Music Player 1.0版本 | 静态分析 _南明离火移动安全分析平台

安全声明：本平台专为移动应用安全风险研究与合规评估设计，严禁用于任何非法用途。如有疑问或建议，欢迎加入微信群交流。

应用图标

应用评分

文件基本信息

文件名称

App_20240923142741550.apk

文件大小

7.8MB

MD5

61e58c10a11e4adec8760ee3854e996a

SHA1

4a254c7ea24c44c4188c15636c778ed93d1ed064

SHA256

fae7e704fc1d5330983d043ce4bd310a87d8af40ac0f2a4f03ca51e705fecf18

病毒检测

文件安全

应用基础信息

应用名称

Music Player

包名

music.downloader.mp3player.downloadmusic

主活动

music.downloader.mp3player.downloadmusic.ui.activity.plash.StartActivity

目标SDK

33

最小SDK

24

版本号

1.0

子版本号

1

加固信息

未加壳

组件导出状态统计

查看 Activity 组件

查看 Service 组件

查看 Receiver 组件

查看 Provider 组件

扫描与分析选项

重新扫描管理规则动态分析

反编译与源码导出

Manifest文件查看

APK文件成为会员，解锁下载

Java源代码查看 -- 下载

文件结构与资源列表

应用签名证书信息

二进制文件已签名
v1 签名: False
v2 签名: True
v3 签名: False
v4 签名: False
主题: CN=Andres
签名算法: rsassa_pkcs1v15
有效期自: 2024-06-12 09:54:28+00:00
有效期至: 3023-10-14 09:54:28+00:00
发行人: CN=Andres
序列号: 0x1
哈希算法: sha256
证书MD5: 5888b73e456ece271673f625b111992b
证书SHA1: 532d1d47c4cf29899bd0b374a4238be307e961b5
证书SHA256: fcd898c6b8a9bb07a73930f2ab6043ca07c7f2b79b37afad01e43e51fb86dbc2
证书SHA512: bae2530015f18a851e7e4f2be6c966d28145dda209227ad8892fc0dd813329bffa140c2c3b807508b2f3d37e2dafefb679d2cee8c53e2a491f9c4620025ab033
公钥算法: rsa
密钥长度: 2048
指纹: c4755abcd01b17a32dfd3309e725e59b54569acf516e90df66eea335aedabe5e
找到 1 个唯一证书

权限声明与风险分级

权限名称	安全等级	权限内容	权限描述	关联代码
android.permission.ACCESS_NETWORK_STATE	普通	获取网络状态	允许应用程序查看所有网络的状态。	显示文件 H/a.java I1/o.java J3/AbstractC1888a.java N4/AbstractC2102e.java P4/t.java Q3/C2207d.java Q3/e.java i0/c.java i0/g.java music/downloader/mp3player/downloadmusic/receiver/NetworkChangeReceiver.java z2/q.java
android.permission.INTERNET	危险	完全互联网访问	允许应用程序创建网络套接字。	显示文件 A/AbstractC0209a.java A5/c.java A5/k.java F4/C1789i.java G1/C1797c.java G2/c.java K/G0.java L2/M.java L5/e.java M2/j.java N4/AbstractC0138a.java P4/C2137G.java Q3/C2207d.java Q3/e.java R0/j.java X2/o.java a1/C0222a.java a1/C0224c.java a1/C0225d.java org/schabi/newpipe/extractor/downloader/Request.java org/schabi/newpipe/extractor/services/youtube/ItagItem.java
android.permission.ACCESS_WIFI_STATE	普通	查看Wi-Fi状态	允许应用程序查看有关Wi-Fi状态的信息。	显示文件 i0/g.java
android.permission.WRITE_EXTERNAL_STORAGE	危险	读取/修改/删除外部存储内容	允许应用程序写入外部存储。	显示文件 B0/o.java I1/C1842c.java I2/F0.java K0/j.java L5/f.java N4/AbstractC2098a.java T1/C2321b.java a1/C0224c.java y4/l.java z2/a.java
android.permission.READ_EXTERNAL_STORAGE	危险	读取SD卡内容	允许应用程序从SD卡读取信息。	显示文件 B/i.java D/e.java D/f.java E/d.java G2/f.java I1/C1842c.java I2/C0042n.java I2/F0.java N4/AbstractC2098a.java N5/ViewOnClickListenerC2107e.java Q1/C2169C.java Q3/C2207d.java Q3/C2222s.java R0/j.java S2/m.java S4/a.java X2/e.java a1/C0225d.java n3/e.java
android.permission.READ_MEDIA_AUDIO	危险	允许从外部存储读取音频文件	允许应用程序从外部存储读取音频文件。
android.permission.FOREGROUND_SERVICE	普通	创建前台Service	Android 9.0以上允许常规应用程序使用 Service.startForeground，用于podcast播放（推送悬浮播放，锁屏播放）	显示文件 B/e.java c4/j.java c4/l.java
android.permission.MODIFY_AUDIO_SETTINGS	危险	允许应用修改全局音频设置	允许应用程序修改全局音频设置，如音量。多用于消息语音功能。
android.permission.RECEIVE_BOOT_COMPLETED	普通	开机自启	允许应用程序在系统完成启动后即自行启动。这样会延长手机的启动时间，而且如果应用程序一直运行，会降低手机的整体速度。	显示文件 E0/c.java I1/RunnableC0002a.java L2/E.java L2/L.java X2/l.java d3/q.java i0/c.java music/downloader/mp3player/downloadmusic/receiver/BroadcastControl.java music/downloader/mp3player/downloadmusic/receiver/NetworkChangeReceiver.java music/downloader/mp3player/downloadmusic/service/MediaControlButtonReceiver.java
android.permission.WRITE_SETTINGS	危险	修改全局系统设置	允许应用程序修改系统设置方面的数据。恶意应用程序可借此破坏您的系统配置。
android.permission.WAKE_LOCK	危险	防止手机休眠	允许应用程序防止手机休眠，在手机屏幕关闭后后台进程仍然运行。	显示文件 A5/HandlerC0232a.java C0/b.java E0/e.java E0/f.java E0/i.java H1/b.java L0/l.java N5/ViewOnClickListenerC2107e.java S4/a.java music/downloader/mp3player/downloadmusic/service/MediaControlButtonReceiver.java
android.permission.FOREGROUND_SERVICE_MEDIA_PLAYBACK	普通	启用用于媒体播放的前台服务	允许常规应用程序使用类型为“mediaPlayback”的 Service.startForeground。
com.google.android.gms.permission.AD_ID	普通	应用程序显示广告	此应用程序使用 Google 广告 ID，并且可能会投放广告。
android.permission.ACCESS_ADSERVICES_AD_ID	普通	允许应用访问设备的广告 ID。	此 ID 是 Google 广告服务提供的唯一、用户可重置的标识符，允许应用出于广告目的跟踪用户行为，同时维护用户隐私。
android.permission.ACCESS_ADSERVICES_ATTRIBUTION	普通	允许应用程序访问广告服务归因	这使应用能够检索与广告归因相关的信息，这些信息可用于有针对性的广告目的。应用程序可以收集有关用户如何与广告互动的数据，例如点击或展示，以衡量广告活动的有效性。
android.permission.ACCESS_ADSERVICES_TOPICS	普通	允许应用程序访问广告服务主题	这使应用程序能够检索与广告主题或兴趣相关的信息，这些信息可用于有针对性的广告目的。
android.permission.RECORD_AUDIO	危险	获取录音权限	允许应用程序获取录音权限。

