应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Free Fire v1.111.1
47
安全评分
安全基线评分
47/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
5
高危
30
中危
4
信息
2
安全
隐私风险评估
7
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
5
中危安全漏洞
30
安全提示信息
4
已通过安全项
2
重点安全关注
2
高危安全漏洞 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危安全漏洞 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/b/a/BuildConfig.java, line(s) 3,4 com/joeliton/mods/BuildConfig.java, line(s) 3,6
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: aa/b.java, line(s) 72 e8/a.java, line(s) 24,28
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/garena/unity/webview/UnityWebViewActivity.java, line(s) 1153,30
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个7隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 基本配置配置为信任系统证书。
Scope: *
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (com.dts.freefireth.FFMainActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.appsflyer.MultipleInstallBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.dts.freefireth.FFBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.facebook.FacebookContentProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.beetalk.sdk.plugin.impl.tiktok.TiktokShareResponseActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.beetalk.sdk.plugin.impl.tiktok.TiktokShareResponseActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.beetalk.sdk.account.AccountAuthenticatorService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.gms.messaging.cpp.MessageForwardingService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.FF.magicvoicemgr.LanguageReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.linecorp.linesdk.auth.internal.LineAuthenticationCallbackActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 高优先级 Intent(1000) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: ca/f.java, line(s) 19 com/appff/haptic/base/Utils.java, line(s) 32,40 com/garena/sdkunity/OTP.java, line(s) 31 com/unity3d/plugin/downloader/UnityDownloaderService.java, line(s) 6 r1/d.java, line(s) 54 r8/b.java, line(s) 78 s8/e.java, line(s) 88 s8/w.java, line(s) 133 y3/g.java, line(s) 100
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: co/datadome/sdk/n.java, line(s) 35 com/appsflyer/internal/AFb1gSDK.java, line(s) 18 d8/e.java, line(s) 11 i2/p.java, line(s) 7 o5/d.java, line(s) 14 oa/h.java, line(s) 4 q4/t0.java, line(s) 54 qa/g.java, line(s) 10 sb/a.java, line(s) 3 v3/r.java, line(s) 3
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: ab/c.java, line(s) 178 com/FF/magicvoicemgr/FFMagicVoiceMgrApi.java, line(s) 513 com/FF/voiceengine/AppPara.java, line(s) 122 com/FF/voiceengine/FFVoiceMagicVoiceChanger.java, line(s) 174 com/dts/freefireth/FFAPI.java, line(s) 434,841,576,579,584,587 com/garena/unity/webview/UnityWebViewProxy.java, line(s) 369 com/voxelbusters/androidlib/ReplayKitHandler.java, line(s) 446 d2/f.java, line(s) 49 d8/e.java, line(s) 117,133,149,154 q4/t0.java, line(s) 177,1115,1346
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: b6/m0.java, line(s) 5,6,150,235,269,278,328,447,464,750 b6/t0.java, line(s) 4,5,135 f1/c.java, line(s) 6,7,8,9,10,154,241
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: co/datadome/sdk/CaptchaActivity.java, line(s) 154,152 co/datadome/sdk/n.java, line(s) 299,296 com/garena/unity/webview/UnityWebViewActivity.java, line(s) 754,741 com/garena/unity/webview/UnityWebViewProxy.java, line(s) 861,848
