萝莉社 2.4.8.1版本 | 静态分析 _南明离火移动安全分析平台

安全声明：本平台专为移动应用安全风险研究与合规评估设计，严禁用于任何非法用途。如有疑问或建议，欢迎加入微信群交流。

应用图标

应用评分

文件基本信息

文件名称

萝莉社.apk

文件大小

9.35MB

MD5

d574e1b45a1fa681e55412d988404f67

SHA1

27b3e5e585723eca9ed518aa79c26439e8cc1436

SHA256

c4f72bdcbd8d82b6653f43278f6c7504b86e0594de15182c702fa591a97f6596

病毒检测

⚠️ 5 个厂商报毒⚠️

应用基础信息

应用名称

萝莉社

包名

newabv.dmm.singiwkk.zkzhyw1

主活动

com.hqzx.hqzxdetail.activity.SplashActivity

目标SDK

31

最小SDK

22

版本号

2.4.8.1

子版本号

9

加固信息

未加壳

组件导出状态统计

查看 Activity 组件

查看 Service 组件

查看 Receiver 组件

查看 Provider 组件

扫描与分析选项

重新扫描管理规则动态分析

反编译与源码导出

Manifest文件查看

APK文件成为会员，解锁下载

Java源代码查看 -- 下载

文件结构与资源列表

应用签名证书信息

二进制文件已签名
v1 签名: True
v2 签名: True
v3 签名: True
v4 签名: False
主题: C=beijing, ST=beijing, L=beijing, O=yz1721075206059, OU=jp1721075206059, CN=qdir
签名算法: rsassa_pkcs1v15
有效期自: 2024-07-15 20:26:53+00:00
有效期至: 2074-07-03 20:26:53+00:00
发行人: C=beijing, ST=beijing, L=beijing, O=yz1721075206059, OU=jp1721075206059, CN=qdir
序列号: 0x5eeb9fa0
哈希算法: sha512
证书MD5: ece75d194abd275623cdbe95ebb18d5b
证书SHA1: 251152a48f5ca535c19ddbb48cff4c173be892e5
证书SHA256: 792899ce7d5d63c26590c3082e1a66d4eed13c61b03e8c4465e890ad19c21593
证书SHA512: 87c9e4a6d1345af287dbbfe08f6b99ebbc25ad772bff1ef3360a7be68f41be0e107ac53f77471c5d25210948f3e583045e4275d48ff4da85c401acbd72c14e58
公钥算法: rsa
密钥长度: 4096
指纹: 3ea45084822a995f0f86197f0005684f76baf59fbd55d1028e104384c449a3b3
找到 1 个唯一证书

权限声明与风险分级

权限名称	安全等级	权限内容	权限描述	关联代码
android.permission.INTERNET	危险	完全互联网访问	允许应用程序创建网络套接字。	显示文件 com/arialyy/aria/core/AriaConfig.java com/arialyy/aria/core/common/HttpOption.java com/arialyy/aria/http/ConnectionHelp.java com/arialyy/aria/http/download/HttpDFileInfoTask.java com/arialyy/aria/http/download/HttpDThreadTaskAdapter.java com/arialyy/aria/http/upload/HttpUThreadTaskAdapter.java com/arialyy/aria/m3u8/M3U8InfoTask.java com/arialyy/aria/m3u8/M3U8ThreadTaskAdapter.java com/arialyy/aria/util/AriaServiceLoader.java com/chiclaim/android/downloader/EmbedDownloader.java com/chiclaim/android/downloader/util/NetworkHelper.java com/chiclaim/android/downloader/util/Utils.java com/danikula/videocache/HttpProxyCache.java com/danikula/videocache/HttpProxyCacheServer.java com/danikula/videocache/HttpUrlSource.java com/danikula/videocache/Pinger.java com/hqzx/hqzxdetail/utils/HtmlImageGetter.java com/kk/taurus/playerbase/cache/PreloadTask.java com/maning/updatelibrary/http/DownloadFileUtils.java com/snail/antifake/deviceid/IpScanner.java com/zhouyou/http/EasyHttp.java fi/iki/elonen/NanoHTTPD.java org/jsoup/Connection.java org/jsoup/Jsoup.java org/jsoup/helper/HttpConnection.java org/minidns/dane/DaneVerifier.java org/minidns/dnsmessage/DnsMessage.java org/minidns/dnsserverlookup/AndroidUsingExec.java org/minidns/source/NetworkDataSource.java
android.permission.ACCESS_NETWORK_STATE	普通	获取网络状态	允许应用程序查看所有网络的状态。	显示文件 com/arialyy/aria/core/AriaConfig.java com/arialyy/aria/util/NetUtils.java com/chiclaim/android/downloader/util/NetworkHelper.java com/draggable/library/extension/Utils.java com/hqzx/hqzxdetail/utils/GetDeviceId.java com/kk/taurus/playerbase/utils/NetworkUtils.java com/snail/antifake/deviceid/AndroidDeviceIMEIUtil.java com/snail/antifake/deviceid/deviceid/DeviceIdUtil.java com/snail/antifake/deviceid/deviceid/IPhoneSubInfoUtil.java com/snail/antifake/deviceid/deviceid/ITelephonyUtil.java com/snail/antifake/deviceid/emulator/EmuCheckUtil.java com/snail/antifake/deviceid/macaddress/IWifiManagerUtil.java com/zhouyou/http/utils/Utils.java xyz/doikki/videoplayer/util/PlayerUtils.java
android.permission.READ_PRIVILEGED_PHONE_STATE	未知	未知权限	来自 android 引用的未知权限。	显示文件 com/snail/antifake/deviceid/deviceid/IPhoneSubInfoUtil.java com/snail/antifake/deviceid/deviceid/ITelephonyUtil.java
android.permission.WRITE_EXTERNAL_STORAGE	危险	读取/修改/删除外部存储内容	允许应用程序写入外部存储。	显示文件 com/arialyy/aria/http/download/HttpDThreadTaskAdapter.java com/arialyy/aria/m3u8/BaseM3U8Loader.java com/arialyy/aria/m3u8/M3U8InfoTask.java com/arialyy/aria/m3u8/M3U8ThreadTaskAdapter.java com/arialyy/aria/m3u8/live/LiveStateManager.java com/arialyy/aria/util/FileUtil.java com/chiclaim/android/downloader/EmbedDownloader.java com/draggable/library/extension/glide/GlideHelper.java com/hqzx/hqzxdetail/activity/ShareActivity.java com/hqzx/hqzxdetail/utils/GetDeviceId.java com/hqzx/hqzxdetail/webview/FileUtil.java com/jakewharton/disklrucache/DiskLruCache.java com/lxj/xpopup/util/XPopupUtils.java com/maning/updatelibrary/http/DownloadFileUtils.java com/zhouyou/http/subsciber/DownloadSubscriber.java fi/iki/elonen/NanoHTTPD.java
android.permission.MOUNT_UNMOUNT_FILESYSTEMS	危险	装载和卸载文件系统	允许应用程序装载和卸载可移动存储器的文件系统。
android.permission.REQUEST_INSTALL_PACKAGES	危险	允许安装应用程序	Android8.0 以上系统允许安装未知来源应用程序权限。
android.permission.ACCESS_WIFI_STATE	普通	查看Wi-Fi状态	允许应用程序查看有关Wi-Fi状态的信息。	显示文件 com/arialyy/aria/core/AriaConfig.java com/chiclaim/android/downloader/util/NetworkHelper.java com/snail/antifake/deviceid/macaddress/IWifiManagerUtil.java com/snail/antifake/deviceid/macaddress/MacAddressUtils.java
android.permission.CHANGE_WIFI_STATE	危险	改变Wi-Fi状态	允许应用程序改变Wi-Fi状态。	显示文件 com/snail/antifake/deviceid/macaddress/IWifiManagerUtil.java
android.permission.READ_PHONE_STATE	危险	读取手机状态和标识	允许应用程序访问设备的手机功能。有此权限的应用程序可确定此手机的号码和序列号，是否正在通话，以及对方的号码等。	显示文件 com/hqzx/hqzxdetail/utils/GetDeviceId.java com/snail/antifake/deviceid/AndroidDeviceIMEIUtil.java com/snail/antifake/deviceid/deviceid/DeviceIdUtil.java com/snail/antifake/deviceid/deviceid/IPhoneSubInfoUtil.java com/snail/antifake/deviceid/deviceid/ITelephonyUtil.java com/snail/antifake/deviceid/emulator/EmuCheckUtil.java
android.permission.CALL_PHONE	危险	直接拨打电话	允许应用程序直接拨打电话。恶意程序会在用户未知的情况下拨打电话造成损失。但不被允许拨打紧急电话。

