安全分析报告:
安全分数
安全分数 42/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
3
用户/设备跟踪器
调研结果
高危
5
中危
18
信息
2
安全
1
关注
34
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 使用弱加密算法
使用弱加密算法 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/nirvana/tools/core/CryptUtil.java, line(s) 162
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/nirvana/tools/core/UTSharedPreferencesHelper.java, line(s) 16,9 com/nirvana/tools/logger/utils/UTSharedPreferencesHelper.java, line(s) 31
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/lidroid/xutils/util/OtherUtils.java, line(s) 138,138,9,10,11,12 com/lidroid/xutils/util/core/SimpleSSLSocketFactory.java, line(s) 61,13,14,15 com/xuanyou2022/realtimetranslation/util/network/http/MySSLSocketFactory.java, line(s) 71,12,13,14 com/zxy/tiny/core/HttpUrlConnectionFetcher.java, line(s) 55,18,19,20,21,22,23
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/xuanyou2022/realtimetranslation/activity/PayWebActivity.java, line(s) 139,151,13,14
中危 基本配置配置为信任系统证书。
Scope: *
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (com.xuanyou2022.realtimetranslation.activity.filefanyi.WordFanYiFromWechatQQActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.alipay.sdk.app.PayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.alipay.sdk.app.AlipayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: b/z235z.java, line(s) 331 b/z895z.java, line(s) 291,310 com/itextpdf/text/Version.java, line(s) 32 com/itextpdf/text/pdf/PdfWriter.java, line(s) 2141 com/nirvana/tools/logger/UaidTracker.java, line(s) 20,21,22 com/nirvana/tools/logger/utils/LocalDeviceUtil.java, line(s) 17 com/nirvana/tools/logger/utils/UTSharedPreferencesHelper.java, line(s) 14,15 com/xuanyou2022/realtimetranslation/ZZApplication.java, line(s) 49 com/xuanyou2022/realtimetranslation/util/ConstantUtil.java, line(s) 33 com/xuanyou2022/realtimetranslation/util/WXAIPhotoAPI.java, line(s) 47,48 com/xuanyou2022/realtimetranslation/util/entity/UserEntity.java, line(s) 24 com/xuanyou2022/realtimetranslation/util/network/SealHttpAction.java, line(s) 140 z743z/z895z.java, line(s) 1116
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/danikula/videocache/sourcestorage/DatabaseSourceInfoStorage.java, line(s) 6,7,28 com/lidroid/xutils/DbUtils.java, line(s) 6,7,807 com/nirvana/tools/logger/cache/db/AbstractDatabase.java, line(s) 6,418 com/nirvana/tools/logger/cache/db/DBHelper.java, line(s) 4,5,23 com/xuanyou2022/realtimetranslation/util/HistoryUtil.java, line(s) 7,22 com/xuanyou2022/realtimetranslation/util/local/DBCollectHelper.java, line(s) 6,7,70 com/xuanyou2022/realtimetranslation/util/local/DBCountHelper.java, line(s) 6,7,64 com/xuanyou2022/realtimetranslation/util/local/DBCountNewHelper.java, line(s) 6,7,62 com/xuanyou2022/realtimetranslation/util/local/DBFileHistoryHelper.java, line(s) 6,7,68 com/xuanyou2022/realtimetranslation/util/local/DBHelper.java, line(s) 6,7,60 com/xuanyou2022/realtimetranslation/util/local/DBVoiceChatHelper.java, line(s) 6,7,70 com/xuanyou2022/realtimetranslation/util/local/DatabaseOpenHelper.java, line(s) 4,5,21
