M6N8oyEqCuK0l6m2fb_6xjB74Y5kc"
"google_crash_reporting_api_key" : "AIzaSyCYJ9M6N8oyEqCuK0l6m2fb_6xjB74Y5kc"
470fa2b4ae81cd56ecbcda9735803434cec591fa
29452F0951585224570E2640570E6A252C2F705F504446442B5D472544
0B7B0366756010325E47107A6A696E002620706B614F6A640B417B0B5C096B52585176527108564F457F2D03115579417C5B62205B42295D06766E736B2A63692F46446E6615000D737E615F4B630F65630B410566066C6507516D0466716D5F013F00636D476679650B4E7A09410C4F557E4C285B130D454677623C032B707A624F617108684D1E6E1716415D77700979105C5269611E351B694C586E6B66196B49047C0066586D63755D56250243537D17070B53426D5D62750B5E6A2D73067166686C004E4405524A725E26772D5A62726958632D706A1C7B1363724E44075B4D154945124B2F08027077647C665D077D6F3D6416624D744A10416E765F7E645D0D320F656258656B667B647A07530C73720A772F7B100A61545764151C05677E716F6A50007F7B306F166A757C670408750273656D6C157707424E77725944271C5E137E07707A7B71027811127565586A0A1116081E42467D4F2B7E1A2D7C2F4B5B5D5A006C6D057960611611000259626C7A1D1E3C731C32460B625B4C793C0D580274666F65230B17736E537C6D170C5C7402603446606858007D610872406E7106040C656D106E5A7D0263582B7D1350505E692C74617777647356031608531C64796A650B787B0B6B766E747D57044E4720796C61480D0600606C746D5D403A5E4C0242015043510F17416B336A65650C7333191A7C6F03464C6161457E4D3A6354716823764B2E7E4067552E032F6360524F174423636B7C5F06737C4C462370583F5969484E713C0C675E474F6D63014D783942700C617245076C5316424F42537C2D0C424A5A705B750F79443269217F7151431C744A306317744E3E00367678794C604C7E4F7E1D052708456950167D6B3179100F703C7C335A6C5707644A3C7F6D2918056943506D776E56096376701431342B5E18111019770D4F747C670011626C6E2A484C1649085771200C727B7516654176217F601C5A3444535B4A744E6E0A566F416A2D04775E7666414054731C7A086B2B745A6042230F4210796A6D4D0C09087E58656B431F136346091B046C407B58304D753F79561566137719001D0F69184D7A61793079056C736E10236E6D3E7D666D081E1D175048427E7E640B616D1A58066B4E6E6D086A6435036273621D370B54694F424B62221C1A08407212050845030A716C731F4748161C39664867696B742C446A3A666D437B5273305E56115A70531537226A09161218456026066D2E4776137553182E4F50285846447611156A6B46546E651E037C011B636D7D067C1216534A30635670627C17175D58764566712F6D5C3E6F0D71796C6C716A532860737351221D6E7F7E7352165F297F4110463308607C42746F4A02006F6D56360818614C755A7B7E7A4001284110435F614A3074463206116B72317326777D11781E151B5869121C2540656B0F357F11706450475D277D3B6B78411F43507F425F7E600873767C4E2C635501445676420774337304514E7A11247C7613497069504F6F357C6622571F4C1E342C397D1B6E6B637D26636C3A6B367E5263551D6F72246657471F0C2874771E746E7F54004463281E2352725C641201503E68551174702F064940567E1E153D6E681B6306666678622A416130744D616A06220F676772656A651E686A0B7B0A087A7810027A733677746945770110746D635F7A660B1D67096B1366537444147D672E036D43100E102350596D6B494813675B3A1F7A5E5E5845734A6A155950685323292A6B5D6F43485326661C0952044B606D6F7C4D7805786E697D0D726A09194649634F0E5B4A186723417E546C0E636135016F58533C7025664C541B5544657C411B7A0863655711740C542B651343540203296868671E694123426C0D1D2C176F526C17736B301F4416683E3F25054C756A5957245E4B2C0504135E7845074D152866736149221516015C0F1117771B5D013E1D087156777131524404726C63692D04724867577F456F7E7B1A1A64214B4152162A770F17035179723428265469196A5F4133406C0C627A76676F743D0D647602536E11376A706B4055184A6D12437A2C73706D4E70672E7C46737C1155512B2C77046A514E496B02787C00460F5E5C167A1C6C1733055274767C0C6A056656446D572E5E7921447245417D52086D71061F1115563C2933611A5649165D7A7A4A381D26435861640709142F531352167C1012037E6D721F1032406D3F420B7D185D65746C780445511855371300407B4A6245480E6D7605422669180A752851690845546C7D222C02614A491A4C653A515A02470A74450C6A130042015A6F4A14237771587B4C504E082B4546006E697F7B415626681321484A7A736F360C55571544006E23677F05410C455D556C766A6D287F4D5950086E135D41510718601F60012B7D767E7F7F723C53512F5A6149170F302B441D694C5B6F331C617A43360C025F720A48780E495D0B4C2F2A2F566B425F1617211A5F19470D705B6144160F4C0E7877794C1D170A1A656A795E1E224E6B331C35687F4F4C046869267C154E777C7D257C6C195204442664640D5C2813667A6C024B4972404876560B7D2A455D481B196530651C384D3A6B400870045F48700615795F7215716977474F466F077F41321C0E4045096C2F4C1175611A1D
B3EEABB8EE11C2BE770B684D95219ECB
29452F0951585224574E3140094D46373124435F52470148384E