证书安全合规分析

高危

0

警告

1

信息

1

标题	严重程度	描述信息
已签名应用	信息	应用程序已使用代码签名证书进行签名

Manifest 配置安全分析

高危

0

警告

2

信息

0

屏蔽

0

序号	问题	严重程度	描述信息	操作
1	应用程序可以安装在有漏洞的已更新 Android 版本上 Android 5.1-5.1.1, [minSdk=22]	信息	该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 vulnerable_os_version 规则
2	应用程序已启用明文网络流量 [android:usesCleartextTraffic=true]	警告	应用程序打算使用明文网络流量，例如明文HTTP，FTP协议，DownloadManager和MediaPlayer。针对API级别27或更低的应用程序，默认值为“true”。针对API级别28或更高的应用程序，默认值为“false”。避免使用明文流量的主要原因是缺乏机密性，真实性和防篡改保护；网络攻击者可以窃听传输的数据，并且可以在不被检测到的情况下修改它。	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 clear_text_traffic 规则
3	应用程序具有网络安全配置 [android:networkSecurityConfig=@xml/network_https_config]	信息	网络安全配置功能让应用程序可以在一个安全的，声明式的配置文件中自定义他们的网络安全设置，而不需要修改应用程序代码。这些设置可以针对特定的域名和特定的应用程序进行配置。	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 has_network_security 规则
4	Broadcast Receiver (com.chiclaim.android.downloader.SystemDownloadReceiver) 未被保护。 [android:exported=true]	警告	发现 Broadcast Receiver与设备上的其他应用程序共享，因此可被设备上的任何其他应用程序访问。	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 receiver_explicitly_exported 规则

