PSP Dragon Emulator 1.0版本 | 静态分析 _南明离火移动安全分析平台

安全声明：本平台专为移动应用安全风险研究与合规评估设计，严禁用于任何非法用途。如有疑问或建议，欢迎加入微信群交流。

应用图标

应用评分

文件基本信息

文件名称

538a06314cb3f8b1bc5afe4c62893b34391fbc859d2e48c5ea56483c6915f310.apk

文件大小

4.32MB

MD5

c6379fb6b63c27b6a7d2f2f6f6f51637

SHA1

4f8c60fb8a8743332180a01e054327b74acfb603

SHA256

538a06314cb3f8b1bc5afe4c62893b34391fbc859d2e48c5ea56483c6915f310

病毒检测

⚠️ 6 个厂商报毒⚠️

应用基础信息

应用名称

PSP Dragon Emulator

包名

com.gamedragontoha.pspwaruirengcom

主活动

com.gamedragontoha.pspwaruirengcom.Activity.Awal

目标SDK

26

最小SDK

16

版本号

1.0

子版本号

1

加固信息

未加壳

组件导出状态统计

查看 Activity 组件

查看 Service 组件

查看 Receiver 组件

查看 Provider 组件

扫描与分析选项

重新扫描管理规则动态分析

反编译与源码导出

Manifest文件查看

APK文件成为会员，解锁下载

Java源代码查看 -- 下载

文件结构与资源列表

应用签名证书信息

二进制文件已签名
v1 签名: True
v2 签名: False
v3 签名: False
v4 签名: False
主题: CN=aimad abrach OU=apkdevlopersd O=devloperaimad L=zanimo S=zazate C=MA
签名算法: rsassa_pkcs1v15
有效期自: 2019-01-22 01:19:14+00:00
有效期至: 2044-01-16 01:19:14+00:00
发行人: CN=aimad abrach OU=apkdevlopersd O=devloperaimad L=zanimo S=zazate C=MA
序列号: 0x7ca7b3af
哈希算法: sha256
证书MD5: 386334e561b63306fa26366fcdaf50d6
证书SHA1: caac513f69fac1a6093f74e157c2ad2d312e1a40
证书SHA256: 8a045b152a1e9a9534c957a32c3603abcd127c721cabbb4ac17aa94dc3097e7d
证书SHA512: f74ba6223201303f71358ea93a748247fb2ade096069bcfa16c14fc27b30c1ca41b951e1902080525d1aed32aba113b33e154b90bd5d8adff456aa7d905365fe
找到 1 个唯一证书

权限声明与风险分级

权限名称	安全等级	权限内容	权限描述	关联代码
android.permission.INTERNET	危险	完全互联网访问	允许应用程序创建网络套接字。	显示文件 bolts/WebViewAppLinkResolver.java com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Konten.java com/SBStudio/PSP_PPSSPP_Emulator_Games/HttpHandler.java com/airpush/injector/internal/ads/types/vast/VastStatistics.java com/airpush/injector/internal/common/FilesDownloader.java com/airpush/injector/internal/common/ImagesDownloader.java com/airpush/injector/internal/common/api/AdsCommunicator.java com/airpush/injector/internal/common/old/Data.java com/airpush/injector/internal/common/utils/NetworkUtils.java com/airpush/injector/internal/statistics/StatisticsCommunicator.java com/bumptech/glide/load/data/HttpUrlFetcher.java com/gamedragontoha/pspwaruirengcom/Activity/Konten.java com/gamedragontoha/pspwaruirengcom/HttpHandler.java com/nostra13/universalimageloader/core/download/BaseImageDownloader.java com/startapp/android/publish/ads/video/c.java com/startapp/android/publish/ads/video/h.java com/startapp/android/publish/common/commonUtils/f.java com/startapp/android/publish/common/commonUtils/l.java
android.permission.ACCESS_NETWORK_STATE	普通	获取网络状态	允许应用程序查看所有网络的状态。	显示文件 com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Konten.java com/airpush/injector/internal/common/old/Util.java com/airpush/injector/internal/common/utils/DeviceInfoUtils.java com/airpush/injector/internal/common/utils/NetworkUtils.java com/bumptech/glide/manager/DefaultConnectivityMonitor.java com/gamedragontoha/pspwaruirengcom/Activity/Konten.java com/startapp/android/publish/common/BaseRequest.java com/startapp/android/publish/common/commonUtils/l.java com/startapp/android/publish/common/commonUtils/r.java
android.permission.WRITE_EXTERNAL_STORAGE	危险	读取/修改/删除外部存储内容	允许应用程序写入外部存储。	显示文件 com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Konten.java com/airpush/injector/internal/common/FilesDownloader.java com/bumptech/glide/disklrucache/DiskLruCache.java com/bumptech/glide/load/model/StreamEncoder.java com/bumptech/glide/load/resource/bitmap/BitmapEncoder.java com/gamedragontoha/pspwaruirengcom/Activity/Konten.java com/nostra13/universalimageloader/cache/disc/impl/BaseDiskCache.java com/nostra13/universalimageloader/cache/disc/impl/ext/DiskLruCache.java com/startapp/android/publish/ads/video/c.java com/startapp/android/publish/ads/video/h.java com/startapp/android/publish/common/commonUtils/e.java com/startapp/android/publish/common/commonUtils/g.java com/startapp/android/publish/common/commonUtils/n.java
android.permission.WRITE_INTERNAL_STORAGE	未知	未知权限	来自 android 引用的未知权限。

证书安全合规分析

高危

1

警告

0

信息

1

标题	严重程度	描述信息
已签名应用	信息	应用程序已使用代码签名证书进行签名
应用程序存在Janus漏洞	高危	应用程序使用了v1签名方案进行签名，如果只使用v1签名方案，那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序，以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。

Manifest 配置安全分析

高危

0

警告

3

信息

0

屏蔽

0

序号	问题	严重程度	描述信息	操作
1	应用程序可以安装在有漏洞的已更新 Android 版本上 Android 4.1-4.1.2, [minSdk=16]	警告	该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。	对应用 com.gamedragontoha.pspwaruirengcom 屏蔽 vulnerable_os_version 规则
2	应用程序数据可以被备份 [android:allowBackup=true]	警告	这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。	对应用 com.gamedragontoha.pspwaruirengcom 屏蔽 app_allowbackup 规则
3	Broadcast Receiver (com.startapp.android.publish.common.metaData.BootCompleteListener) 未被保护。存在一个intent-filter。	警告	发现 Broadcast Receiver与设备上的其他应用程序共享，因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。	对应用 com.gamedragontoha.pspwaruirengcom 屏蔽 receiver_exported_intent_filter_exists 规则