中危安全漏洞 IP地址泄露
IP地址泄露 Files: q3/a.java, line(s) 37 s3/a.java, line(s) 102
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: a1/y.java, line(s) 72 j9/c.java, line(s) 83 ta/b.java, line(s) 67 v0/b.java, line(s) 117
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/FF/voiceengine/mgr/FileMD5.java, line(s) 17 e4/l.java, line(s) 147 i2/p.java, line(s) 79 u3/b.java, line(s) 20 va/c.java, line(s) 140 w3/e.java, line(s) 62
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: aa/b.java, line(s) 71 j9/b.java, line(s) 58 o5/d.java, line(s) 53 z4/a.java, line(s) 28
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/185753624591/namespaces/firebase:fetch?key=AIzaSyCOtWGv23Hfc7fmRBOgO6GVV2xn079_-_4 ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"showing_rewardded": "false"
},
"state": "UPDATE",
"templateVersion": "1"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.garena.sdk.twitter.secret" : "moFzVPbGsHbL9Jv6Wc34QvKR6wZo1YjtYENJKMYebFhRdbIXjK" 凭证信息=> "com.garena.sdk.tiktok_client_key" : "aw8ljz0sg2nqbebl" 凭证信息=> "com.garena.sdk.twitter.key" : "Xu1VGC6w2cQwgzzhonpU4YgAC" 凭证信息=> "com.google.android.gms.games.APP_ID" : "@string/game_services_project_id" "facebook_client_token" : "1c7cf500e85789e06314a0a6308546e8" "com.google.firebase.crashlytics.mapping_file_id" : "842b796301454f46bc8e178e0427c20e" "google_api_key" : "AIzaSyCOtWGv23Hfc7fmRBOgO6GVV2xn079_-_4" "google_crash_reporting_api_key" : "AIzaSyCOtWGv23Hfc7fmRBOgO6GVV2xn079_-_4" "com.google.firebase.crashlytics.unity_version" : "5.6.3f1" "google_app_id" : "1:185753624591:android:7c2a8f3616fda866" "firebase_database_url" : "https://free-fire-8cd39.firebaseio.com" 48761EEF50EE53AFC4CC9C5F10E6BDE7F8F5B82F 308203b53082029da00302010202041c5ce5b9300d06092a864886f70d01010b050030818a310b3009060355040613023635311230100603550408130953696e6761706f7265311230100603550407130953696e6761706f7265311e301c060355040a1315476172656e61204f6e6c696e6520507465204c7464311d301b060355040b1314536f66747761726520456e67696e656572696e67311430120603550403130b476172656e6120506c7573301e170d3134303831393130333330345a170d3339303831333130333330345a30818a310b3009060355040613023635311230100603550408130953696e6761706f7265311230100603550407130953696e6761706f7265311e301c060355040a1315476172656e61204f6e6c696e6520507465204c7464311d301b060355040b1314536f66747761726520456e67696e656572696e67311430120603550403130b476172656e6120506c757330820122300d06092a864886f70d01010105000382010f003082010a02820101008f7cec7d1529db09e6d8bb56b00ca4d2a9ca0ba1d3d17fe249ebcc39472cf1a5733cd9972f48bfc6e56c47d123d5d451ae15bff099d96ca22d9a3d9775e0d59b74a1b23cc7cc745fd29d5060a74d3a48246a82ddaac587a6cfffe0f264e16241b7a91bebd8db4589776e61b9916e20e0c749e205715930e9c54b5a5b5d7d14f3b27693eba1a3264eb0c0818ae11809b85bbe9e6099e641fb24940b534336fcc519e284e4d944a385732ae1a792025eadd49486a10a01b6d09c52bac1798d0d74c9e1ea07ae3b7ac20e0aee6ba9e23c402ae0cc047a8e11b96a47d4ebd4674d1e3c565bb5ca3ef8af9037df8f9d2e3b34b389cfe1fd4854b331f2735b6a8c01250203010001a321301f301d0603551d0e0416041466f6c0a324150c5c5b770186ba3e0d8efbec0e5f300d06092a864886f70d01010b0500038201010083e3ae177a46cf6a51b8f747f546d91a287db288c57553d36cbef7b7271e024cfba3f5b65b9b2fff74c25304da082bee95740ce61acf9bbbcc3004f976ca801244a1a62bcac998107b80f37c3b5b8361305817fa7ef2ba1c52d443228696bbd5d1220da5d5729dd034a01c2e702226d292e1eb00d3e554217934cb392623c06a15c9f0579f8e234f4ddf66077ee787953dc4a206dcef4799d9017b20df91b3098fa6ed640c51f2c215663f27a8dce98b6cf12d014522ad9be495a645cfffc66dac9bf984342161a4a60e06601622020ed9e49a3d886a408b89ae69e85bb903f0a38eb169ed7177a0848401862e96e6a8b6561d567311af414dc203686ea41ecf 