安全分析报告:
安全分数
安全分数 46/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
16
用户/设备跟踪器
调研结果
高危
7
中危
52
信息
3
安全
2
关注
13
高危 使用弱加密算法
使用弱加密算法 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/base/http/k/a.java, line(s) 23,33 com/cpcphone/abtestcenter/b/a.java, line(s) 23 com/cs/bd/commerce/util/encrypt/DesUtil.java, line(s) 21,37 com/cs/bd/commerce/util/io/StringUtils.java, line(s) 51 com/gomo/commons/security/c.java, line(s) 32 com/gomo/http/DesUtil.java, line(s) 39,49,67,77 com/jiubang/commerce/hotwordlib/http/serect/DESUtils.java, line(s) 84,101 com/jiubang/commerce/hotwordlib/util/StringUtil.java, line(s) 12 e/c/a/b.java, line(s) 15
高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
com/cs/bd/commerce/util/encrypt/AESCrypt.java, line(s) 65,72
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/aerserv/sdk/view/component/ASWebView.java, line(s) 149,10 com/safedk/android/internal/partials/AdColonyNetworkBridge.java, line(s) 84,3 com/safedk/android/internal/partials/AdMobNetworkBridge.java, line(s) 84,3 com/safedk/android/internal/partials/AerServNetworkBridge.java, line(s) 84,3 com/safedk/android/internal/partials/AppLovinNetworkBridge.java, line(s) 84,3 com/safedk/android/internal/partials/FacebookAudienceNetworkNetworkBridge.java, line(s) 84,3 com/safedk/android/internal/partials/GooglePlayServicesNetworkBridge.java, line(s) 84,3 com/safedk/android/internal/partials/MoPubNetworkBridge.java, line(s) 84,3
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/base/http/dns/c.java, line(s) 10,11,12,13,14,15,3 com/gomo/http/dns/TlsSniSocketFactory.java, line(s) 10,11,12,13,14,15,3 com/mopub/network/CustomSSLSocketFactory.java, line(s) 11,12,13,14,3
高危 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/adcolony/sdk/az.java, line(s) 352,15,16 com/applovin/impl/adview/d.java, line(s) 148,12,13 com/safedk/android/internal/SafeDKWebAppInterface.java, line(s) 128,6
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/nineoldandroids/BuildConfig.java, line(s) 3,4
高危 应用程序包含隐私跟踪程序
此应用程序有多个16隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Broadcast Receiver (com.appsflyer.MultipleInstallBroadcastReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.jb.gokeyboard.google.analytic.ReferrerInfoReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.jb.gokeyboard.GoKeyboard) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_INPUT_METHOD [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Activity (com.jb.gokeyboard.cropImage.CropImageActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Broadcast Receiver (com.jb.gokeyboard.BootupReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Activity (com.jb.gokeyboard.gostore.LocalAppDetailActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Content Provider (com.jb.gokeyboard.provider.ProviderForAttachEmoji) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Content Provider (com.jb.gokeyboard.gostore.GoKeyboardProviderEmoji) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.jb.gokeyboard.statistics.AlarmStatisticReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Activity (com.jb.gokeyboard.crashreport.CrashReportDialog) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.jb.gokeyboard.gostore.NotificationGuideToStoreReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Activity (com.jb.gokeyboard.messagecenter.MessageContentActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.jb.gokeyboard.messagecenter.MsgNotifyActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.jb.gokeyboard.preferences.KeyboardSettingMainActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.jb.gokeyboard.preferences.KeyboardSettingKeyEffectActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.jb.gokeyboard.preferences.KeyboardSettingPadSetActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.jb.gokeyboard.preferences.KeyboardSettingLanguageActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.jb.gokeyboard.preferences.KeyboardSettingEmojiStyleActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Service (com.jb.gokeyboard.theme.pay.ThemeConmunicationService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.jb.gokeyboard.theme.pay.InAppBillingActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.jb.gokeyboard.theme.pay.InAppBillingActivityForTheme) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.jb.gokeyboard.theme.pay.ApplyActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.jb.gokeyboard.theme.pay.ApplyActivityForMain) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.jb.gokeyboard.theme.pay.ApplyActivityForTheme) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Broadcast Receiver (com.jb.gokeyboard.theme.pay.PaySuccessReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.jb.gokeyboard.gosearch.NavigationAlarmReceiverBroadCast) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.jb.gokeyboard.engine.latin.DictionaryDecayBroadcastReciever) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.jb.gokeyboard.widget.GoSearchWidgetProvider) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.jb.gokeyboard.widget.GoSearchWidgetProvider4x3) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Content Provider (com.jb.gokeyboard.provider.ProviderForOpenInterface) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.jb.gokeyboard.wallpaper.LiveWallpaperService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_WALLPAPER [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Activity (com.jb.gokeyboard.facebook.messenger.FacebookMessengerProxyActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity设置了TaskAffinity属性
(com.jb.gokeyboard.shop.subscribe.SubscribeDialogActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity设置了TaskAffinity属性
(com.jb.permission.RequestRecordAudiotivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (com.jb.gokeyboard.shop.subscribe.christmas.ChristmasSubGuideActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Broadcast Receiver (f.i.i.y.adyrbukebiqyiaztkjwxux) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity设置了TaskAffinity属性
