应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Uptodown App Store v6.80
50
安全评分
安全基线评分
50/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
4
高危
27
中危
2
信息
3
安全
隐私风险评估
5
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
4
中危安全漏洞
27
安全提示信息
2
已通过安全项
3
重点安全关注
0
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.uptodown.activities.MainActivity][android:host=https://dw.uptodown.com] App Link 资产验证 URL(https://dw.uptodown.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:404)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/uptodown/activities/preferences/a.java, line(s) 91
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/mbridge/msdk/click/m.java, line(s) 191,15,16 com/mbridge/msdk/mbbanner/common/communication/BannerExpandDialog.java, line(s) 184,15 com/mbridge/msdk/video/bt/module/MBridgeBTWebView.java, line(s) 356,13 com/mbridge/msdk/video/module/MBridgeAlertWebview.java, line(s) 95,6 com/mbridge/msdk/video/module/MBridgeH5EndCardView.java, line(s) 738,17
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个5隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (com.uptodown.tv.ui.activity.TvMainActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.uptodown.core.activities.InstallerActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.uptodown.activities.SearchActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.uptodown.receivers.BootDeviceReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.uptodown.receivers.MyAppUpdatedReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.uptodown.receivers.DownloadNotificationReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.uptodown.receivers.DownloadUpdateNotificationReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.inmobi.cmp.presentation.components.CmpActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (org.matomo.sdk.extra.InstallReferrerReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.mbridge.msdk.foundation.same.broadcast.NetWorkChangeReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 高优先级 Intent(999) - {17} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: U2/v.java, line(s) 6,7,1459,1878 Y/M.java, line(s) 5,6,149,186,235,251,524,536,574,684 Y/W.java, line(s) 4,5,159 com/mbridge/msdk/foundation/db/BatchReportDao.java, line(s) 6,79 com/mbridge/msdk/foundation/db/b.java, line(s) 6,84 com/mbridge/msdk/foundation/db/c.java, line(s) 5,56 com/mbridge/msdk/foundation/db/e.java, line(s) 6,127,183,222,334,616,1286 com/mbridge/msdk/foundation/db/g.java, line(s) 4,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95 com/mbridge/msdk/foundation/download/database/DatabaseHelper.java, line(s) 6,91,159,205,280,289 com/mbridge/msdk/newreward/function/d/c.java, line(s) 3,4,21,28,29 com/mbridge/msdk/tracker/b.java, line(s) 4,5,22,36,37,51,52