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 cc2751449a350f668590264ed76692694a80308a E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 308205873082036fa00302010202150085da7daa7fb5c103987bba339a00f89579bb359d300d06092a864886f70d01010b05003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3137303830333033333431325a170d3437303830333033333431325a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820222300d06092a864886f70d01010105000382020f003082020a02820201009a34e999f1a0f4f2148b218cc057b60c9553ea1ca8ebdc2fcba8d781247e74d57455c9ffc32b14b2bc5b0345c003fd67f0aed8c86a497de486a537abbbd80551b3a8604dc3b07cc160a846ea2b4d2a996829d68405418e5756325623d6cde17b1a25a10c8a24acdbb07bd483eaa84718b71cb74894de35464571dcf84da4fe5709245a27763eebbc6580e85f749c46c509b5bd12ebaf9c9595b319778df08c7ff9a4c30b653d736b7b50134a5ee437d1dd3d93fe7c2ecd48318cf865d3c6b9440cea8e55c0ed26427540353c372e5df55a05fc66a4e8451b28f681f3ae90608a779a40336934daee6e0ab19dcdaea947592fb6fc2104fc9ae5a9bb3d1a65a50d5e6e77e4f9ffce6a881bc99dfe4bac6eef228f362b7b5ede79e9d487c31885a08380c1777abb8dd40cb08b2ed96671d12912337ae5ef808af421e402bcba3b8e1a1deb550f2e2c5b9de0b99eb7206385bc2ee1f5b9aa112cc6a92ae6e906d585b7b21a63db32b8417de6ce347dc582b5edfd7d216435b50bc4dafab09d45d0c8d55b4520891e7493880f860301f61b2b1aa40c943ea51784c18ed29256b5f83b4ed727a30e15d0788866de51272740079f437c52b9a52b24e95ce7257133ae2b7d886e89624387fc4f5990585e539ac708e088e2631dafa2432a73c4eb0f0cb5866138e674f1a422d7a6515fcd1d42fcd99dee81dbe092862077f882e32644410203010001a310300e300c0603551d13040530030101ff300d06092a864886f70d01010b050003820201008067799ce549eb1e16e6c0dc53df5c0b9d32db4649701aa57a7f655786bd53e39d6efb711be372a84f1e3a6724d016369ab45dfe73440fc8f758206b362e697a6da6d05b9cd243982dda6fe83c8fdae5f0e6e734867de6698dc172072b0ad8feaab32e33a543c7385ea79e47612242f3ad7d585738a0dee68bbec067f4904552e36c3e47e28fd87eeceb59b9bdc4e3582780c38ea6d3ea5d998076ddb84c054385a41fd18c4fb6242f990f5efd5c21f03aa77444207162276bd77a95510546c2ed653b2d5715f2c467f3808d8525a0ebe02fd9492803b1426bf423696262a493c54d87a069acf8a5917976d9b30dcbd0e60ad797a678a4faec00c34aa58d915efe861e197b832d171c1826e042761df310bf9919126e81e009319a985425539f73beced7a969569b54d0a768fc43cb58c9623e81fb5ba00cd1dc80807d84fa41e824e82ad9b5000b4ca0423b2380b274a7792559edb86d4934ee56a098f224e239a1d1bdcce4149bc0d7eadf977cd0467b777e723bfd14e241bc4adb21a508c2ed492f93959ae5b5695562ea99a4c58b8342f74ff702b4f3ddfecee1f330d44883de94da81d61f819a1541d9020d15510e05b7b9d8affa8266994b4843947ddb961c36336ab75d94cfecb9068f88c911144fd396a56a9d4a2977b6e7e458184b3049acdf975f0ae5ee18b4e7cc7159569bbbd3bc32af36f3fc5f1cb0c9d62c7b FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 aea615ab910015038f73c47e45d21466 Y29tLmFuZHJvaWQudmVuZGluZy5saWNlbnNpbmcuSUxpY2Vuc2luZ1NlcnZpY2U= 