可浏览 Activity 组件分析

ACTIVITY	INTENT
com.hqzx.hqzxdetail.activity.SplashActivity	Schemes: kni70m://,

网络通信安全风险分析

高危

1

警告

0

信息

0

安全

0

序号	范围	严重级别	描述
1	*	高危	基本配置不安全地配置为允许到所有域的明文流量。

API调用分析

API功能	源码文件
一般功能-> 文件操作	显示文件 cn/bingoogolapple/bgabanner/BGABannerUtil.java com/apkfuns/logutils/Log2FileConfig.java com/apkfuns/logutils/Log2FileConfigImpl.java com/apkfuns/logutils/Logger.java com/apkfuns/logutils/file/LogFileEngine.java com/arialyy/aria/core/AriaConfig.java com/arialyy/aria/core/AriaManager.java com/arialyy/aria/core/common/AbsEntity.java com/arialyy/aria/core/common/RecordHandler.java com/arialyy/aria/core/common/RecordHelper.java com/arialyy/aria/core/common/SubThreadConfig.java com/arialyy/aria/core/config/AppConfig.java com/arialyy/aria/core/config/BaseConfig.java com/arialyy/aria/core/config/BaseTaskConfig.java com/arialyy/aria/core/config/Configuration.java com/arialyy/aria/core/config/DGroupConfig.java com/arialyy/aria/core/config/DownloadConfig.java com/arialyy/aria/core/config/UploadConfig.java com/arialyy/aria/core/download/CheckDEntityUtil.java com/arialyy/aria/core/download/CheckDGEntityUtil.java com/arialyy/aria/core/download/CheckFtpDirEntityUtil.java com/arialyy/aria/core/download/M3U8Entity.java com/arialyy/aria/core/group/AbsGroupLoader.java com/arialyy/aria/core/group/SimpleSchedulers.java com/arialyy/aria/core/loader/AbsNormalLoader.java com/arialyy/aria/core/loader/AbsNormalTTBuilderAdapter.java com/arialyy/aria/core/loader/GroupSubThreadStateManager.java com/arialyy/aria/core/loader/NormalLoader.java com/arialyy/aria/core/loader/NormalThreadStateManager.java com/arialyy/aria/core/loader/SubLoader.java com/arialyy/aria/core/loader/UploadThreadStateManager.java com/arialyy/aria/core/manager/DTaskWrapperFactory.java com/arialyy/aria/core/task/ThreadTask.java com/arialyy/aria/core/upload/CheckUEntityUtil.java com/arialyy/aria/core/upload/target/UNormalConfigHandler.java com/arialyy/aria/http/ChunkedInputStream.java com/arialyy/aria/http/ConnectionHelp.java com/arialyy/aria/http/download/HttpDFileInfoTask.java com/arialyy/aria/http/download/HttpDTTBuilderAdapter.java com/arialyy/aria/http/download/HttpDThreadTaskAdapter.java com/arialyy/aria/http/upload/HttpUThreadTaskAdapter.java com/arialyy/aria/m3u8/BaseM3U8Loader.java com/arialyy/aria/m3u8/M3U8InfoTask.java com/arialyy/aria/m3u8/M3U8TaskOption.java com/arialyy/aria/m3u8/M3U8ThreadTaskAdapter.java com/arialyy/aria/m3u8/live/LiveStateManager.java com/arialyy/aria/m3u8/live/M3U8LiveLoader.java com/arialyy/aria/m3u8/vod/M3U8VodLoader.java com/arialyy/aria/m3u8/vod/VodRecordHandler.java com/arialyy/aria/m3u8/vod/VodStateManager.java com/arialyy/aria/orm/DatabaseContext.java com/arialyy/aria/orm/SqlHelper.java com/arialyy/aria/util/AriaServiceLoader.java com/arialyy/aria/util/BufferedRandomAccessFile.java com/arialyy/aria/util/CommonUtil.java com/arialyy/aria/util/DbDataHelper.java com/arialyy/aria/util/DeleteDRecord.java com/arialyy/aria/util/DeleteM3u8Record.java com/arialyy/aria/util/ErrorHelp.java com/arialyy/aria/util/FileUtil.java com/arialyy/aria/util/RecordUtil.java com/arialyy/aria/util/SSLContextUtil.java com/chiclaim/android/downloader/DownloadRequest.java com/chiclaim/android/downloader/EmbedDownloader.java com/chiclaim/android/downloader/SystemDownloader.java com/chiclaim/android/downloader/UpgradeDialogActivity.java com/chiclaim/android/downloader/util/InstallUtils.java com/chiclaim/android/downloader/util/MD5.java com/chiclaim/android/downloader/util/NotifierUtils.java com/chiclaim/android/downloader/util/SpHelper.java com/chiclaim/android/downloader/util/Utils.java com/danikula/videocache/ByteArrayCache.java com/danikula/videocache/ByteArraySource.java com/danikula/videocache/CacheListener.java com/danikula/videocache/Config.java com/danikula/videocache/GetRequest.java com/danikula/videocache/HttpProxyCache.java com/danikula/videocache/HttpProxyCacheServer.java com/danikula/videocache/HttpProxyCacheServerClients.java com/danikula/videocache/HttpUrlSource.java com/danikula/videocache/IgnoreHostProxySelector.java com/danikula/videocache/Pinger.java com/danikula/videocache/ProxyCacheUtils.java com/danikula/videocache/StorageUtils.java com/danikula/videocache/file/DiskUsage.java com/danikula/videocache/file/FileCache.java com/danikula/videocache/file/Files.java com/danikula/videocache/file/LruDiskUsage.java com/danikula/videocache/file/TotalCountLruDiskUsage.java com/danikula/videocache/file/TotalSizeLruDiskUsage.java com/danikula/videocache/file/UnlimitedDiskUsage.java com/draggable/library/core/DraggableParamsInfo.java com/draggable/library/extension/ImagesViewerActivity.java com/draggable/library/extension/entities/DraggableImageInfo.java com/draggable/library/extension/glide/FileTarget.java com/draggable/library/extension/glide/GlideHelper.java com/fm/openinstall/OpenInstall.java com/fm/openinstall/model/AppData.java com/hjq/permissions/PermissionChecker.java com/hjq/permissions/PermissionUtils.java com/hqzx/hqzxdetail/activity/DetailsActivity$delFile$1.java com/hqzx/hqzxdetail/activity/DetailsActivity.java com/hqzx/hqzxdetail/activity/FullVideoActivity.java com/hqzx/hqzxdetail/activity/LouFengActivity.java com/hqzx/hqzxdetail/activity/MoveDetilsActivity.java com/hqzx/hqzxdetail/activity/ShareActivity.java com/hqzx/hqzxdetail/activity/WebViewActivity.java com/hqzx/hqzxdetail/activity/WebViewYsActivity.java com/hqzx/hqzxdetail/activity/ZhiBoActivity.java com/hqzx/hqzxdetail/adapter/service/MyServer.java com/hqzx/hqzxdetail/app/App$resolveDnsTxt$1.java com/hqzx/hqzxdetail/app/App.java com/hqzx/hqzxdetail/broadcast/DownloadBroadcast.java com/hqzx/hqzxdetail/dialog/DialogUpdateUtils.java com/hqzx/hqzxdetail/fragment/HomeMovieFragment.java com/hqzx/hqzxdetail/fragment/VideoPlayerFragment.java com/hqzx/hqzxdetail/utils/Base64.java com/hqzx/hqzxdetail/utils/DataCleanManager.java com/hqzx/hqzxdetail/utils/GetDeviceId.java com/hqzx/hqzxdetail/utils/HtmlImageGetter.java com/hqzx/hqzxdetail/utils/SharePreferenceUtil.java com/hqzx/hqzxdetail/viewmodel/HomeMovieFragmentViewModel.java com/hqzx/hqzxdetail/webview/FileUtil.java com/jakewharton/disklrucache/DiskLruCache.java com/jakewharton/disklrucache/StrictLineReader.java com/jakewharton/disklrucache/Util.java com/kk/taurus/playerbase/AVPlayer.java com/kk/taurus/playerbase/cache/PreloadManager.java com/kk/taurus/playerbase/cache/PreloadTask.java com/kk/taurus/playerbase/entity/DataSource.java com/kk/taurus/playerbase/entity/TimedTextSource.java