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/danikula/videocache/StorageUtils.java, line(s) 23,40 com/donkingliang/imageselector/ImageSelectorActivity.java, line(s) 534,635 com/lidroid/xutils/bitmap/BitmapCommonUtils.java, line(s) 19 com/tencent/a/a/a/a/b.java, line(s) 22,24,36,45 com/tencent/aai/audio/utils/FileUtils.java, line(s) 28,49,58,63,74 com/tencent/aai/audio/utils/WavCache.java, line(s) 33,120,129,245,356,402,416,429,448,472,557 com/xuanyou2022/realtimetranslation/activity/CollectActivity.java, line(s) 203 com/xuanyou2022/realtimetranslation/activity/CollectDetailActivity.java, line(s) 141 com/xuanyou2022/realtimetranslation/activity/filefanyi/AudioFanYiActivity.java, line(s) 553 com/xuanyou2022/realtimetranslation/activity/filefanyi/ImageFanYiActivity.java, line(s) 581 com/xuanyou2022/realtimetranslation/activity/filefanyi/NewWordFanYiActivity.java, line(s) 506 com/xuanyou2022/realtimetranslation/activity/filefanyi/PdfFanYiActivity.java, line(s) 535 com/xuanyou2022/realtimetranslation/activity/filefanyi/TextFanYiActivity.java, line(s) 535 com/xuanyou2022/realtimetranslation/activity/filefanyi/VideoFanYiActivity.java, line(s) 626 com/xuanyou2022/realtimetranslation/activity/filefanyi/WordFanYiActivity.java, line(s) 542 com/xuanyou2022/realtimetranslation/activity/filefanyi/WordFanYiFromWechatQQActivity.java, line(s) 543 com/xuanyou2022/realtimetranslation/fragment/AudioFragment.java, line(s) 658,879 com/xuanyou2022/realtimetranslation/fragment/ConversationNewFragment.java, line(s) 598 com/xuanyou2022/realtimetranslation/fragment/TextNewFragment.java, line(s) 546 com/xuanyou2022/realtimetranslation/util/FileUtils.java, line(s) 127 com/xuanyou2022/realtimetranslation/util/SaveUtils.java, line(s) 50,116,241 com/xuanyou2022/realtimetranslation/util/SpeechUtil.java, line(s) 136 com/xuanyou2022/realtimetranslation/util/UriUtils.java, line(s) 25,82,132,78,128 com/xuanyou2022/realtimetranslation/util/log/LogcatHelper.java, line(s) 28,23 com/xuanyou2022/realtimetranslation/util/network/download/DownloadManager.java, line(s) 51 com/yanzhenjie/permission/FileProvider.java, line(s) 314,171 com/yanzhenjie/permission/checker/StorageReadTest.java, line(s) 9 com/yanzhenjie/permission/checker/StorageWriteTest.java, line(s) 9 com/zxy/tiny/core/FileKit.java, line(s) 78,78 x986x/z235z.java, line(s) 11 z102z/x743x.java, line(s) 108,138,143 z743z/z895z.java, line(s) 440
中危 IP地址泄露
IP地址泄露 Files: com/danikula/videocache/HttpProxyCacheServer.java, line(s) 30 com/itextpdf/text/Version.java, line(s) 8,17,28 com/itextpdf/text/pdf/security/BouncyCastleDigest.java, line(s) 31,37,40,43,34,49,46,52,55 com/itextpdf/text/pdf/security/CertificateInfo.java, line(s) 46,48,50,52,60,62,64,66,68,54,44,56,58,74,72,69 com/itextpdf/text/pdf/security/CertificateVerification.java, line(s) 27,29,29 com/itextpdf/text/pdf/security/DigestAlgorithms.java, line(s) 31,64,65,54,53,55,33,68,69,34,70,71,35,72,73,32,66,67,49,50,51,52,37,76,77,36,74,75,38,78,79,43,44,45,42,40,39,41,56,80 com/itextpdf/text/pdf/security/EncryptionAlgorithms.java, line(s) 24,25,26,27,22,23,18,19,20,17,14,15,16,28 com/itextpdf/text/pdf/security/OCSPVerifier.java, line(s) 32 com/itextpdf/text/pdf/security/PdfPKCS7.java, line(s) 162,542 com/itextpdf/text/pdf/security/SecurityConstants.java, line(s) 12 com/itextpdf/text/pdf/security/SecurityIDs.java, line(s) 16,11,14,12,13,7,10,15,6,4,5 com/yanzhenjie/permission/checker/SipTest.java, line(s) 20
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/itextpdf/text/pdf/PdfEncryption.java, line(s) 535 com/itextpdf/text/pdf/PdfReader.java, line(s) 714 com/itextpdf/text/pdf/security/LtvVerification.java, line(s) 204 com/itextpdf/text/pdf/security/MakeXmlSignature.java, line(s) 183 com/itextpdf/text/pdf/security/PdfPKCS7.java, line(s) 156,158 com/tencent/aai/auth/LocalCredentialProvider.java, line(s) 30 com/xuanyou2022/realtimetranslation/util/Digest.java, line(s) 133 org/repackage/a/a/a/a/c.java, line(s) 64