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: A0/b.java, line(s) 75 b0/C0237e.java, line(s) 80 b0/C0325e.java, line(s) 84 b0/w.java, line(s) 120 com/mbridge/msdk/MBridgeConstans.java, line(s) 17,52 com/mbridge/msdk/foundation/download/core/DownloadCommon.java, line(s) 21 com/mbridge/msdk/foundation/download/core/DownloaderReporter.java, line(s) 12 com/mbridge/msdk/foundation/entity/CampaignEx.java, line(s) 39 com/mbridge/msdk/foundation/entity/n.java, line(s) 182 com/mbridge/msdk/newreward/player/MBRewardVideoActivity.java, line(s) 44 com/mbridge/msdk/newreward/player/imodel/IBigTempModel.java, line(s) 10,13 com/mbridge/msdk/newreward/player/imodel/IECModel.java, line(s) 38,47,41,26,20,23,44,33 com/mbridge/msdk/newreward/player/imodel/IMoreOfferModel.java, line(s) 6,9,12,15 com/mbridge/msdk/newreward/player/imodel/IPlayModel.java, line(s) 45,57,74,81,48,36,30,33,68,54,39 com/mbridge/msdk/newreward/player/iview/IBaseWebView.java, line(s) 21,15,18 com/mbridge/msdk/newreward/player/iview/IMetaData.java, line(s) 18 com/mbridge/msdk/newreward/player/model/BigTemplateModel.java, line(s) 47 com/mbridge/msdk/newreward/player/model/ECTempleModel.java, line(s) 90,123,159,163 com/mbridge/msdk/newreward/player/model/MoreOfferModel.java, line(s) 51,43,39,47 com/mbridge/msdk/newreward/player/model/PlayTempleModel.java, line(s) 279,164,155,247,203 com/mbridge/msdk/newreward/player/model/WebTemplateModel.java, line(s) 249,170,161,205 com/mbridge/msdk/newreward/player/model/WebViewECModel.java, line(s) 99,134,174 com/mbridge/msdk/newreward/player/view/WebViewTemplate.java, line(s) 373,397,423 com/mbridge/msdk/newreward/player/view/ectemplate/WebViewEC.java, line(s) 155,179,203 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSessionManager.java, line(s) 36 com/mbridge/msdk/video/dynview/moffer/MOfferModel.java, line(s) 117
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: H3/AbstractC1800a.java, line(s) 3 H3/C1801b.java, line(s) 3 H3/a.java, line(s) 3 H3/b.java, line(s) 3 M0/AbstractC1053o.java, line(s) 9 M0/AbstractC2090o.java, line(s) 9 M0/x.java, line(s) 7 S2/A.java, line(s) 8 S2/AbstractC0512b.java, line(s) 8 S2/AbstractC0679b.java, line(s) 9 T2/b.java, line(s) 16 com/mbridge/msdk/dycreator/baseview/rewardpopview/MBAcquireRewardPopView.java, line(s) 29 com/mbridge/msdk/playercommon/exoplayer2/source/ShuffleOrder.java, line(s) 4 com/mbridge/msdk/playercommon/exoplayer2/trackselection/RandomTrackSelection.java, line(s) 7 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/CachedContentIndex.java, line(s) 21 com/mbridge/msdk/thrid/okhttp/OkHttpClient.java, line(s) 29 com/mbridge/msdk/thrid/okhttp/internal/ws/RealWebSocket.java, line(s) 26 com/mbridge/msdk/thrid/okhttp/internal/ws/WebSocketWriter.java, line(s) 10 i3/C1821a.java, line(s) 5 i3/a.java, line(s) 4 j$/util/C0021j.java, line(s) 7 j$/util/C0023l.java, line(s) 4 j$/util/C0028q.java, line(s) 7 j$/util/C0151w.java, line(s) 4 j$/util/C1843j.java, line(s) 7 j$/util/C1845l.java, line(s) 4 j$/util/C1850q.java, line(s) 7 j$/util/C1973w.java, line(s) 4 j$/util/Collection$EL.java, line(s) 8 j$/util/DesugarCollections.java, line(s) 5 j$/util/concurrent/ThreadLocalRandom.java, line(s) 15
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/mbridge/msdk/foundation/webview/BrowserView.java, line(s) 167,164 com/mbridge/msdk/mbsignalcommon/base/BaseWebView.java, line(s) 86,83 com/mbridge/msdk/newreward/player/view/hybrid/MBWebView.java, line(s) 50,47