com/kk/taurus/playerbase/render/AspectRatio.java com/lxj/xpopup/interfaces/XPopupImageLoader.java com/lxj/xpopup/util/ImageHeaderParser.java com/lxj/xpopup/util/XPopupUtils.java com/maning/updatelibrary/InstallUtils.java com/maning/updatelibrary/http/DownloadFileUtils.java com/maning/updatelibrary/http/ProgressResponseBody.java com/maning/updatelibrary/utils/MNUtils.java com/snail/antifake/deviceid/IpScanner.java com/snail/antifake/deviceid/ShellAdbUtils.java com/snail/antifake/deviceid/emulator/EmuCheckUtil.java com/zhouyou/http/EasyHttp.java com/zhouyou/http/body/RequestBodyUtils.java com/zhouyou/http/body/UIProgressResponseCallBack.java com/zhouyou/http/body/UploadProgressRequestBody.java com/zhouyou/http/cache/RxCache.java com/zhouyou/http/cache/converter/GsonDiskConverter.java com/zhouyou/http/cache/converter/IDiskConverter.java com/zhouyou/http/cache/converter/SerializableDiskConverter.java com/zhouyou/http/cache/core/LruDiskCache.java com/zhouyou/http/cache/model/CacheResult.java com/zhouyou/http/cookie/PersistentCookieStore.java com/zhouyou/http/cookie/SerializableOkHttpCookies.java com/zhouyou/http/exception/ApiException.java com/zhouyou/http/func/ApiResultFunc.java com/zhouyou/http/https/HttpsUtils.java com/zhouyou/http/interceptor/BaseDynamicInterceptor.java com/zhouyou/http/interceptor/BaseExpiredInterceptor.java com/zhouyou/http/interceptor/CacheInterceptor.java com/zhouyou/http/interceptor/CacheInterceptorOffline.java com/zhouyou/http/interceptor/GzipRequestInterceptor.java com/zhouyou/http/interceptor/HeadersInterceptor.java com/zhouyou/http/interceptor/HttpLoggingInterceptor.java com/zhouyou/http/interceptor/NoCacheInterceptor.java com/zhouyou/http/model/HttpHeaders.java com/zhouyou/http/model/HttpParams.java com/zhouyou/http/request/BaseBodyRequest.java com/zhouyou/http/request/BaseRequest.java com/zhouyou/http/subsciber/DownloadSubscriber.java com/zhouyou/http/utils/Utils.java fi/iki/elonen/NanoHTTPD.java fi/iki/elonen/util/ServerRunner.java org/jsoup/Connection.java org/jsoup/HttpStatusException.java org/jsoup/Jsoup.java org/jsoup/UncheckedIOException.java org/jsoup/UnsupportedMimeTypeException.java org/jsoup/helper/DataUtil.java org/jsoup/helper/HttpConnection.java org/jsoup/helper/W3CDom.java org/jsoup/internal/ConstrainableInputStream.java org/jsoup/nodes/Attribute.java org/jsoup/nodes/Attributes.java org/jsoup/nodes/CDataNode.java org/jsoup/nodes/Comment.java org/jsoup/nodes/DataNode.java org/jsoup/nodes/DocumentType.java org/jsoup/nodes/Element.java org/jsoup/nodes/Entities.java org/jsoup/nodes/Node.java org/jsoup/nodes/TextNode.java org/jsoup/nodes/XmlDeclaration.java org/jsoup/parser/CharacterReader.java org/jsoup/parser/HtmlTreeBuilder.java org/jsoup/parser/Parser.java org/jsoup/parser/TreeBuilder.java org/jsoup/parser/XmlTreeBuilder.java org/minidns/AbstractDnsClient.java org/minidns/DnsClient.java org/minidns/MiniDnsException.java org/minidns/MiniDnsFuture.java org/minidns/MiniDnsInitialization.java org/minidns/dane/DaneVerifier.java org/minidns/dnslabel/DnsLabel.java org/minidns/dnsmessage/DnsMessage.java org/minidns/dnsmessage/Question.java org/minidns/dnsname/DnsName.java org/minidns/dnssec/DnssecClient.java org/minidns/dnssec/DnssecValidationFailedException.java org/minidns/dnssec/Verifier.java org/minidns/dnssec/algorithms/DsaSignatureVerifier.java org/minidns/dnssec/algorithms/EcdsaSignatureVerifier.java org/minidns/dnssec/algorithms/EcgostSignatureVerifier.java org/minidns/dnssec/algorithms/RsaSignatureVerifier.java org/minidns/dnsserverlookup/AndroidUsingExec.java org/minidns/dnsserverlookup/UnixUsingEtcResolvConf.java org/minidns/edns/EdnsOption.java org/minidns/hla/DnssecResolverApi.java org/minidns/hla/ResolverApi.java org/minidns/hla/SrvResolverResult.java org/minidns/iterative/IterativeDnsClient.java org/minidns/iterative/ReliableDnsClient.java org/minidns/record/A.java org/minidns/record/AAAA.java org/minidns/record/CNAME.java org/minidns/record/DLV.java org/minidns/record/DNAME.java org/minidns/record/DNSKEY.java org/minidns/record/DS.java org/minidns/record/Data.java org/minidns/record/DelegatingDnssecRR.java org/minidns/record/InternetAddressRR.java org/minidns/record/MX.java org/minidns/record/NS.java org/minidns/record/NSEC.java org/minidns/record/NSEC3.java org/minidns/record/NSEC3PARAM.java org/minidns/record/OPENPGPKEY.java org/minidns/record/OPT.java org/minidns/record/PTR.java org/minidns/record/RRSIG.java org/minidns/record/RRWithTarget.java org/minidns/record/Record.java org/minidns/record/SOA.java org/minidns/record/SRV.java org/minidns/record/TLSA.java org/minidns/record/TXT.java org/minidns/record/UNKNOWN.java org/minidns/source/AbstractDnsDataSource.java org/minidns/source/DnsDataSource.java org/minidns/source/NetworkDataSource.java org/minidns/source/NetworkDataSourceWithAccounting.java org/minidns/util/MultipleIoException.java xyz/doikki/videoplayer/player/BaseVideoView.java
组件-> 启动 Activity	显示文件 com/chiclaim/android/downloader/UpgradeDialogActivity.java com/chiclaim/android/downloader/UpgradePermissionDialogActivity.java com/chiclaim/android/downloader/util/InstallUtils.java com/chiclaim/android/downloader/util/SettingUtils.java com/draggable/library/extension/ImagesViewerActivity.java com/hjq/permissions/PermissionFragment.java com/hjq/permissions/XXPermissions.java com/hqzx/hqzxdetail/activity/BaseActivity.java com/hqzx/hqzxdetail/activity/WebActivity2.java com/hqzx/hqzxdetail/activity/WebViewActivity222.java com/hqzx/hqzxdetail/broadcast/DownloadBroadcast.java com/hqzx/hqzxdetail/utils/IntentUtils.java com/lxj/xpermission/XPermission.java com/maning/updatelibrary/InstallUtils.java com/maning/updatelibrary/utils/OnActResultEventDispatcherFragment.java