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/lidroid/xutils/http/client/multipart/MultipartEntity.java, line(s) 12 com/tencent/aai/task/net/VoiceIdFactory.java, line(s) 5 com/xuanyou2022/realtimetranslation/util/ConstantUtil.java, line(s) 6 com/xuanyou2022/realtimetranslation/util/network/http/SimpleMultipartEntity.java, line(s) 13 com/zxy/tiny/core/FileKit.java, line(s) 13
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/danikula/videocache/ProxyCacheUtils.java, line(s) 74 com/itextpdf/text/ImgJBIG2.java, line(s) 35 com/itextpdf/text/pdf/PdfEncryption.java, line(s) 62,387 com/itextpdf/text/pdf/PdfSmartCopy.java, line(s) 191,205 com/lidroid/xutils/util/core/LruDiskCache.java, line(s) 971 com/nirvana/tools/core/AppUtils.java, line(s) 117 com/nirvana/tools/core/CryptUtil.java, line(s) 215 com/nirvana/tools/logger/utils/LocalDeviceUtil.java, line(s) 24 com/tencent/aai/task/net/VoiceIdFactory.java, line(s) 16 com/xuanyou2022/realtimetranslation/util/Digest.java, line(s) 15,23,52 com/xuanyou2022/realtimetranslation/util/MD5.java, line(s) 9 com/xuanyou2022/realtimetranslation/util/WXAIPhotoAPI.java, line(s) 84 com/xuanyou2022/realtimetranslation/util/network/http/MD5.java, line(s) 32,41 z102z/x743x.java, line(s) 189 z102z/z963z.java, line(s) 107,155
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/itextpdf/text/pdf/PdfStamper.java, line(s) 285 com/xuanyou2022/realtimetranslation/util/network/http/FileAsyncHttpResponseHandler.java, line(s) 29 com/yanzhenjie/permission/checker/RecordAudioTest.java, line(s) 20
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/xuanyou2022/realtimetranslation/activity/filefanyi/NativeProgressWebActivity.java, line(s) 112,94,111
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/xuanyou2022/realtimetranslation/activity/PayWebActivity.java, line(s) 89,88
中危 应用程序包含隐私跟踪程序
此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "authsdk_app_name" : "PhoneNumberAuthSDK" 44656C69766572792D646174653A nsjV57o+phSlqM0B5aPiMScxWJmCzFRX4NKcjt6KGP+3GpzmTyrpavnYQtHasperH 0000016742C00BDA259000000168CE0F13200000016588840DCE7118A0002FBF1C31C3275D78 DQoNCllvdSBhcmUgdXNpbmcgaVRleHQgdW5kZXIgdGhlIEFHUEwuDQoNCklmIHRoaXMgaXMgeW91ciBpbnRlbnRpb24sIHlvdSBoYXZlIHB1Ymxpc2hlZCB5b3VyIG93biBzb3VyY2UgY29kZSBhcyBBR1BMIHNvZnR3YXJlIHRvby4NClBsZWFzZSBsZXQgdXMga25vdyB3aGVyZSB0byBmaW5kIHlvdXIgc291cmNlIGNvZGUgYnkgc2VuZGluZyBhIG1haWwgdG8gYWdwbEBpdGV4dHBkZi5jb20NCldlJ2QgYmUgaG9ub3JlZCB0byBhZGQgaXQgdG8gb3VyIGxpc3Qgb2YgQUdQTCBwcm9qZWN0cyBidWlsdCBvbiB0b3Agb2YgaVRleHQgb3IgaVRleHRTaGFycA0KYW5kIHdlJ2xsIGV4cGxhaW4gaG93IHRvIHJlbW92ZSB0aGlzIG1lc3NhZ2UgZnJvbSB5b3VyIGVycm9yIGxvZ3MuDQoNCklmIHRoaXMgd2Fzbid0IHlvdXIgaW50ZW50aW9uLCB5b3UgYXJlIHByb2JhYmx5IHVzaW5nIGlUZXh0IGluIGEgbm9uLWZyZWUgZW52aXJvbm1lbnQuDQpJbiB0aGlzIGNhc2UsIHBsZWFzZSBjb250YWN0IHVzIGJ5IGZpbGxpbmcgb3V0IHRoaXMgZm9ybTogaHR0cDovL2l0ZXh0cGRmLmNvbS9zYWxlcw0KSWYgeW91IGFyZSBhIGN1c3RvbWVyLCB3ZSdsbCBleHBsYWluIGhvdyB0byBpbnN0YWxsIHlvdXIgbGljZW5zZSBrZXkgdG8gYXZvaWQgdGhpcyBtZXNzYWdlLg0KSWYgeW91J3JlIG5vdCBhIGN1c3RvbWVyLCB3ZSdsbCBleHBsYWluIHRoZSBiZW5lZml0cyBvZiBiZWNvbWluZyBhIGN1c3RvbWVyLg0KDQo= MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/YHP9utFGOhGk7Xf5L7jOgQz5 202403181769745397858697216 202306101667424834373550080 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLShWjAtxJv3g2VPIYOOAv4rnVDdLkdseKm7+KOkCBLV9SKY5oqksFaXcLZ+nRnjnczhze5eGKhevwliUyag6x96GyXI2WagKIoB7Uwl2byl0xB5bNvYzf+x/DKHTSoGJshU6shXWXcjGFq+mUiPhM3WGZoqdY+vvqOWD+tga8XQIDAQAB