(com.cs.bd.commerce.util.bgs.HoldTaskActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/aerserv/sdk/AerServSettings.java, line(s) 34,36,43,40,52,39,54 com/aerserv/sdk/adapter/YahooInterstitialAdapter.java, line(s) 22,23,25 com/aerserv/sdk/controller/AdManager.java, line(s) 65 com/aerserv/sdk/controller/listener/MraidJavascriptInterfaceListener.java, line(s) 15 com/aerserv/sdk/model/ad/ProviderAd.java, line(s) 7 com/aerserv/sdk/utils/UrlBuilder.java, line(s) 43,45,47,46,52,53,57,59,60,44,61,62,64,66,67 com/aerserv/sdk/view/component/ASMraidWebView.java, line(s) 30 com/aerserv/sdk/view/component/MraidJavascriptInterface.java, line(s) 18,19 com/aerserv/sdk/view/component/VpaidWebView.java, line(s) 47,75,50,51,52,54,77,56,49,79,60,62,81,63,66,68,71,82,73 com/amazonaws/services/s3/model/S3ObjectSummary.java, line(s) 34 com/applovin/impl/sdk/n.java, line(s) 634 com/applovin/mediation/AppLovinUtils.java, line(s) 25 com/applovin/mediation/ads/MaxAdView.java, line(s) 248,238 com/applovin/mediation/ads/MaxInterstitialAd.java, line(s) 81,71 com/applovin/mediation/ads/MaxRewardedAd.java, line(s) 107,97 com/applovin/mediation/ads/MaxRewardedInterstitialAd.java, line(s) 77,67 com/applovin/mediation/nativeAds/MaxNativeAdLoader.java, line(s) 76,71 com/applovin/sdk/AppLovinSdk.java, line(s) 228 com/applovin/sdk/AppLovinWebViewActivity.java, line(s) 26 com/cs/bd/commerce/util/DevHelper.java, line(s) 20 com/cs/bd/commerce/util/http/HttpPostHandlerForNet.java, line(s) 20 com/cs/bd/commerce/util/io/DataBaseHelper.java, line(s) 24 com/cs/bd/commerce/util/io/mp/MPSPImpl.java, line(s) 42 com/cs/bd/commerce/util/retrofit/Interceptor/LogInterceptor.java, line(s) 14 com/cs/bd/commerce/util/retrofit/Interceptor/RepeatRequestCtrl.java, line(s) 9 com/cs/bd/commerce/util/retrofit/Interceptor/RetryAfterNetOkCtrl.java, line(s) 13 com/jb/gokeyboard/crashreport/CrashReport.java, line(s) 44 com/jb/gokeyboard/goplugin/data/c.java, line(s) 277 com/jb/gokeyboard/ui/facekeyboard/p.java, line(s) 37 com/jiubang/bussinesscenter/plugin/navigationpage/NPConstants.java, line(s) 4 com/jiubang/bussinesscenter/plugin/navigationpage/database/DataBaseHelper.java, line(s) 25 com/jiubang/bussinesscenter/plugin/navigationpage/view/noiconlistview/IconItemAdapter.java, line(s) 103 com/jiubang/commerce/hotwordlib/pojo/ProductInfo.java, line(s) 17 com/jiubang/commerce/hotwordlib/presearch/statistics/HotwordLibStatistic.java, line(s) 11 com/mopub/common/AdUrlGenerator.java, line(s) 17,19,18,22,20,21,23,29,26,27,28,30,31,24,33,25,34,36,37,32,35 com/mopub/common/AdapterConfigurationManager.java, line(s) 24 com/mopub/common/BaseUrlGenerator.java, line(s) 19,34,20,21,22,35,27,30,15,31,32,36,33,37,38 com/mopub/common/Constants.java, line(s) 77,78 com/mopub/common/DataKeys.java, line(s) 4,13,14,6,9,20,15,42,16,8,23,29,26,32,35,41,43,44 com/mopub/common/GpsHelper.java, line(s) 14 com/mopub/common/MoPubAdvancedBidderData.java, line(s) 9 com/mopub/common/MoPubBrowser.java, line(s) 27 com/mopub/common/ViewabilityVendor.java, line(s) 20 com/mopub/common/privacy/ConsentDialogRequest.java, line(s) 17 com/mopub/common/privacy/ConsentDialogUrlGenerator.java, line(s) 12 com/mopub/common/privacy/PersonalInfoData.java, line(s) 34,15,16,20,22,21,17,18,19,23,24,25,26,27,28,29,30,31,32,33,35,36,39,42 com/mopub/common/privacy/SyncUrlGenerator.java, line(s) 13,14,15,16,18,19 com/mopub/mobileads/ConversionUrlGenerator.java, line(s) 12,13,14 com/mopub/mobileads/dfp/adapters/MoPubAdapter.java, line(s) 41 com/mopub/nativeads/PositioningRequest.java, line(s) 24,25,27,28,29 com/safedk/android/analytics/brandsafety/BannerFinder.java, line(s) 97,112,118,123,127,131 com/safedk/android/analytics/brandsafety/creatives/discoveries/c.java, line(s) 441 com/safedk/android/analytics/brandsafety/g.java, line(s) 206 com/safedk/android/internal/d.java, line(s) 368 com/safedk/android/utils/PersistentConcurrentHashMap.java, line(s) 200,219
中危 IP地址泄露
IP地址泄露 Files: com/applovin/mediation/AppLovinUtils.java, line(s) 119 com/applovin/mediation/BuildConfig.java, line(s) 4 com/applovin/mediation/adapters/GoogleMediationAdapter.java, line(s) 687 com/mopub/mobileads/dfp/adapters/BuildConfig.java, line(s) 9 e/b/b/i/c.java, line(s) 69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/adcolony/sdk/ax.java, line(s) 418 com/adcolony/sdk/bd.java, line(s) 30 com/applovin/impl/sdk/utils/StringUtils.java, line(s) 33 com/applovin/impl/sdk/utils/m.java, line(s) 148 com/appsflyer/internal/af.java, line(s) 35 com/cs/bd/commerce/util/encrypt/AESCrypt.java, line(s) 32 com/mopub/common/util/Utils.java, line(s) 60
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/adcolony/sdk/ar.java, line(s) 312,318,319 com/aerserv/sdk/dao/VideoFileCache.java, line(s) 84 com/aerserv/sdk/utils/VideoFileName.java, line(s) 14 com/base/http/h/d.java, line(s) 86,223 com/cs/bd/commerce/util/DevHelper.java, line(s) 28 com/cs/bd/commerce/util/LogUtils.java, line(s) 55 com/cs/bd/commerce/util/Machine.java, line(s) 188,348,571 com/cs/bd/commerce/util/io/FileUtil.java, line(s) 203 com/cs/bd/utils/f.java, line(s) 199 com/cs/bd/utils/p.java, line(s) 7 com/gomo/http/report/ReportUtil.java, line(s) 94,116 com/jb/gokeyboard/a0/b/n.java, line(s) 15 com/jb/gokeyboard/avataremoji/data/c.java, line(s) 23 com/jb/gokeyboard/common/util/q.java, line(s) 27,27,45 com/jb/gokeyboard/engine/latin/utils/FileProvider.java, line(s) 138,205 com/jb/gokeyboard/ramclear/boost/d.java, line(s) 85 com/jb/gokeyboard/shop/l/b.java, line(s) 58 com/jiubang/bussinesscenter/plugin/navigationpage/common/utils/SDCardUtils.java, line(s) 7 com/jiubang/bussinesscenter/plugin/navigationpage/common/utils/StoragePathUtils.java, line(s) 9 com/jiubang/bussinesscenter/plugin/navigationpage/common/utils/log/FileLogUtils.java, line(s) 40 com/jiubang/bussinesscenter/plugin/navigationpage/networkimageview/RequestManager.java, line(s) 18 com/jiubang/bussinesscenter/plugin/navigationpage/util/io/FileUtil.java, line(s) 172 com/jiubang/bussinesscenter/plugin/navigationpage/util/machine/Machine.java, line(s) 125,279,455 com/jiubang/commerce/hotwordlib/util/FileUtils.java, line(s) 211 com/jiubang/commerce/hotwordlib/util/GoHttpHeadUtil.java, line(s) 111 com/jiubang/commerce/hotwordlib/util/Machine.java, line(s) 129,228,397 com/mopub/mraid/MraidNativeCommandHandler.java, line(s) 83 com/safedk/android/utils/b.java, line(s) 147 e/b/a/b/b.java, line(s) 25,31 e/b/a/b/i/d/c.java, line(s) 69 e/b/b/d.java, line(s) 19 e/b/b/m/c.java, line(s) 185,186 e/b/b/m/e.java, line(s) 32 me/panpf/sketch/b.java, line(s) 26 me/panpf/sketch/util/f.java, line(s) 121,225,226
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/amazonaws/retry/PredefinedRetryPolicies.java, line(s) 9 com/applovin/impl/a/l.java, line(s) 19 com/base/http/dns/a.java, line(s) 14 com/cs/bd/commerce/util/encrypt/XORCrypt.java, line(s) 3 com/cs/bd/commerce/util/io/FileUtil.java, line(s) 19 com/gomo/http/dns/DNSUtils.java, line(s) 18 com/jb/gokeyboard/ad/o/k/e.java, line(s) 16 com/jb/gokeyboard/facebook/ads/o.java, line(s) 13 com/jb/gokeyboard/goplugin/data/c.java, line(s) 28 com/jb/gokeyboard/goplugin/data/p.java, line(s) 3 com/jb/gokeyboard/goplugin/view/StickerRecommendContainer.java, line(s) 20 com/jb/gokeyboard/gosearch/view/HotwordView.java, line(s) 18 com/jb/gokeyboard/messagecenter/c.java, line(s) 14 com/jb/gokeyboard/messagecenter/d.java, line(s) 14 com/jb/gokeyboard/ramclear/anim/c.java, line(s) 9 com/jb/gokeyboard/ramclear/anim/m.java, line(s) 10 com/jb/gokeyboard/ramclear/anim/p.java, line(s) 3 com/jb/gokeyboard/shop/l/h.java, line(s) 25 com/jb/gokeyboard/test/latin/gesture/SampleActivity.java, line(s) 32 com/jiubang/bussinesscenter/plugin/navigationpage/util/io/FileUtil.java, line(s) 16 com/jiubang/commerce/hotwordlib/presearch/PreSearchDataManager.java, line(s) 24 com/jiubang/commerce/hotwordlib/presearch/PreSearchUtil.java, line(s) 8 com/jiubang/commerce/hotwordlib/presearch/PreSearchWebViewData.java, line(s) 4 com/jiubang/commerce/hotwordlib/util/GoHttpHeadUtil.java, line(s) 14 com/safedk/android/analytics/brandsafety/BrandSafetyUtils.java, line(s) 42 e/b/a/e/h/g/b.java, line(s) 3 e/b/b/d.java, line(s) 12 e/b/b/g.java, line(s) 40 e/b/b/i/c.java, line(s) 7 e/b/b/l/a.java, line(s) 13