证书安全合规分析

高危

0

警告

0

信息

1

标题	严重程度	描述信息
已签名应用	信息	应用程序已使用代码签名证书进行签名

Manifest 配置安全分析

高危

0

警告

4

信息

0

屏蔽

0

序号	问题	严重程度	描述信息	操作
1	应用程序可以安装在有漏洞的已更新 Android 版本上 Android 7.0, [minSdk=24]	信息	该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。	对应用 music.downloader.mp3player.downloadmusic 屏蔽 vulnerable_os_version 规则
2	应用程序已启用明文网络流量 [android:usesCleartextTraffic=true]	警告	应用程序打算使用明文网络流量，例如明文HTTP，FTP协议，DownloadManager和MediaPlayer。针对API级别27或更低的应用程序，默认值为“true”。针对API级别28或更高的应用程序，默认值为“false”。避免使用明文流量的主要原因是缺乏机密性，真实性和防篡改保护；网络攻击者可以窃听传输的数据，并且可以在不被检测到的情况下修改它。	对应用 music.downloader.mp3player.downloadmusic 屏蔽 clear_text_traffic 规则
3	应用程序数据可以被备份 [android:allowBackup=true]	警告	这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。	对应用 music.downloader.mp3player.downloadmusic 屏蔽 app_allowbackup 规则
4	Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。 Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]	警告	发现一个 Service被共享给了设备上的其他应用程序，因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此，应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险，一个恶意应用程序可以请求并获得这个权限，并与该组件交互。如果它被设置为签名，只有使用相同证书签名的应用程序才能获得这个权限。	对应用 music.downloader.mp3player.downloadmusic 屏蔽 service_exported_protected_permission_not_defined 规则
5	Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。 Permission: android.permission.DUMP [android:exported=true]	警告	发现一个 Broadcast Receiver被共享给了设备上的其他应用程序，因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此，应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险，一个恶意应用程序可以请求并获得这个权限，并与该组件交互。如果它被设置为签名，只有使用相同证书签名的应用程序才能获得这个权限。	对应用 music.downloader.mp3player.downloadmusic 屏蔽 receiver_exported_protected_permission_not_defined 规则