n+APJWeeIsUEJHi0FSf3EmwAtNgcJwLYed8Lrem+2+qvFY8RRjH3w4jT/wl2HKGEY 6482f88aa1a164591b2f7e2b 014a06685f0JVDULT/MIGfMA0GCSqGSIb3DQEBAQUAA4G zxcvbnmlkjhgfdsaqwertyuiopQWERTYUIOPASDFGHJKLZXCVBNM1234567890 202306121668196314904526848 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5se07mkN71qsSJHjZ2Z0+Z+4LlLvf2sz7Md38VAa3EmAOvI7vZp3hbAxicL724ylcmisTPtZQhT/9C+25AELqy9PN9JmzKpwoVTUoJvxG4BoyT49+gGVl6s6zo1byNoHUzTfkmRfmC9MC53HvG8GwKP5xtcdptFjAIcgIR7oAWQIDAQAB 202306121668196507343388672 E130CAA0A01A7CDE5A2B4FEB8B311707 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6YCzxZS0FaWDOdtwgcHJ ngZlTTem7Pjdm1V9bJgQ6iQvFHsvT+vNgJ3wAIRd+iCMXm8y96yZhD2+SH5odBYS2 8c90bd8cc27d48e7a9e67dcdcf594ad6 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVc1ecjpc5k7TkabF935iQONDZ0/E5XWPVv9FEsI59XTRW0+BCMK1MODRSWMvHFrPMh9ZilnRr7qXuAKCBEynQEghmpIVvMYhFu48FAI9bKfkI5lKuQK+tc4X0+zTbNrpedNoKXK4C7dDjTETBH6prwWE9j5WsAf0gbjUbIs3FxwIDAQAB 1A45DFA3934282886D6174726F736B61 n4aw0AoExz4atTkUlZJIf9eNLj7ogTlQGANNzE2R/uskFse2GsCqJKFTk4UraBkzf gcIprqJVmVhfUA7vxmTLoThojzewy3OQ 6X8Y4XdM2Vhvn0KfzcEatGnWaNU=
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: Jni/FileUtils.java, line(s) 27,29,64 Jni/TrackUtils.java, line(s) 16,29 VideoHandle/EpEditor.java, line(s) 385,414,473,478,489,494,426,607 c/z895z.java, line(s) 11,23,17 com/acorn/library/PieView.java, line(s) 288 com/acorn/library/drawable/HollowSectorDrawable.java, line(s) 172 com/donkingliang/imageselector/PreviewActivity.java, line(s) 143,148,160 com/donkingliang/imageselector/Video/SampleControlVideo.java, line(s) 260,286 com/donkingliang/imageselector/imaging/core/IMGImage.java, line(s) 625 com/donkingliang/imageselector/imaging/core/sticker/IMGStickerAdjustHelper.java, line(s) 35,39,49,53 com/donkingliang/imageselector/imaging/view/IMGView.java, line(s) 379,471,477,485 com/donkingliang/imageselector/utils/ImageUtil.java, line(s) 144 com/itextpdf/testutils/CompareTool.java, line(s) 486,494,506,514,555,566,573,648,684,688,690,1224,1244,1246,1281,1312,1314,1321,1336,1338 com/itextpdf/text/log/DefaultCounter.java, line(s) 40 com/itextpdf/text/log/SysoCounter.java, line(s) 21,26 com/itextpdf/text/log/SysoLogger.java, line(s) 39,65,70,75,80,85 com/itextpdf/text/pdf/BarcodePDF417.java, line(s) 855 com/itextpdf/text/pdf/GlyphList.java, line(s) 59 com/itextpdf/text/pdf/PdfCopy.java, line(s) 547 com/itextpdf/text/pdf/PdfLister.java, line(s) 64 com/itextpdf/text/pdf/Type1Font.java, line(s) 76 com/itextpdf/text/pdf/codec/Base64.java, line(s) 83,84,457,724,747,793,432,441,442 com/itextpdf/text/pdf/fonts/otf/GlyphPositioningTableReader.java, line(s) 33,55,76,87,156 com/itextpdf/text/pdf/fonts/otf/GlyphSubstitutionTableReader.java, line(s) 73 com/itextpdf/text/pdf/hyphenation/HyphenationTree.java, line(s) 269 com/itextpdf/text/pdf/hyphenation/SimplePatternParser.java, line(s) 199,204,209 com/itextpdf/text/pdf/hyphenation/TernaryTree.java, line(s) 444,445,446 com/itextpdf/text/pdf/parser/LocationTextExtractionStrategy.java, line(s) 137,282,288,289 com/itextpdf/text/pdf/parser/PdfContentReaderTool.java, line(s) 132,144,149 com/itextpdf/xmp/XMPMetaFactory.java, line(s) 121 com/lidroid/xutils/util/LogUtils.java, line(s) 65,77,89,101,113,125,137,149,161,173,185,197,209,221 com/nirvana/tools/core/EncryptUtils.java, line(s) 54,105 com/nirvana/tools/core/NetworkUtils.java, line(s) 31,47,70 