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/aerserv/sdk/adapter/AbstractCustomProvider.java, line(s) 160 com/aerserv/sdk/adapter/AdMobInterstitialAdapter.java, line(s) 191 com/aerserv/sdk/adapter/asadmob/ASAdMobConfig.java, line(s) 58 com/amazonaws/services/s3/AmazonS3Client.java, line(s) 354 com/amazonaws/services/s3/internal/MD5DigestCalculatingInputStream.java, line(s) 28 com/amazonaws/util/Md5Utils.java, line(s) 18,50 com/appsflyer/internal/af.java, line(s) 50 com/cs/bd/commerce/util/encrypt/CryptTool.java, line(s) 49 com/cs/bd/commerce/util/encrypt/MD5.java, line(s) 239 com/jb/gokeyboard/common/util/MD5.java, line(s) 20 com/jb/gokeyboard/gif/datamanager/f.java, line(s) 212 com/safedk/android/analytics/a.java, line(s) 62 com/safedk/android/analytics/brandsafety/BrandSafetyUtils.java, line(s) 339 me/panpf/sketch/util/e.java, line(s) 20
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/amazonaws/mobileconnectors/s3/transferutility/TransferTable.java, line(s) 3,7,12,16,20,40,41,42,43,44 com/cs/bd/buychannel/buyChannel/c/a.java, line(s) 3,13 com/cs/bd/commerce/util/io/DataBaseHelper.java, line(s) 7,8,9,10,65,66,150,151,235,237 com/jb/gokeyboard/provider/GoKeyboardDataProviderEmoji.java, line(s) 8,9,10,134 com/jb/gokeyboard/provider/a.java, line(s) 5,6,496,497,203,204,205,206,207,208,280,281,304,323,353,354,393,394,441,467,487,492 com/jb/gokeyboard/provider/c.java, line(s) 6,7,8,53 com/jiubang/bussinesscenter/plugin/navigationpage/database/DataBaseHelper.java, line(s) 7,8,9,105,106,136,152,184,186 e/b/a/d/a/a.java, line(s) 6,7,8,32,36 e/b/a/e/i/a/a.java, line(s) 6,7,8,30,32,34,36,38,40,42 e/b/a/e/i/b/c.java, line(s) 6,31 e/b/b/j/a.java, line(s) 7,8,9,312,313,125,126,127,128,228,229,281,299,364,369
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/adcolony/sdk/az.java, line(s) 484,378 com/aerserv/sdk/view/component/VideoWithEndCardView.java, line(s) 141,136 com/aerserv/sdk/view/component/VpaidWebView.java, line(s) 156,172,131 com/gokeyboard/appcenter/web/component/WebViewContainer.java, line(s) 257,60 com/jb/gokeyboard/messagecenter/MessageCenterWebView.java, line(s) 175,161 com/jiubang/commerce/hotwordlib/presearch/PreSearchWebView.java, line(s) 192,191
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/adcolony/sdk/az.java, line(s) 386,378
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/jb/gokeyboard/a0/b/m.java, line(s) 293 com/jb/gokeyboard/gostore/j/c.java, line(s) 58
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "APPKEY" : "@string/wecloud_app_key" AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-3770487070118354~3626364172" AppLovin广告SDK的=> "applovin.sdk.key" : "qD_ETVvkH-t5fGbcApv4KRy7REkKxaLmoL_Gru-7ssCV7o7Ha1MvSJ1uXlDTJZE6vDMk5KrxB1RIpTZOZxI1EJ" "KEY_DEAFAULT_Typeface" : "Default:3" "KEY_DEFAULT_26KeyStyle" : "10" "KEY_DEFAULT_KeySoundType" : "Default,com.jb.gokeyboard" "KEY_DEFAULT_LaughtSuggestion" : ":-)" "KEY_DEFAULT_SelectLang" : "English" "KEY_DEFAULT_Theme" : "com.jb.emoji.gokeyboard:default" "KEY_DEFAULT_keystyle" : "QWERTY" "L2_KeyboardSetting_Main" : "Key" "L3_KeyboardSearch_Main" : "Search" "PAD_KEY_default_Theme" : "com.jb.gokeyboard.plugin.pad:default" "algorithm_key" : "MD5" "cfg_commerce_ad_request_access_key" : "94HYC3NQ5PFIE38YT85Z8SCVZBWRJVG4" "cfg_commerce_ad_request_product_key" : "8YZN10M5Y87YMR8QYM73SWSM" "cfg_tokencoin_adaccesskey" : "94HYC3NQ5PFIE38YT85Z8SCVZBWRJVG4" "cfg_tokencoin_adprodkey" : "8YZN10M5Y87YMR8QYM73SWSM" "face_keyboard_cancel" : "Cancel" "face_keyboard_download" : "Download" "facebook_app_id" : "1671772919709786" "google_api_key" : "AIzaSyCFAxKXR7UNXb8LpvuahrRTHuZGGcULDyw" "google_app_id" : "1:529502911115:android:d5ce17c3360228b3c5328e" "google_crash_reporting_api_key" : "AIzaSyCFAxKXR7UNXb8LpvuahrRTHuZGGcULDyw" "keyboard_key_ABC" : "ABC" "money_key" : "$" "substitute_voice_key_symbol" : "," "wecloud_app_key" : "6135J5QECJ1NTH30XM2TN04I" f950faff2a8aa0afb6c925a188955668 dEM4SDNGX0tvaDVxSjk0NVM5ZTl4Y3c6MQ aHR0cHM6Ly9uZXdzdG9yZWRhdGEuZ29mb3JhbmRyb2lkLmNvbS9uZXdzdG9yZS91c2VydHlwZQ== FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 aHR0cHM6Ly9hZHZpYXAuZ29mb3JhbmRyb2lkLmNvbS9hZHZfaWFwL3VzZXJUYWc= com/MIMcLVBsHWcgzEcJGtCF2vpJfh0XDWMhAsLXt a1d5e00d-6b12-4ff3-b04a-75b1fedb14e2 com/XOszqSwXhlvmB4SB5SF30OWpLOUDWQL5QMSbs1G39pYIroQWUcXcH62 aHR0cDovL2dvc3RhdC4zZy5jbi9HT0NsaWVudERhdGEvRFI/cHRsPTEwJmlzX3ppcD0x 7bf3a1e7bbd31e612eda3310c2cdb8075c43c6b5 54551cf1122b1b38927009d5151f1fea 5e8f16062ea3cd2c4a0d547876baa6f38cabf625 aHR0cDovL2FidGVzdC5nb2ZvcmFuZHJvaWQuY29tL2NmZw== 3082037b30820263a00302010202044848d91e300d06092a864886f70d01010b0500306d310b300906035504061302554b310f300d060355040813064c6f6e646f6e311730150603550407130e43697479206f66204c6f6e646f6e310c300a060355040a1303544d6531143012060355040b130b544d652053747564696f733110300e06035504031307544d652043454f3020170d3133313130323231323633315a180f32303935313232323231323633315a306d310b300906035504061302554b310f300d060355040813064c6f6e646f6e311730150603550407130e43697479206f66204c6f6e646f6e310c300a060355040a1303544d6531143012060355040b130b544d652053747564696f733110300e06035504031307544d652043454f30820122300d06092a864886f70d01010105000382010f003082010a0282010100dbed9654b7fc556340c1ad2fc5d20d2f24cb22a0570bb79a1db8535598c81ca25a1b82449f94cbcb4534cff97a47ce5b1a6d53383a37224832a7c6cb9501ba7604f4abab7c01dd0e2782545efea52ad7b6cfc6d31f4b19fb2f8597318dc224456a19be31bacdbc049dac7211e69d0f8a5e3e42b13b51763ce8159e8be4b79239798466ff12f8d9a88c3554ab14178c19dc13d16546abd814fa564f0e5c12e49826331b7e01b31d335e424d3bd71a459eb7ce29c6d764f4391e4b01bf6f7aaf90e939804cc2a4cb5f3ecd661653e42b01550b906e7ff0b9e73ae510daeb6bfc62e9b6a55c874734aef628fe683957f0bba0518df6f4f4db901941f5c423dc04ef0203010001a321301f301d0603551d0e0416041458aa7397d46dca6bf60dbd777d591411a15ad4bf300d06092a864886f70d01010b050003820101000a79f25482071ece82ddac26f7b12893aca13f83153ad51d6f7df603df9a8493040ebb3a683d4ef2c494336626173bddd3b44d38d7b641c4ae0a5c7b7e091a24fad0f2a106db50f963990ca30e1d66f8277cb9badd69120b935f62bc96e506b4fb51713666097dc11cc77fbdacaa03c44065f0ef7505be21703609ba600c696a355113fca1a9517f6343d6c4603e5e877f4b8c9335fe9876ae876fb22fecfcab169da282767bf41c72c926bb43be815d23fee7adc4cda2f1c706c4711b76861f6d4bfce2e8cbc794993f5cfc9a0e2a6285ceebc1f3ef6b663aca0a8ea6dffc42eac89a770def937b5d2f7bf817bc075615a70272f51760d7f9da6208c3ffb2e3 