可浏览 Activity 组件分析

ACTIVITY	INTENT

网络通信安全风险分析

序号	范围	严重级别	描述

API调用分析

API功能	源码文件
一般功能-> 文件操作	显示文件 A/AbstractC0209a.java A0/AbstractServiceC0218i.java A0/e.java A2/a.java A2/g.java A3/C0229a.java A3/c.java A3/g.java A4/e.java A4/f.java A4/g.java A5/CountDownTimerC0235d.java A5/c.java B/b.java B/c.java B/g.java B/h.java B/i.java B0/a.java B0/f.java B0/o.java B5/C0284d.java C/j.java C0/i.java C0/k.java C1/AbstractC0291a.java C1/C0292b.java C5/a.java C5/b.java D/e.java D/f.java D/g.java D/i.java D2/C.java D2/C1727b.java D2/s.java D2/v.java D2/x.java D2/z.java E/d.java F1/a.java F1/c.java F1/e.java F1/f.java F1/i.java F1/n.java F2/g.java F4/C1788h.java F4/C1789i.java F4/RunnableC1785e.java F4/RunnableC1786f.java F4/b.java F4/g.java F4/j.java F4/k.java F5/c.java F5/d.java F5/e.java F5/f.java F5/i.java F5/k.java F5/l.java F5/p.java F5/q.java F5/u.java F5/v.java F5/w.java F5/y.java G1/C1795a.java G1/C1796b.java G1/C1797c.java G1/C1798d.java G2/b.java G2/c.java G2/e.java G2/f.java G2/j.java G2/l.java G4/d.java H2/C1812d.java H2/c.java H2/g.java I/C1834i.java I1/AbstractC1844e.java I1/B.java I1/C1841b.java I1/C1842c.java I1/C1843d.java I1/u.java I2/C0042n.java I2/C1846b.java I2/C1851g.java I2/C1852h.java I2/C1853i.java I2/C1854j.java I2/C1856l.java I2/C1858n.java I2/C1862r.java I2/F0.java J3/AbstractC1888a.java K/G0.java K/t0.java K/w0.java K0/b.java K0/j.java K1/InterfaceC1942b.java K1/InterfaceC1944d.java K2/C1953a.java K2/C1955c.java K2/h.java K2/m.java L0/q.java L1/C2011b.java L2/AbstractC2017d.java L2/B.java L2/C0082m.java L2/C2020g.java L2/C2021h.java L2/D.java L2/DialogInterfaceOnClickListenerC0076g.java L2/J.java L2/r.java L3/AbstractC2026e.java L5/c.java L5/d.java L5/e.java L5/f.java M/C0092e.java M0/C2050h.java M1/C2053A.java M1/C2055C.java M1/C2059d.java M1/d.java M1/j.java M1/v.java M2/g.java M2/j.java M4/K.java N1/g.java N1/i.java N1/o.java N4/AbstractC0138a.java N4/AbstractC2098a.java N4/AbstractC2102e.java N4/C2101d.java N5/ViewOnClickListenerC2107e.java N5/g.java O4/C2120c.java O4/b.java P1/a.java P1/c.java P1/e.java P4/AbstractC2139I.java P4/C2131A.java P4/C2136F.java P4/C2137G.java P4/C2144e.java P4/C2145f.java P4/C2150k.java P4/C2151l.java P4/RunnableC2143d.java P4/p.java P4/q.java P4/s.java P4/t.java P4/u.java P5/a.java Q0/b.java Q0/c.java Q0/e.java Q1/C2167A.java Q1/C2168B.java Q1/C2169C.java Q1/C2170D.java Q1/C2175c.java Q1/C2176d.java Q1/C2177e.java Q1/C2178f.java Q1/e.java Q1/n.java Q3/AbstractC2185C.java Q3/C2199Q.java Q3/C2206c.java Q3/C2207d.java Q3/C2210g.java Q3/C2222s.java Q3/RunnableC2217n.java Q5/b.java R0/C0147d.java R0/j.java R0/l.java R1/C2239c.java R1/c.java S1/k.java S1/o.java S2/C2258a.java S2/e.java S2/m.java S4/a.java S5/C0153a.java S5/C2263b.java S5/C2280s.java S5/C2282u.java S5/C2283v.java S5/c.java S5/j.java S5/q.java S5/r.java T1/C2314A.java T1/C2315B.java T1/C2320a.java T1/C2321b.java T1/C2326g.java T1/C2331l.java T1/C2333n.java T1/b.java T1/e.java T1/f.java T1/g.java T1/l.java T1/q.java T1/u.java T1/w.java T1/x.java T4/AbstractC2338d.java T4/C2336b.java T4/C2337c.java T4/C2339e.java T5/AbstractC2342a.java T5/C0154a.java U1/a.java V/a.java V/b.java V/c.java V/f.java V/g.java V/h.java V1/A.java V1/C2365b.java V1/p.java V1/z.java W/l.java W1/a.java X1/C2402i.java X1/c.java X2/C.java X2/C2405b.java X2/e.java X2/f.java X2/i.java X2/j.java X2/o.java X2/p.java X2/r.java X2/s.java X2/v.java X2/w.java X3/a.java X3/b.java X3/c.java X3/d.java X3/e.java X3/j.java Y2/AbstractC2433d.java Y2/C2430a.java Y2/C2432c.java Y2/i.java a1/C0222a.java a1/C0224c.java a1/C0225d.java b3/i.java b3/m.java c4/c.java c4/r.java d1/AbstractC1723f.java d1/a.java d3/j.java d3/v.java e2/a.java g/f.java g/k.java h4/b.java i0/i.java i3/b.java j1/c.java j2/b.java j2/c.java j2/j.java m5/b.java music/downloader/mp3player/downloadmusic/MainActivityX.java music/downloader/mp3player/downloadmusic/MusicApp.java music/downloader/mp3player/downloadmusic/service/MusicPlayerService.java music/downloader/mp3player/downloadmusic/ui/activity/PlayerActivity.java n3/e.java o1/InterfaceC2109a.java o1/a.java org/mozilla/classfile/ClassFileWriter.java org/mozilla/classfile/TypeInfo.java org/schabi/newpipe/extractor/Image.java org/schabi/newpipe/extractor/Info.java org/schabi/newpipe/extractor/InfoItem.java org/schabi/newpipe/extractor/MetaInfo.java org/schabi/newpipe/extractor/Page.java org/schabi/newpipe/extractor/linkhandler/LinkHandler.java org/schabi/newpipe/extractor/linkhandler/ReadyChannelTabListLinkHandler.java org/schabi/newpipe/extractor/localization/ContentCountry.java org/schabi/newpipe/extractor/localization/DateWrapper.java org/schabi/newpipe/extractor/localization/Localization.java org/schabi/newpipe/extractor/services/bandcamp/extractors/BandcampChannelExtractor.java org/schabi/newpipe/extractor/services/bandcamp/extractors/BandcampCommentsExtractor.java org/schabi/newpipe/extractor/services/bandcamp/extractors/BandcampExtractorHelper.java org/schabi/newpipe/extractor/services/bandcamp/extractors/BandcampRadioStreamExtractor.java org/schabi/newpipe/extractor/services/bandcamp/extractors/streaminfoitem/BandcampPlaylistStreamInfoItemExtractor.java org/schabi/newpipe/extractor/services/bandcamp/linkHandler/BandcampChannelLinkHandlerFactory.java org/schabi/newpipe/extractor/services/media_ccc/extractors/MediaCCCParsingHelper.java org/schabi/newpipe/extractor/services/media_ccc/extractors/a.java org/schabi/newpipe/extractor/services/peertube/PeertubeInstance.java org/schabi/newpipe/extractor/services/peertube/extractors/PeertubeAccountExtractor.java org/schabi/newpipe/extractor/services/peertube/extractors/PeertubeStreamExtractor.java org/schabi/newpipe/extractor/services/soundcloud/SoundcloudParsingHelper.java org/schabi/newpipe/extractor/services/soundcloud/extractors/SoundcloudChartsExtractor.java org/schabi/newpipe/extractor/services/soundcloud/extractors/SoundcloudPlaylistExtractor.java org/schabi/newpipe/extractor/services/soundcloud/extractors/SoundcloudStreamExtractor.java org/schabi/newpipe/extractor/services/soundcloud/linkHandler/SoundcloudCommentsLinkHandlerFactory.java org/schabi/newpipe/extractor/services/soundcloud/linkHandler/SoundcloudSearchQueryHandlerFactory.java org/schabi/newpipe/extractor/services/youtube/ItagItem.java org/schabi/newpipe/extractor/services/youtube/dashmanifestcreators/YoutubeDashManifestCreatorsUtils.java org/schabi/newpipe/extractor/services/youtube/extractors/ItagInfo.java org/schabi/newpipe/extractor/services/youtube/extractors/YoutubeSubscriptionExtractor.java org/schabi/newpipe/extractor/services/youtube/extractors/YoutubeSuggestionExtractor.java org/schabi/newpipe/extractor/services/youtube/extractors/b.java org/schabi/newpipe/extractor/services/youtube/extractors/c.java org/schabi/newpipe/extractor/stream/Description.java org/schabi/newpipe/extractor/stream/Frameset.java org/schabi/newpipe/extractor/stream/Stream.java org/schabi/newpipe/extractor/stream/StreamSegment.java org/schabi/newpipe/extractor/subscription/SubscriptionExtractor.java org/schabi/newpipe/extractor/subscription/SubscriptionItem.java org/schabi/newpipe/extractor/utils/ImageSuffix.java org/schabi/newpipe/extractor/utils/JsonUtils.java org/schabi/newpipe/extractor/utils/ManifestCreatorCache.java org/schabi/newpipe/extractor/utils/Pair.java p0/b.java r4/b.java u2/j.java u4/o.java u4/p.java u4/q.java v0/AbstractC2363a.java w4/C2386c.java w4/j.java w5/C2388a.java w5/C2389b.java w5/C2390c.java w5/C2391d.java w5/g.java w5/h.java w5/i.java w5/j.java w5/l.java w5/m.java x5/C2413a.java x5/b.java y4/AbstractC2436b.java y4/l.java y5/AbstractC2441a.java z0/d.java z2/a.java z2/b.java z2/k.java z2/q.java z5/C2448B.java z5/C2449a.java z5/C2451c.java z5/e.java z5/g.java z5/j.java z5/k.java z5/l.java z5/m.java z5/n.java z5/o.java z5/p.java z5/q.java z5/r.java z5/s.java z5/t.java z5/v.java z5/w.java z5/x.java
一般功能-> 获取系统服务(getSystemService)	显示文件 A/h.java A/i.java A/x.java A2/n.java B/d.java C0/l.java C1/f.java C5/b.java E0/a.java H0/C1806b.java I/C1829d.java I1/C0004c.java I1/o.java I2/b1.java J/u.java J3/AbstractC1888a.java K/F0.java K/r.java K/t0.java K1/x.java K2/b.java L0/f.java L0/i.java L0/l.java L2/M.java L2/O.java L5/ViewOnKeyListenerC2035a.java M/Q.java M2/e.java N1/b.java N4/AbstractC2102e.java P4/i.java P4/o.java Q3/C2220q.java Q3/e.java Q4/A.java R0/C0146c.java T/b.java T3/n.java T3/s.java a1/C0224c.java b3/e.java f0/b.java g/b.java g/m.java g/p.java i0/C1837c.java i0/c.java i0/g.java l4/AbstractServiceC2033c.java music/downloader/mp3player/downloadmusic/MusicApp.java music/downloader/mp3player/downloadmusic/receiver/NetworkChangeReceiver.java music/downloader/mp3player/downloadmusic/service/MediaControlButtonReceiver.java music/downloader/mp3player/downloadmusic/service/MusicPlayerService.java music/downloader/mp3player/downloadmusic/ui/activity/search/SearchActivity.java music/downloader/mp3player/downloadmusic/ui/activity/search/SearchFromBundl.java o1/f.java z2/q.java
进程操作-> 获取运行的进程\服务	显示文件 L0/i.java L2/M.java N4/AbstractC2102e.java music/downloader/mp3player/downloadmusic/MusicApp.java
网络通信-> HTTP建立连接	显示文件 F4/C1789i.java G1/C1797c.java G2/c.java J3/AbstractC1888a.java K4/C1959c.java M2/j.java N4/AbstractC2098a.java N4/AbstractC2102e.java N5/g.java P4/C2137G.java Q3/C2207d.java Q3/e.java S5/C2262a.java X2/o.java a1/C0222a.java a1/C0225d.java org/schabi/newpipe/extractor/services/youtube/YoutubeParsingHelper.java w5/g.java w5/i.java z2/q.java
加密解密-> 信息摘要算法	显示文件 E1/a.java E1/c.java E1/d.java F1/m.java G1/C1797c.java I2/C0046p.java K1/C1948h.java K1/InterfaceC1945e.java K1/InterfaceC1946f.java M1/C2054B.java M1/C2060e.java M1/r.java M2/e.java N4/AbstractC2102e.java Q1/i.java Q3/w.java S1/C2257c.java T1/C2316C.java T1/C2327h.java T1/C2328i.java T1/C2329j.java T1/C2330k.java T1/t.java T1/v.java X1/C2397d.java o1/g.java w5/g.java