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: U2/C1233m.java, line(s) 562,571 U2/C2445m.java, line(s) 795,804 U2/y.java, line(s) 41,196 W1/C0535g.java, line(s) 171 W1/C0536h.java, line(s) 28,34,78,93,102,69,75,88 W1/C0702g.java, line(s) 185 W1/C0703h.java, line(s) 29,35,79,94,103,70,76,89 W1/E.java, line(s) 17 com/mbridge/msdk/foundation/same/report/b/d.java, line(s) 148 com/mbridge/msdk/foundation/tools/ai.java, line(s) 49,60,70 com/uptodown/core/activities/FileExplorerActivity.java, line(s) 349,407,2685,2824,3584
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: W1/C0534f.java, line(s) 95 W1/C0701f.java, line(s) 98 com/mbridge/msdk/foundation/download/resource/MBResourceManager.java, line(s) 95 com/mbridge/msdk/foundation/tools/ac.java, line(s) 19,34 l2/C1028b.java, line(s) 16 l2/C2058b.java, line(s) 17
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: G1/c.java, line(s) 80,77
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/mbridge/msdk/playercommon/exoplayer2/util/Util.java, line(s) 175 t0/c.java, line(s) 82
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: t0/b.java, line(s) 53
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "com.google.firebase.crashlytics.mapping_file_id" : "31493085c7c14b0ab703ec3300d562d5" "dyStrategy.privateAddress" : "privateAddress" "google_api_key" : "AIzaSyBaooNElLxTgeKdljNdrXJQg5-mA_U1Lko" "google_app_id" : "1:171380306104:android:4e827fc7c388aeec79c44d" "google_crash_reporting_api_key" : "AIzaSyBaooNElLxTgeKdljNdrXJQg5-mA_U1Lko" "more_info_author" : "Author" "username_edit_change" : "Change" "more_info_author" : "Autor" "recuperar_pass" : "Passwortwiederherstellung" "more_info_author" : "Autor" "more_info_author" : "Autor" "username_edit_change" : "Cambiar" "more_info_author" : "Pencipta" "username_edit_change" : "Ubah" "more_info_author" : "Autor" "username_edit_change" : "Alterar" "more_info_author" : "Auteur" "username_edit_change" : "Changement" "more_info_author" : "Yazar" "more_info_author" : "Autore" "username_edit_change" : "Cambia" DFKwWgtuDkKwLZPwD+z8H+N/xjQZxVfV+T2SZVe6V2xS5c5n eyJ2YWx1ZSI6IjRhOTRiN2I1MTk1NGVkNGMyMjZjZGM1MGMxZDE5Yjk2MTY4MzY5OTE1NCJ9 HkzwDFeD4QuyLdx5igfZYcu9xTM9NN== DFK/HrQgJ+zQW+xUhoPwJ7JgY7K0DkeAWrfXYN== 7e5347690cfae30d311f1b31465c33f6 h7KsLkfPW+xUhoPwJ7JgY7K0DkeAWrfXYN== DFKwWgtuDkKwLZPwD+z8H+N/xj26Vjcdx5KanjKnxVN= DFKwWgtuDkKwLZPwD+z8H+N/xjK+n3eyNVx6ZVPn5jcincKZx5f5ncN= 822b9ca12b534ebcf426632221d951bfc60eb08f9f0cf2839c321b0685c2e8a4 470fa2b4ae81cd56ecbcda9735803434cec591fa DkPtYdQTLkfAW+xUhoPwJ7JgY7K0DkeAWrfXYN== 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 LdxThdi1WBKUL75ULBPwJ7JgY7K0DkeAWrfXYN== h7KsLkfPW+xUhoPBD+QqJk2MWrfXYN== LdxThdi1WBKUL75ULBPBD+QqJk2MWrfXYN== DFKwWgtuDkKwLZPwD+z8H+N/xj26Vjcdx5KyVj5GxVN= DkP3hrKuHoPMH+zwL+fALkK/WQc5x5zH+TcincKNNVfWNVJcVM== DFK/HrQgJ+zQW+xUhoPBD+QqJk2MWrfXYN== 0000016742C00BDA259000000168CE0F13200000016588840DCE7118A0002FBF1C31C3275D78 Y7c14Z2TDbv/Y+xgHFeXDrcshBPUYFT= DFeuWkH0W+xUhoPwJ7JgY7K0DkeAWrfXYN== 936dcbdd57fe235fd7cf61c2e93da3c4