com/nirvana/tools/logger/cache/db/AbstractDatabase.java, line(s) 38 com/nirvana/tools/logger/cache/db/DBHelper.java, line(s) 27,37 com/nirvana/tools/logger/utils/ConsoleLogUtils.java, line(s) 14,20,26,32,38 com/tencent/a/a/a/a/b.java, line(s) 21,43,49,29,55 com/tencent/a/a/a/a/c.java, line(s) 35,49 com/tencent/a/a/a/a/d.java, line(s) 16,32 com/tencent/a/a/a/a/e.java, line(s) 14,28 com/tencent/a/a/a/a/h.java, line(s) 32,22,62,26 com/tencent/aai/AAIClient.java, line(s) 74 com/tencent/aai/audio/utils/FileUtils.java, line(s) 90 com/tencent/aai/audio/utils/PcmToWav.java, line(s) 65,84,156,202,205,209,135,199 com/tencent/aai/audio/utils/WavCache.java, line(s) 360,365,381,386,462,464,475,477,484,486,492 com/tencent/aai/log/AAILogger.java, line(s) 66,87,73,80 com/tencent/aai/task/AudioRecognizeTask.java, line(s) 117 com/transitionseverywhere/PathParser.java, line(s) 119,518,523 com/transitionseverywhere/utils/ReflectionUtils.java, line(s) 56,83,94 com/uyumao/c.java, line(s) 139,135 com/uyumao/d.java, line(s) 314,316 com/uyumao/e.java, line(s) 261,305,877 com/uyumao/h.java, line(s) 116,57,66,73,84 com/xuanyou2022/realtimetranslation/ZZApplication.java, line(s) 56,61 com/xuanyou2022/realtimetranslation/activity/Activity_Complaints.java, line(s) 155,160 com/xuanyou2022/realtimetranslation/activity/CollectActivity.java, line(s) 123,161,190,195,207,208,218 com/xuanyou2022/realtimetranslation/activity/CollectDetailActivity.java, line(s) 128,133,145,146,156 com/xuanyou2022/realtimetranslation/activity/LoginMainActivity.java, line(s) 83,86,97,282 com/xuanyou2022/realtimetranslation/activity/PayWebActivity.java, line(s) 98 com/xuanyou2022/realtimetranslation/activity/SelectImageLanguageActivity.java, line(s) 99 com/xuanyou2022/realtimetranslation/activity/SelectLanguageActivity.java, line(s) 99 com/xuanyou2022/realtimetranslation/activity/SplashActivity.java, line(s) 170,178 com/xuanyou2022/realtimetranslation/activity/camera/CameraActivity.java, line(s) 553,554 com/xuanyou2022/realtimetranslation/activity/camera/CameraPreview.java, line(s) 66 com/xuanyou2022/realtimetranslation/activity/camera/OverCameraView.java, line(s) 87 com/xuanyou2022/realtimetranslation/activity/filefanyi/AudioFanYiActivity.java, line(s) 511,540,545,557,558,568 com/xuanyou2022/realtimetranslation/activity/filefanyi/AudioNativeFromMediaActivity.java, line(s) 376 com/xuanyou2022/realtimetranslation/activity/filefanyi/ImageFanYiActivity.java, line(s) 635,640,568,573,585,586,596 com/xuanyou2022/realtimetranslation/activity/filefanyi/NewWordFanYiActivity.java, line(s) 487,498,511,512,537 com/xuanyou2022/realtimetranslation/activity/filefanyi/PdfFanYiActivity.java, line(s) 451,460,493,522,527,539,540,550 com/xuanyou2022/realtimetranslation/activity/filefanyi/TextFanYiActivity.java, line(s) 451,460,493,522,527,539,540,550 com/xuanyou2022/realtimetranslation/activity/filefanyi/VideoFanYiActivity.java, line(s) 542,551,584,680,685,613,618,630,631,641 com/xuanyou2022/realtimetranslation/activity/filefanyi/WordFanYiActivity.java, line(s) 458,467,500,529,534,546,547,557 com/xuanyou2022/realtimetranslation/activity/filefanyi/WordFanYiFromWechatQQActivity.java, line(s) 548,524,535,552,553,578 com/xuanyou2022/realtimetranslation/adapter/TAdapter.java, line(s) 79 com/xuanyou2022/realtimetranslation/adapter/multitype/MultiTypeAdapter.java, line(s) 143 com/xuanyou2022/realtimetranslation/fragment/AudioFragment.java, line(s) 256,596,609,711,712,1051,866,871,883,884,894 