应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Delta Chat v1.58.3
53
安全评分
安全基线评分
53/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
1
高危
23
中危
2
信息
2
安全
隐私风险评估
0
第三方跟踪器
隐私安全
未检测到第三方跟踪器
检测结果分布
高危安全漏洞
1
中危安全漏洞
23
安全提示信息
2
已通过安全项
2
重点安全关注
0
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: org/thoughtcrime/securesms/WebxdcActivity.java, line(s) 113,22
中危安全漏洞 Activity (org.thoughtcrime.securesms.ShareActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (org.thoughtcrime.securesms.ConversationListActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (org.thoughtcrime.securesms.RoutingActivity) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (org.thoughtcrime.securesms.NewConversationActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (org.thoughtcrime.securesms.RegistrationActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (org.thoughtcrime.securesms.proxy.ProxySettingsActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (org.thoughtcrime.securesms.InstantOnboardingActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (org.thoughtcrime.securesms.WebxdcActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (org.thoughtcrime.securesms.service.IPCAddAccountsService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (org.thoughtcrime.securesms.service.BootReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (org.thoughtcrime.securesms.service.PanicResponderListener) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (androidx.sharetarget.ChooserTargetServiceCompat) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_CHOOSER_TARGET_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: org/thoughtcrime/securesms/mms/Slide.java, line(s) 97
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/journeyapps/barcodescanner/CaptureManager.java, line(s) 267 org/thoughtcrime/securesms/WelcomeActivity.java, line(s) 256 org/thoughtcrime/securesms/preferences/AdvancedPreferenceFragment.java, line(s) 323 org/thoughtcrime/securesms/profiles/AvatarHelper.java, line(s) 23,40
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: org/thoughtcrime/securesms/LogViewActivity.java, line(s) 80 org/thoughtcrime/securesms/connect/DcHelper.java, line(s) 238 org/thoughtcrime/securesms/util/SaveAttachmentTask.java, line(s) 164,179,181,183 org/thoughtcrime/securesms/util/StorageUtil.java, line(s) 37
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/amulyakhare/textdrawable/util/ColorGenerator.java, line(s) 5 com/annimon/stream/RandomCompat.java, line(s) 6
中危安全漏洞 IP地址泄露
IP地址泄露 Files: org/thoughtcrime/securesms/WebViewActivity.java, line(s) 45
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: org/thoughtcrime/securesms/connect/DcHelper.java, line(s) 45,58 org/thoughtcrime/securesms/util/Prefs.java, line(s) 24,25
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: org/thoughtcrime/securesms/WebxdcActivity.java, line(s) 194,184
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "password" : "Palavra-chave" "login_smtp_password" : "SMTP-passord" "password" : "Passwort" "login_auth_method" : "Auktoriseringsmetod" "login_auth_method" : "Autorisationsmetode" "login_smtp_password" : "SMTP-Passwort" "password" : "Contrasinal" "login_auth_method" : "Autorisatiemethode" "library_zxingandroidembedded_author" : "JourneyApps" "password" : "Parol" "password" : "Pasvorto" "login_auth_method" : "Autoriseringsmetode" "library_roundedimageview_authorWebsite" : "https://github.com/vinc3m1" "password" : "Salasana" "password" : "Wachtwoord" "pref_incognito_keyboard" : "Inkognito-tastatur" "login_smtp_password" : "SMTP-wachtwoord" "password" : "Heslo" "password" : "Lozinka" "password" : "Pasahitza" "pref_incognito_keyboard" : "Inkognito-Tastatur" "password" : "Adgangskode" "login_auth_method" : "Autorisierungsmethode" "password" : "Passord" "google_api_key" : "AIzaSyBYH8Iznh8btYX7g_udv_bu68VH30zzxho" "google_app_id" : "1:922391085500:android:92b4cf12669cc2083e2bb9" "library_zxingandroidembedded_authorWebsite" : "https://journeyapps.com/" "pref_password_and_account_settings" : "Kontoinnstillinger" "pref_incognito_keyboard" : "Inkognito-tangentbord" "password" : "Parola" "password" : "Senha" "google_crash_reporting_api_key" : "AIzaSyBYH8Iznh8btYX7g_udv_bu68VH30zzxho" "password" : "Contrasenya" "password" : "Password" A2B55680-6F43-11E0-9A3F-0002A5D5C51B 9A04F079-9840-4286-AB92-E65BE0885F95