3082025d308201c6a00302010202044bd76cce300d06092a864886f70d01010505003073310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f31163014060355040a130d547769747465722c20496e632e310f300d060355040b13064d6f62696c65311630140603550403130d4c656c616e6420526563686973301e170d3130303432373233303133345a170d3438303832353233303133345a3073310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f31163014060355040a130d547769747465722c20496e632e310f300d060355040b13064d6f62696c65311630140603550403130d4c656c616e642052656368697330819f300d06092a864886f70d010101050003818d003081890281810086233c2e51c62232d49cc932e470713d63a6a1106b38f9e442e01bc79ca4f95c72b2cb3f1369ef7dea6036bff7c4b2828cb3787e7657ad83986751ced5b131fcc6f413efb7334e32ed9787f9e9a249ae108fa66009ac7a7932c25d37e1e07d4f9f66aa494c270dbac87d261c9668d321c2fba4ef2800e46671a597ff2eac5d7f0203010001300d06092a864886f70d0101050500038181003e1f01cb6ea8be8d2cecef5cd2a64c97ba8728aa5f08f8275d00508d64d139b6a72c5716b40a040df0eeeda04de9361107e123ee8d3dc05e70c8a355f46dbadf1235443b0b214c57211afd4edd147451c443d49498d2a7ff27e45a99c39b9e47429a1dae843ba233bf8ca81296dbe1dc5c5434514d995b0279246809392a219b c56fb7d591ba6704df047fd98f535372fea00211 FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 194326e82c84a639a52e5c023116f12a df6b721c8b4d3b6eb44c861d4415007e5a35fc95 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 9b8f518b086098de3d77736f9458a3d2f6f95a37 3082030b308201f3a00302010202047a0636e6300d06092a864886f70d01010b05003036311e301c060355040b1315476172656e61204f6e6c696e6520507464204c7464311430120603550403130b476172656e6120506c7573301e170d3134303831393130323431345a170d3135303831393130323431345a3036311e301c060355040b1315476172656e61204f6e6c696e6520507464204c7464311430120603550403130b476172656e6120506c757330820122300d06092a864886f70d01010105000382010f003082010a028201010084f9e11b108453d15322f95c388cb9f10deded1953a1b2343835345e2bdd2509f390014167000b4e73f1cf302b4d4d173f37eefa986fe7c235741adac823ec50d98f980d5f80c8f2d9e54e0d9113afbd6530b1272299f8b32966405af143041050bc8ce9010ca59ddab081bdc080f95818f7511a2e0f9d754bcfd9b4b9cd54cb08c41a9e42e27ee73689c35262267765379651e0837bec77fdeb8f69fc4ff71ac140d41f620fe0943e5cb1466fd764d3d6822ef8663ed9521b279ba55ed897c9b067dcd15799fd1e1e6783aeeafe3de47e6e004cebcc41cc7472e2d78d52095bea62f5db81e0653db2c08227248d0abfe2c243d49521b645549e1d9b40d2830d0203010001a321301f301d0603551d0e0416041431118e3818aaad6f0025d4724af957f6d9a82e11300d06092a864886f70d01010b050003820101007689d7b46da6e227ffc6fc29f2d8f78d1b79b8fc265745efb461c985eb160a248ddb54601b203b70817838743061f4d20dc0ec68fdd2e7d2e2f268a4626f643cd91126e6c5956bddaefdf6186c9e89a3d300ea9d55065161969acd92e061c2993d8cac35e6517c49942944d54083ddd4f4503018f88d1f5028725a10f1f188a020ee62d72a523c29dae1f93eb657bfe04855d29f83c8964942958b4fea9a5c82a9a4fe5820df5a606e5b950ee809178d167f3e651c474bc5507efa6d935f02dc37dee116f5ed2657b1b53d3087c0f291e333c6726557e9977d64626b7e49f1de3b8fcf8df1d81c09768658300d5b8f06a81ed56a819fe7a34beafcac50f39f5a 308203523082023aa00302010202044fd0006b300d06092a864886f70d0101050500306b310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f3110300e060355040a130754776974746572310f300d060355040b13064d6f62696c65311430120603550403130b4a6f6e617468616e204c65301e170d3132303630373031313431395a170d3339313032343031313431395a306b310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f3110300e060355040a130754776974746572310f300d060355040b13064d6f62696c65311430120603550403130b4a6f6e617468616e204c6530820122300d06092a864886f70d01010105000382010f003082010a028201010089e6cbdfed4288a9c0a215d33d4fa978a5bdd20be426ef4b497d358a9fd1c6efec9684f059f6955e60e5fda1b5910bb2d097e7421a78f9c81e95cd8ef3bf50add7f8d9f073c0478736a6