com/xuanyou2022/realtimetranslation/fragment/ConversationNewFragment.java, line(s) 585,590,602,603,613 com/xuanyou2022/realtimetranslation/fragment/MeDouDianFragment.java, line(s) 410 com/xuanyou2022/realtimetranslation/fragment/TextNewFragment.java, line(s) 370,383,533,538,550,551,561 com/xuanyou2022/realtimetranslation/tts/TTSDemoActivity.java, line(s) 159 com/xuanyou2022/realtimetranslation/util/AES.java, line(s) 88,89 com/xuanyou2022/realtimetranslation/util/BarUtil.java, line(s) 30,20 com/xuanyou2022/realtimetranslation/util/Base64Decoder.java, line(s) 117 com/xuanyou2022/realtimetranslation/util/Base64Encoder.java, line(s) 96 com/xuanyou2022/realtimetranslation/util/CheckFileTypeUtil.java, line(s) 156 com/xuanyou2022/realtimetranslation/util/FileSaveUtils.java, line(s) 24 com/xuanyou2022/realtimetranslation/util/FileSizeUtil.java, line(s) 28,45,56 com/xuanyou2022/realtimetranslation/util/FileUtils.java, line(s) 24 com/xuanyou2022/realtimetranslation/util/HistoryUtil.java, line(s) 25,27 com/xuanyou2022/realtimetranslation/util/HttpUrl.java, line(s) 39,72 com/xuanyou2022/realtimetranslation/util/SaveUtils.java, line(s) 28,144,169,192,214,268 com/xuanyou2022/realtimetranslation/util/ScanMulThreadUtil.java, line(s) 95 com/xuanyou2022/realtimetranslation/util/ScreenUtil.java, line(s) 61,85 com/xuanyou2022/realtimetranslation/util/SpeechUtil.java, line(s) 92,116,125,131,75,77,80 com/xuanyou2022/realtimetranslation/util/StatusBarUtil.java, line(s) 125 com/xuanyou2022/realtimetranslation/util/TimeUtils.java, line(s) 101,103 com/xuanyou2022/realtimetranslation/util/WXAIPhotoAPI.java, line(s) 114,560,561,562,500,606,619,628,635,652,655,662,670,673,676,683,691,695,696,699,706,714,718,721,728,736,740,743,750,761,765,768 com/xuanyou2022/realtimetranslation/util/WordPdfTxtUtil.java, line(s) 100 com/xuanyou2022/realtimetranslation/util/log/Logger.java, line(s) 17,25,9,13,21 com/xuanyou2022/realtimetranslation/util/network/http/AsyncHttpClient.java, line(s) 114,118,122 com/xuanyou2022/realtimetranslation/util/network/http/AsyncHttpRequest.java, line(s) 34,110 com/xuanyou2022/realtimetranslation/util/network/http/BreakpointHttpResponseHandler.java, line(s) 161 com/xuanyou2022/realtimetranslation/util/network/http/JsonHttpResponseHandler.java, line(s) 147 com/xuanyou2022/realtimetranslation/util/network/http/SimpleMultipartEntity.java, line(s) 73,159,113,183 com/xuanyou2022/realtimetranslation/util/network/http/SyncHttpClient.java, line(s) 121,125,129,363,384,455 com/xuanyou2022/realtimetranslation/util/network/http/TextHttpResponseHandler.java, line(s) 39,56 com/xuanyou2022/realtimetranslation/util/network/json/JsonMananger.java, line(s) 21 com/xuanyou2022/realtimetranslation/util/umengOneKey/MockRequest.java, line(s) 10,21 com/xuanyou2022/realtimetranslation/util/umengOneKey/config/FullPortConfig.java, line(s) 69,75,85,91 com/xuanyou2022/realtimetranslation/widgets/DialogMaker.java, line(s) 25 com/xuanyou2022/realtimetranslation/widgets/DuoDianScrollView.java, line(s) 79,138,170,173,182 com/xuanyou2022/realtimetranslation/widgets/TouchImageView.java, line(s) 210 com/xuanyou2022/realtimetranslation/widgets/VoicePlayerDialog.java, line(s) 67 com/yanzhenjie/permission/runtime/MRequest.java, line(s) 115 com/zxy/tiny/common/Logger.java, line(s) 11 com/zyq/easypermission/EasyPermission.java, line(s) 133 com/zyq/easypermission/EasyPermissionHelper.java, line(s) 58,64,194,203,204,257,309,314,342,346,352,70,76,81,86,91 com/zyq/easypermission/EasyPermissionLog.java, line(s) 