可浏览 Activity 组件分析

ACTIVITY	INTENT

网络通信安全风险分析

序号	范围	严重级别	描述

API调用分析

API功能	源码文件
一般功能-> 文件操作	显示文件 bolts/AggregateException.java bolts/CancellationTokenRegistration.java bolts/CancellationTokenSource.java bolts/WebViewAppLinkResolver.java com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Beranda.java com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Konten.java com/SBStudio/PSP_PPSSPP_Emulator_Games/HttpHandler.java com/SBStudio/PSP_PPSSPP_Emulator_Games/ListKonten.java com/airpush/injector/internal/activity/AirPushActivity.java com/airpush/injector/internal/ads/actions/OnAdClickAction.java com/airpush/injector/internal/ads/types/appwall/AppWallCreative.java com/airpush/injector/internal/ads/types/landing/LandingCreative.java com/airpush/injector/internal/ads/types/mraid/MraidCreative.java com/airpush/injector/internal/ads/types/mraid/fullscreen/InterstitialActivityController.java com/airpush/injector/internal/ads/types/overlay/OverlayCreative.java com/airpush/injector/internal/ads/types/vast/VastController.java com/airpush/injector/internal/ads/types/vast/VastCreative.java com/airpush/injector/internal/ads/types/vast/VastParser.java com/airpush/injector/internal/ads/types/vast/VastStatistics.java com/airpush/injector/internal/ads/types/vast/models/CompanionAd.java com/airpush/injector/internal/ads/types/vast/models/VastAdParams.java com/airpush/injector/internal/ads/types/vast/models/VastStatisticsEvents.java com/airpush/injector/internal/ads/types/vast/models/VastVideoParams.java com/airpush/injector/internal/common/FilesDownloader.java com/airpush/injector/internal/common/GZIPCompressor.java com/airpush/injector/internal/common/ImagesCacheManager.java com/airpush/injector/internal/common/ImagesDownloader.java com/airpush/injector/internal/common/VideosCacheManager.java com/airpush/injector/internal/common/api/AdsCommunicator.java com/airpush/injector/internal/common/api/ICommunicator.java com/airpush/injector/internal/common/old/Data.java com/airpush/injector/internal/common/old/Util.java com/airpush/injector/internal/common/repository/AdsRepository.java com/airpush/injector/internal/common/repository/IAdsRepository.java com/airpush/injector/internal/common/utils/ByteUtils.java com/airpush/injector/internal/common/utils/DeviceInfoUtils.java com/airpush/injector/internal/common/utils/NetworkUtils.java com/airpush/injector/internal/common/utils/ViewUtils.java com/airpush/injector/internal/statistics/IStatisticsCommunicator.java com/airpush/injector/internal/statistics/Statistics.java com/airpush/injector/internal/statistics/StatisticsCommunicator.java com/airpush/injector/internal/statistics/StatisticsEvent.java com/bumptech/glide/Glide.java com/bumptech/glide/RequestBuilder.java com/bumptech/glide/RequestManager.java com/bumptech/glide/disklrucache/DiskLruCache.java com/bumptech/glide/disklrucache/StrictLineReader.java com/bumptech/glide/disklrucache/Util.java com/bumptech/glide/gifdecoder/GifDecoder.java com/bumptech/glide/gifdecoder/StandardGifDecoder.java com/bumptech/glide/load/Encoder.java com/bumptech/glide/load/HttpException.java com/bumptech/glide/load/ImageHeaderParser.java com/bumptech/glide/load/ImageHeaderParserUtils.java com/bumptech/glide/load/ResourceDecoder.java com/bumptech/glide/load/data/AssetPathFetcher.java com/bumptech/glide/load/data/DataRewinder.java com/bumptech/glide/load/data/ExifOrientationStream.java com/bumptech/glide/load/data/FileDescriptorAssetPathFetcher.java com/bumptech/glide/load/data/FileDescriptorLocalUriFetcher.java com/bumptech/glide/load/data/HttpUrlFetcher.java com/bumptech/glide/load/data/InputStreamRewinder.java com/bumptech/glide/load/data/LocalUriFetcher.java com/bumptech/glide/load/data/StreamAssetPathFetcher.java com/bumptech/glide/load/data/StreamLocalUriFetcher.java com/bumptech/glide/load/data/mediastore/FileService.java com/bumptech/glide/load/data/mediastore/ThumbFetcher.java com/bumptech/glide/load/data/mediastore/ThumbnailStreamOpener.java com/bumptech/glide/load/engine/DataCacheGenerator.java com/bumptech/glide/load/engine/DataCacheWriter.java com/bumptech/glide/load/engine/DecodeHelper.java com/bumptech/glide/load/engine/DecodePath.java com/bumptech/glide/load/engine/GlideException.java com/bumptech/glide/load/engine/ResourceCacheGenerator.java com/bumptech/glide/load/engine/cache/DiskCache.java com/bumptech/glide/load/engine/cache/DiskCacheAdapter.java com/bumptech/glide/load/engine/cache/DiskLruCacheFactory.java com/bumptech/glide/load/engine/cache/DiskLruCacheWrapper.java com/bumptech/glide/load/engine/cache/ExternalCacheDiskCacheFactory.java com/bumptech/glide/load/engine/cache/InternalCacheDiskCacheFactory.java com/bumptech/glide/load/engine/executor/GlideExecutor.java com/bumptech/glide/load/model/AssetUriLoader.java com/bumptech/glide/load/model/ByteArrayLoader.java com/bumptech/glide/load/model/ByteBufferEncoder.java com/bumptech/glide/load/model/ByteBufferFileLoader.java com/bumptech/glide/load/model/DataUrlLoader.java com/bumptech/glide/load/model/FileLoader.java com/bumptech/glide/load/model/MediaStoreFileLoader.java com/bumptech/glide/load/model/ResourceLoader.java com/bumptech/glide/load/model/StreamEncoder.java com/bumptech/glide/load/model/StringLoader.java com/bumptech/glide/load/model/UriLoader.java com/bumptech/glide/load/model/UrlUriLoader.java com/bumptech/glide/load/model/stream/BaseGlideUrlLoader.java com/bumptech/glide/load/model/stream/HttpGlideUrlLoader.java com/bumptech/glide/load/model/stream/HttpUriLoader.java com/bumptech/glide/load/model/stream/MediaStoreImageThumbLoader.java com/bumptech/glide/load/model/stream/MediaStoreVideoThumbLoader.java com/bumptech/glide/load/model/stream/UrlLoader.java com/bumptech/glide/load/resource/bitmap/BitmapDrawableDecoder.java com/bumptech/glide/load/resource/bitmap/BitmapDrawableEncoder.java com/bumptech/glide/load/resource/bitmap/BitmapEncoder.java com/bumptech/glide/load/resource/bitmap/ByteBufferBitmapDecoder.java com/bumptech/glide/load/resource/bitmap/DefaultImageHeaderParser.java com/bumptech/glide/load/resource/bitmap/Downsampler.java com/bumptech/glide/load/resource/bitmap/RecyclableBufferedInputStream.java com/bumptech/glide/load/resource/bitmap/StreamBitmapDecoder.java com/bumptech/glide/load/resource/bitmap/VideoBitmapDecoder.java com/bumptech/glide/load/resource/bytes/ByteBufferRewinder.java com/bumptech/glide/load/resource/file/FileDecoder.java com/bumptech/glide/load/resource/file/FileResource.java com/bumptech/glide/load/resource/gif/ByteBufferGifDecoder.java com/bumptech/glide/load/resource/gif/GifDrawableEncoder.java com/bumptech/glide/load/resource/gif/StreamGifDecoder.java com/bumptech/glide/load/resource/transcode/BitmapBytesTranscoder.java com/bumptech/glide/util/ByteBufferUtil.java com/bumptech/glide/util/ContentLengthInputStream.java com/bumptech/glide/util/ExceptionCatchingInputStream.java com/bumptech/glide/util/MarkEnforcingInputStream.java com/gamedragontoha/pspwaruirengcom/Activity/Beranda.java com/gamedragontoha/pspwaruirengcom/Activity/Konten.java com/gamedragontoha/pspwaruirengcom/HttpHandler.java com/gamedragontoha/pspwaruirengcom/ListKonten.java com/nostra13/universalimageloader/cache/disc/DiskCache.java com/nostra13/universalimageloader/cache/disc/impl/BaseDiskCache.java com/nostra13/universalimageloader/cache/disc/impl/LimitedAgeDiskCache.java com/nostra13/universalimageloader/cache/disc/impl/UnlimitedDiskCache.java