Y29tLnZ1bmdsZS5wdWJsaXNoZXIuRmxleFZpZXdBZEFjdGl2aXR5fGNvbS5pbm1vYmkuYWRzLnJlbmRlcmluZy5Jbk1vYmlBZEFjdGl2aXR5fGNvbS52dW5nbGUucHVibGlzaGVyLlZpZGVvRnVsbFNjcmVlbkFkQWN0aXZpdHl8Y29tLmJ5dGVkYW5jZS5zZGsub3BlbmFkc2RrLmFjdGl2aXR5LlRURnVsbFNjcmVlblZpZGVvQWN0aXZpdHl8Y29tLmdvb2dsZS5hZHMuQWRBY3Rpdml0eXxjb20udW5pdHkzZC5hZHMuYWR1bml0LkFkVW5pdEFjdGl2aXR5fGNvbS5hcHBsb3Zpbi5hZHZpZXcuQXBwTG92aW5JbnRlcnN0aXRpYWxBY3Rpdml0eXxjb20ubWJyaWRnZS5tc2RrLnJld2FyZC5wbGF5ZXIuTUJSZXdhcmRWaWRlb0FjdGl2aXR5fGNvbS5ieXRlZGFuY2Uuc2RrLm9wZW5hZHNkay5hY3Rpdml0eS5UVFJld2FyZFZpZGVvQWN0aXZpdHl8Y29tLnVuaXR5M2QuYWRzLmFuZHJvaWQudmlldy5Vbml0eUFkc0Z1bGxzY3JlZW5BY3Rpdml0eXxjb20ubWJyaWRnZS5tc2RrLmludGVyYWN0aXZlYWRzLmFjdGl2aXR5LkludGVyYWN0aXZlU2hvd0FjdGl2aXR5fGNvbS52dW5nbGUud2FycmVuLnVpLlZ1bmdsZUFjdGl2aXR5fGNvbS51bml0eTNkLnNlcnZpY2VzLmFkcy5hZHVuaXQuQWRVbml0U29mdHdhcmVBY3Rpdml0eXxjb20udnVuZ2xlLnB1Ymxpc2hlci5NcmFpZEZ1bGxTY3JlZW5BZEFjdGl2aXR5fGNvbS5nb29nbGUuYW5kcm9pZC5nbXMuYWRzLkFkQWN0aXZpdHl8Y29tLnVuaXR5M2Quc2VydmljZXMuYWRzLmFkdW5pdC5BZFVuaXRBY3Rpdml0eXxjb20uYXBwbG92aW4uaW1wbC5hZHZpZXcuQXBwTG92aW5PcmllbnRhdGlvbkF3YXJlSW50ZXJzdGl0aWFsQWN0aXZpdHl8Y29tLm1pbnRlZ3JhbC5tc2RrLnJld2FyZC5wbGF5ZXIuTVRHUmV3YXJkVmlkZW9BY3Rpdml0eXxjb20uYnl0ZWRhbmNlLnNkay5vcGVuYWRzZGsuYWN0aXZpdHkuVFRGdWxsU2NyZWVuRXhwcmVzc1ZpZGVvQWN0aXZpdHl8Y29tLnVuaXR5M2QuYWRzLmFkdW5pdC5BZFVuaXRTb2Z0d2FyZUFjdGl2aXR5fGNvbS5pcm9uc291cmNlLnNkay5jb250cm9sbGVyLkludGVyc3RpdGlhbEFjdGl2aXR5fGNvbS5hZGNvbG9ueS5zZGsuQWRDb2xvbnlBZFZpZXdBY3Rpdml0eXxjb20ubWludGVncmFsLm1zZGsuaW50ZXJzdGl0aWFsLnZpZXcuTVRHSW50ZXJzdGl0aWFsQWN0aXZpdHl8Y29tLm1icmlkZ2UubXNkay5pbnRlcnN0aXRpYWwudmlldy5NQkludGVyc3RpdGlhbEFjdGl2aXR5fGNvbS5taW50ZWdyYWwubXNkay5pbnRlcmFjdGl2ZWFkcy5hY3Rpdml0eS5JbnRlcmFjdGl2ZVNob3dBY3Rpdml0eXxjb20uYnl0ZWRhbmNlLnNkay5vcGVuYWRzZGsuYWN0aXZpdHkuVFRSZXdhcmRFeHByZXNzVmlkZW9BY3Rpdml0eXxjb20udnVuZ2xlLnB1Ymxpc2hlci5GdWxsU2NyZWVuQWRBY3Rpdml0eXxjb20uc3VwZXJzb25pY2Fkcy5zZGsuY29udHJvbGxlci5JbnRlcnN0aXRpYWxBY3Rpdml0eXxjb20uYXBwbG92aW4uYWR2aWV3LkFwcExvdmluRnVsbHNjcmVlbkFjdGl2aXR5fGNvbS5meWJlci5pbm5lcmFjdGl2ZS5zZGsuYWN0aXZpdGllcy5Jbm5lcmFjdGl2ZUZ1bGxzY3JlZW5BZEFjdGl2aXR5fGNvbS52dW5nbGUud2FycmVuLnVpLlZ1bmdsZUZsZXhWaWV3QWN0aXZpdHl8Y29tLnN1cGVyc29uaWNhZHMuc2RrLmNvbnRyb2xsZXIuQ29udHJvbGxlckFjdGl2aXR5fGNvbS5pcm9uc291cmNlLnNkay5jb250cm9sbGVyLkNvbnRyb2xsZXJBY3Rpdml0eXxjb20uYWRjb2xvbnkuc2RrLkFkQ29sb255SW50ZXJzdGl0aWFsQWN0aXZpdHk= aHR0cHM6Ly9uZXdzdG9yZWRhdGEuZ29mb3JhbmRyb2lkLmNvbS9uZXdzdG9yZS8= aHR0cHM6Ly9hZHZzaGllbGQuZ29mb3JhbmRyb2lkLmNvbS9hZHZfc2hpZWxkL3NoaWVsZC9jb25maXJtU2hpZWxk a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc 3082019730820100a003020102020452b4403b300d06092a864886f70d0101050500300f310d300b06035504031304333630463020170d3133313232303133303335355a180f32313132313132363133303335355a300f310d300b060355040313043336304630819f300d06092a864886f70d010101050003818d0030818902818100bd18343d82f65b86d5898b2096c4126ffdfcb7c68a18c55f7e506f1e9b49c6c6f05e77239cccd6626e1a899f863f3ccb9a372cf0ab2348e25822626987fc73ce5d46a78efe65ebc821f90c6d49d0ad0751608ec2d926822d9322a6aac10a030863b5df38d1f1307ebca9b99ef4199f91719829a82f5e685c79942e64b3823bb70203010001300d06092a864886f70d01010505000381810059ae7702304b7a355f29fec4e4e630552da7efda2e4401d74f867d7ed52ce6847db277f8cf3b0b2682d974cce41586c2cc9d3d78076069f161a4c89ef6153a88795ad373f005fe1ca9ffb2587cbec7a24b3b4d23bec3252ec9b98b7f33d2c49a3693a857524f7884920e8a24db429db74d114c7ccd0f36dade3895511fc3f8e0 308202033082016ca0030201020204539af72b300d06092a864886f70d01010505003046310c300a06035504081303544d45310c300a06035504071303544d45310c300a060355040a1303544d45310c300a060355040b1303544d45310c300a06035504031303544d45301e170d3134303631333133303534375a170d3339303630373133303534375a3046310c300a06035504081303544d45310c300a06035504071303544d45310c300a060355040a1303544d45310c300a060355040b1303544d45310c300a06035504031303544d4530819f300d06092a864886f70d010101050003818d00308189028181009575fe1bf08714c8b4eaa48192f6446ad8cb9bc0db77edff597f46c568142909e3be8f1709179559ef78fa823edee86f7e2df19367df79fe89f34b9427894deb390cac04dd16704a3f458cdffb231cba7ad9b706b35ba11d568a5df4ba84f255d9d513c1d694256cfd7a58a513e0b234cc27469e25d59fed686d2bcd26bc8a2b0203010001300d06092a864886f70d0101050500038181001a78474da8d542a517cbad5861c060205be061295a5da46691dc56b4dc9f872473e3e0e7bcffde09827db2ac060903f88a458cd998f3726fd8f769d57ac644b3a5a997efcc659916f1e9f7e5b1c2198bf7b85e4233a34c8bc9b2bcaf3aa937d9929e87f118de16213df05d102df6ac7a16c10aa2776dbdb5c26ac7dcca75e38a com/HC9q36YwXfRP7cfTjXR3kEkBna8fkEGybh2mPBfV35OpxPTGQmvrqk5P7Tf7rj0V 9zTyteyD3O049pxB20KMkKRS7tcu1A=w192 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F 026ae9c9824b3e483fa6c71fa88f57ae27816141 E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 BDBpCi5U3NIx40dZax32TNmVxm0u0CLr=w192 HSrCHRtOan6wp2kwOIGJC1RDtuSrF2mWVbio2aBcMHX9KF3iTJ1lLSzCKP1ZSo5yNolPNw1kCTtWpxELFF4ah1 bb2cf0647ba654d7228dd3f9405bbc6a 3i2ndDfv2rTHiSisAbouNdArYfORhtTPEefj3q2f 29015bbfcc182d80e7f75bd2c38e4521 aHR0cDovL2dvdXBkYXRlLjNnLmNuL0dPQ2xpZW50RGF0YS9EUj9wdGw9MTAmaXNfemlwPTE= cfc10ccaf0724c4cbc6122cf51421f03 74616804a7dc29147dfb0afe122a9fd2 aHR0cHM6Ly9hZHZzMnNvbmxpbmUuZ29mb3JhbmRyb2lkLmNvbS9zMnNhZHY= 8ef191c6-26d6-4f80-8ef3-a3da9a80d2d8 NaubrwWEGiJEQqRxx7aXntbGOf4YiRmW0WY9043rcqRhJreE4sReMC1OFRaeI7TXWBJUiJQGpwA1UdSsR65vvNieo70IUqvUnj1mn1mLUTKEMqeM9l5g90WJJo4gBN3n HPJOVTREZ28LWF51WWA1YI6KUDY7C1SF 308201943081fea003020102020453f7075d300d06092a864886f70d0101050500300e310c300a06035504031303544d453020170d3134303832323039303332355a180f32313134303732393039303332355a300e310c300a06035504031303544d4530819f300d06092a864886f70d010101050003818d003081890281810087b616149e3b38a323802463a7ff8b79e1e75b32fc88c89911f07d67fb208631785e62370e3574acb5a9ea2e3e98e5ebb0f4ee08e0b5c4f0aaf4a0aa2a6da9144c1a67c42a6e3eac3f62775a3b0a1bc7b81229583144df9fc19ae13ecec55bc99bde779c29bcef3a95f7c59b03d87388625e03e349a420e83a474b26337faa810203010001300d06092a864886f70d0101050500038181008334487f6b1b4e3795d5c0cbe005bb5669214c6038aeb8535f2bffad3bcfe5fc84d77807484cde4905ac879c7f0f38b7eaf1d68374290531a8ee96104ae631cb4813b26e601f3eb6ee442c1979194e0e46e3bd4fb76ed13c8ccc3ba2ff5d7ecc1c57bf1b91a5aa1b638d1e9b7dfc8811b2e9e389fae3ee823b40d68722cf2e66 7ssCV7o7Ha1MvSJ1uXlDTJZE6vDMk5KrxB1RIpTZOZxI1EJ 