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/b44t/messenger/rpc/Rpc.java, line(s) 34,44 com/caverock/androidsvg/CSSParser.java, line(s) 1000,369 com/caverock/androidsvg/SVG.java, line(s) 340 com/caverock/androidsvg/SVGAndroidRenderer.java, line(s) 114,347,1282,170,175,343 com/caverock/androidsvg/SVGImageView.java, line(s) 113,120,146,164,186,216 com/caverock/androidsvg/SVGParser.java, line(s) 619,643,663,963,530,648,2937,2973,2990 com/caverock/androidsvg/SimpleAssetResolver.java, line(s) 40,54,69 com/codewaves/stickyheadergrid/StickyHeaderGridLayoutManager.java, line(s) 150 com/coremedia/iso/boxes/sampleentry/AudioSampleEntry.java, line(s) 194 com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 1718,1132,1227,1231,1308,1312,1455,550,653,1401,1410,1439,1444,2084 com/github/penfeizhou/animation/FrameAnimationDrawable.java, line(s) 241 com/github/penfeizhou/animation/decode/FrameSeqDecoder.java, line(s) 190,243,341,481,239,276,288,290,337 com/journeyapps/barcodescanner/CameraPreview.java, line(s) 653,680,149,250,351,773,512,753 com/journeyapps/barcodescanner/CaptureManager.java, line(s) 96,117,273 com/journeyapps/barcodescanner/DecoderThread.java, line(s) 119 com/journeyapps/barcodescanner/camera/AutoFocusManager.java, line(s) 70,94,111 com/journeyapps/barcodescanner/camera/CameraConfigurationUtils.java, line(s) 45,57,59,75,78,83,93,111,117,119,126,128,132,137,139,143,154,157,162,167,183,186,191,196,212,218,228,229,233,238,199 com/journeyapps/barcodescanner/camera/CameraInstance.java, line(s) 26,38,53,66,213,30,45,58,70 com/journeyapps/barcodescanner/camera/CameraManager.java, line(s) 52,69,343,354,177,207,246,173,179,260,268 com/journeyapps/barcodescanner/camera/CenterCropStrategy.java, line(s) 27 com/journeyapps/barcodescanner/camera/FitCenterStrategy.java, line(s) 27 com/journeyapps/barcodescanner/camera/LegacyPreviewScalingStrategy.java, line(s) 42,43,73 com/journeyapps/barcodescanner/camera/PreviewScalingStrategy.java, line(s) 22,23 com/makeramen/roundedimageview/RoundedDrawable.java, line(s) 121 com/makeramen/roundedimageview/RoundedImageView.java, line(s) 265 org/thoughtcrime/securesms/ApplicationContext.java, line(s) 106,109,91,104,146,152,157,162,185,196 org/thoughtcrime/securesms/BaseActionBarActivity.java, line(s) 49,51 org/thoughtcrime/securesms/ContactSelectionListFragment.java, line(s) 275 org/thoughtcrime/securesms/ConversationActivity.java, line(s) 436,984,269,624,192,382 org/thoughtcrime/securesms/ConversationFragment.java, line(s) 494,541,561,739,555,724,252 org/thoughtcrime/securesms/ConversationItem.java, line(s) 929,960,216 org/thoughtcrime/securesms/ConversationListActivity.java, line(s) 171,181,195 org/thoughtcrime/securesms/ConversationListFragment.java, line(s) 224,246,261 org/thoughtcrime/securesms/CreateProfileActivity.java, line(s) 214 org/thoughtcrime/securesms/InstantOnboardingActivity.java, line(s) 229,429,462 org/thoughtcrime/securesms/LogViewActivity.java, line(s) 92 org/thoughtcrime/securesms/MediaPreviewActivity.java, line(s) 197,280,285,470,513,577 org/thoughtcrime/securesms/NewConversationActivity.java, line(s) 66 org/thoughtcrime/securesms/PassphraseRequiredActionBarActivity.java, line(s) 22 org/thoughtcrime/securesms/ShareActivity.java, line(s) 50 org/thoughtcrime/securesms/WebViewActivity.java, line(s) 166,53,66,76 org/thoughtcrime/securesms/WebxdcActivity.java, line(s) 301,321,341,346,498,515,523 org/thoughtcrime/securesms/WelcomeActivity.java, line(s) 363,411 org/thoughtcrime/securesms/accounts/AccountSelectionListFragment.java, line(s) 225 org/thoughtcrime/securesms/audio/AudioCodec.java, line(s) 40,71,158 org/thoughtcrime/securesms/audio/AudioRecorder.java, line(s) 30,40,51,56,77 org/thoughtcrime/securesms/audio/AudioSlidePlayer.java, line(s) 256,425,446,448,430,441,480,87,463 org/thoughtcrime/securesms/components/AudioView.java, line(s) 225,249,266,296 org/thoughtcrime/securesms/components/ComposeText.java, line(s) 156 org/thoughtcrime/securesms/components/CustomDefaultPreference.java, line(s) 112 org/thoughtcrime/securesms/components/InputPanel.java, line(s) 244 org/thoughtcrime/securesms/components/KeyboardAwareLinearLayout.java, line(s) 87,139,172,180,188 org/thoughtcrime/securesms/components/QuoteView.java, line(s) 220,228 