com/nostra13/universalimageloader/cache/disc/impl/ext/DiskLruCache.java com/nostra13/universalimageloader/cache/disc/impl/ext/LruDiskCache.java com/nostra13/universalimageloader/cache/disc/impl/ext/StrictLineReader.java com/nostra13/universalimageloader/cache/disc/impl/ext/Util.java com/nostra13/universalimageloader/core/DefaultConfigurationFactory.java com/nostra13/universalimageloader/core/ImageLoaderConfiguration.java com/nostra13/universalimageloader/core/ImageLoaderEngine.java com/nostra13/universalimageloader/core/LoadAndDisplayImageTask.java com/nostra13/universalimageloader/core/assist/ContentLengthInputStream.java com/nostra13/universalimageloader/core/assist/FlushedInputStream.java com/nostra13/universalimageloader/core/assist/deque/LinkedBlockingDeque.java com/nostra13/universalimageloader/core/decode/BaseImageDecoder.java com/nostra13/universalimageloader/core/decode/ImageDecoder.java com/nostra13/universalimageloader/core/download/BaseImageDownloader.java com/nostra13/universalimageloader/core/download/ImageDownloader.java com/nostra13/universalimageloader/utils/DiskCacheUtils.java com/nostra13/universalimageloader/utils/IoUtils.java com/nostra13/universalimageloader/utils/StorageUtils.java com/startapp/android/publish/ads/banner/BannerOptions.java com/startapp/android/publish/ads/banner/a.java com/startapp/android/publish/ads/splash/SplashConfig.java com/startapp/android/publish/ads/splash/d.java com/startapp/android/publish/ads/splash/f.java com/startapp/android/publish/ads/splash/g.java com/startapp/android/publish/ads/video/VideoAdDetails.java com/startapp/android/publish/ads/video/c.java com/startapp/android/publish/ads/video/d.java com/startapp/android/publish/ads/video/e.java com/startapp/android/publish/ads/video/h.java com/startapp/android/publish/ads/video/tracking/AbsoluteTrackingLink.java com/startapp/android/publish/ads/video/tracking/ActionTrackingLink.java com/startapp/android/publish/ads/video/tracking/FractionTrackingLink.java com/startapp/android/publish/ads/video/tracking/VideoTrackingDetails.java com/startapp/android/publish/ads/video/tracking/VideoTrackingLink.java com/startapp/android/publish/adsCommon/Ad.java com/startapp/android/publish/adsCommon/AutoInterstitialPreferences.java com/startapp/android/publish/adsCommon/SDKAdPreferences.java com/startapp/android/publish/adsCommon/StartAppAd.java com/startapp/android/publish/adsCommon/a.java com/startapp/android/publish/adsCommon/a/c.java com/startapp/android/publish/adsCommon/a/e.java com/startapp/android/publish/adsCommon/a/f.java com/startapp/android/publish/adsCommon/a/g.java com/startapp/android/publish/adsCommon/adinformation/AdInformationConfig.java com/startapp/android/publish/adsCommon/adinformation/a.java com/startapp/android/publish/adsCommon/adinformation/c.java com/startapp/android/publish/adsCommon/adinformation/e.java com/startapp/android/publish/adsCommon/b.java com/startapp/android/publish/adsCommon/b/a.java com/startapp/android/publish/adsCommon/c/b.java com/startapp/android/publish/adsCommon/l.java com/startapp/android/publish/b/a/a/c.java com/startapp/android/publish/b/a/c/d.java com/startapp/android/publish/b/a/c/e.java com/startapp/android/publish/b/a/d/a.java com/startapp/android/publish/b/a/e/a.java com/startapp/android/publish/b/a/e/b.java com/startapp/android/publish/b/a/e/d.java com/startapp/android/publish/b/a/e/e.java com/startapp/android/publish/cache/ACMConfig.java com/startapp/android/publish/cache/FailuresHandler.java com/startapp/android/publish/cache/c.java com/startapp/android/publish/cache/d.java com/startapp/android/publish/cache/h.java com/startapp/android/publish/cache/i.java com/startapp/android/publish/common/BaseResponse.java com/startapp/android/publish/common/b/a.java com/startapp/android/publish/common/c/a.java com/startapp/android/publish/common/c/b.java com/startapp/android/publish/common/commonUtils/a.java com/startapp/android/publish/common/commonUtils/b.java com/startapp/android/publish/common/commonUtils/c.java com/startapp/android/publish/common/commonUtils/d.java com/startapp/android/publish/common/commonUtils/e.java com/startapp/android/publish/common/commonUtils/f.java com/startapp/android/publish/common/commonUtils/g.java com/startapp/android/publish/common/commonUtils/k.java com/startapp/android/publish/common/commonUtils/l.java com/startapp/android/publish/common/commonUtils/n.java com/startapp/android/publish/common/commonUtils/r.java com/startapp/android/publish/common/f.java com/startapp/android/publish/common/f/b.java com/startapp/android/publish/common/f/c.java com/startapp/android/publish/common/metaData/LocationConfig.java com/startapp/android/publish/common/metaData/MetaData.java com/startapp/android/publish/common/metaData/MetaDataStyle.java com/startapp/android/publish/common/metaData/a.java com/startapp/android/publish/common/metaData/b.java com/startapp/android/publish/common/metaData/e.java com/startapp/android/publish/common/metaData/f.java com/startapp/android/publish/common/model/AdDetails.java com/startapp/android/publish/common/model/AdPreferences.java com/startapp/android/publish/common/model/SodaPreferences.java
调用java反射机制	显示文件 bolts/MeasurementEvent.java com/airpush/injector/internal/common/IntegrationValidator.java com/airpush/injector/internal/common/Logger.java com/airpush/injector/internal/common/old/Util.java com/airpush/injector/internal/common/utils/NetworkUtils.java com/airpush/injector/internal/common/utils/ViewUtils.java com/airpush/injector/internal/pushes/ico/center/CenterIcoNotification.java com/airpush/injector/internal/pushes/ico/left/LeftIcoNotification.java com/airpush/injector/internal/skeleton/AdLoader.java com/airpush/mediation/AdMobAdapter.java com/airpush/mediation/MoPubBannerAdapter.java com/airpush/mediation/MoPubInterstitialAdapter.java com/bumptech/glide/Glide.java com/bumptech/glide/module/ManifestParser.java com/nostra13/universalimageloader/core/imageaware/ImageViewAware.java com/startapp/android/publish/adsCommon/k.java com/startapp/android/publish/common/c.java com/startapp/android/publish/common/c/a.java com/startapp/android/publish/common/c/b.java com/startapp/android/publish/common/commonUtils/a.java com/startapp/android/publish/common/commonUtils/b.java com/startapp/android/publish/common/commonUtils/r.java
组件-> 发送广播	bolts/MeasurementEvent.java com/airpush/injector/internal/IconAdsCreator.java com/startapp/android/publish/ads/list3d/List3DActivity.java