c7fd38c5871559783a76420d37f3f874f2114ec02532e85587791d24037485b1b95ec8cbc75b52042867988b51c7c3589d5b5972fd20a2e8a7c9ced986873f5008a418b2921daa7cfb78afc174eecdb8a79dc0961bea9740d09c4656ac9b8c86263a788e35af1d4a3f86ce053a1aefb5369def91614a390219f896f378712376baa05934a341798950e229f4f735b86004952b259f23cc9fc3b8c1bc8171984884dc92940e91f2e9a78a84a78f0c2946b7e37bbf3b9b0203010001300d06092a864886f70d010105050003820101001cf15250365e66cc87bb5054de1661266cf87907841016b20dfa1f9f59842020cbc33f9b4d41717db0428d11696a0bade6a4950a48cc4fa8ae56c850647379a5c2d977436b644162c453dd36b7745ccb9ff0b5fc070125024de73dab6dcda5c69372e978a49865f569927199ed0f61d7cbee1839079a7da2e83f8c90f7421a8c81b3f17f1cc05d52aedac9acd6e092ffd9ad572960e779a5b91a78e1aeb2b3c7b24464bd223c745e40abd74fc586310809520d183443fcca3c6ade3be458afedbd3325df9c0e552636e35bb55b240eb8c0ba3973c4fb81213f22363be2d70e85014650c2f4fc679747a7ec31ea7b08da7dd9b9ba279a7fbbc1bd440fbe831bf4 470fa2b4ae81cd56ecbcda9735803434cec591fa a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a1/o.java, line(s) 468,500,630 a1/r.java, line(s) 83,181 a1/u.java, line(s) 271 a1/y.java, line(s) 147,150,155 a4/e.java, line(s) 57 a4/f.java, line(s) 135,151 a5/d0.java, line(s) 468 a5/f0.java, line(s) 167 a5/y.java, line(s) 164 ab/b.java, line(s) 30,33,38,46 ab/c.java, line(s) 106 b/b.java, line(s) 14,22,26,30,34,38,42,46,50 b8/i.java, line(s) 31,22,38,45,30,37,44,51,52,58,59 bb/a.java, line(s) 69 bb/b.java, line(s) 82,99,123,133,148,158,205,215,221,239,250,262,281,293,299,315,341 bitter/jnibridge/JNIBridge.java, line(s) 76 c1/a.java, line(s) 116 c4/a.java, line(s) 187 co/datadome/sdk/DataDomeInterceptor.java, line(s) 70 co/datadome/sdk/DataDomeSDK.java, line(s) 45,104 co/datadome/sdk/n.java, line(s) 131,139,284,336,395,459,534,570,675,679,686,114,178,346,431,468,545,550,553,637,658 co/datadome/sdk/q.java, line(s) 12 com/FF/magicvoicemgr/FFAudioMgr.java, line(s) 63,261,330,383,396,46,51,61,64,67,95,111,116,134,143,183,194,203,206,215,226,234,239,274,276,301,304,312,335,340,351,353,359,360,379,424,343 com/FF/magicvoicemgr/FFAudioPlayer.java, line(s) 24,34,41,43,78,95,105,114,128,141 com/FF/magicvoicemgr/FFAudioRecorder.java, line(s) 92,104,114,169,204,257,284,54,72,78,96,108,119,200,208,216,218,241 com/FF/magicvoicemgr/FFAudioStreamPlayer.java, line(s) 65,79,81,157,218,240,42,59,122,153,162,168,174,199,204,83,88,144 com/FF/magicvoicemgr/FFAudioTrackPlayer.java, line(s) 34,38,40,49,53,130,139,67,72,81,88 com/FF/magicvoicemgr/FFDownloadMgr.java, line(s) 56,66,70,75 com/FF/magicvoicemgr/FFMagicVoiceAudioDetector.java, line(s) 113 com/FF/magicvoicemgr/FFMagicVoiceBridge.java, line(s) 46 com/FF/magicvoicemgr/FFMagicVoiceMgrApi.java, line(s) 65,84,89,97,112,116,120,125,153,158,166,646,73,75,78,80,94,103,106,123,135,143,149,163,172,175,185,187,195,514,138,146 com/FF/magicvoicemgr/FFMagicVoicePreviewMgr.java, line(s) 70,132 com/FF/voiceengine/AudioMgr.java, line(s) 68,190,213,231,332,341,386,390,436,493,506,52,66,70,99,102,117,119,124,128,139,149,158,184,197,202,220,247,261,270,273,282,298,306,311,351,353,411,413,416,420,441,446,458,461,462,467,470,471,490,533,450 com/FF/voiceengine/AudioPlayer.java, line(s) 85,99,101,173,234,256,46,65,69,79,169,178,184,190,216,225,103,108,160 com/FF/voiceengine/AudioRecorder.java, line(s) 74,105,123,174,198,76,87,157,166,167 com/FF/voiceengine/FFMagicVoiceEffectCallback.java, line(s) 