信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
a2/e.java, line(s) 333
a2/p.java, line(s) 498
a3/b.java, line(s) 106,114,120,130,107,115,121,131
a7/h.java, line(s) 98,123,97,122
b3/c.java, line(s) 18,27
b5/b.java, line(s) 92,109,91,108,156
b5/c.java, line(s) 30,29
b5/e.java, line(s) 51,67,100,50,66,99,63,80,116
b5/f.java, line(s) 15,12,12
b5/h.java, line(s) 40,39
b5/i.java, line(s) 27,78,26,34
b5/j.java, line(s) 43,42,54,80,115,135,144,55,81,116,136,145
b5/l.java, line(s) 24,31,23,30
b5/n.java, line(s) 203,202
b6/b.java, line(s) 35
c0/f.java, line(s) 51
c1/b.java, line(s) 50,32,71
c2/g.java, line(s) 50,59,64,69,76,87,97,108,115,145,150,159,165,171,181,188
c2/o.java, line(s) 117,119,193,195,203,205,213,215
c4/d.java, line(s) 93,92
c4/j.java, line(s) 500,501
c5/e.java, line(s) 66,133,140
c5/f.java, line(s) 96,34,110,183,191,208,228
c5/i.java, line(s) 34
c5/j.java, line(s) 349,351,225,275,284,346,74
c5/l.java, line(s) 38
c5/o.java, line(s) 42
c5/s.java, line(s) 82,86,37,60
c5/v.java, line(s) 46,49,63
com/faran/app/MainActivity.java, line(s) 124,180,275,299,306,321
com/faran/lib/v2ray/services/V2rayProxyOnlyService.java, line(s) 65
com/faran/lib/v2ray/services/V2rayVPNService.java, line(s) 101,122,177
com/smalihelper/ModDialog.java, line(s) 55
d0/i.java, line(s) 81
d2/m.java, line(s) 114,247,239,244,113,227,232,246,228,233
e/a0.java, line(s) 278,394,585,396,474,483,491,581,584,85,91,97
e/g.java, line(s) 99,422,434,448,458,486
e/i0.java, line(s) 100
e/j0.java, line(s) 43,244,42,42,243,243
e/m.java, line(s) 86,90
e/n0.java, line(s) 717,1452,2104,2106,2109,1212,1221,1231,1240,1261,1296,1319,1347,812,901,904,1559,1572,1972
e/s.java, line(s) 398
e/t0.java, line(s) 175,184,266,267
e/x.java, line(s) 50
e0/q.java, line(s) 72,96,106
e5/a.java, line(s) 154,161,153
e5/f.java, line(s) 268,476
e5/r.java, line(s) 301,362
f0/f.java, line(s) 36,41
f0/g.java, line(s) 39
f0/h.java, line(s) 55
f0/i.java, line(s) 42
f0/j.java, line(s) 50,114
f5/d0.java, line(s) 110,118
f5/e.java, line(s) 318,150,156,161,170,349
f5/e0.java, line(s) 66
f5/g0.java, line(s) 38,53
f5/h.java, line(s) 75
f5/j0.java, line(s) 40,45
f5/q.java, line(s) 84,87,91,95,99,103,115,119,122,125,178,188
f5/t.java, line(s) 16
g0/d.java, line(s) 29,32,35,83,165,176
g0/k.java, line(s) 25,57
g3/a.java, line(s) 23,37,64,75,52
g3/e.java, line(s) 25
g7/b.java, line(s) 372,379,585,371,378
g7/e.java, line(s) 20
g7/g.java, line(s) 277,295,74,85,129,189
g8/d.java, line(s) 180,255,253
g8/e.java, line(s) 514,523,513,492,502,520
h3/a.java, line(s) 46
h4/n.java, line(s) 87,76,106
h6/c.java, line(s) 115,151
i/i.java, line(s) 87,143,157,165
i/j.java, line(s) 178
i3/c.java, line(s) 55,54
i5/a.java, line(s) 74,84
j/i.java, line(s) 451
j/o.java, line(s) 543
j0/l.java, line(s) 22
j3/f.java, line(s) 239,346,350,371,389,396,403,598,614,794,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,603,681,137,138,169,170,308,369,388,395,402,526,597,613,660,793,527,725,823,863