一般功能-> IPC通信	显示文件 bolts/AppLinkNavigation.java bolts/AppLinks.java bolts/MeasurementEvent.java com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Awal.java com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Beranda.java com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Konten.java com/airpush/injector/internal/AirPushReceiver.java com/airpush/injector/internal/IconAdsCreator.java com/airpush/injector/internal/activity/AirPushActivity.java com/airpush/injector/internal/ads/adchoice/AdChoiceDialog.java com/airpush/injector/internal/ads/types/appwall/AppWallActivityController.java com/airpush/injector/internal/ads/types/landing/LandingActivityController.java com/airpush/injector/internal/ads/types/mraid/MraidWebView.java com/airpush/injector/internal/ads/types/mraid/fullscreen/InterstitialActivityController.java com/airpush/injector/internal/ads/types/overlay/OverlayActivityController.java com/airpush/injector/internal/ads/types/vast/fullscreen/VastActivityController.java com/airpush/injector/internal/common/ClickHandlers.java com/airpush/injector/internal/common/old/Util.java com/airpush/injector/internal/common/utils/DeviceInfoUtils.java com/airpush/injector/internal/pushes/IntentDataExtractor.java com/airpush/injector/internal/pushes/NotificationClickPendingIntentCreator.java com/airpush/injector/internal/pushes/NotificationsClickHandler.java com/airpush/injector/internal/pushes/banner/BannerNotification.java com/airpush/injector/internal/pushes/ico/center/CenterIcoNotification.java com/airpush/injector/internal/pushes/ico/left/LeftIcoNotification.java com/bumptech/glide/manager/DefaultConnectivityMonitor.java com/gamedragontoha/pspwaruirengcom/Activity/Awal.java com/gamedragontoha/pspwaruirengcom/Activity/Beranda.java com/gamedragontoha/pspwaruirengcom/Activity/Konten.java com/startapp/android/publish/a/a.java com/startapp/android/publish/ads/a/b.java com/startapp/android/publish/ads/a/c.java com/startapp/android/publish/ads/b/c.java com/startapp/android/publish/ads/banner/banner3d/Banner3DFace.java com/startapp/android/publish/ads/c/b/b.java com/startapp/android/publish/ads/list3d/List3DActivity.java com/startapp/android/publish/ads/list3d/ListItem.java com/startapp/android/publish/ads/list3d/c.java com/startapp/android/publish/ads/nativead/NativeAdDetails.java com/startapp/android/publish/ads/splash/c.java com/startapp/android/publish/ads/video/f.java com/startapp/android/publish/adsCommon/StartAppAd.java com/startapp/android/publish/adsCommon/activities/OverlayActivity.java com/startapp/android/publish/adsCommon/c.java com/startapp/android/publish/common/a/b.java com/startapp/android/publish/common/b.java com/startapp/android/publish/common/commonUtils/a.java com/startapp/android/publish/common/commonUtils/r.java com/startapp/android/publish/common/metaData/BootCompleteListener.java com/startapp/android/publish/common/metaData/InfoEventService.java com/startapp/android/publish/common/metaData/PeriodicMetaDataService.java com/startapp/android/publish/common/model/AdDetails.java com/startapp/android/publish/html/JsInterface.java com/startapp/android/publish/html/a.java
组件-> 启动 Activity	显示文件 bolts/AppLinkNavigation.java com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Awal.java com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Beranda.java com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Konten.java com/airpush/injector/internal/activity/AirPushActivity.java com/airpush/injector/internal/ads/adchoice/AdChoiceDialog.java com/airpush/injector/internal/common/ClickHandlers.java com/gamedragontoha/pspwaruirengcom/Activity/Awal.java com/gamedragontoha/pspwaruirengcom/Activity/Beranda.java com/gamedragontoha/pspwaruirengcom/Activity/Konten.java com/startapp/android/publish/ads/b/c.java com/startapp/android/publish/ads/c/b/b.java com/startapp/android/publish/adsCommon/StartAppAd.java com/startapp/android/publish/adsCommon/c.java com/startapp/android/publish/html/JsInterface.java
网络通信-> HTTP建立连接	显示文件 bolts/WebViewAppLinkResolver.java com/SBStudio/PSP_PPSSPP_Emulator_Games/HttpHandler.java com/airpush/injector/internal/ads/types/vast/VastStatistics.java com/airpush/injector/internal/common/FilesDownloader.java com/airpush/injector/internal/common/ImagesDownloader.java com/airpush/injector/internal/common/api/AdsCommunicator.java com/airpush/injector/internal/common/old/Data.java com/airpush/injector/internal/statistics/StatisticsCommunicator.java com/bumptech/glide/load/data/HttpUrlFetcher.java com/gamedragontoha/pspwaruirengcom/HttpHandler.java com/nostra13/universalimageloader/core/download/BaseImageDownloader.java com/startapp/android/publish/common/commonUtils/f.java com/startapp/android/publish/common/commonUtils/l.java
网络通信-> URLConnection	显示文件 bolts/WebViewAppLinkResolver.java com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Konten.java com/airpush/injector/internal/ads/types/vast/VastStatistics.java com/airpush/injector/internal/common/FilesDownloader.java com/airpush/injector/internal/common/ImagesDownloader.java com/airpush/injector/internal/common/api/AdsCommunicator.java com/airpush/injector/internal/statistics/StatisticsCommunicator.java com/gamedragontoha/pspwaruirengcom/Activity/Konten.java com/startapp/android/publish/ads/video/c.java
一般功能-> 获取系统服务(getSystemService)	显示文件 com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Konten.java com/airpush/injector/internal/ads/types/vast/VastController.java com/airpush/injector/internal/common/old/Util.java com/airpush/injector/internal/common/utils/DeviceInfoUtils.java com/airpush/injector/internal/common/utils/EnvironmentStateUtils.java com/airpush/injector/internal/common/utils/NetworkUtils.java com/airpush/injector/internal/pushes/banner/BannerNotification.java com/airpush/injector/internal/pushes/ico/center/CenterIcoNotification.java com/airpush/injector/internal/pushes/ico/left/LeftIcoNotification.java com/bumptech/glide/load/engine/cache/MemorySizeCalculator.java com/bumptech/glide/manager/DefaultConnectivityMonitor.java com/bumptech/glide/request/target/NotificationTarget.java com/clockbyte/admobadapter/NativeAdLayoutContext.java com/gamedragontoha/pspwaruirengcom/Activity/Konten.java com/nostra13/universalimageloader/core/DefaultConfigurationFactory.java com/startapp/android/publish/ads/banner/banner3d/Banner3DSize.java com/startapp/android/publish/ads/banner/bannerstandard/BannerStandard.java com/startapp/android/publish/ads/splash/SplashConfig.java com/startapp/android/publish/adsCommon/adinformation/b.java com/startapp/android/publish/common/BaseRequest.java com/startapp/android/publish/common/b/e.java com/startapp/android/publish/common/b/f.java com/startapp/android/publish/common/c.java com/startapp/android/publish/common/commonUtils/b.java com/startapp/android/publish/common/commonUtils/i.java com/startapp/android/publish/common/commonUtils/l.java com/startapp/android/publish/common/commonUtils/r.java com/startapp/android/publish/common/e/b.java
一般功能-> 传感器相关操作	com/startapp/android/publish/common/e/b.java
加密解密-> 信息摘要算法	显示文件 com/airpush/injector/internal/common/old/Util.java com/airpush/injector/internal/common/utils/ByteUtils.java com/bumptech/glide/load/Key.java com/bumptech/glide/load/MultiTransformation.java com/bumptech/glide/load/Option.java com/bumptech/glide/load/Options.java com/bumptech/glide/load/engine/DataCacheKey.java com/bumptech/glide/load/engine/EngineKey.java com/bumptech/glide/load/engine/ResourceCacheKey.java com/bumptech/glide/load/engine/cache/SafeKeyGenerator.java com/bumptech/glide/load/engine/prefill/BitmapPreFillRunner.java com/bumptech/glide/load/model/GlideUrl.java com/bumptech/glide/load/resource/UnitTransformation.java com/bumptech/glide/load/resource/bitmap/BitmapDrawableTransformation.java com/bumptech/glide/load/resource/bitmap/CenterCrop.java com/bumptech/glide/load/resource/bitmap/CenterInside.java com/bumptech/glide/load/resource/bitmap/CircleCrop.java com/bumptech/glide/load/resource/bitmap/FitCenter.java com/bumptech/glide/load/resource/bitmap/RoundedCorners.java com/bumptech/glide/load/resource/bitmap/VideoBitmapDecoder.java com/bumptech/glide/load/resource/gif/GifDrawableTransformation.java com/bumptech/glide/load/resource/gif/GifFrameLoader.java com/bumptech/glide/signature/EmptySignature.java com/bumptech/glide/signature/MediaStoreSignature.java com/bumptech/glide/signature/ObjectKey.java com/nostra13/universalimageloader/cache/disc/naming/Md5FileNameGenerator.java com/startapp/android/publish/ads/video/d.java com/startapp/android/publish/common/commonUtils/c.java com/startapp/android/publish/common/commonUtils/r.java