30820269308201d2a0030201020204534e55ef300d06092a864886f70d01010505003079310b300906035504061302524f3112301006035504081309427563686172657374311230100603550407130942756368617265737431133011060355040a130a544d2053747564696f733111300f060355040b1308544d2047616d6573311a30180603550403131144616e69656c20466c616d61726f706f6c301e170d3134303431363130303533355a170d3339303431303130303533355a3079310b300906035504061302524f3112301006035504081309427563686172657374311230100603550407130942756368617265737431133011060355040a130a544d2053747564696f733111300f060355040b1308544d2047616d6573311a30180603550403131144616e69656c20466c616d61726f706f6c30819f300d06092a864886f70d010101050003818d00308189028181008318ced34fcbde2cd31e75ebbd88d64fa2d57b165c67be42566ca3d9cbe43661d38ed3ac1adf589dc9addd0be0ecea97d2b095c692eb1ef981e32429de1211f9468f628829ff314f963ecb51a3e3cc01f36e436875ad7b5a9966e3409d5a4094bf3902c503c143f7e2626e433ed0e222f8b66359e57852171bbfd691915681b10203010001300d06092a864886f70d0101050500038181001197db3df6015d24240224401d1a99605cf140629ac492d60137f2e588e52720277a76f53596c4c36af0973e3ae9d10de071dad269bce6801e5ebb71d77e9c5a2fd301eec1bbb0698bc9d58b8561549c384758565138a555580de636ce583ee0a4aa0014cb72df7b95bf1af4fe5c42b131baab7d59246fa3e7b7904d278c3e00 Y29tLmFuZHJvaWQudmVuZGluZy5saWNlbnNpbmcuSUxpY2Vuc2luZ1NlcnZpY2U= YO0FINC2I0JSPDMB2KWMLZRJ94BHT6IA HobozhcwpTh92IEMTCIjMCnQyljitY=w192 481942b5989dff650ea9b6e20f5b140729ba4512 28J3ZCJLXTW06HJYEPOEKOSVVQADNNML 0ee68f61b259414bbf6976dfee7c212a 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 com/s1gkijRVquJCItdbeb1jUEmWxQqEXo8G32113zFT aHR0cDovL2dvdXBkYXRlLjNnLmNuL0dPQ2xpZW50RGF0YS9EQw== aHR0cDovL2dvdGVzdC4zZy5uZXQuY24vbmV3c3RvcmUv 422de421e0f4e019426b9abfd780746bc40740eb a4485d83f0bd47b388c88ca4e4a65717 aHR0cHM6Ly9hZHZvbmxpbmUuZ29mb3JhbmRyb2lkLmNvbS9hZHZfb25saW5lL29ubGluZWFkdg== 9Yco5GUtRVTStcPxep2K7o5eW8PZyrspo
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/adcolony/sdk/AdColonyAppOptions.java, line(s) 53,70 com/adcolony/sdk/aa.java, line(s) 57,63,65,59,126,61 com/adcolony/sdk/aj.java, line(s) 68,96 com/adcolony/sdk/al.java, line(s) 338,143,200,326,345 com/adcolony/sdk/an.java, line(s) 84 com/adcolony/sdk/at.java, line(s) 31,35,36,37,47 com/adcolony/sdk/au.java, line(s) 22,23,24,29,30,31,32 com/adcolony/sdk/h.java, line(s) 202 com/adcolony/sdk/t.java, line(s) 73 com/aerserv/sdk/AerServBanner.java, line(s) 126,214,217,252,261,85,180,229,240,275 com/aerserv/sdk/AerServConfig.java, line(s) 37,40 com/aerserv/sdk/AerServInterstitial.java, line(s) 50,59,64,81,91,111,97 com/aerserv/sdk/AerServSettings.java, line(s) 238,386,401,413,432,363,478,484,154,163,396,107,117,138,149,260,310,318,323,328,339,356,375,418,446 com/aerserv/sdk/AerServTransactionInformation.java, line(s) 33 com/aerserv/sdk/AerServVirtualCurrency.java, line(s) 78 com/aerserv/sdk/adapter/AbstractCustomBannerProvider.java, line(s) 75,193,260,97,127,179,198,206,268,204 com/aerserv/sdk/adapter/AbstractCustomInterstitialProvider.java, line(s) 61,102,135,411,230,252,263,302,415,417,424,422,45,51,85,92,125,348,350,284,296 com/aerserv/sdk/adapter/AbstractCustomProvider.java, line(s) 118,83 com/aerserv/sdk/adapter/AdColonyInterstitialAdapter.java, line(s) 51,68,72,77,81,90,96,102,106,110,118,123,133,141,145,148,159,221,224,31,39,187 com/aerserv/sdk/adapter/AdMobInterstitialAdapter.java, line(s) 60,212,91,97,127,39,65,76 com/aerserv/sdk/adapter/AdapterAdRefresher.java, line(s) 100,105,128,155,159,173,183,187,191,209,227,239,243,248,253,277,287,292,108,162,256,241 com/aerserv/sdk/adapter/AdapterFactory.java, line(s) 12 com/aerserv/sdk/adapter/AppLovinInterstitialAdapter.java, line(s) 275,47,53,75,79,83,92,96,102,155,160,168,173,280,288,296,304,318,326,330,334,338,342,186,194 com/aerserv/sdk/adapter/AppNextInterstitialAdapter.java, line(s) 245,255,126,130,136,149,153,225,236,285,58,74,86,98,112,160,164,175,182,222,232,241,278,171,173 com/aerserv/sdk/adapter/ChartboostInterstitialAdapter.java, line(s) 46,50,54,80,84,88,102,104,107,111,149,158,167,175,183,192,200,208,218,228,237,251 com/aerserv/sdk/adapter/FacebookInterstitialAdapter.java, line(s) 38,42,48,156,99,109,117,124,138,142 com/aerserv/sdk/adapter/InMobiInterstitialAdapter.java, line(s) 37,44,49,59,66,70,75,77,115,129,136,140,148,155,163,171,179,183,198,203,205 com/aerserv/sdk/adapter/MillennialInterstitialAdapter.java, line(s) 194,35,40,56,65,98,167,177,182,187,105,109,116,123,127,132,137,142 com/aerserv/sdk/adapter/MoPubSdkInterstitialAdapter.java, line(s) 34,40,47,52,82,136,192,62,72,98,120,129,133,144,152,160,169,188,194 com/aerserv/sdk/adapter/MyTargetSdkInterstitialAdapter.java, line(s) 107,130,24,30,73,80,87,94,102,112 com/aerserv/sdk/adapter/RhythmOneSdkInterstitialAdapter.java, line(s) 76,82,105,175,180,195,203,210,217,224 com/aerserv/sdk/adapter/SimultaneousAdLoader.java, line(s) 28,38,41,43,68,80,83,105,112 com/aerserv/sdk/adapter/ThirdPartyProvider.java, line(s) 72,86,93,495,500,509,248,321,486,257,261,402,484,491,514,123,396,457,517 com/aerserv/sdk/adapter/TremorInterstitialAdapter.java, line(s) 43,203,215,109,113,118,122,136,140,144,149,25,32,47,54,59,63,67,74,78,82,89,93,97,101,158,218 com/aerserv/sdk/adapter/UnityInterstitialAdapter.java, line(s) 30,34,39,43,48,62,66,70,76,102,165,135,140,150,154 com/aerserv/sdk/adapter/VungleInterstitialAdapter.java, line(s) 157,43,47,51,68,73,93,103,108,126,138,142,206,211,216,235,245,61,87,146,148,153 com/aerserv/sdk/adapter/YahooInterstitialAdapter.java, line(s) 78,110,144,150,169,175,180,197,201,213,219,261,276,307,39,43,50,57,115,120,124,159,190,207,209,217,279,288 com/aerserv/sdk/adapter/asadcolony/ASAdColonyInterstitialProvider.java, line(s) 137,154,165,169,175,124 com/aerserv/sdk/adapter/asadmob/ASAdMobBannerProvider.java, line(s) 126,96,50,92 com/aerserv/sdk/adapter/asadmob/ASAdMobInterstitialProvider.java, line(s) 106 com/aerserv/sdk/adapter/asaerserv/ASAerServBannerProvider.java, line(s) 61,131,175,127 com/aerserv/sdk/adapter/asaerserv/ASAerServConfig.java, line(s) 47 com/aerserv/sdk/adapter/asaerserv/ASAerServInterstitialProvider.java, line(s) 82,107 com/aerserv/sdk/adapter/asapplovin/ASAppLovinInterstitialProvider.java, line(s) 126,131,135,140,145,149,262 com/aerserv/sdk/adapter/asappnext/ASAppNextInterstitialProvider.java, line(s) 127,219,223,235,72,82,88,95,98,106,181,187,192,197,209 com/aerserv/sdk/adapter/aschartboost/ASChartboostInterstitialProvider.java, line(s) 193,199,130 com/aerserv/sdk/adapter/asfacebook/ASFacebookBannerProvider.java, line(s) 126,134,147,159 com/aerserv/sdk/adapter/asfacebook/ASFacebookInterstitialProvider.java, line(s) 169,120,141,155 com/aerserv/sdk/adapter/asinmobi/ASInMobiBannerProvider.java, line(s) 104,116,121,135,140,145,150,159,168 com/aerserv/sdk/adapter/asmillennial/ASMillennialBannerProvider.java, line(s) 105,129,38,99,90,170,174 com/aerserv/sdk/adapter/asmillennial/ASMillennialInterstitialProvider.java, line(s) 109,134,143,165,184,103,94,160,169,176 com/aerserv/sdk/adapter/asmopubsdk/ASMoPubSdkBannerProvider.java, line(s) 116,101,106,111,132 