org/thoughtcrime/securesms/components/ScaleStableImageView.java, line(s) 121,71,157,163 org/thoughtcrime/securesms/components/SearchToolbar.java, line(s) 55 org/thoughtcrime/securesms/components/ThumbnailView.java, line(s) 208,213,217 org/thoughtcrime/securesms/components/VcardView.java, line(s) 69 org/thoughtcrime/securesms/components/ZoomingImageView.java, line(s) 53,63,79,81,84 org/thoughtcrime/securesms/components/emoji/MediaKeyboard.java, line(s) 48,73 org/thoughtcrime/securesms/components/reminder/DozeReminder.java, line(s) 37,105 org/thoughtcrime/securesms/components/subsampling/AttachmentRegionDecoder.java, line(s) 22,36,55 org/thoughtcrime/securesms/components/viewpager/HackyViewPager.java, line(s) 24 org/thoughtcrime/securesms/connect/AccountManager.java, line(s) 63,82 org/thoughtcrime/securesms/connect/DcEventCenter.java, line(s) 133,141,159,211,207,209 org/thoughtcrime/securesms/connect/DcHelper.java, line(s) 280 org/thoughtcrime/securesms/connect/DirectShareUtil.java, line(s) 49,67,102,100 org/thoughtcrime/securesms/connect/FetchWorker.java, line(s) 19,22 org/thoughtcrime/securesms/connect/ForegroundDetector.java, line(s) 55,70,72,85,79 org/thoughtcrime/securesms/connect/KeepAliveService.java, line(s) 42,48,54,60,66 org/thoughtcrime/securesms/connect/NetworkStateReceiver.java, line(s) 26,36,41,43 org/thoughtcrime/securesms/database/loaders/PagingMediaLoader.java, line(s) 39 org/thoughtcrime/securesms/geolocation/DcLocation.java, line(s) 64,82 org/thoughtcrime/securesms/geolocation/DcLocationManager.java, line(s) 25,35,73,102 org/thoughtcrime/securesms/geolocation/LocationBackgroundService.java, line(s) 110,38,74,119,124,129,66 org/thoughtcrime/securesms/jobmanager/JobConsumer.java, line(s) 47 org/thoughtcrime/securesms/mms/AttachmentManager.java, line(s) 650,142,150,218,232,343,346,488,493,516,522,550,555 org/thoughtcrime/securesms/mms/DecryptableStreamLocalUriFetcher.java, line(s) 25 org/thoughtcrime/securesms/notifications/InChatSounds.java, line(s) 37,45,53 org/thoughtcrime/securesms/notifications/NotificationCenter.java, line(s) 169,270,479,491,432,446,470,516 org/thoughtcrime/securesms/preferences/AdvancedPreferenceFragment.java, line(s) 277,471,353 org/thoughtcrime/securesms/preferences/NotificationsPreferenceFragment.java, line(s) 174 org/thoughtcrime/securesms/providers/PersistentBlobProvider.java, line(s) 90,155 org/thoughtcrime/securesms/qr/BackupProviderFragment.java, line(s) 73,75,114,116 org/thoughtcrime/securesms/qr/BackupReceiverFragment.java, line(s) 56,57 org/thoughtcrime/securesms/qr/BackupTransferActivity.java, line(s) 220 org/thoughtcrime/securesms/qr/QrActivity.java, line(s) 153,164,168 org/thoughtcrime/securesms/qr/QrScanFragment.java, line(s) 85 org/thoughtcrime/securesms/qr/QrShowFragment.java, line(s) 117 org/thoughtcrime/securesms/reactions/ReactionsDetailsFragment.java, line(s) 57 org/thoughtcrime/securesms/scribbles/StickerLoader.java, line(s) 25 org/thoughtcrime/securesms/scribbles/UriGlideRenderer.java, line(s) 214 org/thoughtcrime/securesms/search/SearchViewModel.java, line(s) 54,81,104,106,113,115,120,125,131 org/thoughtcrime/securesms/service/BootReceiver.java, line(s) 11 org/thoughtcrime/securesms/service/FetchForegroundService.java, line(s) 76,88,41 org/thoughtcrime/securesms/service/GenericForegroundService.java, line(s) 143,71,84,90,146,92,135 org/thoughtcrime/securesms/service/IPCAddAccountsService.java, line(s) 45,49 org/thoughtcrime/securesms/util/AccessibilityUtil.java, line(s) 15 org/thoughtcrime/securesms/util/BitmapUtil.java, line(s) 47,153 org/thoughtcrime/securesms/util/SaveAttachmentTask.java, line(s) 212,248,64,80 org/thoughtcrime/securesms/util/Stopwatch.java, line(s) 41 org/thoughtcrime/securesms/util/Util.java, line(s) 313,112 org/thoughtcrime/securesms/util/ViewUtil.java, line(s) 261 org/thoughtcrime/securesms/video/recode/VideoRecoder.java, line(s) 209,159,184,199
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: org/thoughtcrime/securesms/util/Util.java, line(s) 5,250
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/922391085500/namespaces/firebase:fetch?key=AIzaSyBYH8Iznh8btYX7g_udv_bu68VH30zzxho ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
已通过安全项 此应用程序没有隐私跟踪程序
此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。
综合安全基线评分总结
Delta Chat v1.58.3
Android APK
53
综合安全评分
中风险