一般功能-> PowerManager操作	L2/M.java N4/AbstractC2102e.java
进程操作-> 获取进程pid	显示文件 B/f.java L0/i.java L2/M.java N4/AbstractC2098a.java N4/AbstractC2102e.java g/m.java music/downloader/mp3player/downloadmusic/MusicApp.java
一般功能-> 获取活动网路信息	显示文件 I1/o.java J3/AbstractC1888a.java N4/AbstractC2102e.java i0/c.java i0/g.java music/downloader/mp3player/downloadmusic/receiver/NetworkChangeReceiver.java z2/q.java
调用java反射机制	显示文件 A/AbstractC0209a.java A/a.java A/g.java A4/a.java A5/b.java A5/c.java A5/f.java A5/g.java A5/h.java A5/j.java A5/k.java B0/x.java B4/a.java B5/c.java B5/d.java B5/e.java C/h.java C0/l.java C0/m.java D/d.java D/e.java D/f.java D/g.java D/h.java F4/l.java G4/b.java I/C1833h.java I/MenuItemOnMenuItemClickListenerC1832g.java I2/C0042n.java J/ViewOnKeyListenerC1874f.java J/l.java J/s.java K/C1912d0.java K/C1918g0.java K/F0.java K/J0.java K/M.java K/S.java K/U.java K1/o.java K1/x.java K2/m.java L0/g.java L0/i.java L3/AbstractC2026e.java L3/C2025d.java L5/d.java L5/f.java M/Q.java M/U.java M/e0.java M/f0.java M/j0.java N1/h.java N4/AbstractC0138a.java N4/m.java N5/d.java N5/k.java Q/u.java Q5/b.java R3/C2250i.java R3/r.java W/l.java X2/n.java X2/o.java Z4/AbstractC2446a.java Z4/b.java Z4/c.java a1/C0224c.java com/wang/avi/AVLoadingIndicatorView.java e3/y.java g/f.java g/p.java g/r.java g/s.java k3/b.java m5/a.java m5/b.java org/mozilla/classfile/TypeInfo.java org/schabi/newpipe/extractor/timeago/PatternsManager.java v0/AbstractC2363a.java v0/b.java y/e.java y4/AbstractC2436b.java z0/AbstractC2444b.java
一般功能-> IPC通信	显示文件 A/b.java A/g.java A/j.java A/k.java A/l.java A/r.java A/t.java A0/C0210a.java A0/C0211b.java A0/RunnableC0215f.java A0/RunnableC0216g.java A0/RunnableC0217h.java A2/b.java A3/c.java A5/HandlerC0232a.java B/C0263b.java B/a.java B/e.java B4/DialogInterfaceOnClickListenerC0280b.java C/BinderC0289c.java C/C0287a.java C0/b.java C5/ViewOnClickListenerC0305a.java C5/b.java D2/H.java E0/a.java E0/b.java E0/c.java E0/e.java E0/f.java E0/g.java E0/i.java F2/a.java F2/d.java F4/C1788h.java G2/b.java H2/c.java H2/j.java H3/C1823a.java I1/J.java I1/RunnableC0002a.java I2/AbstractBinderC0054t0.java I2/AbstractC0044o.java I2/B0.java I2/C0018b.java I2/C0019b0.java I2/C0020c.java I2/C0022d.java I2/C0024e.java I2/C0033i0.java I2/C0034j.java I2/C0036k.java I2/C0038l.java I2/C0039l0.java I2/C0040m.java I2/C0042n.java I2/C0043n0.java I2/C0047p0.java I2/C0049q0.java I2/C0052s0.java I2/C0057v.java I2/C0058v0.java I2/D.java I2/E.java I2/G.java I2/H.java I2/H0.java I2/I.java I2/K.java I2/K0.java I2/M.java I2/P.java I2/R0.java I2/S.java I2/W.java I2/Y.java I2/Z.java I4/C1863a.java I4/C1865c.java I4/d.java J/C1869a.java J/l.java J/n.java J/s.java J/z.java J0/c.java J3/AbstractC1888a.java K2/b.java K2/d.java K2/e.java K2/o.java L0/f.java L0/g.java L0/o.java L0/q.java L2/DialogInterfaceOnClickListenerC0073d.java L2/DialogInterfaceOnClickListenerC0076g.java L2/E.java L2/L.java L2/M.java L2/O.java L3/C2025d.java M0/BinderC2047e.java M0/C2043a.java N/BinderC2078c.java N5/ViewOnClickListenerC2107e.java N5/g.java P3/AbstractBinderC2130a.java P3/b.java P4/C2149j.java P4/c.java P4/d.java P4/e.java P4/i.java P4/j.java Q/u.java Q3/C2207d.java Q3/C2220q.java Q3/e.java Q4/d.java Q4/m.java Q5/ViewOnClickListenerC2229c.java R3/AbstractC2242a.java R3/C2244c.java R3/C2250i.java S3/p.java X2/l.java X2/m.java a1/C0224c.java b3/C0278b.java b3/ServiceConnectionC0277a.java b3/e.java b3/f.java b3/i.java b3/k.java c4/j.java c4/k.java c4/l.java com/gun0912/tedpermission/TedPermissionActivity.java d3/c.java d3/e.java d3/q.java d3/v.java e3/AbstractC1749e.java e3/C1742B.java e3/C1751g.java e3/E.java e3/F.java e3/ServiceConnectionC1741A.java e3/p.java e3/q.java e3/t.java e3/u.java e3/w.java e3/y.java e3/z.java g/f.java g/m.java g3/d.java i0/a.java i0/b.java i0/c.java i0/d.java i0/h.java i0/i.java k3/b.java l4/AbstractServiceC2033c.java l4/BinderC2031a.java l4/BinderC2032b.java l4/InterfaceC2034d.java m3/b.java m5/ViewOnClickListenerC2074a.java m5/c.java music/downloader/mp3player/downloadmusic/AlbumFragment.java music/downloader/mp3player/downloadmusic/ArtistFragment.java music/downloader/mp3player/downloadmusic/DeviceAudioFragment.java music/downloader/mp3player/downloadmusic/FavoriteFragment.java music/downloader/mp3player/downloadmusic/MainActivityX.java music/downloader/mp3player/downloadmusic/PlaylistFragment.java music/downloader/mp3player/downloadmusic/receiver/BroadcastControl.java music/downloader/mp3player/downloadmusic/receiver/NetworkChangeReceiver.java music/downloader/mp3player/downloadmusic/service/MediaControlButtonReceiver.java music/downloader/mp3player/downloadmusic/service/MusicPlayerService.java music/downloader/mp3player/downloadmusic/ui/activity/ListSongActivity.java music/downloader/mp3player/downloadmusic/ui/activity/PlayerActivity.java music/downloader/mp3player/downloadmusic/ui/activity/addsong/ActivityAddSong.java music/downloader/mp3player/downloadmusic/ui/activity/album/ActivityAlbum.java music/downloader/mp3player/downloadmusic/ui/activity/artist/ActivityArtist.java music/downloader/mp3player/downloadmusic/ui/activity/nowplaying/NowPlayingActivity.java music/downloader/mp3player/downloadmusic/ui/activity/playlist/ActivityPlaylist.java music/downloader/mp3player/downloadmusic/ui/activity/search/SearchActivity.java music/downloader/mp3player/downloadmusic/ui/activity/search/SearchFromBundl.java music/downloader/mp3player/downloadmusic/ui/activity/song/ActivitySong.java music/downloader/mp3player/downloadmusic/ui/fragment/player/FragmentPlayer.java n3/C2095b.java n3/C2096c.java r4/b.java v0/AbstractC2363a.java w3/a.java w3/b.java w3/c.java
隐私数据-> 获取GPS位置信息	g/m.java
加密解密-> Crypto加解密组件	G4/b.java I2/C1845a.java I2/F0.java
辅助功能accessibility相关	显示文件 F3/d.java H3/c.java M/C0088a.java N/e.java S3/k.java T/b.java T3/v.java
组件-> 启动 Service	显示文件 C0/b.java C5/ViewOnClickListenerC0305a.java C5/b.java E0/c.java H3/C1823a.java L0/o.java L2/M.java N4/AbstractC2098a.java P4/d.java P4/e.java Q4/m.java Q5/ViewOnClickListenerC2229c.java a1/C0224c.java c4/j.java c4/l.java m5/ViewOnClickListenerC2074a.java m5/c.java music/downloader/mp3player/downloadmusic/DeviceAudioFragment.java music/downloader/mp3player/downloadmusic/FavoriteFragment.java music/downloader/mp3player/downloadmusic/MainActivityX.java music/downloader/mp3player/downloadmusic/service/MusicPlayerService.java music/downloader/mp3player/downloadmusic/ui/activity/ListSongActivity.java music/downloader/mp3player/downloadmusic/ui/activity/PlayerActivity.java music/downloader/mp3player/downloadmusic/ui/activity/nowplaying/NowPlayingActivity.java music/downloader/mp3player/downloadmusic/ui/activity/search/SearchActivity.java music/downloader/mp3player/downloadmusic/ui/activity/search/SearchFromBundl.java music/downloader/mp3player/downloadmusic/ui/activity/song/ActivitySong.java music/downloader/mp3player/downloadmusic/ui/fragment/player/FragmentPlayer.java
DEX-> 动态加载	显示文件 I2/AbstractC0044o.java J3/AbstractC1888a.java L2/M.java L3/C2025d.java L3/C2027f.java L5/d.java y4/AbstractC2436b.java
加密解密-> Base64 解密	显示文件 C/h.java H2/C1812d.java I2/C0042n.java K0/j.java L2/C2018e.java Q1/C2169C.java X2/f.java j2/j.java z0/d.java
组件-> 启动 Activity	显示文件 A/b.java B/a.java B4/DialogInterfaceOnClickListenerC0280b.java C5/ViewOnClickListenerC0305a.java C5/b.java H2/j.java J/l.java L2/DialogInterfaceOnClickListenerC0073d.java L2/DialogInterfaceOnClickListenerC0076g.java L2/M.java N5/ViewOnClickListenerC2107e.java P4/i.java P4/j.java Q3/C2207d.java Q3/C2220q.java Q4/d.java Q5/ViewOnClickListenerC2229c.java a1/C0224c.java com/gun0912/tedpermission/TedPermissionActivity.java d3/v.java e3/p.java m5/ViewOnClickListenerC2074a.java music/downloader/mp3player/downloadmusic/ui/activity/ListSongActivity.java music/downloader/mp3player/downloadmusic/ui/activity/PlayerActivity.java music/downloader/mp3player/downloadmusic/ui/activity/album/ActivityAlbum.java music/downloader/mp3player/downloadmusic/ui/activity/artist/ActivityArtist.java music/downloader/mp3player/downloadmusic/ui/activity/nowplaying/NowPlayingActivity.java music/downloader/mp3player/downloadmusic/ui/activity/playlist/ActivityPlaylist.java music/downloader/mp3player/downloadmusic/ui/activity/search/SearchActivity.java music/downloader/mp3player/downloadmusic/ui/activity/search/SearchFromBundl.java music/downloader/mp3player/downloadmusic/ui/activity/song/ActivitySong.java
网络通信-> TCP套接字	显示文件 A/AbstractC0209a.java A5/c.java A5/k.java B5/b.java C5/a.java F4/RunnableC1786f.java F5/v.java Q3/C2207d.java R0/C0147d.java S5/C2262a.java S5/C2277p.java S5/C2278q.java T5/AbstractC2342a.java X2/C.java w5/C2391d.java w5/g.java w5/h.java w5/i.java w5/l.java w5/m.java x5/C2413a.java z5/p.java
组件-> 发送广播	显示文件 A5/HandlerC0232a.java E0/b.java F4/C1788h.java music/downloader/mp3player/downloadmusic/service/MediaControlButtonReceiver.java
加密解密-> Base64 加密	显示文件 I2/C0042n.java M/C0092e.java Q3/RunnableC2217n.java S2/m.java i0/i.java
组件-> ContentProvider	B/i.java I2/G0.java
组件-> Provider openFile	B/i.java
网络通信-> WebView JavaScript接口	H2/m.java
网络通信-> WebView 相关	H2/l.java H2/m.java K2/b.java
网络通信-> SSL证书处理	显示文件 A5/f.java A5/k.java S5/C2262a.java S5/C2278q.java w5/g.java x5/C2413a.java
网络通信-> UDP数据包	X2/C.java
网络通信-> UDP数据报套接字	X2/C.java
JavaScript 接口方法	S2/C0149a.java
网络通信-> URLConnection	显示文件 F4/C1789i.java F4/RunnableC1786f.java K/G0.java L5/e.java
隐私数据-> 剪贴板数据读写操作	K/r.java
一般功能-> 查询数据库(短信、联系人、通话记录、浏览器历史等)	music/downloader/mp3player/downloadmusic/ui/activity/ListSongActivity.java
隐私数据-> 获取已安装的应用程序	Q/u.java
一般功能-> Android通知	A5/C0236e.java b3/e.java music/downloader/mp3player/downloadmusic/service/MusicPlayerService.java
DEX-> 加载和操作Dex文件	L3/C2025d.java L3/C2027f.java
网络通信-> OkHttpClient Connection	P4/u.java

