应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
SpinDisplay v2.0.2.6
62
安全评分
安全基线评分
62/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用安全状况良好,可正常使用
漏洞与安全项分布
0
高危
9
中危
1
信息
2
安全
隐私风险评估
0
第三方跟踪器
隐私安全
未检测到第三方跟踪器
检测结果分布
高危安全漏洞
0
中危安全漏洞
9
安全提示信息
1
已通过安全项
2
重点安全关注
0
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Service (com.dmz.f20ad.connect.UdpService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: b/u/y.java, line(s) 906 com/dmz/f20ad/fragment/DesignFragment.java, line(s) 145,301 com/dmz/f20ad/lwplayer/UriToPathUtil.java, line(s) 30 d/e/a/o/v/f.java, line(s) 16 d/e/a/o/y/d.java, line(s) 8
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/dmz/f20ad/activity/WebViewActivity.java, line(s) 459,456
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/dmz/f20ad/activity/WebViewActivity.java, line(s) 457,456
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/dmz/f20ad/connect/UdpService.java, line(s) 34 d/e/a/p/n0.java, line(s) 30
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/dmz/f20ad/activity/MainActivity.java, line(s) 361 com/dmz/f20ad/connect/UdpService.java, line(s) 341
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: d/d/a/q/n/q.java, line(s) 87
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: l/a/b/h/f.java, line(s) 4,16
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a/a/a/a/a.java, line(s) 366,381,456,469,480,548,558,862,905,930,218,227,418,427,526,536,625,634,1069,1080,1084 b/b/k/o.java, line(s) 404,1188,1292,1295 b/b/k/v.java, line(s) 149 b/b/k/y.java, line(s) 45 b/b/l/a/a.java, line(s) 85 b/b/o/f.java, line(s) 142,176,188,198,347 b/b/p/c1.java, line(s) 23,33,52,54,57 b/b/p/h0.java, line(s) 183,188,195 b/b/p/l0.java, line(s) 109 b/b/p/m0.java, line(s) 359,49,64,83,233 b/b/p/q0.java, line(s) 90,207,134,189,247,261 b/b/p/r0.java, line(s) 57 b/b/p/u.java, line(s) 81,111,131,136 b/b/p/y.java, line(s) 93,107,248,284 b/b/p/y0.java, line(s) 265,269 b/b/p/z0.java, line(s) 97,211 b/f/c/c.java, line(s) 153 b/f/c/d.java, line(s) 94,153 b/f/c/e.java, line(s) 517,1089,1096,1097,1102,1108,1690,1162,547,1010,1743 b/h/d/b.java, line(s) 87,203 b/h/d/i.java, line(s) 50 b/h/e/b/h.java, line(s) 23,31 b/h/f/c.java, line(s) 48,53 b/h/f/d.java, line(s) 30 b/h/f/e.java, line(s) 49 b/h/f/f.java, line(s) 44 b/h/f/g.java, line(s) 57,159 b/h/f/k/d.java, line(s) 45,68 b/h/h/c.java, line(s) 17 b/h/k/a.java, line(s) 29 b/h/l/b.java, line(s) 31 b/h/l/b0.java, line(s) 38,47,58,67 b/h/l/i.java, line(s) 61,183,202 b/h/l/s.java, line(s) 399 b/h/l/w.java, line(s) 22,33 b/j/b/a.java, line(s) 358 b/k/a/a.java, line(s) 226,858,700,947,960 b/l/a/d.java, line(s) 178,186,212,331,339 b/l/a/j.java, line(s) 2278,2279,2290 b/o/b/d.java, line(s) 90 b/q/d/k.java, line(s) 27 b/u/b0.java, line(s) 70 b/u/c0.java, line(s) 