15,23,9 com/zyq/easypermission/EasyPermissionResult.java, line(s) 17,21,25,34 com/zyq/easypermission/util/EasyAppDialogTool.java, line(s) 164 de/greenrobot/event/BackgroundPoster.java, line(s) 40 de/greenrobot/event/EventBus.java, line(s) 290,429,431,440,172 de/greenrobot/event/SubscriberMethodFinder.java, line(s) 26,30 de/greenrobot/event/util/AsyncExecutor.java, line(s) 98 de/greenrobot/event/util/ErrorDialogConfig.java, line(s) 34 de/greenrobot/event/util/ErrorDialogManager.java, line(s) 188 de/greenrobot/event/util/ExceptionToResourceMapping.java, line(s) 26 fm/jiecao/jcvideoplayer_lib/JCMediaManager.java, line(s) 113,125 fm/jiecao/jcvideoplayer_lib/JCResizeTextureView.java, line(s) 48,52,56,68,69 fm/jiecao/jcvideoplayer_lib/JCVideoPlayer.java, line(s) 64,74,220,248,261,391,565,573,582,772,783,554,202,240,254,280,288,304,453,485,499,517,587,593,602,612,617,640,664,320,343,359 org/dom4j/DocumentException.java, line(s) 47 org/dom4j/io/DOMWriter.java, line(s) 229,238 org/dom4j/io/SAXHelper.java, line(s) 42,48,71 repackage/Repackage.java, line(s) 76 z743z/z895z.java, line(s) 1194,1195 z895z/z235z.java, line(s) 399
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/xuanyou2022/realtimetranslation/activity/filefanyi/AudioFanYiActivity.java, line(s) 4,280,291 com/xuanyou2022/realtimetranslation/activity/filefanyi/ImageFanYiActivity.java, line(s) 4,334,345 com/xuanyou2022/realtimetranslation/activity/filefanyi/PdfFanYiActivity.java, line(s) 4,281,292 com/xuanyou2022/realtimetranslation/activity/filefanyi/TextFanYiActivity.java, line(s) 4,281,292 com/xuanyou2022/realtimetranslation/activity/filefanyi/VideoFanYiActivity.java, line(s) 6,293,304 com/xuanyou2022/realtimetranslation/activity/filefanyi/WordFanYiActivity.java, line(s) 4,281,292 com/xuanyou2022/realtimetranslation/fragment/AudioFragment.java, line(s) 4,530 com/xuanyou2022/realtimetranslation/fragment/MeDouDianFragment.java, line(s) 6,307,378 com/xuanyou2022/realtimetranslation/fragment/TextNewFragment.java, line(s) 4,304 com/xuanyou2022/realtimetranslation/util/HistoryUtil.java, line(s) 4,78 com/xuanyou2022/realtimetranslation/widgets/viewpagercard/Activity_Restore.java, line(s) 4,53
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/uyumao/k.java, line(s) 40,38 com/xuanyou2022/realtimetranslation/util/WXAIPhotoAPI.java, line(s) 79,141 com/xuanyou2022/realtimetranslation/util/network/http/AsyncHttpClient.java, line(s) 438,128 com/xuanyou2022/realtimetranslation/util/network/http/MySSLSocketFactory.java, line(s) 23,71
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (alidphoto.aisegment.com) 通信。
{'ip': '150.158.228.253', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (nisportal.10010.com) 通信。
{'ip': '114.118.65.76', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (dev.voicecloud.cn) 通信。
{'ip': '114.118.65.76', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ecimage.market.alicloudapi.com) 通信。
{'ip': '114.118.65.76', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (mobilegw.alipaydev.com) 通信。
{'ip': '114.118.65.76', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (msv6.wosms.cn) 通信。
{'ip': '222.93.106.185', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api-e189.21cn.com) 通信。
{'ip': '222.93.106.185', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (iss.openspeech.cn) 通信。
{'ip': '112.33.111.233', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.xunfei.cn) 通信。