安全漏洞检测

高危

2

警告

6

信息

1

安全

1

屏蔽

0

序号	问题	等级	参考标准	文件位置	操作
1	MD5是已知存在哈希冲突的弱哈希	警告	CWE: CWE-327: 使用已被攻破或存在风险的密码学算法 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-4	升级会员：解锁高级权限	对应用 music.downloader.mp3player.downloadmusic 屏蔽 android_md5 规则仅对这些文件屏蔽 android_md5 规则
2	应用程序记录日志信息,不得记录敏感信息	信息	CWE: CWE-532: 通过日志文件的信息暴露 OWASP MASVS: MSTG-STORAGE-3	升级会员：解锁高级权限	对应用 music.downloader.mp3player.downloadmusic 屏蔽 android_logging 规则仅对这些文件屏蔽 android_logging 规则
3	应用程序使用不安全的随机数生成器	警告	CWE: CWE-330: 使用不充分的随机数 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-6	升级会员：解锁高级权限	对应用 music.downloader.mp3player.downloadmusic 屏蔽 android_insecure_random 规则仅对这些文件屏蔽 android_insecure_random 规则
4	SHA-1是已知存在哈希冲突的弱哈希	警告	CWE: CWE-327: 使用已被攻破或存在风险的密码学算法 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-4	升级会员：解锁高级权限	对应用 music.downloader.mp3player.downloadmusic 屏蔽 android_sha1 规则仅对这些文件屏蔽 android_sha1 规则
5	应用程序可以读取/写入外部存储器，任何应用程序都可以读取写入外部存储器的数据	警告	CWE: CWE-276: 默认权限不正确 OWASP Top 10: M2: Insecure Data Storage OWASP MASVS: MSTG-STORAGE-2	升级会员：解锁高级权限	对应用 music.downloader.mp3player.downloadmusic 屏蔽 android_read_write_external 规则仅对这些文件屏蔽 android_read_write_external 规则
6	应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库	警告	CWE: CWE-89: SQL命令中使用的特殊元素转义处理不恰当（'SQL 注入'） OWASP Top 10: M7: Client Code Quality	升级会员：解锁高级权限	对应用 music.downloader.mp3player.downloadmusic 屏蔽 android_sql_raw_query 规则仅对这些文件屏蔽 android_sql_raw_query 规则
7	文件可能包含硬编码的敏感信息，如用户名、密码、密钥等	警告	CWE: CWE-312: 明文存储敏感信息 OWASP Top 10: M9: Reverse Engineering OWASP MASVS: MSTG-STORAGE-14	升级会员：解锁高级权限	对应用 music.downloader.mp3player.downloadmusic 屏蔽 android_hardcoded 规则仅对这些文件屏蔽 android_hardcoded 规则
8	此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击	安全	OWASP MASVS: MSTG-NETWORK-4	升级会员：解锁高级权限	对应用 music.downloader.mp3player.downloadmusic 屏蔽 android_ssl_pinning 规则仅对这些文件屏蔽 android_ssl_pinning 规则
9	SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击	高危	CWE: CWE-295: 证书验证不恰当 OWASP Top 10: M3: Insecure Communication OWASP MASVS: MSTG-NETWORK-3	升级会员：解锁高级权限	对应用 music.downloader.mp3player.downloadmusic 屏蔽 android_insecure_ssl 规则仅对这些文件屏蔽 android_insecure_ssl 规则
10	应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。	高危	CWE: CWE-649: 依赖于混淆或加密安全相关输入而不进行完整性检查 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-3	升级会员：解锁高级权限	对应用 music.downloader.mp3player.downloadmusic 屏蔽 cbc_padding_oracle 规则仅对这些文件屏蔽 cbc_padding_oracle 规则

Native库安全分析

No Shared Objects found.