com/aerserv/sdk/adapter/asmopubsdk/ASMoPubSdkInterstitialProvider.java, line(s) 87,92,97,105,114,118 com/aerserv/sdk/adapter/asmytargetsdk/ASMyTargetSdkBannerProvider.java, line(s) 139,82,91,100,120 com/aerserv/sdk/adapter/asmytargetsdk/ASMyTargetSdkInterstitialProvider.java, line(s) 101,77 com/aerserv/sdk/adapter/asrhythmonesdk/ASRhythmOneSdkInterstitialProvider.java, line(s) 201,188,98,106,116,126,136 com/aerserv/sdk/adapter/astremor/ASTremorInterstitialProvider.java, line(s) 113,166,176,180 com/aerserv/sdk/adapter/asunity/ASUnityInterstitialProvider.java, line(s) 137,131 com/aerserv/sdk/adapter/asvungle/ASVungleInterstitialProvider.java, line(s) 127,131,134,162 com/aerserv/sdk/adapter/asyahoo/ASYahooBannerProvider.java, line(s) 151,93,97,102,155,160,165,169,175,179 com/aerserv/sdk/adapter/asyahoo/ASYahooInterstitialProvider.java, line(s) 166,187,197 com/aerserv/sdk/adapter/task/LoadAdTask.java, line(s) 34,36,41,70 com/aerserv/sdk/adapter/task/ShowAdTask.java, line(s) 29,40,44,68 com/aerserv/sdk/analytics/AerServAnalyticsProxy.java, line(s) 40 com/aerserv/sdk/controller/AdManager.java, line(s) 102,133,142,244,259,281,314,355,391,423,437,440,444,452,469,509,527,536,568,573,578,581,584,610,611,623,626,106,126,136,153,177,195,201,215,229,233,248,263,278,285,304,308,318,456,490,369,442,561,616,651 com/aerserv/sdk/controller/command/DownloadImageCommand.java, line(s) 20 com/aerserv/sdk/controller/command/ExecutePlacementCommand.java, line(s) 24,30,33 com/aerserv/sdk/controller/command/ExpandMraidCommand.java, line(s) 20,23 com/aerserv/sdk/controller/command/FireEventCommand.java, line(s) 30 com/aerserv/sdk/controller/command/LaunchBrowserCommand.java, line(s) 35 com/aerserv/sdk/controller/command/PlayVideoCommand.java, line(s) 19,22 com/aerserv/sdk/controller/command/ShowProviderAdCommand.java, line(s) 54,58,67,72,86,94,101,106,111,127 com/aerserv/sdk/controller/listener/AerServEventListenerLocator.java, line(s) 34,78,52 com/aerserv/sdk/controller/listener/DefaultProviderListener.java, line(s) 11,16,21,26,31,36,41,46,51,56,61 com/aerserv/sdk/controller/listener/MraidBannerJavascriptInterfaceListener.java, line(s) 144,304,208 com/aerserv/sdk/controller/listener/MraidInterstitialJavascriptInterfaceListener.java, line(s) 126 com/aerserv/sdk/controller/listener/ProviderListenerLocator.java, line(s) 15,21,38,16,22,39 com/aerserv/sdk/dao/VideoFileCache.java, line(s) 29,33,62,65,68,79,71 com/aerserv/sdk/factory/AdFactory.java, line(s) 89,105,59 com/aerserv/sdk/factory/ProviderFactory.java, line(s) 43,69 com/aerserv/sdk/http/HttpPostListenerTask.java, line(s) 49,122,95,98 com/aerserv/sdk/http/HttpTask.java, line(s) 46,82,106 com/aerserv/sdk/model/Asplc.java, line(s) 112,124,104 com/aerserv/sdk/model/Placement.java, line(s) 155,177,203,75,81,217 com/aerserv/sdk/model/ad/ThirdPartyProviderAd.java, line(s) 57,48,71,41 com/aerserv/sdk/model/ad/VASTProviderAd.java, line(s) 49,59,69,146,150,350,355,359,115 com/aerserv/sdk/model/vast/Creatives.java, line(s) 46 com/aerserv/sdk/model/vast/Icon.java, line(s) 49 com/aerserv/sdk/model/vast/MediaFile.java, line(s) 44 com/aerserv/sdk/model/vast/VAST.java, line(s) 78,188 com/aerserv/sdk/proxy/FetchAsplcProxy.java, line(s) 40,32,65,39,42,59 com/aerserv/sdk/proxy/PlacementProxy.java, line(s) 36,35 com/aerserv/sdk/proxy/PreInitProxy.java, line(s) 41 com/aerserv/sdk/proxy/SybokProxy.java, line(s) 130 com/aerserv/sdk/strategy/ExpandedMraidInterstitialStrategy.java, line(s) 81,106,173,188 com/aerserv/sdk/strategy/HtmlInterstitialStrategy.java, line(s) 141 com/aerserv/sdk/strategy/MraidInterstitialStrategy.java, line(s) 53,76,145,159 com/aerserv/sdk/strategy/VideoInterstitialStrategy.java, line(s) 120,132 com/aerserv/sdk/utils/AerServLog.java, line(s) 17,111,26,84,34,94,67,126,76,102 com/aerserv/sdk/utils/MoatUtils.java, line(s) 110,83,118,122,152,155,159,162,188,192,199,87,100,128,168,204 com/aerserv/sdk/utils/TimeSpan.java, line(s) 52 com/aerserv/sdk/utils/UrlBuilder.java, line(s) 141,254,418,188,212,227,330,309 com/aerserv/sdk/utils/VASTUtils.java, line(s) 61,79 com/aerserv/sdk/utils/VastErrorHandler.java, line(s) 73 com/aerserv/sdk/utils/WebViewJSRunner.java, line(s) 22 com/aerserv/sdk/view/ASInterstitialActivity.java, line(s) 41,88,98 com/aerserv/sdk/view/ASVastInterstitialActivity.java, line(s) 167,39,115,135,151,171 com/aerserv/sdk/view/ASVpaidInterstitalActivity.java, line(s) 171,235 com/aerserv/sdk/view/ASWebviewInterstitialActivity.java, line(s) 77,89,100,121 com/aerserv/sdk/view/AerServFullScreenAdActivity.java, line(s) 43,63,72,81,89,97 com/aerserv/sdk/view/component/ASMraidWebView.java, line(s) 86,104 com/aerserv/sdk/view/component/ASWebView.java, line(s) 66,96,102,105,136,119 com/aerserv/sdk/view/component/BackButton.java, line(s) 22 com/aerserv/sdk/view/component/CloseButton.java, line(s) 60 com/aerserv/sdk/view/component/MraidJavascriptInterface.java, line(s) 127 com/aerserv/sdk/view/component/VastVideoView.java, line(s) 47 com/aerserv/sdk/view/component/VpaidWebView.java, line(s) 167,276,283,291,309,325,338,365,372,381,394,404,412,424,434,442,451,459,480,490,500,516,550,606,616,622,628,318,565,576,587 com/aerserv/sdk/view/vastplayer/IconsPlayer.java, line(s) 294,229,259 com/aerserv/sdk/view/vastplayer/VastPlayer.java, line(s) 181,580,587,608,642,645,439,506,672,601 com/amazonaws/auth/CognitoCachingCredentialsProvider.java, line(s) 23,36,98,106,115,159,140,43 com/amazonaws/logging/AndroidLog.java, line(s) 13,45,17,49,21,25,29,33,37,41,53 com/amazonaws/logging/LogFactory.java, line(s) 51 com/applovin/impl/adview/activity/b/f.java, line(s) 581 com/applovin/impl/sdk/a/f.java, line(s) 76,80,86 com/applovin/impl/sdk/f.java, line(s) 101,103 com/applovin/impl/sdk/nativeAd/AppLovinMediaView.java, line(s) 172 com/applovin/impl/sdk/w.java, line(s) 46,72,107,68,115,76,123,80,99 com/applovin/mediation/rtb/AppLovinRtbBannerRenderer.java, line(s) 34,39,44,54,58,63 com/appsflyer/AFLogger.java, line(s) 83,102,152,81,35,116,130 com/base/http/e.java, line(s) 40,47,20,27 com/cpcphone/abtestcenter/b/b.java, line(s) 10,16 com/cs/bd/ad/http/bean/ParamsBean.java, line(s) 16,18,24,26 com/cs/bd/buychannel/buyChannel/c/b.java, line(s) 13 com/cs/bd/buychannel/buyChannel/f/g.java, line(s) 38 com/cs/bd/commerce/util/LogUtils.java, line(s) 39,150,214,45,156,188,92,162,208,233,128,175,134,181,198,222 com/cs/bd/commerce/util/Machine.java, line(s) 430 com/cs/bd/commerce/util/PassTimeLogger.java, line(s) 15 com/cs/bd/commerce/util/bgs/BootstrapClass.java, line(s) 22 com/cs/bd/commerce/util/encrypt/Base64.java, line(s) 505,506 com/cs/bd/commerce/util/io/mp/MPSPImpl.java, line(s) 289 com/cs/bd/commerce/util/io/mp/MainProcessSP.java, line(s) 158 com/cs/bd/commerce/util/retrofit/Interceptor/LogInterceptor.java, line(s) 64 com/cs/bd/commerce/util/retrofit/Interceptor/RepeatRequestCtrl.java, line(s) 