{'ip': '112.33.111.233', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (open.xf-yun.com) 通信。
{'ip': '114.118.65.76', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (xuanyou168.com) 通信。
{'ip': '139.196.211.135', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (idpdetect.market.alicloudapi.com) 通信。
{'ip': '139.224.194.209', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (id6.me) 通信。
{'ip': '42.123.77.138', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (wap.cmpassport.com) 通信。
{'ip': '112.33.111.233', 'country_short': 'CN', 'country_long': '中国', 'region': '安徽', 'city': '合肥', 'latitude': '31.863815', 'longitude': '117.280830'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (opencloud.wostore.cn) 通信。
{'ip': '116.128.209.136', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (img6.dl.ltimg.net) 通信。
{'ip': '115.231.170.99', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '嘉兴', 'latitude': '30.752199', 'longitude': '120.750000'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.xfyun.cn) 通信。
{'ip': '114.118.67.116', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (logconf.iflytek.com) 通信。
{'ip': '103.8.33.178', 'country_short': 'CN', 'country_long': '中国', 'region': '安徽', 'city': '合肥', 'latitude': '31.863815', 'longitude': '117.280830'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (jianzhibao1688.cn) 通信。
{'ip': '218.244.151.24', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (log.iflytek.com) 通信。
{'ip': '103.8.33.178', 'country_short': 'CN', 'country_long': '中国', 'region': '安徽', 'city': '合肥', 'latitude': '31.863815', 'longitude': '117.280830'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (e.189.cn) 通信。
{'ip': '42.123.76.65', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (person.market.alicloudapi.com) 通信。
{'ip': '47.101.210.193', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (asr.cloud.tencent.com) 通信。
{'ip': '175.24.154.222', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (openapi.openspeech.cn) 通信。
{'ip': '114.118.65.90', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (h5.m.taobao.com) 通信。
{'ip': '222.186.18.190', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '镇江', 'latitude': '32.209366', 'longitude': '119.434372'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (img5.adesk.com) 通信。
{'ip': '180.97.176.24', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (objseg.market.alicloudapi.com) 通信。
{'ip': '139.224.194.209', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (test.h5.app.tbmao.com) 通信。
{'ip': '47.96.185.141', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (beian.miit.gov.cn) 通信。
{'ip': '27.155.113.139', 'country_short': 'CN', 'country_long': '中国', 'region': '福建', 'city': '福州', 'latitude': '26.061390', 'longitude': '119.306107'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (aliapi.aisegment.com) 通信。
{'ip': '150.158.228.253', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (p.ahgegu.cn) 通信。
{'ip': '47.114.101.172', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (verify.cmpassport.com) 通信。
{'ip': '120.232.169.172', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (yumao.puata.info) 通信。
{'ip': '223.109.148.179', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南京', 'latitude': '32.061668', 'longitude': '118.777992'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ulogs.umengcloud.com) 通信。
{'ip': '223.109.148.178', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南京', 'latitude': '32.061668', 'longitude': '118.777992'}