序号	动态库	NX(堆栈禁止执行)	PIE	STACK CANARY(栈保护)	RELRO	RPATH（指定SO搜索路径）	RUNPATH（指定SO搜索路径）	FORTIFY(常用函数加强检查)	SYMBOLS STRIPPED(裁剪符号表)

文件分析

序号	问题	文件

敏感权限分析

恶意软件常用权限 5/30

android.permission.MODIFY_AUDIO_SETTINGS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_SETTINGS
android.permission.WAKE_LOCK
android.permission.RECORD_AUDIO

其它常用权限 8/46

android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_MEDIA_AUDIO
android.permission.FOREGROUND_SERVICE
com.google.android.gms.permission.AD_ID

恶意软件常用权限 是被已知恶意软件广泛滥用的权限。
其它常用权限 是已知恶意软件经常滥用的权限。

IP地理位置

恶意域名检测

域名	状态	中国境内	位置信息
i.ytimg.com	安全	否	IP地址: 172.217.175.246 国家: 日本地区: 东京城市: 东京查看: Google 地图
www.invidio.us	安全	否	IP地址: 103.252.115.49 国家: 美利坚合众国地区: 加利福尼亚城市: 旧金山查看: Google 地图
www.youtube-nocookie.com	安全	否	IP地址: 172.217.174.110 国家: 美利坚合众国地区: 加利福尼亚城市: 山景城查看: Google 地图
api-widget.soundcloud.com	安全	否	IP地址: 172.217.174.110 国家: 大韩民国地区: 京畿道城市: 利川市查看: Google 地图
admob-gmats.uc.r.appspot.com	安全	是	IP地址: 172.217.174.110 国家: 中国地区: 香港城市: 香港查看: 高德地图
bandcamp.com	安全	否	IP地址: 111.221.39.70 国家: 美利坚合众国地区: 加利福尼亚城市: 旧金山查看: Google 地图
soundcloud.com	安全	否	IP地址: 172.217.174.110 国家: 大韩民国地区: 京畿道城市: 利川市查看: Google 地图
api.soundcloud.com	安全	否	IP地址: 172.217.174.110 国家: 大韩民国地区: 京畿道城市: 利川市查看: Google 地图
googlemobileadssdk.page.link	安全	否	IP地址: 172.217.174.110 国家: 日本地区: 东京城市: 东京查看: Google 地图
dashif.org	安全	是	IP地址: 185.199.109.153 国家: 中国地区: 江苏城市: 台州查看: 高德地图
pagead2.googlesyndication.com	安全	否	IP地址: 172.217.174.110 国家: 日本地区: 东京城市: 东京查看: Google 地图
app2.ecojustayo.com	安全	否	IP地址: 139.180.213.110 国家: 新加坡地区: 新加坡城市: 新加坡查看: Google 地图
aomedia.org	安全	否	IP地址: 185.199.109.153 国家: 美利坚合众国地区: 宾夕法尼亚城市: 加利福尼亚查看: Google 地图
galaxystore.samsung.com	安全	否	IP地址: 111.221.39.70 国家: 大韩民国地区: 首尔teukbyeolsi 城市: 首尔查看: Google 地图
streaming.media.ccc.de	安全	否	IP地址: 103.252.115.49 国家: 美利坚合众国地区: 加利福尼亚城市: 旧金山查看: Google 地图
api.media.ccc.de	安全	否	IP地址: 103.252.115.49 国家: 新加坡地区: 新加坡城市: 新加坡查看: Google 地图
sepiasearch.org	安全	否	IP地址: 116.202.193.227 国家: 德国地区: 萨克森城市: 法尔肯施泰因查看: Google 地图
goo.gl	安全	否	IP地址: 172.217.175.246 国家: 日本地区: 东京城市: 东京查看: Google 地图
exoplayer.dev	安全	否	IP地址: 185.199.111.153 国家: 美利坚合众国地区: 宾夕法尼亚城市: 加利福尼亚查看: Google 地图
framatube.org	安全	否	IP地址: 178.63.240.148 国家: 德国地区: 萨克森城市: 法尔肯施泰因查看: Google 地图
w.soundcloud.com	安全	否	IP地址: 54.192.175.36 国家: 大韩民国地区: 京畿道城市: 利川市查看: Google 地图
api-v2.soundcloud.com	安全	否	IP地址: 13.225.131.37 国家: 大韩民国地区: 京畿道城市: 利川市查看: Google 地图
f4.bcbits.com	安全	否	IP地址: 111.221.39.70 国家: 瑞典地区: 西约塔兰省城市: 哥德堡查看: Google 地图
g.co	安全	否	IP地址: 142.250.207.14 国家: 日本地区: 东京城市: 东京查看: Google 地图
media.ccc.de	安全	否	IP地址: 108.160.161.20 国家: 美利坚合众国地区: 加利福尼亚城市: 旧金山查看: Google 地图