设备指纹-> getSimOperator	com/airpush/injector/internal/common/old/Util.java com/startapp/android/publish/common/BaseRequest.java
设备指纹-> 查看运营商信息	com/airpush/injector/internal/common/old/Util.java com/startapp/android/publish/common/BaseRequest.java
加密解密-> Base64 加密	com/airpush/injector/internal/common/old/Util.java com/airpush/injector/internal/statistics/StatisticsCryptedStorage.java com/startapp/android/publish/common/commonUtils/r.java
加密解密-> Base64 解密	显示文件 com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Awal.java com/airpush/injector/internal/common/old/Util.java com/airpush/injector/internal/common/utils/ViewUtils.java com/airpush/injector/internal/statistics/StatisticsCryptedStorage.java com/bumptech/glide/load/model/DataUrlLoader.java com/gamedragontoha/pspwaruirengcom/Activity/Awal.java com/startapp/android/publish/common/commonUtils/r.java
隐私数据-> 获取GPS位置信息	com/airpush/injector/internal/common/old/Util.java com/startapp/android/publish/common/BaseRequest.java com/startapp/android/publish/common/commonUtils/i.java
隐私数据-> 获取已安装的应用程序	显示文件 com/airpush/injector/internal/common/old/Util.java com/airpush/injector/internal/common/utils/DeviceInfoUtils.java com/startapp/android/publish/adsCommon/c.java com/startapp/android/publish/common/commonUtils/r.java com/startapp/android/publish/common/g.java
隐私数据-> 用户账户管理	com/airpush/injector/internal/common/old/Util.java
一般功能-> 获取活动网路信息	显示文件 com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Konten.java com/airpush/injector/internal/common/old/Util.java com/airpush/injector/internal/common/utils/NetworkUtils.java com/bumptech/glide/manager/DefaultConnectivityMonitor.java com/gamedragontoha/pspwaruirengcom/Activity/Konten.java com/startapp/android/publish/common/commonUtils/l.java com/startapp/android/publish/common/commonUtils/r.java
一般功能-> 获取WiFi相关信息	com/startapp/android/publish/common/BaseRequest.java com/startapp/android/publish/common/commonUtils/l.java
网络通信-> WebView 相关	显示文件 bolts/WebViewAppLinkResolver.java com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Konten.java com/airpush/injector/internal/ads/adchoice/AdChoiceDialogView.java com/airpush/injector/internal/ads/types/appwall/AppWallWebView.java com/airpush/injector/internal/ads/types/banners/web/WebBannerView.java com/airpush/injector/internal/ads/types/landing/LandingWebView.java com/airpush/injector/internal/ads/types/mraid/MraidWebView.java com/airpush/injector/internal/ads/types/overlay/OverlayWebView.java com/airpush/injector/internal/ads/types/vast/ContentBarView.java com/airpush/injector/internal/ads/types/vast/EndCardView.java com/airpush/injector/internal/ads/types/vast/web/VastWebPlayerView.java com/airpush/injector/internal/common/old/Data.java com/gamedragontoha/pspwaruirengcom/Activity/Konten.java com/startapp/android/publish/ads/a/c.java com/startapp/android/publish/ads/banner/bannerstandard/BannerStandard.java com/startapp/android/publish/ads/splash/d.java com/startapp/android/publish/adsCommon/adinformation/b.java com/startapp/android/publish/adsCommon/c.java com/startapp/android/publish/common/commonUtils/b.java com/startapp/android/publish/common/commonUtils/l.java com/startapp/android/publish/common/commonUtils/r.java com/startapp/android/publish/inappbrowser/a.java
网络通信-> WebView JavaScript接口	显示文件 bolts/WebViewAppLinkResolver.java com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Konten.java com/airpush/injector/internal/ads/types/appwall/AppWallWebView.java com/airpush/injector/internal/ads/types/banners/web/WebBannerView.java com/airpush/injector/internal/ads/types/landing/LandingWebView.java com/airpush/injector/internal/ads/types/mraid/MraidWebView.java com/airpush/injector/internal/ads/types/overlay/OverlayWebView.java com/airpush/injector/internal/ads/types/vast/ContentBarView.java com/airpush/injector/internal/ads/types/vast/EndCardView.java com/airpush/injector/internal/ads/types/vast/web/VastWebPlayerView.java com/gamedragontoha/pspwaruirengcom/Activity/Konten.java com/startapp/android/publish/ads/a/c.java com/startapp/android/publish/ads/banner/bannerstandard/BannerStandard.java com/startapp/android/publish/ads/splash/d.java com/startapp/android/publish/adsCommon/adinformation/b.java com/startapp/android/publish/adsCommon/c.java com/startapp/android/publish/common/commonUtils/r.java com/startapp/android/publish/inappbrowser/a.java
网络通信-> WebView GET请求	显示文件 bolts/WebViewAppLinkResolver.java com/airpush/injector/internal/ads/types/banners/web/WebBannerView.java com/airpush/injector/internal/ads/types/mraid/MraidWebView.java com/airpush/injector/internal/ads/types/overlay/OverlayWebView.java com/airpush/injector/internal/ads/types/vast/ContentBarView.java com/airpush/injector/internal/ads/types/vast/EndCardView.java com/airpush/injector/internal/ads/types/vast/web/VastWebPlayerView.java com/startapp/android/publish/ads/splash/d.java com/startapp/android/publish/ads/splash/i.java com/startapp/android/publish/common/commonUtils/r.java
JavaScript 接口方法	显示文件 bolts/WebViewAppLinkResolver.java com/airpush/injector/internal/ads/types/appwall/AppWallWebView.java com/airpush/injector/internal/ads/types/mraid/MraidJsBridge.java com/airpush/injector/internal/ads/types/mraid/MraidWebView.java com/airpush/injector/internal/ads/types/overlay/OverlayWebView.java com/airpush/injector/internal/ads/types/vast/ContentBarView.java com/airpush/injector/internal/ads/types/vast/EndCardView.java com/airpush/injector/internal/ads/types/vast/web/VastWebPlayerView.java com/startapp/android/publish/ads/splash/JsSplashInterface.java com/startapp/android/publish/ads/video/VideoJsInterface.java com/startapp/android/publish/adsCommon/adinformation/AdInformationJsInterface.java com/startapp/android/publish/html/JsInterface.java
网络通信-> WebView使用File协议	com/airpush/injector/internal/ads/types/vast/web/VastWebPlayerView.java com/startapp/android/publish/ads/splash/d.java
设备指纹-> getAllCellInfo	com/startapp/android/publish/common/commonUtils/b.java
设备指纹-> 获取蜂窝位置信息	com/startapp/android/publish/common/BaseRequest.java
进程操作-> 杀死进程	com/SBStudio/PSP_PPSSPP_Emulator_Games/Activity/Beranda.java com/gamedragontoha/pspwaruirengcom/Activity/Beranda.java
一般功能-> Android通知	显示文件 com/airpush/injector/internal/pushes/banner/BannerNotification.java com/airpush/injector/internal/pushes/ico/center/CenterIcoNotification.java com/airpush/injector/internal/pushes/ico/left/LeftIcoNotification.java com/bumptech/glide/request/target/NotificationTarget.java
网络通信-> TCP套接字	com/airpush/injector/internal/common/utils/NetworkUtils.java
网络通信-> 蓝牙连接	com/startapp/android/publish/common/a/a.java com/startapp/android/publish/common/a/b.java
组件-> 启动 Service	com/startapp/android/publish/common/commonUtils/a.java com/startapp/android/publish/common/metaData/BootCompleteListener.java
进程操作-> 获取运行的进程\服务	com/startapp/android/publish/common/commonUtils/r.java
隐私数据-> 屏幕截图，截取自己应用内部界面	com/bumptech/glide/load/resource/bitmap/TransformationUtils.java
一般功能-> PowerManager操作	com/airpush/injector/internal/common/utils/EnvironmentStateUtils.java