一般功能-> IPC通信	显示文件 com/apkfuns/logutils/parser/IntentParse.java com/apkfuns/logutils/parser/LocalParserManager.java com/arialyy/aria/core/scheduler/TaskSchedulers.java com/arialyy/aria/util/CommonUtil.java com/chiclaim/android/downloader/DownloadService.java com/chiclaim/android/downloader/Downloader.java com/chiclaim/android/downloader/SystemDownloadReceiver.java com/chiclaim/android/downloader/UpgradeDialogActivity.java com/chiclaim/android/downloader/UpgradePermissionDialogActivity.java com/chiclaim/android/downloader/util/InstallUtils.java com/chiclaim/android/downloader/util/NotifierUtils.java com/chiclaim/android/downloader/util/SettingUtils.java com/draggable/library/extension/ImagesViewerActivity.java com/draggable/library/extension/glide/GlideHelper.java com/fm/openinstall/OpenInstall.java com/fm/openinstall/OpenInstallHelper.java com/hjq/permissions/PermissionFragment.java com/hjq/permissions/PermissionSettingPage.java com/hjq/permissions/XXPermissions.java com/hqzx/hqzxdetail/activity/BaseActivity.java com/hqzx/hqzxdetail/activity/CGDetailsActivity$$ARouter$$Autowired.java com/hqzx/hqzxdetail/activity/DetailsActivity$$ARouter$$Autowired.java com/hqzx/hqzxdetail/activity/DetailsActivity.java com/hqzx/hqzxdetail/activity/FullVideoActivity$$ARouter$$Autowired.java com/hqzx/hqzxdetail/activity/LouFengActivity$$ARouter$$Autowired.java com/hqzx/hqzxdetail/activity/LouFengActivity.java com/hqzx/hqzxdetail/activity/MainActivity.java com/hqzx/hqzxdetail/activity/MoveDetilsActivity$$ARouter$$Autowired.java com/hqzx/hqzxdetail/activity/MoveDetilsActivity2$$ARouter$$Autowired.java com/hqzx/hqzxdetail/activity/SearchActivity$$ARouter$$Autowired.java com/hqzx/hqzxdetail/activity/ShareActivity.java com/hqzx/hqzxdetail/activity/SplashActivity$setImg$1.java com/hqzx/hqzxdetail/activity/SplashActivity.java com/hqzx/hqzxdetail/activity/WebActivity2$$ARouter$$Autowired.java com/hqzx/hqzxdetail/activity/WebActivity2.java com/hqzx/hqzxdetail/activity/WebViewActivity$$ARouter$$Autowired.java com/hqzx/hqzxdetail/activity/WebViewActivity.java com/hqzx/hqzxdetail/activity/WebViewActivity222$$ARouter$$Autowired.java com/hqzx/hqzxdetail/activity/WebViewActivity222.java com/hqzx/hqzxdetail/activity/WebViewYsActivity$$ARouter$$Autowired.java com/hqzx/hqzxdetail/activity/WebViewYsActivity.java com/hqzx/hqzxdetail/activity/ZhiBoActivity$$ARouter$$Autowired.java com/hqzx/hqzxdetail/activity/ZhiBoActivity.java com/hqzx/hqzxdetail/broadcast/DownloadBroadcast.java com/hqzx/hqzxdetail/fragment/MoveFragment.java com/hqzx/hqzxdetail/utils/IntentUtils.java com/hqzx/hqzxdetail/view/FullTitleView.java com/hqzx/hqzxdetail/webview/X5ProcessInitService.java com/kk/taurus/playerbase/AVPlayer.java com/kk/taurus/playerbase/extension/NetworkEventProducer.java com/kk/taurus/playerbase/player/IPlayerProxy.java com/kk/taurus/playerbase/record/RecordProxyPlayer.java com/lxj/xpermission/XPermission.java com/maning/updatelibrary/InstallUtils.java com/maning/updatelibrary/utils/ActForResultCallback.java com/maning/updatelibrary/utils/ActResultRequest.java com/maning/updatelibrary/utils/OnActResultEventDispatcherFragment.java com/snail/antifake/IEmulatorCheck.java com/snail/antifake/deviceid/AndroidDeviceIMEIUtil.java com/snail/antifake/deviceid/BatteryChangeReceiver.java com/snail/antifake/deviceid/androidid/ISettingUtils.java com/snail/antifake/deviceid/deviceid/IPhoneSubInfoUtil.java com/snail/antifake/deviceid/deviceid/ITelephonyUtil.java com/snail/antifake/deviceid/emulator/EmuCheckUtil.java com/snail/antifake/jni/EmulatorCheckService.java org/repackage/a/a/a/a.java org/repackage/a/a/a/a/b.java org/repackage/a/a/a/a/c.java xyz/doikki/videocontroller/component/TitleView.java
调用java反射机制	显示文件 cn/bingoogolapple/bgabanner/BGAViewPager.java com/apkfuns/logutils/parser/ActivityParse.java com/apkfuns/logutils/parser/IntentParse.java com/apkfuns/logutils/utils/ObjectUtil.java com/arialyy/aria/core/AriaManager.java com/arialyy/aria/core/TaskOptionParams.java com/arialyy/aria/core/common/ProxyHelper.java com/arialyy/aria/core/event/EventMsgUtil.java com/arialyy/aria/core/inf/AbsReceiver.java com/arialyy/aria/core/processor/ProxyHandler.java com/arialyy/aria/core/scheduler/TaskSchedulers.java com/arialyy/aria/orm/DelegateFind.java com/arialyy/aria/orm/DelegateUpdate.java com/arialyy/aria/orm/SqlUtil.java com/arialyy/aria/util/AriaServiceLoader.java com/arialyy/aria/util/CommonUtil.java com/arialyy/aria/util/ComponentUtil.java com/arialyy/aria/util/FileUtil.java com/hjq/permissions/PermissionChecker.java com/hqzx/hqzxdetail/img/GlideUtilsKt$loadNetGif$1.java com/hqzx/hqzxdetail/utils/ScreenUtil.java com/kk/taurus/playerbase/config/PlayerLoader.java com/kk/taurus/playerbase/utils/Utils.java com/leaf/library/StatusBarUtil.java com/lxj/xpopup/util/navbar/OSUtils.java com/snail/antifake/deviceid/BinderUtil.java com/snail/antifake/deviceid/androidid/ISettingUtils.java com/snail/antifake/deviceid/deviceid/IPhoneSubInfoUtil.java com/snail/antifake/deviceid/deviceid/ITelephonyUtil.java com/snail/antifake/deviceid/macaddress/IWifiManagerUtil.java com/snail/antifake/deviceid/macaddress/MacAddressUtils.java com/zhouyou/http/cache/RxCache.java com/zhouyou/http/model/HttpHeaders.java org/minidns/dnsserverlookup/AndroidUsingReflection.java org/minidns/util/PlatformDetection.java xyz/doikki/videoplayer/util/PlayerUtils.java
一般功能-> 获取系统服务(getSystemService)	显示文件 com/arialyy/aria/core/AriaConfig.java com/arialyy/aria/util/FileUtil.java com/arialyy/aria/util/NetUtils.java com/chiclaim/android/downloader/SystemDownloadManager.java com/chiclaim/android/downloader/SystemDownloadReceiver.java com/chiclaim/android/downloader/UpgradeDialogActivity.java com/chiclaim/android/downloader/util/NetworkHelper.java com/chiclaim/android/downloader/util/NotifierUtils.java com/draggable/library/extension/Utils.java com/hjq/permissions/PermissionUtils.java com/hqzx/hqzxdetail/activity/ShareActivity.java com/hqzx/hqzxdetail/activity/WebViewActivity.java com/hqzx/hqzxdetail/activity/WebViewYsActivity.java com/hqzx/hqzxdetail/app/App.java com/hqzx/hqzxdetail/fragment/JiaFenFragment.java com/hqzx/hqzxdetail/utils/GetDeviceId.java com/hqzx/hqzxdetail/utils/KeybordUtil.java com/hqzx/hqzxdetail/utils/LocationUtils.java com/hqzx/hqzxdetail/utils/ScreenUtil.java com/kk/taurus/playerbase/utils/NetworkUtils.java com/kk/taurus/playerbase/widget/BaseVideoView.java com/kk/taurus/playerbase/window/WindowHelper.java com/lxj/xpermission/XPermission.java com/lxj/xpopup/core/BasePopupView.java com/lxj/xpopup/impl/FullScreenPopupView.java com/lxj/xpopup/impl/PartShadowPopupView.java com/lxj/xpopup/util/KeyboardUtils.java com/lxj/xpopup/util/XPopupUtils.java com/snail/antifake/deviceid/AndroidDeviceIMEIUtil.java com/snail/antifake/deviceid/CrashHandler.java com/snail/antifake/deviceid/deviceid/DeviceIdUtil.java com/snail/antifake/deviceid/deviceid/IPhoneSubInfoUtil.java com/snail/antifake/deviceid/deviceid/ITelephonyUtil.java com/snail/antifake/deviceid/emulator/EmuCheckUtil.java com/snail/antifake/deviceid/macaddress/IWifiManagerUtil.java com/snail/antifake/deviceid/macaddress/MacAddressUtils.java com/zhouyou/http/utils/Utils.java xyz/doikki/videoplayer/controller/GestureVideoController.java xyz/doikki/videoplayer/player/AudioFocusHelper.java xyz/doikki/videoplayer/util/PlayerUtils.java