29,53 b/u/d0.java, line(s) 26,48 b/u/e0.java, line(s) 21 b/u/y.java, line(s) 541,1123,146,545 b/v/a/a/g.java, line(s) 1010 com/appyvet/materialrangebar/RangeBar.java, line(s) 298,366,707,727,759,794,824 com/dmz/f20ad/App.java, line(s) 158 com/dmz/f20ad/activity/DeviceDetailsActivity.java, line(s) 1051 com/dmz/f20ad/activity/EditMediaActivity.java, line(s) 128 com/dmz/f20ad/activity/MainActivity.java, line(s) 87,105,182,208,209,211,223,384,440,442,635,638,647,684,121,132,142,153,160,166,172,178,600 com/dmz/f20ad/activity/MaterialEditActivity.java, line(s) 131,717,858,898,931 com/dmz/f20ad/activity/MediaCloudPreviewActivity.java, line(s) 277 com/dmz/f20ad/activity/PdfActivity.java, line(s) 79,130,58 com/dmz/f20ad/activity/WebViewActivity.java, line(s) 65,159,165,171,184,204 com/dmz/f20ad/camera/CameraView.java, line(s) 307 com/dmz/f20ad/camera/camera2/AutoFitTextureView.java, line(s) 81 com/dmz/f20ad/connect/RecordService.java, line(s) 150 com/dmz/f20ad/connect/UdpService.java, line(s) 151,175,210,228,309,325,331,366,373,110,257 com/dmz/f20ad/fragment/DesignFragment.java, line(s) 84,104,141 com/dmz/f20ad/fragment/DeviceManagerFragment.java, line(s) 323,332,402,1028,1171,814 com/dmz/f20ad/fragment/ProjectonFragment.java, line(s) 194,310 com/dmz/f20ad/fragment/ShareFragment.java, line(s) 106 com/dmz/f20ad/lwplayer/FFmpegCmd.java, line(s) 55 com/dmz/f20ad/lwplayer/FFmpegUtil.java, line(s) 73,84 com/dmz/f20ad/lwplayer/VideoPlayer.java, line(s) 65,73 com/dmz/f20ad/model/DaoMaster.java, line(s) 25,42 com/dmz/f20ad/view/CircleBorderView.java, line(s) 134 com/dmz/f20ad/view/ImagePlayView.java, line(s) 157 com/dmz/f20ad/view/ResizableImageView.java, line(s) 416,536 com/dmz/f20ad/view/ResizableVideoView.java, line(s) 96,107,116,129,139,230,357,396,423,431,574,668,713 com/dmz/f20ad/view/VideoGestureView.java, line(s) 77,182,252,433 com/github/barteksc/pdfviewer/PDFView.java, line(s) 391,964 com/shockwave/pdfium/PdfiumCore.java, line(s) 46,38,128,132 d/a/a/f.java, line(s) 576 d/b/a/a/a.java, line(s) 93 d/d/a/c.java, line(s) 231,244,249,252,268,278,230,237,243,248,251,267,274,422,238,423 d/d/a/l.java, line(s) 255,256 d/d/a/n/a.java, line(s) 583 d/d/a/o/d.java, line(s) 40,181,39,180 d/d/a/o/e.java, line(s) 71,86,102,70,85,101 d/d/a/p/a/b.java, line(s) 58,57 d/d/a/q/m/b.java, line(s) 30,29 d/d/a/q/m/j.java, line(s) 63,151,62,66,72,79,148,76,82 d/d/a/q/m/l.java, line(s) 32,31 d/d/a/q/m/p/b.java, line(s) 102,101 d/d/a/q/m/p/d.java, line(s) 57,56 d/d/a/q/n/b0.java, line(s) 55,56 d/d/a/q/n/c0/i.java, line(s) 112,205,116,210 d/d/a/q/n/c0/j.java, line(s) 77,97,130,201,76,86,96,117,129,141,181,188,200,142,163,182,189,87 d/d/a/q/n/d0/e.java, line(s) 37,47,61,93,38,62,50,94 d/d/a/q/n/d0/j.java, line(s) 106,91 d/d/a/q/n/e0/a.java, line(s) 82,79 