安全漏洞检测

高危

2

警告

8

信息

1

安全

0

屏蔽

0

序号	问题	等级	参考标准	文件位置	操作
1	应用程序记录日志信息,不得记录敏感信息	信息	CWE: CWE-532: 通过日志文件的信息暴露 OWASP MASVS: MSTG-STORAGE-3	升级会员：解锁高级权限	对应用 com.gamedragontoha.pspwaruirengcom 屏蔽 android_logging 规则仅对这些文件屏蔽 android_logging 规则
2	文件可能包含硬编码的敏感信息，如用户名、密码、密钥等	警告	CWE: CWE-312: 明文存储敏感信息 OWASP Top 10: M9: Reverse Engineering OWASP MASVS: MSTG-STORAGE-14	升级会员：解锁高级权限	对应用 com.gamedragontoha.pspwaruirengcom 屏蔽 android_hardcoded 规则仅对这些文件屏蔽 android_hardcoded 规则
3	应用程序可以读取/写入外部存储器，任何应用程序都可以读取写入外部存储器的数据	警告	CWE: CWE-276: 默认权限不正确 OWASP Top 10: M2: Insecure Data Storage OWASP MASVS: MSTG-STORAGE-2	升级会员：解锁高级权限	对应用 com.gamedragontoha.pspwaruirengcom 屏蔽 android_read_write_external 规则仅对这些文件屏蔽 android_read_write_external 规则
4	MD5是已知存在哈希冲突的弱哈希	警告	CWE: CWE-327: 使用已被攻破或存在风险的密码学算法 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-4	升级会员：解锁高级权限	对应用 com.gamedragontoha.pspwaruirengcom 屏蔽 android_md5 规则仅对这些文件屏蔽 android_md5 规则
5	SHA-1是已知存在哈希冲突的弱哈希	警告	CWE: CWE-327: 使用已被攻破或存在风险的密码学算法 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-4	升级会员：解锁高级权限	对应用 com.gamedragontoha.pspwaruirengcom 屏蔽 android_sha1 规则仅对这些文件屏蔽 android_sha1 规则
6	不安全的Web视图实现。可能存在WebView任意代码执行漏洞	警告	CWE: CWE-749: 暴露危险方法或函数 OWASP Top 10: M1: Improper Platform Usage OWASP MASVS: MSTG-PLATFORM-7	升级会员：解锁高级权限	对应用 com.gamedragontoha.pspwaruirengcom 屏蔽 android_webview 规则仅对这些文件屏蔽 android_webview 规则
7	WebView域控制不严格漏洞	高危	CWE: CWE-73: 外部控制文件名或路径	升级会员：解锁高级权限	对应用 com.gamedragontoha.pspwaruirengcom 屏蔽 android_webview_domain_control_week 规则仅对这些文件屏蔽 android_webview_domain_control_week 规则
8	应用程序使用不安全的随机数生成器	警告	CWE: CWE-330: 使用不充分的随机数 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-6	升级会员：解锁高级权限	对应用 com.gamedragontoha.pspwaruirengcom 屏蔽 android_insecure_random 规则仅对这些文件屏蔽 android_insecure_random 规则
9	IP地址泄露	警告	CWE: CWE-200: 信息泄露 OWASP MASVS: MSTG-CODE-2	升级会员：解锁高级权限	对应用 com.gamedragontoha.pspwaruirengcom 屏蔽 android_ip_disclosure 规则仅对这些文件屏蔽 android_ip_disclosure 规则
10	应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库	警告	CWE: CWE-89: SQL命令中使用的特殊元素转义处理不恰当（'SQL 注入'） OWASP Top 10: M7: Client Code Quality	升级会员：解锁高级权限	对应用 com.gamedragontoha.pspwaruirengcom 屏蔽 android_sql_raw_query 规则仅对这些文件屏蔽 android_sql_raw_query 规则
11	如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView，那么这个应用程序可能会遭受跨站脚本攻击	高危	CWE: CWE-79: 在Web页面生成时对输入的转义处理不恰当（'跨站脚本'） OWASP Top 10: M1: Improper Platform Usage OWASP MASVS: MSTG-PLATFORM-6	升级会员：解锁高级权限	对应用 com.gamedragontoha.pspwaruirengcom 屏蔽 android_webview_xss 规则仅对这些文件屏蔽 android_webview_xss 规则

Native库安全分析

No Shared Objects found.