一般功能-> 获取活动网路信息	显示文件 com/arialyy/aria/util/NetUtils.java com/draggable/library/extension/Utils.java com/kk/taurus/playerbase/utils/NetworkUtils.java com/zhouyou/http/utils/Utils.java xyz/doikki/videoplayer/util/PlayerUtils.java
网络通信-> OkHttpClient Connection	com/maning/updatelibrary/http/DownloadFileUtils.java com/zhouyou/http/EasyHttp.java com/zhouyou/http/request/BaseRequest.java
DEX-> 动态加载	显示文件 com/arialyy/aria/core/common/ProxyHelper.java com/arialyy/aria/util/ComponentUtil.java com/snail/antifake/deviceid/macaddress/MacAddressUtils.java xyz/doikki/videoplayer/util/CutoutUtil.java
网络通信-> TCP套接字	显示文件 com/chiclaim/android/downloader/util/Utils.java com/danikula/videocache/HttpProxyCache.java com/danikula/videocache/HttpProxyCacheServer.java com/danikula/videocache/HttpProxyCacheServerClients.java com/danikula/videocache/IgnoreHostProxySelector.java com/danikula/videocache/Pinger.java com/hqzx/hqzxdetail/utils/GetDeviceId.java com/snail/antifake/deviceid/IpScanner.java com/snail/antifake/deviceid/macaddress/MacAddressUtils.java com/zhouyou/http/exception/ApiException.java com/zhouyou/http/func/RetryExceptionFunc.java fi/iki/elonen/NanoHTTPD.java org/jsoup/internal/ConstrainableInputStream.java org/minidns/source/NetworkDataSource.java
一般功能-> 获取WiFi相关信息	com/snail/antifake/deviceid/macaddress/IWifiManagerUtil.java com/snail/antifake/deviceid/macaddress/MacAddressUtils.java
一般功能-> 获取网络接口信息	com/snail/antifake/deviceid/IpScanner.java com/snail/antifake/deviceid/macaddress/MacAddressUtils.java
网络通信-> TCP服务器套接字	com/danikula/videocache/HttpProxyCacheServer.java fi/iki/elonen/NanoHTTPD.java
进程操作-> 杀死进程	显示文件 com/arialyy/aria/util/AriaCrashHandler.java com/chiclaim/android/downloader/UpgradeDialogActivity.java com/hqzx/hqzxdetail/adapter/service/MyServer.java com/snail/antifake/deviceid/CrashHandler.java com/snail/antifake/jni/EmulatorCheckService.java fi/iki/elonen/util/ServerRunner.java
进程操作-> 获取进程pid	显示文件 com/arialyy/aria/util/AriaCrashHandler.java com/chiclaim/android/downloader/UpgradeDialogActivity.java com/snail/antifake/deviceid/CrashHandler.java com/snail/antifake/jni/EmulatorCheckService.java
进程操作-> 获取运行的进程\服务	com/chiclaim/android/downloader/UpgradeDialogActivity.java com/snail/antifake/deviceid/CrashHandler.java
命令执行-> getRuntime.exec()	显示文件 com/maning/updatelibrary/utils/MNUtils.java com/snail/antifake/deviceid/IpScanner.java com/snail/antifake/deviceid/ShellAdbUtils.java org/minidns/dnsserverlookup/AndroidUsingExec.java
一般功能-> 加载so文件	com/snail/antifake/jni/EmulatorDetectUtil.java com/snail/antifake/jni/PropertiesGet.java
加密解密-> 信息摘要算法	显示文件 com/arialyy/aria/util/CommonUtil.java com/chiclaim/android/downloader/util/MD5.java com/danikula/videocache/ProxyCacheUtils.java com/draggable/library/extension/glide/MD5Utils.java com/hqzx/hqzxdetail/utils/GetDeviceId.java com/hqzx/hqzxdetail/utils/MessageDigetUtils.java com/hqzx/hqzxdetail/view/GlideRoundTransform.java org/minidns/dane/DaneVerifier.java org/minidns/dnssec/algorithms/JavaSecDigestCalculator.java org/repackage/a/a/a/a/c.java
网络通信-> HTTPS建立连接	com/arialyy/aria/http/ConnectionHelp.java org/jsoup/helper/HttpConnection.java org/minidns/dane/DaneVerifier.java
隐私数据-> 剪贴板数据读写操作	com/hqzx/hqzxdetail/activity/ShareActivity.java com/hqzx/hqzxdetail/app/App.java com/hqzx/hqzxdetail/fragment/JiaFenFragment.java
网络通信-> WebView 相关	显示文件 com/hqzx/hqzxdetail/activity/CGDetailsActivity.java com/hqzx/hqzxdetail/activity/WebActivity2.java com/hqzx/hqzxdetail/activity/WebViewActivity.java com/hqzx/hqzxdetail/activity/WebViewYsActivity.java com/hqzx/hqzxdetail/fragment/JiaFenFragment.java
组件-> 发送广播	com/arialyy/aria/core/scheduler/TaskSchedulers.java com/draggable/library/extension/glide/GlideHelper.java com/hqzx/hqzxdetail/activity/ShareActivity.java
组件-> 启动 Service	com/chiclaim/android/downloader/Downloader.java com/snail/antifake/deviceid/emulator/EmuCheckUtil.java org/repackage/a/a/a/a/c.java
网络通信-> WebView JavaScript接口	显示文件 com/hqzx/hqzxdetail/activity/CGDetailsActivity.java com/hqzx/hqzxdetail/activity/WebActivity2.java com/hqzx/hqzxdetail/activity/WebViewActivity.java com/hqzx/hqzxdetail/activity/WebViewYsActivity.java
网络通信-> WebView使用File协议	显示文件 com/hqzx/hqzxdetail/activity/CGDetailsActivity.java com/hqzx/hqzxdetail/activity/WebActivity2.java com/hqzx/hqzxdetail/activity/WebViewActivity.java com/hqzx/hqzxdetail/activity/WebViewActivity222.java com/hqzx/hqzxdetail/activity/WebViewYsActivity.java
一般功能-> Android通知	com/chiclaim/android/downloader/util/NotifierUtils.java
网络通信-> HTTP建立连接	显示文件 com/arialyy/aria/http/ConnectionHelp.java com/arialyy/aria/http/download/HttpDFileInfoTask.java com/arialyy/aria/http/download/HttpDThreadTaskAdapter.java com/arialyy/aria/http/upload/HttpUThreadTaskAdapter.java com/arialyy/aria/m3u8/M3U8InfoTask.java com/arialyy/aria/m3u8/M3U8ThreadTaskAdapter.java com/chiclaim/android/downloader/EmbedDownloader.java com/danikula/videocache/HttpUrlSource.java com/kk/taurus/playerbase/cache/PreloadTask.java org/jsoup/helper/HttpConnection.java
隐私数据-> 获取已安装的应用程序	com/hjq/permissions/PermissionSettingPage.java com/lxj/xpermission/XPermission.java
一般功能-> 查看\修改Android系统属性	com/leaf/library/StatusBarUtil.java com/lxj/xpopup/util/navbar/OSUtils.java org/minidns/dnsserverlookup/AndroidUsingReflection.java
网络通信-> UDP数据包	com/snail/antifake/deviceid/IpScanner.java org/minidns/dnsmessage/DnsMessage.java org/minidns/source/NetworkDataSource.java
加密解密-> Base64 加密	com/arialyy/aria/util/CommonUtil.java
加密解密-> Base64 解密	com/arialyy/aria/util/CommonUtil.java
网络通信-> URLConnection	显示文件 com/arialyy/aria/http/ConnectionHelp.java com/arialyy/aria/http/upload/HttpUThreadTaskAdapter.java com/chiclaim/android/downloader/EmbedDownloader.java org/jsoup/helper/HttpConnection.java
隐私数据-> 获取GPS位置信息	com/hqzx/hqzxdetail/utils/LocationUtils.java
设备指纹-> 查看本机IMSI	com/snail/antifake/deviceid/AndroidDeviceIMEIUtil.java
网络通信-> SSL证书处理	显示文件 com/maning/updatelibrary/http/DownloadFileUtils.java com/zhouyou/http/https/HttpsUtils.java org/jsoup/Connection.java org/jsoup/helper/HttpConnection.java
加密解密-> Crypto加解密组件	com/hqzx/hqzxdetail/utils/AESCrypt.java org/minidns/dnssec/algorithms/JavaSecSignatureVerifier.java
网络通信-> UDP数据报套接字	com/snail/antifake/deviceid/IpScanner.java org/minidns/source/NetworkDataSource.java
网络通信-> WebView GET请求	com/hqzx/hqzxdetail/activity/CGDetailsActivity.java
一般功能-> 设置手机铃声，媒体音量	xyz/doikki/videoplayer/controller/GestureVideoController.java