9 com/FF/voiceengine/FFVoiceMagicVoiceChanger.java, line(s) 42,39 com/FF/voiceengine/mgr/FFVoiceManager.java, line(s) 74,99,111,143,72,85,87,90,96,109,120,123,129,132,140,158,167,205,215,222,224,231,234,241,126 com/appff/haptic/FFHapticUtils.java, line(s) 61,97,172,205,224,228,248,267,386,557,650,676,685,707,90,121,236,284,313,320,331,345,352,376,383,407,446,452,491,513,535,546,565,585,627,645,48,54,103,138,150,324,356,689 com/appff/haptic/a/a.java, line(s) 114,140,270,300,387,64,103,151,159,165,186,198,207,218,259,328,394,412,40,46,107,181,203,263 com/appff/haptic/base/c.java, line(s) 39,44,64,100,113,166,176,191,204,210,218 com/appff/haptic/f.java, line(s) 56,61,93,115,67,119 com/appff/haptic/l.java, line(s) 19,44,57,69,82,91,96,111,116,136,141,166,186,206,221,234,246,259,125,150,182 com/appsflyer/internal/AFh1ySDK.java, line(s) 69,115,84,73,79,77 com/beetalk/sdk/v.java, line(s) 31,47 com/dts/freefireth/FFAPI.java, line(s) 714,772,510,519,1010,1028,1105 com/dts/freefireth/FFBroadcastReceiver.java, line(s) 30,18 com/dts/freefireth/FFFirebaseMessagingService.java, line(s) 72,88,33,37,42 com/dts/freefireth/FFLocalNotification.java, line(s) 119,179,186,201,274,294,446 com/dts/freefireth/FFMainActivity.java, line(s) 502,451,460,100,108,232,273,280 com/dts/freefireth/FFTraceRoute.java, line(s) 196 com/dts/freefireth/SpeechRecognition.java, line(s) 254,460,89,341,342,270 com/dts/freefireth/network/FFDataConnectionStateManager.java, line(s) 40,50,80,90 com/dts/freefireth/network/FFNetworkAPI.java, line(s) 195,225,210 com/dts/freefireth/network/FFNetworkConnectionManager.java, line(s) 239,247,255,444,452,460,468,476,494,503 com/garena/pay/android/GGBillingDataSource.java, line(s) 140,188,476,553,563,574,285,462,471,488,498,582,592,510,518,533,542,216,240,360 com/garena/pay/android/GGPayActivity.java, line(s) 92,117,134 com/garena/pay/android/NewGoogleIabPayRequestHandler.java, line(s) 218,222,280,296,408,424,510,516,519,522,583,197,341,332,418,499 com/garena/sdkunity/LoginResp.java, line(s) 30 com/garena/sdkunity/SdkUnity.java, line(s) 44,38 com/garena/sdkunity/Share.java, line(s) 156,157,158,163 com/garena/unity/adpf/MsgToUnity.java, line(s) 22,26,31,33 com/garena/unity/webview/UnityWebViewActivity.java, line(s) 590,593,597,658,870,875,968,1084,1096,1127,1128,1143,1197,1220,1229,1239,1261,1284 com/garena/unity/webview/UnityWebViewActivityProxy.java, line(s) 147,157,294,298,306,310,326,373,507 com/garena/unity/webview/WebViewManager.java, line(s) 365 com/joeliton/mods/Loader.java, line(s) 277 com/unity3d/plugin/downloader/UnityDownloaderActivity.java, line(s) 111,116,122,153 com/voxelbusters/androidlib/ReplayKitHandler.java, line(s) 102,147,220,226,306,359,390,483,491,518,565,591,616,659,698,715,724,733,742,759,767,777,788,871,886,908,973,998,108,154,855,933,959 com/voxelbusters/androidlib/internal/ScreenRecordingService.java, line(s) 154,169,204,220,228,255,260,300,316,115,128 com/voxelbusters/androidlib/internal/a.java, line(s) 50,62,74,79,86,91,95,124 d0/f.java, line(s) 144 e1/k.java, line(s) 82,68,72 e4/f.java, line(s) 196 e4/i.java, line(s) 114,131 e4/l.java, line(s) 92,125 e8/b.java, line(s) 61,77,95,108 e8/h.java, line(s) 35 f1/d.java, line(s) 233 g1/a.java, line(s) 94 g6/a.java, line(s) 123,159 g6/d.java, line(s) 23,41,50,60 h4/a.java, line(s) 90 i1/b.java, line(s) 32 i2/d.java, line(s) 26,56,63,70,99,106,123,164,185 