应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
pg 娱乐 v1.0.7.202506242308
51
安全评分
安全基线评分
51/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
1
高危
15
中危
2
信息
1
安全
隐私风险评估
1
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
1
中危安全漏洞
15
安全提示信息
2
已通过安全项
1
重点安全关注
0
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/yueyi/container/ui/ContainerActivity.java, line(s) 752,27,28
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (com.engagelab.privates.common.component.MTCommonActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/yueyi/container/API.java, line(s) 17,17,17,17 com/yueyi/container/BuildConfig.java, line(s) 10 com/yueyi/container/ui/UserAgentInterceptor.java, line(s) 15 com/yueyi/container/ui/web/CommonJavaScriptInterfaceKt.java, line(s) 18
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/hjq/permissions/PermissionFragment.java, line(s) 13 com/yueyi/container/util/BundleUtilKt.java, line(s) 9
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/drake/net/exception/NoCacheException.java, line(s) 23 com/engagelab/privates/common/global/MTGlobal.java, line(s) 40 com/engagelab/privates/core/constants/MTCoreConstants.java, line(s) 7 com/engagelab/privates/push/constants/MTPushConstants.java, line(s) 213,215,218,220,216 com/engagelab/privates/push/utils/NotificationUtil.java, line(s) 46 com/hjq/permissions/StartActivityManager.java, line(s) 9 com/yueyi/container/bean/ConfigItem.java, line(s) 113 com/yueyi/container/bean/LoginRequest.java, line(s) 87 com/yueyi/container/bean/RegisterRequest.java, line(s) 69 com/yueyi/container/util/DomainManager.java, line(s) 56,57 com/yxing/ScanCodeConfig.java, line(s) 11,13 io/ktor/client/request/forms/FormPart.java, line(s) 62 io/ktor/http/HttpHeaders.java, line(s) 82 io/ktor/http/auth/HttpAuthHeader.java, line(s) 374,380 io/ktor/util/PlatformUtilsJvmKt.java, line(s) 8
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/lxj/xpopup/util/XPopupUtils.java, line(s) 354,377 com/yueyi/container/ui/ContainerActivity.java, line(s) 877 com/yxing/utils/BitmapUtils.java, line(s) 120,123
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/drake/net/utils/FileUtilsKt.java, line(s) 34 com/engagelab/privates/common/utils/StringUtil.java, line(s) 55,78,112,164 com/yueyi/container/util/DomainManager.java, line(s) 77 com/yueyi/container/util/SpannableKt.java, line(s) 69 io/ktor/client/plugins/cache/storage/FileCacheStorage.java, line(s) 58
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/yueyi/container/ui/web/CommonJavaScriptInterfaceKt.java, line(s) 38,19
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/yueyi/container/ui/web/CommonJavaScriptInterfaceKt.java, line(s) 28,19
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/engagelab/privates/common/utils/StringUtil.java, line(s) 95 io/ktor/util/CryptoKt__CryptoJvmKt.java, line(s) 47
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/drake/net/cookie/PersistentCookieJar.java, line(s) 6,7,78
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 Engagelab-推送SDK的=> "ENGAGELAB_PRIVATES_APPKEY" : "67ac36c92477d81f6835b213" Engagelab-推送SDK的=> "ENGAGELAB_PRIVATES_CHANNEL" : "developer" "ENGAGELAB_PRIVATES_CHANNEL_high" : "HIGH" "ENGAGELAB_PRIVATES_CHANNEL_low" : "LOW" "ENGAGELAB_PRIVATES_CHANNEL_normal" : "NORMAL" "ENGAGELAB_PRIVATES_CHANNEL_silence" : "SILENCE" 258EAFA5-E914-47DA-95CA-C5AB0DC85B11