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: B1/C.java, line(s) 90,92 B1/C0548h.java, line(s) 27 B1/C0880h.java, line(s) 32 B1/E.java, line(s) 75,93,164,180,197,206,256,259,280,109,286 B1/H.java, line(s) 48,62,36,55 B1/l.java, line(s) 58,65 B1/y.java, line(s) 137,89,275 C/a.java, line(s) 117,157 C/d.java, line(s) 23,41,50,60 C1/C0564a.java, line(s) 98,103,122,126 C1/C0916a.java, line(s) 113,118,137,141 C2/b.java, line(s) 36,51 D1/C0793c.java, line(s) 122 D1/C1556c.java, line(s) 132,423,442,158,321,407 D1/f.java, line(s) 39 G/g.java, line(s) 36 G0/AbstractC1745a.java, line(s) 55,74,73,32,49 G0/a.java, line(s) 55,74,73,32,49 I/A.java, line(s) 29,36,28,35 I/AbstractC0072b.java, line(s) 36,49,137,140 I/AbstractC0332b.java, line(s) 37,50,138,141 I/C0073c.java, line(s) 91,104,125,173,188,312,90,103,124,172,187,311,121,141,153,195,216,262 I/C0333c.java, line(s) 94,107,128,176,191,315,93,106,127,175,190,314,124,144,156,198,219,265 I/D.java, line(s) 53,52 I/E.java, line(s) 47,29,68 I/k.java, line(s) 16,13,13 I/x.java, line(s) 36,77,146,35,76,90,145,191,223,252,281,91,192,224,253,282,43,180 I/y.java, line(s) 23 I0/C1804a.java, line(s) 85,89 I0/a.java, line(s) 84,88 J/AbstractC0090l.java, line(s) 36,102,48,86,121,133,143,149,152,154,158 J/AbstractC0350l.java, line(s) 36,102,48,86,121,133,143,149,152,154,158 J/C0085g.java, line(s) 114,161,168 J/C0091m.java, line(s) 42,108 J/C0345g.java, line(s) 114,161,168 J/C0351m.java, line(s) 43,130 J/D.java, line(s) 72,90,94,120,124,54 J/I.java, line(s) 54,57,35 J/N.java, line(s) 53,55,49 J/q.java, line(s) 24 J/z.java, line(s) 48 J0/C1980a.java, line(s) 127,197,209,279,222,294 J0/a.java, line(s) 127,197,209,283,222,298 L/x.java, line(s) 49 M/A.java, line(s) 96,99,102,105,108,111,119,122,125,128,161,169 M/AbstractBinderC0097a.java, line(s) 18 M/AbstractBinderC0563a.java, line(s) 18 M/AbstractC0099c.java, line(s) 195,213,385,391,395,401 M/AbstractC0565c.java, line(s) 199,217,389,395,399,405 M/D.java, line(s) 27 M/Y.java, line(s) 34 M/b0.java, line(s) 102 M/c0.java, line(s) 29 M/d0.java, line(s) 36 M/f0.java, line(s) 40,58 M/l0.java, line(s) 49,54 M/p0.java, line(s) 55 N/f.java, line(s) 102 P0/C1100f.java, line(s) 246,192,196,209 P0/C2216f.java, line(s) 264,210,214,227 Q/b.java, line(s) 58,69 R/C0805k.java, line(s) 36,65,72,75,88,91,94,97,100 R/C2264k.java, line(s) 36,65,72,75,88,91,94,97,100 R/f.java, line(s) 17 R/o.java, line(s) 19,16 R/p.java, line(s) 66,74,47,56 S0/C1179g.java, line(s) 26,33,36,45,83 S0/C2348g.java, line(s) 29,36,39,48,86 S0/o.java, line(s) 101 U0/c.java, line(s) 88,91,113,121,122,142,144 U2/v.java, line(s) 679,682,683 V0/g.java, line(s) 28,38,15,48,58,68 V1/c.java, line(s) 32,34 W1/AbstractC1246d.java, line(s) 18,11 W1/AbstractC2486d.java, line(s) 18,11 Y0/C1348x.java, line(s) 129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147 Y0/C2628x.java, line(s) 147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165 c4/d.java, line(s) 84 com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 641,206,210,389,393,461,1477,1700,2070 com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java, line(s) 120 com/mbridge/msdk/dycreator/a/a.java, line(s) 83,84,85,89,97,99,199,213,268 com/mbridge/msdk/dycreator/baseview/MBScrollView.java, line(s) 160 com/mbridge/msdk/dycreator/baseview/extview/MBExtAcquireRewardPopView.java, line(s) 198 com/mbridge/msdk/dycreator/baseview/extview/MBExtFeedBackView.java, line(s) 241 com/mbridge/msdk/dycreator/baseview/extview/MBExtMBridgeBaitClickView.java, line(s) 