j3/n.java, line(s) 37,40
j5/c.java, line(s) 28
j5/e.java, line(s) 57,64
j8/c.java, line(s) 168,385
k/b0.java, line(s) 45,49
k/h4.java, line(s) 134,228
k/j.java, line(s) 547,670,751,762,108,710,716
k/k1.java, line(s) 20
k/l4.java, line(s) 26
k/o1.java, line(s) 92,101,211
k/o2.java, line(s) 298,63,68,75,175,281
k/p0.java, line(s) 59,64,69,74
k/q3.java, line(s) 85,262,422,182,300,314,385,400
k/u2.java, line(s) 20
k/u3.java, line(s) 33
k/v0.java, line(s) 69
k/v2.java, line(s) 24,34,47,57
k/w.java, line(s) 91
k/y.java, line(s) 211
k/y2.java, line(s) 234
k0/a.java, line(s) 379,387,391,399,721,412,720
k1/d.java, line(s) 34
k2/e.java, line(s) 128
k3/b.java, line(s) 53,66,79,112,125,138,171,184,197,230,243,256
k3/e.java, line(s) 46
k5/a.java, line(s) 1896,1910,1921,330,340,358,367,1939,1948,1871
k8/b.java, line(s) 62,73
l0/e.java, line(s) 30
l4/b.java, line(s) 94,140,251
l4/c.java, line(s) 45,61,71,81
l7/d.java, line(s) 32
l7/h.java, line(s) 71
l8/c.java, line(s) 279,301,86,96,238,260
m2/f.java, line(s) 250,249,267
m3/b.java, line(s) 103
m5/f.java, line(s) 65,71,605,634,98,108,135,173,254,600,154,68,157,187,190,251,274,319,377,413,428,436,446,541
m5/h.java, line(s) 493,513
m6/b.java, line(s) 283
n0/c.java, line(s) 83
n0/g1.java, line(s) 93
n0/h0.java, line(s) 87
n0/n1.java, line(s) 31
n0/o.java, line(s) 31,44,91,156,199,220,244
n0/o1.java, line(s) 32,44,51,60
n0/s0.java, line(s) 321,231,320
n0/s1.java, line(s) 80,99,71
n0/v0.java, line(s) 20,31
n4/i.java, line(s) 57
n6/i.java, line(s) 36
n7/a.java, line(s) 46,45,50
n7/c.java, line(s) 182,187,189,181,208,221
n9/y.java, line(s) 408,461,368,422,432,456,474
o1/e.java, line(s) 695,702
o4/j2.java, line(s) 108,179,107
o4/n.java, line(s) 256,260,265,426
o5/f.java, line(s) 42
o7/b.java, line(s) 41,42
o7/c.java, line(s) 85,80,91,97
o8/a0.java, line(s) 62,111,61,124,137,154,161
o8/c0.java, line(s) 21,20
o8/e.java, line(s) 21,24
o8/e0.java, line(s) 41,45,53,66,83,112,137,91,96,116,40,44,52,65,80,111,136
o8/g.java, line(s) 59,58
o8/j.java, line(s) 31,89,123,132,111,114,135,141,144,30,88,122
o8/o.java, line(s) 46,26,29,39,45,40
o8/t.java, line(s) 191,201,190,200
o8/u.java, line(s) 33,49
o8/v.java, line(s) 20
o8/y.java, line(s) 142,153,165,205,200,69,69
o8/z.java, line(s) 24,39,23,23,38,38
p2/f.java, line(s) 92,75,91,76
p3/b.java, line(s) 135,137,205,232,237,255,258
p4/k.java, line(s) 56
p7/c.java, line(s) 47
q1/c1.java, line(s) 174
q1/n0.java, line(s) 711
q1/y.java, line(s) 154,122
q4/f0.java, line(s) 24,32,33
q4/h0.java, line(s) 17,19,25,31
q6/d.java, line(s) 94,128
q7/b.java, line(s) 10,9
r0/u.java, line(s) 16,15
r1/i.java, line(s) 82,181
r1/k.java, line(s) 53,78
r1/n.java, line(s) 32,44
r1/o.java, line(s) 63
r1/s.java, line(s) 141,144,149
r6/d.java, line(s) 19
r7/g.java, line(s) 36,109