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 1811,1216,1316,1320,1397,1401,579,693,1491,1500,1526,1535,2214 com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java, line(s) 379 com/drake/net/Net.java, line(s) 470 com/drake/net/log/LogRecorder.java, line(s) 157,230 com/engagelab/privates/common/a.java, line(s) 89,96 com/engagelab/privates/common/a0.java, line(s) 41,75,153,164,220,230,235,78,196,198 com/engagelab/privates/common/api/MTCommonPrivatesApi.java, line(s) 25,39,43,49,53,57,71,75,79,85,89,93,99,107 com/engagelab/privates/common/b.java, line(s) 26,37 com/engagelab/privates/common/b0.java, line(s) 67 com/engagelab/privates/common/binder/MTMessenger.java, line(s) 46,47,44,56,94,100,79,118,133,160,167,72,108,128,152,187,189,210,212 com/engagelab/privates/common/binder/MainMessengerHandler.java, line(s) 24 com/engagelab/privates/common/binder/RemoteMessengerHandler.java, line(s) 32 com/engagelab/privates/common/business/lifecycle/MTLifecycleBusiness.java, line(s) 50,64,80 com/engagelab/privates/common/business/network/MTNetworkBusiness.java, line(s) 78,84,113 com/engagelab/privates/common/business/network/MTNetworkListener.java, line(s) 21,28 com/engagelab/privates/common/c.java, line(s) 32,34,38,46,53,60,66 com/engagelab/privates/common/c0.java, line(s) 120 com/engagelab/privates/common/component/MTCommonActivity.java, line(s) 61,22,42,86 com/engagelab/privates/common/component/MTCommonReceiver.java, line(s) 69 com/engagelab/privates/common/component/MTCommonService.java, line(s) 19,25 com/engagelab/privates/common/component/TransferCheck.java, line(s) 17 com/engagelab/privates/common/d.java, line(s) 50,56,66,72,77,83,103,115,105,46 com/engagelab/privates/common/d0.java, line(s) 197,210,105,110 com/engagelab/privates/common/e.java, line(s) 31,65,78,68,71,24,49,52,61 com/engagelab/privates/common/e0.java, line(s) 79,83,103,119,133,56,61,86,106,121 com/engagelab/privates/common/f.java, line(s) 47,49,62,69,93,97,108,118,125,139,153,156,160,198,206,213,219,227,248,250,277,290,297,306,308,350,351,352,381,402,411,44,40,59,66,115,122,145,240,254,260,263,303 com/engagelab/privates/common/f0.java, line(s) 45,54,57,84,93,96,100,104,107,113,116,120,124,128,131,136,140,144,148,151,154,163,185,188,194,216,229,234,240,248,253,256,281,290,333,353,203,342,395,397,69,79,179,206,224,284,320,367,385 com/engagelab/privates/common/g.java, line(s) 28,53,65,69,74,78,83,88,108,113,50,43,101,104,118,123,129,135,140,146,154,161,169,170,171 com/engagelab/privates/common/g0.java, line(s) 63,98,45,60,95 com/engagelab/privates/common/global/MTGlobal.java, line(s) 606,95,106,117,128,139,150,161,172,183,194,205,216,227,238,279,293,301,337,345,376,398,409,429,437,444,452,460,503,516,541,568,588 com/engagelab/privates/common/h0.java, line(s) 15,27 com/engagelab/privates/common/handler/CommonHandler.java, line(s) 38 com/engagelab/privates/common/handler/CommonHandlerThread.java, line(s) 18 com/engagelab/privates/common/handler/MTHandler.java, line(s) 47,131,136,38,60,72,89,106,139 com/engagelab/privates/common/i.java, line(s) 72,78,113,126,141,145,165,182,199,242,65,88,91,94,97,100,103,239,252,257,262,267,272,277,133,158,161,169,177,191 com/engagelab/privates/common/i0.java, line(s) 25,30 com/engagelab/privates/common/j.java, line(s) 43,62,67,77,82,108,109,110,118,138,148,161,183,207,229,258,93,97,210,239,268 com/engagelab/privates/common/j0.java, line(s) 65,67,43,47,48,52,71,89 com/engagelab/privates/common/k.java, line(s) 71,76,82,116,120,124,128,145,171,176,181,204,208,211,225,105,164,215,245,291 com/engagelab/privates/common/k0.java, line(s) 40,46,67,54,88,103 com/engagelab/privates/common/l.java, line(s) 35,37,42,45,51,55,58,76,78,82,92,94,100,101,105,118,121,67,124 com/engagelab/privates/common/l0.java, line(s) 51,60,71,113,115,120,126,129,172,207,210,214,256,260,264,268,273,304,328,331,347,351,395,407,429,435,443,447,455,456,464,471,473,476,482,493,498,503,509,513,540,560,136,84,97,144,148,229,284,321,339,362,373,392,424,579 com/engagelab/privates/common/log/MTCommonLog.java, line(s) 17,22,39,62 com/engagelab/privates/common/n.java, line(s) 30,57,114,32,39,49,77 com/engagelab/privates/common/o0.java, line(s) 82,90,97,112,115,128,142,156,170,184,191,195,203,216,237,269,309,325,333,338,340,348,361,374,387,389,395,416,462,478,483,490,106,437,465,509,518,536,561,209,500,527,531,549,593 com/engagelab/privates/common/observer/MTObservable.java, line(s) 68,39,40,143 com/engagelab/privates/common/p.java, line(s) 