安全漏洞检测

高危

4

警告

9

信息

2

安全

1

屏蔽

0

序号	问题	等级	参考标准	文件位置	操作
1	应用程序记录日志信息,不得记录敏感信息	信息	CWE: CWE-532: 通过日志文件的信息暴露 OWASP MASVS: MSTG-STORAGE-3	升级会员：解锁高级权限	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 android_logging 规则仅对这些文件屏蔽 android_logging 规则
2	文件可能包含硬编码的敏感信息，如用户名、密码、密钥等	警告	CWE: CWE-312: 明文存储敏感信息 OWASP Top 10: M9: Reverse Engineering OWASP MASVS: MSTG-STORAGE-14	升级会员：解锁高级权限	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 android_hardcoded 规则仅对这些文件屏蔽 android_hardcoded 规则
3	此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击	安全	OWASP MASVS: MSTG-NETWORK-4	升级会员：解锁高级权限	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 android_ssl_pinning 规则仅对这些文件屏蔽 android_ssl_pinning 规则
4	IP地址泄露	警告	CWE: CWE-200: 信息泄露 OWASP MASVS: MSTG-CODE-2	升级会员：解锁高级权限	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 android_ip_disclosure 规则仅对这些文件屏蔽 android_ip_disclosure 规则
5	应用程序创建临时文件。敏感信息永远不应该被写进临时文件	警告	CWE: CWE-276: 默认权限不正确 OWASP Top 10: M2: Insecure Data Storage OWASP MASVS: MSTG-STORAGE-2	升级会员：解锁高级权限	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 android_temp_file 规则仅对这些文件屏蔽 android_temp_file 规则
6	应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库	警告	CWE: CWE-89: SQL命令中使用的特殊元素转义处理不恰当（'SQL 注入'） OWASP Top 10: M7: Client Code Quality	升级会员：解锁高级权限	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 android_sql_raw_query 规则仅对这些文件屏蔽 android_sql_raw_query 规则
7	应用程序可以读取/写入外部存储器，任何应用程序都可以读取写入外部存储器的数据	警告	CWE: CWE-276: 默认权限不正确 OWASP Top 10: M2: Insecure Data Storage OWASP MASVS: MSTG-STORAGE-2	升级会员：解锁高级权限	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 android_read_write_external 规则仅对这些文件屏蔽 android_read_write_external 规则
8	MD5是已知存在哈希冲突的弱哈希	警告	CWE: CWE-327: 使用已被攻破或存在风险的密码学算法 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-4	升级会员：解锁高级权限	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 android_md5 规则仅对这些文件屏蔽 android_md5 规则
9	此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板，因为其他应用程序可以访问它	信息	OWASP MASVS: MSTG-STORAGE-10	升级会员：解锁高级权限	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 android_clipboard_copy 规则仅对这些文件屏蔽 android_clipboard_copy 规则
10	应用程序使用不安全的随机数生成器	警告	CWE: CWE-330: 使用不充分的随机数 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-6	升级会员：解锁高级权限	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 android_insecure_random 规则仅对这些文件屏蔽 android_insecure_random 规则
11	SHA-1是已知存在哈希冲突的弱哈希	警告	CWE: CWE-327: 使用已被攻破或存在风险的密码学算法 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-4	升级会员：解锁高级权限	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 android_sha1 规则仅对这些文件屏蔽 android_sha1 规则
12	可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息	警告	CWE: CWE-200: 信息泄露 OWASP Top 10: M1: Improper Platform Usage OWASP MASVS: MSTG-PLATFORM-7	升级会员：解锁高级权限	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 android_webview_allow_file_from_url 规则仅对这些文件屏蔽 android_webview_allow_file_from_url 规则
13	已启用远程WebView调试	高危	CWE: CWE-919: 移动应用程序中的弱点 OWASP Top 10: M1: Improper Platform Usage OWASP MASVS: MSTG-RESILIENCE-2	升级会员：解锁高级权限	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 android_webview_debug 规则仅对这些文件屏蔽 android_webview_debug 规则
14	默认情况下，调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知，ECB模式很弱，因为它导致相同明文块的密文相同	高危	CWE: CWE-327: 使用已被攻破或存在风险的密码学算法 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-2	升级会员：解锁高级权限	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 android_aws_ecb_default 规则仅对这些文件屏蔽 android_aws_ecb_default 规则
15	该文件是World Writable。任何应用程序都可以写入文件	高危	CWE: CWE-276: 默认权限不正确 OWASP Top 10: M2: Insecure Data Storage OWASP MASVS: MSTG-STORAGE-2	升级会员：解锁高级权限	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 android_world_writable 规则仅对这些文件屏蔽 android_world_writable 规则
16	如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView，那么这个应用程序可能会遭受跨站脚本攻击	高危	CWE: CWE-79: 在Web页面生成时对输入的转义处理不恰当（'跨站脚本'） OWASP Top 10: M1: Improper Platform Usage OWASP MASVS: MSTG-PLATFORM-6	升级会员：解锁高级权限	对应用 newabv.dmm.singiwkk.zkzhyw1 屏蔽 android_webview_xss 规则仅对这些文件屏蔽 android_webview_xss 规则

Native库安全分析

No Shared Objects found.