200 com/mbridge/msdk/dycreator/baseview/extview/MBExtMBridgeTextView.java, line(s) 251 com/mbridge/msdk/dycreator/bus/BackgroundPoster.java, line(s) 47 com/mbridge/msdk/dycreator/bus/EventBus.java, line(s) 163,489,491,495,244,334,389 com/mbridge/msdk/dycreator/e/g.java, line(s) 11 com/mbridge/msdk/foundation/same/report/b/b.java, line(s) 76 com/mbridge/msdk/foundation/same/report/b/d.java, line(s) 67 com/mbridge/msdk/foundation/same/report/d.java, line(s) 77 com/mbridge/msdk/foundation/tools/ac.java, line(s) 21 com/mbridge/msdk/foundation/tools/af.java, line(s) 35,84,42,63,49,56,77,91 com/mbridge/msdk/playercommon/exoplayer2/DefaultRenderersFactory.java, line(s) 67,74,78,89,94,98,130 com/mbridge/msdk/playercommon/exoplayer2/ExoPlayerImpl.java, line(s) 130,499,600 com/mbridge/msdk/playercommon/exoplayer2/ExoPlayerImplInternal.java, line(s) 641,826,1166,1171,1176,1239 com/mbridge/msdk/playercommon/exoplayer2/MediaPeriodHolder.java, line(s) 172 com/mbridge/msdk/playercommon/exoplayer2/SimpleExoPlayer.java, line(s) 262,801 com/mbridge/msdk/playercommon/exoplayer2/audio/DefaultAudioSink.java, line(s) 632,183,192,201,663 com/mbridge/msdk/playercommon/exoplayer2/drm/ClearKeyUtil.java, line(s) 44 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSession.java, line(s) 192,332 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSessionManager.java, line(s) 221 com/mbridge/msdk/playercommon/exoplayer2/extractor/mkv/MatroskaExtractor.java, line(s) 485 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp3/VbriSeeker.java, line(s) 65 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp3/XingSeeker.java, line(s) 43 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/FragmentedMp4Extractor.java, line(s) 261,991 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/MetadataUtil.java, line(s) 170,58,65,71,192,236,248,258 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/PsshAtomUtil.java, line(s) 44,69 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/TrackEncryptionBox.java, line(s) 64 com/mbridge/msdk/playercommon/exoplayer2/extractor/ogg/VorbisUtil.java, line(s) 210 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/AdtsReader.java, line(s) 106 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/H265Reader.java, line(s) 252 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/Id3Reader.java, line(s) 32 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/PesReader.java, line(s) 57,110,113 com/mbridge/msdk/playercommon/exoplayer2/extractor/wav/WavHeaderReader.java, line(s) 49 com/mbridge/msdk/playercommon/exoplayer2/mediacodec/MediaCodecInfo.java, line(s) 92,96,48 com/mbridge/msdk/playercommon/exoplayer2/mediacodec/MediaCodecUtil.java, line(s) 457,272,281,290,297,300,334,357,362,370,379 com/mbridge/msdk/playercommon/exoplayer2/metadata/id3/Id3Decoder.java, line(s) 193,198,207,218,375 com/mbridge/msdk/playercommon/exoplayer2/offline/DownloadManager.java, line(s) 305,442 com/mbridge/msdk/playercommon/exoplayer2/offline/DownloadService.java, line(s) 152 com/mbridge/msdk/playercommon/exoplayer2/source/chunk/BaseMediaChunkOutput.java, line(s) 49 com/mbridge/msdk/playercommon/exoplayer2/source/chunk/ChunkedTrackBlacklistUtil.java, line(s) 