j9/b.java, line(s) 62,79 k6/g.java, line(s) 35 k9/c.java, line(s) 99,102,124,132,133,154,160 l0/b.java, line(s) 40 l0/c.java, line(s) 80 m1/n.java, line(s) 26,33,40,47,54,61,68,75,82 m6/a.java, line(s) 38,51,134,137 m6/g.java, line(s) 16,13,13 m6/s.java, line(s) 35,72,135,34,71,85,134,179,208,237,270,86,180,209,238,271,41,169 m6/t.java, line(s) 23 m6/v.java, line(s) 29,36,28,35 m6/y.java, line(s) 48,47 m6/z.java, line(s) 48,30,69 m8/g.java, line(s) 35,42,45,54,88 o6/y.java, line(s) 51 o8/f.java, line(s) 31,41,18,51,61,71 org/fmod/FMODAudioDevice.java, line(s) 80 org/fmod/a.java, line(s) 86 p0/c.java, line(s) 127,148,142 q0/a.java, line(s) 31 q4/a0.java, line(s) 173 q4/i0.java, line(s) 109 q4/k.java, line(s) 187,124 q4/k0.java, line(s) 107 q4/t0.java, line(s) 899,910,921 q4/u0.java, line(s) 125 q6/a.java, line(s) 19 q6/a1.java, line(s) 30 q6/b0.java, line(s) 96,99,125,128,131,162,170 q6/c.java, line(s) 215,233,462,466,470,476 q6/c1.java, line(s) 46 q6/i.java, line(s) 34,40,46,52,29,58,64,70 q6/j1.java, line(s) 49,54 q6/n1.java, line(s) 50 q6/v0.java, line(s) 33 q6/y0.java, line(s) 102 q6/z0.java, line(s) 28 q9/b0.java, line(s) 129,131 q9/d0.java, line(s) 100,118,230,247,256,318,338,134,346 q9/f0.java, line(s) 57,71,46,63 q9/g.java, line(s) 39 q9/k.java, line(s) 85,92,47 q9/x.java, line(s) 175,113,339 r9/a.java, line(s) 136,155,159 s9/c.java, line(s) 139 s9/f.java, line(s) 48 t0/c.java, line(s) 56 t3/b.java, line(s) 51 t6/a.java, line(s) 46,51,38 u0/a.java, line(s) 167,172,179,183,199,209 u4/c.java, line(s) 117 u5/k.java, line(s) 36,65,72,75,92,97,102,107,112 u6/b.java, line(s) 59,70 v0/a.java, line(s) 184,221,272,64,71,73,79,207,214,225,256,37,67,75,82,93,101,112,173,187 v0/b.java, line(s) 58,69,71,98,100,118,139,179,221,243,292,302,305,309,94,102,111,231,247,262,300 v3/c1.java, line(s) 224,316,319,324 v3/e0.java, line(s) 363 v3/g.java, line(s) 309,314,319 v3/n0.java, line(s) 61,147 v3/r0.java, line(s) 82,72 v6/g.java, line(s) 19 v6/p.java, line(s) 20,17 v6/q.java, line(s) 76,48,57 va/c.java, line(s) 37,49 w3/d.java, line(s) 30,84 w3/g.java, line(s) 87 w3/k0.java, line(s) 154,175,54 w3/n.java, line(s) 174 wa/a.java, line(s) 20,26 x5/a.java, line(s) 15,22,29,14,21,28,42,43,49,50 x7/a.java, line(s) 91,95 xa/a.java, line(s) 14,28,31 xa/b.java, line(s) 42,67,69,79,96 y/e.java, line(s) 58,89 y7/a.java, line(s) 121,211,158,225 z0/c.java, line(s) 179 z3/l.java, line(s) 156,166,174,208,239,250,264,279 z4/c.java, line(s) 112 za/a.java, line(s) 119,138,158,183,199
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: a5/d0.java, line(s) 282,282 c4/j.java, line(s) 86,86 i4/b.java, line(s) 79,79 v3/c1.java, line(s) 166,166 v3/s0.java, line(s) 32,32
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/dts/freefireth/FFAPI.java, line(s) 8,218
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://free-fire-8cd39.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: b8/w.java, line(s) 25
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: ic/e.java, line(s) 111,110,109,109
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pagead2.googlesyndication.com) 通信。
{'ip': '180.163.150.38', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (firebase-settings.crashlytics.com) 通信。
{'ip': '180.163.150.34', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
综合安全基线评分总结
Free Fire v1.111.1
Android APK
47
综合安全评分
中风险