序号	动态库	NX(堆栈禁止执行)	PIE	STACK CANARY(栈保护)	RELRO	RPATH（指定SO搜索路径）	RUNPATH（指定SO搜索路径）	FORTIFY(常用函数加强检查)	SYMBOLS STRIPPED(裁剪符号表)

文件分析

序号	问题	文件

敏感权限分析

恶意软件常用权限 3/30

android.permission.REQUEST_INSTALL_PACKAGES
android.permission.READ_PHONE_STATE
android.permission.CALL_PHONE

其它常用权限 5/46

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE

恶意软件常用权限 是被已知恶意软件广泛滥用的权限。
其它常用权限 是已知恶意软件经常滥用的权限。

IP地理位置

恶意域名检测

域名	状态	中国境内	位置信息
yingshi.shop	安全	是	IP地址: 61.160.148.90 国家: 中国地区: 江苏城市: 台州查看: 高德地图
ulogs.umengcloud.com	安全	是	IP地址: 61.160.148.90 国家: 中国地区: 江苏城市: 南京查看: 高德地图
aria.laoyuyu.me	安全	是	IP地址: 118.24.25.24 国家: 中国地区: 北京城市: 北京查看: 高德地图
llsapi.eydni.com	安全	否	IP地址: 154.84.24.238 国家: 马来西亚地区: 柔佛城市: 柔佛新山查看: Google 地图

手机号提取

URL链接分析

URL信息	源码文件
http://aria.laoyuyu.me/aria_doc/api/use_broadcast.html	自研引擎-A
2.4.8.1	自研引擎-M
2.4.8.1	com/hqzx/hqzxdetail/BuildConfig.java
8.8.8.8	org/minidns/DnsClient.java
https://aria.laoyuyu.me/aria_doc/other/annotaion_invalid.html	com/arialyy/aria/core/download/DownloadReceiver.java
127.0.0.1	com/snail/antifake/deviceid/IpScanner.java
http://%s:%d/%s	com/danikula/videocache/Pinger.java
1.9.2.6	com/arialyy/aria/http/upload/HttpUThreadTaskAdapter.java
https://github.com/arialyy/aria/issues/597	com/arialyy/aria/core/download/m3u8/M3U8Option.java
https://aria.laoyuyu.me/aria_doc/other/annotaion_invalid.html	com/arialyy/aria/core/upload/UploadReceiver.java
http://127.0.0.1:8080	com/hqzx/hqzxdetail/activity/FullVideoActivity.java
127.0.0.1	fi/iki/elonen/NanoHTTPD.java
https://llsapi.eydni.com	com/hqzx/hqzxdetail/app/App.java
https://yingshi.shop/	com/hqzx/hqzxdetail/http/Config.java
http://%s:%d/%s 127.0.0.1	com/danikula/videocache/HttpProxyCacheServer.java
https://aria.laoyuyu.me/aria_doc/create/any_java.html	com/arialyy/aria/core/Aria.java
https://tbs.imtt.qq.com/plugin/debugplugin_v2.tbs https://pms.mb.qq.com/rsp204 8.8.8.8 https://debugtbs.qq.com 127.0.0.1 https://aria.laoyuyu.me/aria_doc/create/any_java.html 10.0.0.172 file:unexpect https://debugtbs.qq.com?10000 1.9.2.6 http://127.0.0.1:8080 2.4.8.1 https://cfg.imtt.qq.com/tbs?v=2&mk= www.qq.com https://yingshi.shop/ https://github.com/arialyy/aria/issues/597 http://%s:%d/%s https://llsapi.eydni.com https://aria.laoyuyu.me/aria_doc/other/annotaion_invalid.html https://mdc.html5.qq.com/mh?channel_id=50079&u= https://ulogs.umengcloud.com https://debugx5.qq.com https://mdc.html5.qq.com/d/directdown.jsp?channel_id=50079	自研引擎-S

Firebase配置检测

邮箱地址提取

EMAIL	源码文件
x5tbs@tencent.com	自研引擎-S

第三方追踪器

名称	类别	网址
Umeng Analytics		https://reports.exodus-privacy.eu.org/trackers/119

敏感凭证泄露

已显示 11 个secrets

1、 openinstall统计的=> "com.openinstall.APP_KEY" : "kni70m"
2、 8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14
3、 1628686155461064465348252249725010996177649738666492500572664444461532807739744536029771810659241049343994038053541290419968870563183856865780916376571550372513476957870843322273120879361960335192976656756972171258658400305760429696147778001233984421619267530978084631948434496468785021389956803104620471232008587410372348519229650742022804219634190734272506220018657920136902014393834092648785514548876370028925405557661759399901378816916683122474038734912535425670533237815676134840739565610963796427401855723026687073600445461090736240030247906095053875491225879656640052743394090544036297390104110989318819106653199917493
4、 AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7
5、 5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B
6、 FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
7、 659eab6595b14f599d146582
8、 B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF
9、 3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F
10、 4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5
11、 6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296

字符串信息

建议导出为TXT，方便查看。

活动列表

显示 19 个 activities

服务列表

显示 3 个 services

广播接收者列表

显示 1 个 receivers

1 . com.chiclaim.android.downloader.SystemDownloadReceiver

内容提供者列表

显示 4 个 providers

第三方SDK

SDK名称	开发者	描述信息
AntiFakerAndroidChecker	happylishang	Android 模拟器检测，检测 Android 模拟器，作为可信 DeviceID，应对防刷需求等。
移动统计分析	Umeng	U-App 作为一款专业、免费的移动统计分析产品。在日常业务中帮您解决多种数据相关问题，如数据采集与管理、业务监测、用户行为分析、App 稳定性监控及实现多种运营方案等。助力互联网企业充分挖掘用户行为数据价值，找到产品更新迭代方向，实现精细化运营，全面提升业务增长效能。
File Provider	Android	FileProvider 是 ContentProvider 的特殊子类，它通过创建 content://Uri 代替 file:///Uri 以促进安全分享与应用程序关联的文件。
Jetpack App Startup	Google	App Startup 库提供了一种直接，高效的方法来在应用程序启动时初始化组件。库开发人员和应用程序开发人员都可以使用 App Startup 来简化启动顺序并显式设置初始化顺序。App Startup 允许您定义共享单个内容提供程序的组件初始化程序，而不必为需要初始化的每个组件定义单独的内容提供程序。这可以大大缩短应用启动时间。
Jetpack Media	Google	与其他应用共享媒体内容和控件。已被 media2 取代。

污点分析

当apk较大时，代码量会很大，造成数据流图（ICFG）呈现爆炸式增长，所以该功能比较耗时，请先喝杯咖啡，耐心等待……

规则名称	描述信息	操作
病毒分析	使用安卓恶意软件常用的API进行污点分析	开始分析
漏洞挖掘	漏洞挖掘场景下的污点分析	开始分析
隐私合规	隐私合规场景下的污点分析：组件内污点传播、组件间污点传播、组件与库函数之间的污点传播	开始分析
密码分析	分析加密算法是否使用常量密钥、静态初始化的向量（IV）、加密模式是否使用ECB等	开始分析
Callback	因为Android中系统级的Callback并不会出现显式地进行回调方法的调用，所以如果需要分析Callback方法需要在声明文件中将其声明，这里提供一份AndroidCallbacks.txt文件，里面是一些常见的原生回调接口或类，如果有特殊接口需求，可以联系管理员	开始分析