d/d/a/q/n/i.java, line(s) 363,176,362,410,193 d/d/a/q/n/j.java, line(s) 64,65 d/d/a/q/n/l.java, line(s) 15,171 d/d/a/q/n/r.java, line(s) 235 d/d/a/q/o/c.java, line(s) 16,15 d/d/a/q/o/d.java, line(s) 31,30 d/d/a/q/o/f.java, line(s) 84,83 d/d/a/q/o/s.java, line(s) 101,102 d/d/a/q/o/t.java, line(s) 39,38 d/d/a/q/p/a.java, line(s) 82,114,93,124 d/d/a/q/p/c/b0.java, line(s) 116,115 d/d/a/q/p/c/k.java, line(s) 189,250,260,272,297,321,339,371,377,179,184,249,259,271,296,320,338,348,351,354,361,364,376 d/d/a/q/p/c/n.java, line(s) 52,62,58,68 d/d/a/q/p/c/r.java, line(s) 126,127 d/d/a/q/p/c/z.java, line(s) 84,89,97,106,113,85,90,98,107,114,115,116,120 d/d/a/q/p/g/a.java, line(s) 73,80,87,125,76,83,90,126 d/d/a/q/p/g/d.java, line(s) 21,22 d/d/a/q/p/g/j.java, line(s) 44,45 d/d/a/r/e.java, line(s) 40,37,61,78,62,79 d/d/a/r/f.java, line(s) 11,10 d/d/a/r/k.java, line(s) 105,106 d/d/a/r/l.java, line(s) 174,175,184 d/d/a/r/o.java, line(s) 110,117,111,118 d/d/a/u/j.java, line(s) 382,18,109,272 d/d/a/u/l/i.java, line(s) 56,96,97,57 d/d/a/w/k/a.java, line(s) 40,43 d/e/a/h.java, line(s) 74,122 d/e/a/o/a.java, line(s) 247,325,318 d/e/a/o/t.java, line(s) 27 d/e/a/o/v/b.java, line(s) 647,658,660,662,113,115,125,127,137,139,522,626 d/e/a/o/y/a.java, line(s) 115,68,83,87,94,98,121 d/e/a/p/c0.java, line(s) 34,57 d/e/a/p/d0.java, line(s) 34,57 d/e/a/p/e0.java, line(s) 25 d/e/a/p/f0.java, line(s) 13 d/e/a/p/h0.java, line(s) 13 d/e/a/p/i0.java, line(s) 21 d/e/a/p/j0.java, line(s) 38,26 d/e/a/p/k0.java, line(s) 28,33 d/e/a/p/l0.java, line(s) 38,26 d/e/a/p/m0.java, line(s) 28,33 d/e/a/p/n0.java, line(s) 113,132,154,356,487,600,750,758,830,844,87,93,141,365,371,395,409,536,612 d/e/a/p/o0.java, line(s) 54,91 d/e/a/q/a1.java, line(s) 37 d/e/a/q/z0.java, line(s) 44,46 d/f/a/a/h.java, line(s) 118 d/f/a/a/j/a.java, line(s) 33 d/g/a/a/j/g.java, line(s) 35 d/g/a/a/m/a.java, line(s) 209 d/k/a/e.java, line(s) 18,46 d/m/a/e/d/a.java, line(s) 223 h/a/a/a/b/a.java, line(s) 565 i/a/a.java, line(s) 152 i/a/k/h.java, line(s) 55,76 l/a/a/g.java, line(s) 66,71 l/a/b/a.java, line(s) 747 me/zhanghai/android/materialprogressbar/BaseProgressLayerDrawable.java, line(s) 68 me/zhanghai/android/materialprogressbar/MaterialProgressBar.java, line(s) 144,153,322 net/sqlcipher/database/SQLiteCompiledSql.java, line(s) 37,44,55,68 net/sqlcipher/database/SQLiteDatabase.java, line(s) 342,561,569 net/sqlcipher/database/SQLiteDebug.java, line(s) 7,9,11,13,15,17 net/sqlcipher/database/SQLiteProgram.java, line(s) 43,56 net/sqlcipher/database/SQLiteQuery.java, line(s) 161
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: j/y.java, line(s) 270,269,277,268,268
已通过安全项 此应用程序没有隐私跟踪程序
此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。
综合安全基线评分总结
SpinDisplay v2.0.2.6
Android APK
62
综合安全评分
低风险