33,36 com/mbridge/msdk/playercommon/exoplayer2/text/cea/Cea708Decoder.java, line(s) 893,454,458,462,563,741,752,793,805,828,842 com/mbridge/msdk/playercommon/exoplayer2/text/cea/CeaUtil.java, line(s) 27 com/mbridge/msdk/playercommon/exoplayer2/text/dvb/DvbParser.java, line(s) 578 com/mbridge/msdk/playercommon/exoplayer2/text/ssa/SsaDecoder.java, line(s) 37,42,47,56 com/mbridge/msdk/playercommon/exoplayer2/text/subrip/SubripDecoder.java, line(s) 45,73,76 com/mbridge/msdk/playercommon/exoplayer2/text/ttml/TtmlDecoder.java, line(s) 350,86,97,113,260,266,275,280,305,309,361 com/mbridge/msdk/playercommon/exoplayer2/text/webvtt/WebvttCue.java, line(s) 69 com/mbridge/msdk/playercommon/exoplayer2/text/webvtt/WebvttCueParser.java, line(s) 121,252,255,355,384,428 com/mbridge/msdk/playercommon/exoplayer2/upstream/DefaultDataSource.java, line(s) 71 com/mbridge/msdk/playercommon/exoplayer2/upstream/DefaultHttpDataSource.java, line(s) 60 com/mbridge/msdk/playercommon/exoplayer2/upstream/Loader.java, line(s) 130,180,186,198 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/CachedRegionTracker.java, line(s) 137 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/SimpleCache.java, line(s) 87 com/mbridge/msdk/playercommon/exoplayer2/util/AtomicFile.java, line(s) 36,94 com/mbridge/msdk/playercommon/exoplayer2/util/EventLogger.java, line(s) 133,137 com/mbridge/msdk/playercommon/exoplayer2/video/DummySurface.java, line(s) 86,92 com/mbridge/msdk/playercommon/exoplayer2/video/MediaCodecVideoRenderer.java, line(s) 794,376,382,605 com/mbridge/msdk/tracker/b.java, line(s) 25,40,55 com/mbridge/msdk/tracker/c.java, line(s) 33,48,66,87,106,128,155,176,190,210,226,250,279,304,317,334,352,376,394 com/mbridge/msdk/tracker/j.java, line(s) 30 com/mbridge/msdk/tracker/k.java, line(s) 52,59,253,266,276 com/mbridge/msdk/tracker/m.java, line(s) 137,35,63,70,119,167 com/mbridge/msdk/tracker/n.java, line(s) 39,62,95,121 com/mbridge/msdk/tracker/network/ae.java, line(s) 51,55,82 com/mbridge/msdk/tracker/p.java, line(s) 33 com/mbridge/msdk/tracker/r.java, line(s) 39,152,162,277,291,307,50,60,121,168,173,185 com/mbridge/msdk/tracker/w.java, line(s) 98,101,104 com/mbridge/msdk/tracker/y.java, line(s) 132 com/mbridge/msdk/video/module/MBridgeBaseView.java, line(s) 158,170 com/mbridge/msdk/widget/FeedbackRadioGroup.java, line(s) 60 p/a.java, line(s) 45,50,37 t0/b.java, line(s) 57,74 u/AbstractC0845a.java, line(s) 15,22,29,14,21,28,42,43,49,50 u/AbstractC2418a.java, line(s) 15,22,29,14,21,28,42,43,49,50 x1/a.java, line(s) 119,117,113,124
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/uptodown/activities/preferences/AdvancedPreferencesActivity.java, line(s) 9,63,89,64,90
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: Y0/AbstractC1335j.java, line(s) 293,293,294 Y0/AbstractC2615j.java, line(s) 295,295,296
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/mbridge/msdk/thrid/okhttp/internal/Util.java, line(s) 406,405,404,404
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/171380306104/namespaces/firebase:fetch?key=AIzaSyBaooNElLxTgeKdljNdrXJQg5-mA_U1Lko ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
综合安全基线评分总结
Uptodown App Store v6.80
Android APK
50
综合安全评分
中风险