序号	动态库	NX(堆栈禁止执行)	PIE	STACK CANARY(栈保护)	RELRO	RPATH（指定SO搜索路径）	RUNPATH（指定SO搜索路径）	FORTIFY(常用函数加强检查)	SYMBOLS STRIPPED(裁剪符号表)

文件分析

序号	问题	文件

敏感权限分析

恶意软件常用权限 0/30

其它常用权限 3/46

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_EXTERNAL_STORAGE

恶意软件常用权限 是被已知恶意软件广泛滥用的权限。
其它常用权限 是已知恶意软件经常滥用的权限。

IP地理位置

恶意域名检测

域名	状态	中国境内	位置信息
settings.crashlytics.com	安全	否	没有可用的地理位置信息。
imp.startappservice.com	安全	否	IP地址: 168.138.188.189 国家: Singapore 地区: Singapore 城市: Singapore 查看: Google 地图
info.static.startappservice.com	安全	否	IP地址: 152.195.62.69 国家: United States of America 地区: Virginia 城市: Ashburn 查看: Google 地图
init.startappservice.com	安全	否	IP地址: 168.138.175.122 国家: Singapore 地区: Singapore 城市: Singapore 查看: Google 地图
graph-video.s	安全	否	没有可用的地理位置信息。
opensource.org	安全	否	IP地址: 199.16.172.170 国家: United States of America 地区: Texas 城市: San Antonio 查看: Google 地图
googleads.g.doubleclick.net	安全	是	IP地址: 180.163.150.38 国家: China 地区: Shanghai 城市: Shanghai 查看: 高德地图
daneden.me	安全	否	IP地址: 76.76.21.123 国家: United States of America 地区: California 城市: Walnut 查看: Google 地图
pagead2.googlesyndication.com	安全	是	IP地址: 180.163.151.38 国家: China 地区: Shanghai 城市: Shanghai 查看: 高德地图
d1byvlfiet2h9q.cloudfront.net	安全	否	IP地址: 13.226.123.184 国家: Hong Kong 地区: Hong Kong 城市: Hong Kong 查看: Google 地图
dl.dropboxusercontent.com	安全	否	IP地址: 162.125.85.15 国家: United States of America 地区: California 城市: San Francisco 查看: Google 地图
api.airpush.com	安全	否	IP地址: 142.0.206.124 国家: United States of America 地区: Texas 城市: Dallas 查看: Google 地图
www.startapp.com	安全	否	IP地址: 44.213.51.131 国家: United States of America 地区: Virginia 城市: Ashburn 查看: Google 地图
facebook.com	安全	否	IP地址: 157.240.211.35 国家: Hong Kong 地区: Hong Kong 城市: Hong Kong 查看: Google 地图
lh6.ggpht.com	安全	否	IP地址: 142.250.66.129 国家: United States of America 地区: California 城市: Mountain View 查看: Google 地图
www.startappexchange.com	安全	否	IP地址: 168.138.175.122 国家: Singapore 地区: Singapore 城市: Singapore 查看: Google 地图
example.com	安全	否	IP地址: 93.184.216.34 国家: United States of America 地区: Virginia 城市: Ashburn 查看: Google 地图
www.dummy.com	安全	否	IP地址: 199.59.243.225 国家: United States of America 地区: Florida 城市: Tampa 查看: Google 地图
cdnap.airpush.com	安全	否	没有可用的地理位置信息。
graph.s	安全	否	没有可用的地理位置信息。
csi.gstatic.com	安全	否	IP地址: 216.239.32.3 国家: United States of America 地区: California 城市: Mountain View 查看: Google 地图
apportal.airpush.com	安全	否	没有可用的地理位置信息。
e.crashlytics.com	安全	否	没有可用的地理位置信息。
fabric.crash.io	安全	否	没有可用的地理位置信息。

手机号提取

URL链接分析

URL信息	源码文件
javascript:boltsWebViewAppLinkResolverResult.setValue((function()	bolts/WebViewAppLinkResolver.java
https://api.airpush.com/appwall/getid.php	com/airpush/injector/internal/AppWallAdCreator.java
https://api.airpush.com/inappads/testinappadcall.php https://api.airpush.com/inappads/inappadcall.php	com/airpush/injector/internal/Banner360AdCreator.java
https://api.airpush.com/v2/api.php	com/airpush/injector/internal/IconAdsCreator.java
https://api.airpush.com/inappads/testinappadcall.php https://api.airpush.com/inappads/inappadcall.php	com/airpush/injector/internal/InlineBannerAdCreator.java
https://api.airpush.com/mraid/adcall.php https://api.airpush.com/mraid/mraidadcall.php	com/airpush/injector/internal/InterstitialAdCreator.java
https://api.airpush.com/fullpage/adcall.php	com/airpush/injector/internal/LandingAdCreator.java
https://api.airpush.com/v2/api.php	com/airpush/injector/internal/NotificationAdsCreator.java
https://api.airpush.com/overlayads/overlayadcall.php	com/airpush/injector/internal/OverlayAdCreator.java
https://api.airpush.com/lp/getinterstitialads.php	com/airpush/injector/internal/SmartWallAdCreator.java
https://api.airpush.com/Vast/vastadcall.php	com/airpush/injector/internal/VastAdCreator.java
http://cdnap.airpush.com/ap/index.html	com/airpush/injector/internal/ads/adchoice/AdChoiceDialogView.java
https://api.airpush.com/Vast/handle_events.php	com/airpush/injector/internal/ads/types/vast/VastStatistics.java
http://apportal.airpush.com/ep/url	com/airpush/injector/internal/common/old/Data.java
http://example.com	com/airpush/injector/internal/common/utils/DeviceInfoUtils.java
8.8.8.8	com/airpush/injector/internal/common/utils/NetworkUtils.java
https://api.airpush.com/v2/api.php	com/airpush/injector/internal/icons/IconStatisticsEvent.java
https://api.airpush.com/v2/api.php	com/airpush/injector/internal/pushes/NotificationStatisticsEvent.java
data:image	com/bumptech/glide/load/model/DataUrlLoader.java
https://dl.dropboxusercontent.com/s/nzmnsy87oujotc3/psp%20waruireng%202.json	com/gamedragontoha/pspwaruirengcom/AppaActivity.java
https://dl.dropboxusercontent.com/s/bjfuu6ib1ankc0u/tes.json	com/SBStudio/PSP_PPSSPP_Emulator_Games/AppaActivity.java
http://www.dummy.com	com/startapp/android/publish/ads/nativead/NativeAdDetails.java
http://daneden.me/animate http://opensource.org/licenses/MIT https://lh6.ggpht.com/Vo9wbFH89BbDbWFhUezQZOGPKmfkJSAtIbVWk3QxPbvJwcR8I79EVuI0aB41a-je7x-6=w200 data:image/png;base64, javascript:splash_fadeout()	com/startapp/android/publish/ads/splash/d.java
http://www.startappexchange.com/tracking/adClick	com/startapp/android/publish/adsCommon/b.java
http://d1byvlfiet2h9q.cloudfront.net/InApp/resources/adInformationDialog3.html http://www.startapp.com/policy/sdk-policy/ http://info.static.startappservice.com/InApp/resources/info_l.png	com/startapp/android/publish/adsCommon/adinformation/AdInformationConfig.java
javascript:window.onload=function(){document.getElementById('titlePlacement').innerText='	com/startapp/android/publish/adsCommon/adinformation/b.java
http://www.startappexchange.com/tracking/adImpression	com/startapp/android/publish/common/Constants.java
https://imp.startappservice.com/tracking/infoEvent	com/startapp/android/publish/common/b/a.java
http://www.startappexchange.com	com/startapp/android/publish/common/commonUtils/r.java
https://init.startappservice.com/1.4/ http://www.startappexchange.com/1.4/	com/startapp/android/publish/common/metaData/MetaData.java
javascript:window.onload=function(){document.getElementById('titlePlacement').innerText=' https://www.googleapis.com/auth/fitness.body.read https://api.airpush.com/Vast/handle_events.php https://www.googleapis.com/auth/fitness.location.write https://api.airpush.com/appwall/getid.php https://fabric.crash.io/sign_up, https://www.googleapis.com/auth/fitness.activity.write https://e.crashlytics.com/spi/v2/events https://graph-video.%s javascript:boltsWebViewAppLinkResolverResult.setValue((function() https://csi.gstatic.com/csi https://lh6.ggpht.com/Vo9wbFH89BbDbWFhUezQZOGPKmfkJSAtIbVWk3QxPbvJwcR8I79EVuI0aB41a-je7x-6=w200 1.3.2.79 https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40.html https://dl.dropboxusercontent.com/s/bjfuu6ib1ankc0u/tes.json https://www.googleapis.com/auth/drive.file data:image https://developers.facebook.com/docs/android/getting-started https://www.googleapis.com/auth/fitness.body.write https://www.googleapis.com/auth/plus.me https://api.airpush.com/fullpage/adcall.php http://apportal.airpush.com/ep/url https://dl.dropboxusercontent.com/s/nzmnsy87oujotc3/psp%20waruireng%202.json 2.5.2.79 https://www.googleapis.com/auth/appstate https://developers.facebook.com/docs/sharing/android https://www.googleapis.com/auth/drive.appdata http://info.static.startappservice.com/InApp/resources/info_l.png https://www.googleapis.com/auth/fitness.nutrition.read http://cdnap.airpush.com/ap/index.html https://www.googleapis.com/auth/fitness.location.read https://.facebook.com 1.1.3.61 https://www.googleapis.com/auth/fitness.activity.read https://api.airpush.com/inappads/inappadcall.php https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_interstitial.js https://pagead2.googlesyndication.com/pagead/gen_204?id=gmob-apps https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_expanded_banner.js https://api.airpush.com/mraid/adcall.php https://www.googleapis.com/auth/games http://daneden.me/animate http://opensource.org/licenses/MIT https://api.airpush.com/overlayads/overlayadcall.php 2.3.5.79 https://www.googleapis.com/auth/fitness.nutrition.write http://www.example.com https://api.airpush.com/mraid/mraidadcall.php https://api.airpush.com/Vast/vastadcall.php https://api.airpush.com/lp/getinterstitialads.php javascript:splash_fadeout() http://example.com https://api.airpush.com/inappads/testinappadcall.php https://api.airpush.com/v2/api.php https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/mraid/v2/mraid_app_banner.js 1.3.6.79 https://graph.%s http://plus.google.com/ http://www.dummy.com data:image/png;base64, http://www.startapp.com/policy/sdk-policy/ https://pagead2.googlesyndication.com/pagead/gen_204 https://settings.crashlytics.com/spi/v2/platforms/android/apps/%s/settings http://www.startappexchange.com 8.8.8.8 https://www.googleapis.com/auth/plus.login https://facebook.com https://www.googleapis.com/auth/datastoremobile http://d1byvlfiet2h9q.cloudfront.net/InApp/resources/adInformationDialog3.html	自研引擎分析结果