手机号提取

手机号	源码文件
17222222222 18222222222	K1/x.java

URL链接分析

URL信息	源码文件
https://sepiasearch.org	org/schabi/newpipe/extractor/services/peertube/linkHandler/PeertubeSearchQueryHandlerFactory.java
https://i.ytimg.com/vi/	org/schabi/newpipe/extractor/services/youtube/extractors/YoutubeMixPlaylistExtractor.java
https://media.ccc.de/recent	org/schabi/newpipe/extractor/services/media_ccc/linkHandler/MediaCCCRecentListLinkHandlerFactory.java
https://bandcamp.com/api/bcweekly/3/list	org/schabi/newpipe/extractor/services/bandcamp/extractors/BandcampRadioExtractor.java
https://bandcamp.com/api/fuzzysearch/1/autocomplete?q=	org/schabi/newpipe/extractor/services/bandcamp/extractors/BandcampSuggestionExtractor.java
https://framatube.org	org/schabi/newpipe/extractor/services/peertube/PeertubeInstance.java
www.google.com	H2/m.java
http://javax.xml.xmlconstants/property/accessexternalschema http://javax.xml.xmlconstants/property/accessexternaldtd file:full:2011	org/schabi/newpipe/extractor/services/youtube/dashmanifestcreators/YoutubeDashManifestCreatorsUtils.java
https://fundingchoicesmessages.google.com/a/consent	Q3/C2207d.java
https://media.ccc.de/b/conferences https://media.ccc.de/public/conferences https://api.media.ccc.de/public/conferences	org/schabi/newpipe/extractor/services/media_ccc/linkHandler/MediaCCCConferencesListLinkHandlerFactory.java
https://media.ccc.de/live	org/schabi/newpipe/extractor/services/media_ccc/linkHandler/MediaCCCLiveListLinkHandlerFactory.java
https://bandcamp.com/?show=	org/schabi/newpipe/extractor/services/bandcamp/linkHandler/BandcampStreamLinkHandlerFactory.java
https://bandcamp.com/api/bcweekly/1/get?id= https://bandcamp.com/img/buttons/bandcamp-button-circle-whitecolor-512.png	org/schabi/newpipe/extractor/services/bandcamp/extractors/BandcampRadioStreamExtractor.java
https://media.ccc.de/public/events/search?q=	org/schabi/newpipe/extractor/services/media_ccc/linkHandler/MediaCCCSearchQueryHandlerFactory.java
https://bandcamp.com/?show=	org/schabi/newpipe/extractor/services/bandcamp/extractors/BandcampRadioInfoItemExtractor.java
https://api.media.ccc.de/public/events/ https://media.ccc.de/v/ https://streaming.media.ccc.de/	org/schabi/newpipe/extractor/services/media_ccc/linkHandler/MediaCCCStreamLinkHandlerFactory.java
https://exoplayer.dev/issues/player-accessed-on-wrong-thread	I1/J.java
https://media.ccc.de	org/schabi/newpipe/extractor/services/media_ccc/MediaCCCService.java
https://media.ccc.de/public/events/	org/schabi/newpipe/extractor/services/media_ccc/extractors/infoItems/MediaCCCStreamInfoItemExtractor.java
https://takeout.google.com/takeout/custom/youtube	org/schabi/newpipe/extractor/services/youtube/extractors/YoutubeSubscriptionExtractor.java
http://suggestqueries.google.com/complete/search?client=toolbar&q=	O4/C2120c.java
data:cs:audiopurposecs:2007 http://dashif.org/guidelines/last-segment-number	H2/C1812d.java
https://pagead2.googlesyndication.com/pagead/gen_204?id=gmob-apps	G2/c.java
https://bandcamp.com/api/mobile/24/feed_older_logged_out https://bandcamp.com/api/mobile/24/bootstrap_data https://bandcamp.com/api/mobile/24/feed_older_logged_out?story_groups=featured:	org/schabi/newpipe/extractor/services/bandcamp/extractors/BandcampFeaturedExtractor.java
https://app2.ecojustayo.com/topsong https://app2.ecojustayo.com/topartist	B0/v.java
http://play.google.com/store/apps/details?id=	music/downloader/mp3player/downloadmusic/ui/activity/PlayerActivity.java
https://bandcamp.com/api/tralbumcollectors/2/reviews	org/schabi/newpipe/extractor/services/bandcamp/extractors/BandcampCommentsExtractor.java
https://bandcamp.com/api/mobile/22/band_details https://bandcamp.com https://bandcamp.com/api/mobile/22/tralbum_details?band_id= https://bandcamp.com/cart https://bandcamp.com/api https://f4.bcbits.com/img/	org/schabi/newpipe/extractor/services/bandcamp/extractors/BandcampExtractorHelper.java
www.invidio.us www.youtube-nocookie.com 17.5.1.21 www.google	org/schabi/newpipe/extractor/services/youtube/YoutubeParsingHelper.java
https://galaxystore.samsung.com/detail/	L2/DialogInterfaceOnClickListenerC0076g.java
https://api.soundcloud.com/users/	org/schabi/newpipe/extractor/services/soundcloud/linkHandler/SoundcloudChannelLinkHandlerFactory.java
https://api-v2.soundcloud.com/search/queries?q=	org/schabi/newpipe/extractor/services/soundcloud/extractors/SoundcloudSuggestionExtractor.java
https://soundcloud.com	org/schabi/newpipe/extractor/services/soundcloud/SoundcloudService.java
https://github.com/lingochamp/filedownloader/wiki/filedownloader.properties	c4/l.java
https://api-v2.soundcloud.com/ https://w.soundcloud.com/player/?url= https://api-widget.soundcloud.com/resolve?url= https://soundcloud.com https://api-v2.soundcloud.com/resolve?url=	org/schabi/newpipe/extractor/services/soundcloud/SoundcloudParsingHelper.java
https://goo.gl/j1swqy	R3/r.java
www.invidio.us www.youtube-nocookie.com	org/schabi/newpipe/extractor/services/youtube/linkHandler/YoutubeStreamLinkHandlerFactory.java
https://api.media.ccc.de/public/conferences/ https://media.ccc.de/c/	org/schabi/newpipe/extractor/services/media_ccc/linkHandler/MediaCCCConferenceLinkHandlerFactory.java
https://googlemobileadssdk.page.link/admob-android-update-manifest https://googlemobileadssdk.page.link/ad-manager-android-update-manifest	I2/G0.java
https://api-v2.soundcloud.com/users/ https://soundcloud.com/ https://soundcloud.com/you	org/schabi/newpipe/extractor/services/soundcloud/extractors/SoundcloudSubscriptionExtractor.java
https://api.media.ccc.de/public/events/recent	org/schabi/newpipe/extractor/services/media_ccc/extractors/MediaCCCRecentKiosk.java
https://api-v2.soundcloud.com/users/	org/schabi/newpipe/extractor/services/soundcloud/extractors/SoundcloudChannelTabExtractor.java
https://api-v2.soundcloud.com/tracks/	org/schabi/newpipe/extractor/services/soundcloud/extractors/SoundcloudStreamExtractor.java
https://api.soundcloud.com/playlists/	org/schabi/newpipe/extractor/services/soundcloud/linkHandler/SoundcloudPlaylistLinkHandlerFactory.java
https://bandcamp.com/search?q=	org/schabi/newpipe/extractor/services/bandcamp/linkHandler/BandcampSearchQueryHandlerFactory.java
https://api-v2.soundcloud.com/tracks?client_id= https://api-v2.soundcloud.com/playlists/	org/schabi/newpipe/extractor/services/soundcloud/extractors/SoundcloudPlaylistExtractor.java
https://streaming.media.ccc.de/streams/v2.json	org/schabi/newpipe/extractor/services/media_ccc/extractors/MediaCCCParsingHelper.java
https://api-v2.soundcloud.com/search/playlists https://api-v2.soundcloud.com/search/tracks https://api-v2.soundcloud.com/search https://api-v2.soundcloud.com/search/users	org/schabi/newpipe/extractor/services/soundcloud/linkHandler/SoundcloudSearchQueryHandlerFactory.java
https://api-v2.soundcloud.com/charts?genre=soundcloud:genres:all-music&client_id=	org/schabi/newpipe/extractor/services/soundcloud/extractors/SoundcloudChartsExtractor.java
https://api-v2.soundcloud.com/users/	org/schabi/newpipe/extractor/services/soundcloud/extractors/SoundcloudChannelExtractor.java
https://streaming.media.ccc.de/	org/schabi/newpipe/extractor/services/media_ccc/extractors/MediaCCCLiveStreamExtractor.java
https://api.soundcloud.com/tracks/	org/schabi/newpipe/extractor/services/soundcloud/linkHandler/SoundcloudStreamLinkHandlerFactory.java
https://api-v2.soundcloud.com/tracks/	org/schabi/newpipe/extractor/services/soundcloud/linkHandler/SoundcloudCommentsLinkHandlerFactory.java
https://soundcloud.com/charts/top https://soundcloud.com/charts/new	org/schabi/newpipe/extractor/services/soundcloud/linkHandler/SoundcloudChartsLinkHandlerFactory.java
https://aomedia.org/emsg/id3 https://developer.apple.com/streaming/emsg-id3	Z1/a.java
https://media.ccc.de http://suggestqueries.google.com/complete/search?client=toolbar&q= https://api-v2.soundcloud.com/ https://api.media.ccc.de/public/events/ https://w.soundcloud.com/player/?url= https://developer.apple.com/streaming/emsg-id3 https://googlemobileadssdk.page.link/admob-android-update-manifest https://play.google.com/store/apps/details?id=downloadmusic.mp3music.soundmp3.music https://bandcamp.com/api https://soundcloud.com/you https://app2.ecojustayo.com/topartist https://api-v2.soundcloud.com/users/ https://api-widget.soundcloud.com/resolve?url= https://i.ytimg.com/vi/ https://api-v2.soundcloud.com/search https://soundcloud.com/charts/top https://api-v2.soundcloud.com/playlists/ https://pagead2.googlesyndication.com/pagead/gen_204?id=gmob-apps https://bandcamp.com/api/bcweekly/3/list https://googlemobileadssdk.page.link/ad-manager-android-update-manifest https://f4.bcbits.com/img/ https://app2.ecojustayo.com/topsong www.google.com https://bandcamp.com/api/mobile/24/feed_older_logged_out?story_groups=featured: https://pagead2.googlesyndication.com/pagead/ping?e=2&f=1 https://api-v2.soundcloud.com/tracks/ https://api.soundcloud.com/tracks/ http://play.google.com/store/apps/details?id= https://www.google.com/dfp/senddebugdata https://fundingchoicesmessages.google.com/a/consent http://javax.xml.xmlconstants/property/accessexternalstylesheet https://api-v2.soundcloud.com/search/tracks https://bandcamp.com/api/mobile/24/bootstrap_data https://bandcamp.com/api/bcweekly/1/get?id= http://127.0.0.1 https://media.ccc.de/live www.youtube-nocookie.com https://bandcamp.com/api/tralbumcollectors/2/reviews http://www.google.com https://api-v2.soundcloud.com/resolve?url= https://admob-gmats.uc.r.appspot.com/ https://sepiasearch.org https://media.ccc.de/public/events/ 17.5.1.21 https://api.soundcloud.com/playlists/ https://goo.gl/j1swqy https://googlemobileadssdk.page.link/admob-interstitial-policies https://aomedia.org/emsg/id3 https://bandcamp.com/api/mobile/24/feed_older_logged_out https://media.ccc.de/public/conferences https://bandcamp.com https://play.google.com/d https://bandcamp.com/?show= https://media.ccc.de/recent https://bandcamp.com/search?q= https://bandcamp.com/cart 127.0.0.255 https://media.ccc.de/public/events/search?q= http://g.co/dev/packagevisibility https://streaming.media.ccc.de/streams/v2.json https://bandcamp.com/img/buttons/bandcamp-button-circle-whitecolor-512.png file:full:2011 https://framatube.org https://soundcloud.com/charts/new https://api.soundcloud.com/users/ https://github.com/lingochamp/filedownloader/wiki/filedownloader.properties https://api.media.ccc.de/public/conferences https://media.ccc.de/b/conferences https://www.google.com/dfp/linkdevice https://soundcloud.com/ http://dashif.org/guidelines/last-segment-number https://media.ccc.de/v/ http://javax.xml.xmlconstants/feature/secure-processing https://bandcamp.com/api/fuzzysearch/1/autocomplete?q= www.invidio.us https://soundcloud.com https://bandcamp.com/api/mobile/22/tralbum_details?band_id= https://api.media.ccc.de/public/conferences/ data:cs:audiopurposecs:2007 https://media.ccc.de/c/ http://javax.xml.xmlconstants/property/accessexternaldtd https://exoplayer.dev/issues/player-accessed-on-wrong-thread https://bandcamp.com/api/mobile/22/band_details https://www.google.com/dfp/inapppreview https://api.media.ccc.de/public/events/recent https://www.google.com/dfp/debugsignals http://javax.xml.xmlconstants/property/accessexternalschema https://api-v2.soundcloud.com/search/queries?q= https://galaxystore.samsung.com/detail/ https://api-v2.soundcloud.com/search/playlists https://takeout.google.com/takeout/custom/youtube https://api-v2.soundcloud.com/charts?genre=soundcloud:genres:all-music&client_id= https://api-v2.soundcloud.com/tracks?client_id= https://api-v2.soundcloud.com/search/users www.google https://streaming.media.ccc.de/	自研引擎-S