45 com/cs/bd/commerce/util/retrofit/Interceptor/RetryAfterNetOkCtrl.java, line(s) 158 com/cs/bd/commerce/util/retrofit/RetrofitProxy.java, line(s) 34 com/cs/bd/commerce/util/retrofit/test/Test.java, line(s) 85,86,87,107,108,110,132,133,134,155,156,157,176,177,179,209,210,212,232,233,235,78,81,99,102,125,128,148,151,169,172,202,205,225,228 com/cs/bd/commerce/util/thread/ThreadPoolManager.java, line(s) 180 com/cs/bd/commerce/util/topApp/ProcessHelperUtil.java, line(s) 149 com/cs/bd/commerce/util/topApp/TopHelper.java, line(s) 353,403,489,527 com/cs/bd/mopub/utils/SimpleAB.java, line(s) 45 com/cs/bd/utils/k.java, line(s) 11,16,20 com/cs/utils/net/g/d.java, line(s) 66 com/go/launcher/taskmanager/AbstractTaskManager.java, line(s) 98,111,124 com/gokeyboard/appcenter/web/advertise/StoreAsyncTask.java, line(s) 72 com/gomo/http/Http.java, line(s) 26 com/gomo/http/ServicesLog.java, line(s) 19,47,26,54 com/gomo/http/call/AsyncCall.java, line(s) 21,22,20,23 com/gomo/http/call/SyncCall.java, line(s) 20,21,19,22,33 com/gomo/http/common/DeviceBuilder.java, line(s) 26,25 com/gomo/http/dns/DNSUtils.java, line(s) 50,156,159 com/gomo/http/dns/TlsSniSocketFactory.java, line(s) 57,66,69,80,73 com/gomo/http/report/ReportUtil.java, line(s) 34,59,64,106,110,206,222,237,240,248,267,272,278,292 com/gomo/http/report/Reporter.java, line(s) 85,89,106,117 com/gomo/http/report/commom/DeviceBase64.java, line(s) 21 com/gomo/http/request/Request.java, line(s) 261,273,375,376,380,382,385,387,444,374,389,391,456,511,458 com/gomo/http/response/Response.java, line(s) 105,106,107,109,111,114,104,116,96 com/gomo/http/security/Signature.java, line(s) 12,17,18,19,20,21 com/gomo/services/conf/ConfigurationApi.java, line(s) 118,124,117,123 com/iab/omid/library/applovin/d/c.java, line(s) 18,11 com/jb/gokeyboard/BootupReceiver.java, line(s) 12 com/jb/gokeyboard/GoKeyboardServer.java, line(s) 878 com/jb/gokeyboard/a0/a/a.java, line(s) 57 com/jb/gokeyboard/a0/a/b.java, line(s) 44 com/jb/gokeyboard/a0/a/c.java, line(s) 66 com/jb/gokeyboard/a0/b/a.java, line(s) 55,47,50 com/jb/gokeyboard/a0/b/c.java, line(s) 123,65,86 com/jb/gokeyboard/a0/b/f.java, line(s) 100 com/jb/gokeyboard/a0/b/h.java, line(s) 195,199,203,207,211 com/jb/gokeyboard/a0/b/k.java, line(s) 27 com/jb/gokeyboard/a0/b/m.java, line(s) 87 com/jb/gokeyboard/a0/c/a/a.java, line(s) 27 com/jb/gokeyboard/abtest/h.java, line(s) 59,60,61,62,63,64,65 com/jb/gokeyboard/avataremoji/camera/a/b.java, line(s) 70,98,115,117,139,388,491,524 com/jb/gokeyboard/common/util/b.java, line(s) 23,32,35 com/jb/gokeyboard/common/util/h.java, line(s) 18 com/jb/gokeyboard/crashreport/ErrorReporter.java, line(s) 180,217,492,90,199,241,250,253,309,192,258,262,440,483,509,539,357 com/jb/gokeyboard/engine/CompatUtils.java, line(s) 50,72,84,96 com/jb/gokeyboard/engine/MakedictLog.java, line(s) 13,20 com/jb/gokeyboard/engine/chinese/ChineseContactDictionary.java, line(s) 69,90 com/jb/gokeyboard/engine/latin/AbstractDictionaryWriter.java, line(s) 36,38 com/jb/gokeyboard/engine/latin/ContactsBinaryDictionary.java, line(s) 91,173,242,152,179 com/jb/gokeyboard/engine/latin/UserBinaryDictionary.java, line(s) 151,155,166 com/jb/gokeyboard/engine/latin/utils/ExecutorUtils.java, line(s) 93,30 com/jb/gokeyboard/engine/makedict/BinaryDictEncoderUtils.java, line(s) 299,106,107,135,139,159,373,375,377,379 com/jb/gokeyboard/gif/a.java, line(s) 115,182,354,480,483,490 com/jb/gokeyboard/goplugin/data/q.java, line(s) 38,22,85,99 com/jb/gokeyboard/input/inputmethod/latin/utils/ResourceUtils.java, line(s) 57,69,73,80 com/jb/gokeyboard/input/inputmethod/latin/utils/b.java, line(s) 67,73,86,92,93 com/jb/gokeyboard/input/r/c/c.java, line(s) 24,22,26 com/jb/gokeyboard/input/r/c/j.java, line(s) 181,86,92,98 com/jb/gokeyboard/j/d.java, line(s) 36 com/jb/gokeyboard/keyboard/internal/c.java, line(s) 33 com/jb/gokeyboard/keyboard/internal/l.java, line(s) 152 com/jb/gokeyboard/keyboard/internal/x.java, line(s) 40 com/jb/gokeyboard/keyboard/internal/y.java, line(s) 241,247,875,883,949,981,1018,1091,468,717,908 com/jb/gokeyboard/keyboard/internal/z.java, line(s) 90,115,137 com/jb/gokeyboard/lockernotify/widget/roundimage/RoundedImageView.java, line(s) 117,135 com/jb/gokeyboard/lockernotify/widget/roundimage/a.java, line(s) 258 com/jb/gokeyboard/messagecenter/MessageContentActivity.java, line(s) 140 com/jb/gokeyboard/messagecenter/MsgNotifyActivity.java, line(s) 20 com/jb/gokeyboard/messagecenter/h.java, line(s) 600 com/jb/gokeyboard/messagecenter/j.java, line(s) 258 com/jb/gokeyboard/p/b.java, line(s) 46,57,139,156,161 com/jb/gokeyboard/preferences/KeyboardSettingForeignLanguageActivity.java, line(s) 209 com/jb/gokeyboard/provider/GoKeyboardDataProviderEmoji.java, line(s) 83 com/jb/gokeyboard/provider/a.java, line(s) 167,197,254,259,275,292,299,315,338,341,348,365,374,382,388,405,412,429,436,455,462,478 com/jb/gokeyboard/provider/c.java, line(s) 48 com/jb/gokeyboard/provider/e.java, line(s) 22 com/jb/gokeyboard/ramclear/a.java, line(s) 48,49,50,51,52,56,57,58,59,63,64,65 com/jb/gokeyboard/ramclear/b.java, line(s) 97,113,125,140,146,155 com/jb/gokeyboard/ramclear/c.java, line(s) 50,110,117,161,194,299,359,375,389,413 com/jb/gokeyboard/ramclear/ui/BaseCleanActivity.java, line(s) 109,112,118,126,177,193,205 com/jb/gokeyboard/ramclear/ui/BaseRamCleanAdView.java, line(s) 202,208 com/jb/gokeyboard/ramclear/ui/CenterBackground.java, line(s) 49 com/jb/gokeyboard/ramclear/ui/RamAnimView.java, line(s) 40 com/jb/gokeyboard/ramclear/ui/ScannerView.java, line(s) 46 com/jb/gokeyboard/recording/RecordManager.java, line(s) 498 com/jb/gokeyboard/recording/a.java, line(s) 31,96,155 com/jb/gokeyboard/shop/a.java, line(s) 318 com/jb/gokeyboard/shop/custombackground/data/b.java, line(s) 50 com/jb/gokeyboard/statistics/q/a.java, line(s) 38 com/jb/gokeyboard/test/latin/gesture/a.java, line(s) 38,76,79,101,42,52,95 com/jb/gokeyboard/test/latin/gesture/b.java, line(s) 123,133,541,571,296,298,606,630 com/jb/gokeyboard/test/view/KeyboardSettingTestItemActivity.java, line(s) 160 com/jb/gokeyboard/test/view/TestActivity.java, line(s) 71,108,304,321 com/jb/gokeyboard/themezipdl/view/ThemeDownloadViewImpl.java, line(s) 58 com/jb/gokeyboard/ui/CandidateView.java, line(s) 762,763,764,765,766,767,768 com/jb/gokeyboard/ui/HandWriteView.java, line(s) 115 com/jb/gokeyboard/ui/facekeyboard/PlayTabContainer.java, line(s) 153,164 com/jb/gokeyboard/ui/frame/e.java, line(s) 391 com/jb/gokeyboard/voiceinput/d.java, line(s) 267 com/jb/gokeyboard/widget/recyclerview/GalleryLayoutManager.java, line(s) 104 com/jiubang/bussinesscenter/plugin/navigationpage/api/NavigationApi.java, line(s) 56,57,76,84 com/jiubang/bussinesscenter/plugin/navigationpage/common/utils/log/LogUtils.java, line(s) 