Firebase配置检测

邮箱地址提取

EMAIL	源码文件
android@android.com0	自研引擎分析结果

第三方追踪器

名称	类别	网址
Airpush	Advertisement	https://reports.exodus-privacy.eu.org/trackers/337
Facebook Analytics	Analytics	https://reports.exodus-privacy.eu.org/trackers/66
Facebook Login	Identification	https://reports.exodus-privacy.eu.org/trackers/67
Facebook Places		https://reports.exodus-privacy.eu.org/trackers/69
Facebook Share		https://reports.exodus-privacy.eu.org/trackers/70
Google AdMob	Advertisement	https://reports.exodus-privacy.eu.org/trackers/312
Google CrashLytics	Crash reporting	https://reports.exodus-privacy.eu.org/trackers/27
Startapp	Analytics, Advertisement	https://reports.exodus-privacy.eu.org/trackers/195

敏感凭证泄露

已显示 15 个secrets

1、 "com_facebook_device_auth_instructions" : "facebook.com/deviceにアクセスして、上のコードを入力してください。"
2、 "com_facebook_device_auth_instructions" : "前往facebook.com/device</b&gt，並輸入上方顯示的代碼。"
3、 "com_facebook_device_auth_instructions" : "请访问facebook.com/device并输入以上验证码。"
4、 "com_facebook_device_auth_instructions" : "前往facebook.com/device</b&gt，並輸入上方顯示的代碼。"
5、 7fd34eb33a471feb972c26d13e35f31b428536c3
6、 3i2ndDfv2rTHiSisAbouNdArYfORhtTPEefj3q2f
7、 Y29tLnBzcHdhcnVpcmVuZ2NvbS5nYW1lZHJhZ29udG9oYQ==
8、 8a3c4b262d721acd49a4bf97d5213199c86fa2b9
9、 5e8f16062ea3cd2c4a0d547876baa6f38cabf625
10、 42893825-3d6a-41e1-9b47-93180fe2b3b2
11、 Y29tLlNCU3R1ZGlvLlBTUF9QUFNTUFBfRW11bGF0b3JfR2FtZXM=
12、 a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc
13、 51ff84a4ebf155b7d3f554698421f4daf4e58cc8
14、 470fa2b4ae81cd56ecbcda9735803434cec591fa
15、 com/Vo9wbFH89BbDbWFhUezQZOGPKmfkJSAtIbVWk3QxPbvJwcR8I79EVuI0aB41a

字符串信息

建议导出为TXT，方便查看。

活动列表

显示 12 个 activities

服务列表

显示 2 个 services

广播接收者列表

显示 2 个 receivers

内容提供者列表

显示 1 个 providers

1 . com.facebook.internal.FacebookInitProvider

第三方SDK

SDK名称	开发者	描述信息
Google Play Service	Google	借助 Google Play 服务，您的应用可以利用由 Google 提供的最新功能，例如地图，Google+ 等，并通过 Google Play 商店以 APK 的形式分发自动平台更新。这样一来，您的用户可以更快地接收更新，并且可以更轻松地集成 Google 必须提供的最新信息。
File Provider	Android	FileProvider 是 ContentProvider 的特殊子类，它通过创建 content://Uri 代替 file:///Uri 以促进安全分享与应用程序关联的文件。

污点分析

当apk较大时，代码量会很大，造成数据流图（ICFG）呈现爆炸式增长，所以该功能比较耗时，请先喝杯咖啡，耐心等待……

规则名称	描述信息	操作
病毒分析	使用安卓恶意软件常用的API进行污点分析	开始分析
漏洞挖掘	漏洞挖掘场景下的污点分析	开始分析
隐私合规	隐私合规场景下的污点分析：组件内污点传播、组件间污点传播、组件与库函数之间的污点传播	开始分析
密码分析	分析加密算法是否使用常量密钥、静态初始化的向量（IV）、加密模式是否使用ECB等	开始分析
Callback	因为Android中系统级的Callback并不会出现显式地进行回调方法的调用，所以如果需要分析Callback方法需要在声明文件中将其声明，这里提供一份AndroidCallbacks.txt文件，里面是一些常见的原生回调接口或类，如果有特殊接口需求，可以联系管理员	开始分析