50,74,156,162,174,186,207,233,243,249,262,265,270,311,315,343,349,377,396,411,414,420,423,430,434,444,457,463,489,543,546,79,81,88,94,101,105,109,139,149,152,181,191,195,212,216,305,365,468,473,478,481,571 com/engagelab/privates/common/p0.java, line(s) 20,116,37,105,109,113,134,22,26,45,59,77 com/engagelab/privates/common/q0.java, line(s) 19,23 com/engagelab/privates/common/r.java, line(s) 97,105,108,121,160,165,212,215,272,297,341,367,372,147,175,179 com/engagelab/privates/common/r0.java, line(s) 92,116,40,54,102,121 com/engagelab/privates/common/s0.java, line(s) 52,59,82,107,113,42,65,87,93,118 com/engagelab/privates/common/t.java, line(s) 64,72 com/engagelab/privates/common/t0.java, line(s) 144,168,239,305,341,64,81,154,173,199,225,310,351 com/engagelab/privates/common/u.java, line(s) 84,90,91,93,97,100,111,115,116,120,45,48,55,73,77,123,127,130,149,156 com/engagelab/privates/common/u0.java, line(s) 33,58,63 com/engagelab/privates/common/utils/FileUtils.java, line(s) 62,84,93,196,123,133,152,163,229,241,254,297 com/engagelab/privates/common/utils/GZipUtil.java, line(s) 19,42,67 com/engagelab/privates/common/utils/Guard.java, line(s) 19,21,22,25 com/engagelab/privates/common/utils/RsaUitl.java, line(s) 23,32,41 com/engagelab/privates/common/utils/SM4Util.java, line(s) 80,81 com/engagelab/privates/common/utils/Utils.java, line(s) 248 com/engagelab/privates/common/v.java, line(s) 69,73,112,121,135,25,32,38,43,52,67,141,158 com/engagelab/privates/common/w.java, line(s) 71,241,251,127,235,262 com/engagelab/privates/common/x0.java, line(s) 24,47,61 com/engagelab/privates/common/z.java, line(s) 77,82,107 com/engagelab/privates/core/api/MTCorePrivatesApi.java, line(s) 23,27,40,44,62,66,108,116,124,140,146,162,168,182,196,210,246,250 com/engagelab/privates/inapp/business/helper/WebInterface.java, line(s) 18,19,23 com/engagelab/privates/push/api/MTPushPrivatesApi.java, line(s) 106,193,51,55,59,63,74,84,94,102,112,125,129,139,143,153,157,161,165,176,186,195,199,231,235,245,249,253,264,268,279,283,294,298,309,313,324,332,340,350,358,366,370,381,389,393,403,407,417,427,431,435,445,449,460,464,468,472,476,480,494,498,502,506,510,525,536,540,546,554,558,564,572,576,580,584,595,599,610,626 com/engagelab/privates/push/utils/NotificationChannelUtil.java, line(s) 64,66,88,83 com/engagelab/privates/push/utils/NotificationUtil.java, line(s) 82,222,243,246,279,287,338,375,496,547,692,359,486,501,524,535,126,147,205,229,266,342,358,378,447,451,456,482,575,593,603,619,636,660,697,732 com/lxj/xpopup/core/BasePopupView.java, line(s) 873,877,881,885 com/lxj/xpopup/util/KeyboardUtils.java, line(s) 38 com/lxj/xpopup/util/XPermission.java, line(s) 349 com/lxj/xpopup/widget/SmartDivider.java, line(s) 27 com/lzf/easyfloat/permission/PermissionUtils.java, line(s) 84 com/lzf/easyfloat/permission/rom/HuaweiUtils.java, line(s) 36,42,45,53 com/lzf/easyfloat/permission/rom/MeizuUtils.java, line(s) 25,28,37 com/lzf/easyfloat/permission/rom/MiuiUtils.java, line(s) 23,24,37,57,72,83,94,112 com/lzf/easyfloat/permission/rom/OppoUtils.java, line(s) 23 com/lzf/easyfloat/permission/rom/QikuUtils.java, line(s) 22,38 com/lzf/easyfloat/utils/Logger.java, line(s) 61,77,45,53,69 com/yueyi/container/App.java, line(s) 61,79 com/yueyi/container/util/DomainManager.java, line(s) 102,109,133 com/yxing/ScanCodeActivity.java, line(s) 265 com/yxing/utils/AudioUtil.java, line(s) 39,75,85 io/ktor/client/plugins/logging/SimpleLogger.java, line(s) 11 io/ktor/http/parsing/DebugKt.java, line(s) 77 io/ktor/util/CoroutinesUtilsKt.java, line(s) 23,29
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/yueyi/container/ui/web/CommonJavaScriptInterface.java, line(s) 4,414,415
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/drake/net/utils/HttpsKt.java, line(s) 60,28,59,49,58,58 com/engagelab/privates/common/i.java, line(s) 58,57,244,56,56
综合安全基线评分总结
pg 娱乐 v1.0.7.202506242308
Android APK
51
综合安全评分
中风险