23,29,49,61,39,67,73,55,79,85 com/jiubang/bussinesscenter/plugin/navigationpage/database/DataBaseHelper.java, line(s) 169 com/jiubang/bussinesscenter/plugin/navigationpage/networkimageview/MemoryImageCache.java, line(s) 39 com/jiubang/bussinesscenter/plugin/navigationpage/thread/ThreadPoolManager.java, line(s) 197 com/jiubang/bussinesscenter/plugin/navigationpage/util/machine/ConfigurationInfo.java, line(s) 115,118,121 com/jiubang/commerce/hotwordlib/presearch/PreSearchDataManager.java, line(s) 410 com/jiubang/commerce/hotwordlib/presearch/statistics/BaseSeq103OperationStatistic.java, line(s) 57 com/jiubang/commerce/hotwordlib/util/Base64.java, line(s) 505,506 com/jiubang/commerce/hotwordlib/util/ClientUtils.java, line(s) 47 com/jiubang/commerce/hotwordlib/util/LogUtil.java, line(s) 14,64,19,59,69,32,74,98,48,86,54,92,104 com/jiubang/core/thread/ThreadPoolManager.java, line(s) 201 com/moat/analytics/mobile/aer/c1.java, line(s) 33,28 com/moat/analytics/mobile/aer/d1.java, line(s) 21 com/moat/analytics/mobile/aer/g.java, line(s) 26,58 com/moat/analytics/mobile/aer/g0.java, line(s) 36,215,223 com/moat/analytics/mobile/aer/o0.java, line(s) 28 com/moat/analytics/mobile/aer/q0.java, line(s) 33,47,57,71,81 com/moat/analytics/mobile/aer/r0.java, line(s) 75 com/moat/analytics/mobile/aer/x0.java, line(s) 23,32 com/moat/analytics/mobile/aer/z0.java, line(s) 28,33 com/mopub/common/DiskLruCache.java, line(s) 411 com/mopub/common/MoPub.java, line(s) 163 com/mopub/common/SdkConfiguration.java, line(s) 57 com/mopub/common/logging/MoPubDefaultLogger.java, line(s) 31,33 com/mopub/common/logging/MoPubLog.java, line(s) 309 com/mopub/common/privacy/MoPubIdentifier.java, line(s) 194 com/mopub/mobileads/MoPubActivity.java, line(s) 145 com/mopub/mobileads/MraidActivity.java, line(s) 84 com/mopub/mobileads/dfp/adapters/DownloadDrawablesAsync.java, line(s) 55 com/mopub/mobileads/dfp/adapters/MoPubAdapter.java, line(s) 263,326,333,345,350,360 com/mopub/mobileads/dfp/adapters/MoPubNativeAppInstallAdMapper.java, line(s) 59 com/mopub/mraid/MraidController.java, line(s) 646 com/mopub/network/MultiAdResponse.java, line(s) 87 com/mopub/volley/CacheDispatcher.java, line(s) 37,49,68,130,60,89,118 com/mopub/volley/NetworkDispatcher.java, line(s) 56,70 com/mopub/volley/Request.java, line(s) 141,146 com/mopub/volley/VolleyLog.java, line(s) 64,67,97,54,101,121,11,107,112,117,125 com/mopub/volley/toolbox/BasicNetwork.java, line(s) 146,118,129,151 com/mopub/volley/toolbox/DiskBasedCache.java, line(s) 68,188,214,221,282,294,303,408,236,56,77 com/mopub/volley/toolbox/HttpHeaderParser.java, line(s) 127 com/mopub/volley/toolbox/ImageRequest.java, line(s) 121 com/mopub/volley/toolbox/JsonRequest.java, line(s) 55 com/nineoldandroids/animation/PropertyValuesHolder.java, line(s) 71,73,162,164,251,272,340,342,379,381,446,464,466 com/permissionx/guolindev/request/InvisibleFragment.java, line(s) 312 com/safedk/android/utils/Logger.java, line(s) 31,38,48,89,95,73,81,52,56,17,24,60,64,68 com/safedk/android/utils/b.java, line(s) 34,89 e/a/a/b/a.java, line(s) 7,13,8,14 e/b/a/a.java, line(s) 30 e/b/a/b/b.java, line(s) 27,33 e/b/a/b/l/h.java, line(s) 38 e/b/a/d/a/a.java, line(s) 61 e/b/b/g.java, line(s) 1392 e/b/b/m/e.java, line(s) 44,86 e/d/a/c/m/h.java, line(s) 125 e/d/a/c/u/d.java, line(s) 179,223 e/d/a/c/v/b.java, line(s) 80 e/d/a/c/x/h.java, line(s) 572 e/e/a/a/a/i/c.java, line(s) 18,11 me/panpf/sketch/e.java, line(s) 36,46,61,66,51,41,56,113 me/panpf/sketch/util/b.java, line(s) 178,1025,1090,695,702,818,827,992,1006,1010 mobi/intuitit/android/widget/BoundRemoteViews.java, line(s) 329 mobi/intuitit/android/widget/ListViewImageManager.java, line(s) 49,65,104,110 mobi/intuitit/android/widget/SimpleRemoteViews.java, line(s) 477 mobi/intuitit/android/widget/WidgetContentObserver.java, line(s) 20,22 mobi/intuitit/android/widget/WidgetCursorAdapter.java, line(s) 113,121 mobi/intuitit/android/widget/WidgetListAdapter.java, line(s) 47,49,91,192,328,331,337,348,393 mobi/intuitit/android/widget/WidgetRemoteViewsListAdapter.java, line(s) 25,38 mobi/intuitit/android/widget/WidgetSpace.java, line(s) 197,201,224,277,403,628,747,271,397,488,622,741
信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/jb/gokeyboard/n/a.java, line(s) 19,25,25,26,73,3 com/jb/gokeyboard/ui/facekeyboard/l.java, line(s) 206,7,264,268,268,901,901,1120
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/jb/gokeyboard/ui/facekeyboard/l.java, line(s) 7,264,268,268,901,901,1120,271,914
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/base/http/i/a.java, line(s) 406,67 com/cs/bd/commerce/util/retrofit/RetrofitRequest.java, line(s) 157,155 com/cs/bd/commerce/util/retrofit/test/Test.java, line(s) 248,244 com/gomo/http/request/Request.java, line(s) 466,473 com/jb/gokeyboard/crashreport/HttpUtils.java, line(s) 67,70
安全 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/529502911115/namespaces/firebase:fetch?key=AIzaSyCFAxKXR7UNXb8LpvuahrRTHuZGGcULDyw ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (gokeyboardvoice.goforandroid.com) 通信。
{'ip': '47.242.91.30', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (abtest.cpcphone.com) 通信。
{'ip': '47.88.60.195', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (gokeyboardmarket.goforandroid.com) 通信。
{'ip': '47.242.91.252', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (topdata.usdget.com) 通信。
{'ip': '47.119.35.209', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '深圳', 'latitude': '22.545673', 'longitude': '114.068108'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (adviap.cpcphone.com) 通信。
{'ip': '8.210.26.253', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (resource.usdget.com) 通信。
{'ip': '61.147.223.101', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南通', 'latitude': '32.030296', 'longitude': '120.874779'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (newstoredata.cpcphone.com) 通信。
{'ip': '8.210.227.105', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (itunes.apple.com) 通信。
{'ip': '117.91.184.76', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (conf.goforandroid.com) 通信。
{'ip': '47.242.91.252', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.douban.com) 通信。
{'ip': '81.70.124.99', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (update.usdget.com) 通信。
{'ip': '47.119.35.209', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '深圳', 'latitude': '22.545673', 'longitude': '114.068108'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (navigation.gomo.com) 通信。
{'ip': '8.210.56.125', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sebz-service.goforandroid.com) 通信。
{'ip': '47.242.94.137', 'country_short': 'HK', 'country_long': '中国', 'region': '香港', 'city': '香港', 'latitude': '22.285521', 'longitude': '114.157692'}