r7/i.java, line(s) 27
r7/j.java, line(s) 35
r7/k.java, line(s) 74,81,82,215
r7/l.java, line(s) 52,68,76,97,194,203
r7/o.java, line(s) 120,260,281,320,347,431,621,726,827,937,892,910,119,146,259,280,319,341,346,401,430,486,620,684,690,696,725,734,743,825,882,887,912,926,936,147,402,487,685,691,735,744,883,888,927,316,326,337,436,461,517,695,697,772,784,840,852,879,915
r7/q.java, line(s) 37,59,60,33
r7/r.java, line(s) 89,119,101,126,130,134,79,88,118,80,95
r7/s.java, line(s) 162
r7/t.java, line(s) 37,54,61,28,32,57,36,53,60
r7/v.java, line(s) 31,37,44,30,36,43
r7/w.java, line(s) 51,52,75
s0/d.java, line(s) 34
s5/a0.java, line(s) 316,420
s5/e.java, line(s) 67
s5/i.java, line(s) 11
s5/s0.java, line(s) 17,19
s5/w.java, line(s) 463,131,429,432,345,354,539,548,124
s7/d.java, line(s) 35,73
s7/g.java, line(s) 148,175,76,147,174,54,67,103,154,209,246,279
s7/l.java, line(s) 31,55,96
s8/l0.java, line(s) 105,163,107
s8/n.java, line(s) 68,85,98,149,165
s8/n0.java, line(s) 97,116,120,65
s8/o.java, line(s) 16,23
s8/r0.java, line(s) 55,65,54
s8/s0.java, line(s) 60,85,99,91
s8/t0.java, line(s) 66
s8/u0.java, line(s) 40,62,63,90,103,119,122,126,128,159,93,110
s8/w.java, line(s) 26
s8/z.java, line(s) 35
t/d.java, line(s) 399
t4/e.java, line(s) 401,373,227,341,372,400,240,342,1405
t6/e.java, line(s) 341,363
t6/g.java, line(s) 129
u0/e.java, line(s) 290
u8/d.java, line(s) 58,88
u8/e.java, line(s) 27
u8/f.java, line(s) 95,134,77
u8/j.java, line(s) 26
v/e.java, line(s) 863,903,960,995,1030
v5/b7.java, line(s) 419,437,418
v5/c4.java, line(s) 285
v5/k.java, line(s) 684,1296,1670,230,582,609,683,713,746,783,826,875,930,1002,1068,1169,1286,1411,1525,1652,231,190,358,382,403,445,494,508,516,524,534,544,561,588,673,677,679,940,1292
v7/a.java, line(s) 124
v7/b.java, line(s) 188,270,522,275,583,595,107,187,269,521,108,479,493,579
w1/c.java, line(s) 28
w1/d.java, line(s) 171
w7/c.java, line(s) 81,80
w9/k.java, line(s) 502,1296,501,495
x3/f.java, line(s) 38,49,69,84,89,94,99,104
x5/a.java, line(s) 120,125
x7/b.java, line(s) 45,32,57,103,130,44,68,112,69,113
y/c.java, line(s) 73,112,121
y/f.java, line(s) 51
y/g.java, line(s) 38
y/j.java, line(s) 342,411
y/n.java, line(s) 679,1367,1891,1897,1898,1899,1908,1950,1956,1957,1958,1967,2028,344,802,1490,1505,1834
y2/c.java, line(s) 295,618,631,648,667
y5/a.java, line(s) 94,113,201,274,282,109,120,218
z6/e.java, line(s) 54,55

信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 

此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
k3/k.java, line(s) 4,60,88

安全 此应用程序可能具有Root检测功能 

此应用程序可能具有Root检测功能
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1

Files:
r7/g.java, line(s) 96,96,97
z6/e.java, line(s) 43

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app-measurement.com) 通信。 

{'ip': '180.163.150.161', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}

安全评分: ( Faran VPN 6.12)