Firebase配置检测

邮箱地址提取

第三方追踪器

名称	类别	网址
Google AdMob	Advertisement	https://reports.exodus-privacy.eu.org/trackers/312

敏感凭证泄露

已显示 7 个secrets

1、 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "@string/app_id"
2、 9a04f079-9840-4286-ab92-e65be0885f95
3、 edef8ba9-79d6-4ace-a3c8-27dcd51d21ed
4、 B3EEABB8EE11C2BE770B684D95219ECB
5、 c103703e120ae8cc73c9248622f3cd1e
6、 aHR0cHM6Ly9hcGkuamFtZW5kby5jb20vdjMuMC90cmFja3M/Y2xpZW50X2lkPWQ2ZjFiNDA3JmZvcm1hdD1qc29ucHJldHR5JmxpbWl0PTIwJm5hbWU9
7、 49f946663a8deb7054212b8adda248c6

字符串信息

建议导出为TXT，方便查看。

活动列表

显示 18 个 activities

服务列表

显示 8 个 services

广播接收者列表

显示 12 个 receivers

内容提供者列表

显示 3 个 providers

第三方SDK

SDK名称	开发者	描述信息
Google Play Service	Google	借助 Google Play 服务，您的应用可以利用由 Google 提供的最新功能，例如地图，Google+ 等，并通过 Google Play 商店以 APK 的形式分发自动平台更新。这样一来，您的用户可以更快地接收更新，并且可以更轻松地集成 Google 必须提供的最新信息。
Jetpack App Startup	Google	App Startup 库提供了一种直接，高效的方法来在应用程序启动时初始化组件。库开发人员和应用程序开发人员都可以使用 App Startup 来简化启动顺序并显式设置初始化顺序。App Startup 允许您定义共享单个内容提供程序的组件初始化程序，而不必为需要初始化的每个组件定义单独的内容提供程序。这可以大大缩短应用启动时间。
Jetpack WorkManager	Google	使用 WorkManager API 可以轻松地调度即使在应用退出或设备重启时仍应运行的可延迟异步任务。
Jetpack Media	Google	与其他应用共享媒体内容和控件。已被 media2 取代。
Jetpack Room	Google	Room 持久性库在 SQLite 的基础上提供了一个抽象层，让用户能够在充分利用 SQLite 的强大功能的同时，获享更强健的数据库访问机制。
FileDownloader	LingoChamp	Android 文件下载引擎，稳定、高效、灵活、简单易用。

污点分析

当apk较大时，代码量会很大，造成数据流图（ICFG）呈现爆炸式增长，所以该功能比较耗时，请先喝杯咖啡，耐心等待……

规则名称	描述信息	操作
病毒分析	使用安卓恶意软件常用的API进行污点分析	开始分析
漏洞挖掘	漏洞挖掘场景下的污点分析	开始分析
隐私合规	隐私合规场景下的污点分析：组件内污点传播、组件间污点传播、组件与库函数之间的污点传播	开始分析
密码分析	分析加密算法是否使用常量密钥、静态初始化的向量（IV）、加密模式是否使用ECB等	开始分析
Callback	因为Android中系统级的Callback并不会出现显式地进行回调方法的调用，所以如果需要分析Callback方法需要在声明文件中将其声明，这里提供一份AndroidCallbacks.txt文件，里面是一些常见的原生回调接口或类，如果有特殊接口需求，可以联系管理员	开始分析

时间	执行功能	执行结果
2024-09-27 16:12:25	生成哈希值	成功
2024-09-27 16:12:25	提取APK	成功
2024-09-27 16:12:27	探测加固信息为：未加壳	成功
2024-09-27 16:12:27	开始解压文件	成功
2024-09-27 16:12:31	获取硬编码证书/密钥库	成功
2024-09-27 16:12:38	解析 AndroidManifest.xml	成功
2024-09-27 16:12:38	使用 androguard 解析 APK	成功
2024-09-27 16:12:38	提取Manifest数据	成功
2024-09-27 16:12:38	提取应用程序基础数据，例如：app名称，版本，包名称等信息	成功
2024-09-27 16:12:38	正在从Play Store获取详细信息: music.downloader.mp3player.downloadmusic	成功
2024-09-27 16:12:39	从 AppMonsta 获取详细信息: music.downloader.mp3player.downloadmusic	成功
2024-09-27 16:12:41	Unable to get app details	HTTPError('403 Client Error: Forbidden for url: https://api.appmonsta.com/v1/stores/android/details/music.downloader.mp3player.downloadmusic.json?country=US')
2024-09-27 16:12:41	Manifest分析开始	成功
2024-09-27 16:12:41	检查恶意软件权限	成功
2024-09-27 16:12:41	提取APK中所有的类和方法	成功
2024-09-27 16:12:43	解析出9915个class，64767个method	成功
2024-09-27 16:12:43	SO文件分析开始	成功
2024-09-27 16:12:44	读取代码签名证书	成功
2024-09-27 16:12:44	检测追踪器	成功
2024-09-27 16:12:45	将 APK 反编译为 Java	成功
2024-09-27 16:13:11	代码分析开始于 - java_source	成功
2024-09-27 16:13:11	Android SAST 开始	成功
2024-09-27 16:13:19	Android API分析开始	成功
2024-09-27 16:13:27	开始进行Android 权限映射	成功
2024-09-27 16:13:31	Android权限映射已完成	成功
2024-09-27 16:13:34	从 APK 中提取字符串数据	成功
2024-09-27 16:13:36	从代码中提取字符串数据	成功
2024-09-27 16:13:36	从代码中提取字符串值和凭证数据	成功
2024-09-27 16:13:44	对提取的域名执行恶意软件检查	成功
2024-09-27 16:13:45	VirusTotal: 检查现有报告	成功
2024-09-27 16:13:46	VirusTotal: Scan finished, information embedded	成功
2024-09-27 16:13:46	保存到数据库	成功