应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Aptoide v9.22.5.3
56
安全评分
安全基线评分
56/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
2
高危
23
中危
1
信息
4
安全
隐私风险评估
6
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
2
中危安全漏洞
23
安全提示信息
1
已通过安全项
4
重点安全关注
0
高危安全漏洞 Activity (cm.aptoide.pt.view.MainActivity) 的启动模式非 standard
Activity 启动模式设置为 "singleTask" 或 "singleInstance" 时,可能成为根 Activity,导致其他应用可读取调用 Intent 内容。涉及敏感信息时应使用 "standard" 启动模式。
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个6隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(cm.aptoide.pt.wallet.WalletInstallActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Content Provider (cm.aptoide.pt.toolbox.ToolboxContentProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(cm.aptoide.pt.DeepLinkIntentReceiver) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (cm.aptoide.pt.DeepLinkIntentReceiver) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (cm.aptoide.pt.install.InstalledBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (cm.aptoide.pt.widget.SearchWidgetProvider) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.INSTALL_PACKAGES [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 高优先级 Intent(999) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 IP地址泄露
IP地址泄露 Files: cm/aptoide/pt/BuildConfig.java, line(s) 37 cm/aptoide/pt/networking/UserAgentInterceptor.java, line(s) 26 i/a/g/l.java, line(s) 542
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: cm/aptoide/pt/BuildConfig.java, line(s) 23,32,33,28,20 cm/aptoide/pt/DeepLinkIntentReceiver.java, line(s) 58,59,66,68,70,76 cm/aptoide/pt/account/AccountAnalytics.java, line(s) 29 cm/aptoide/pt/account/AndroidAccountManagerPersistence.java, line(s) 26,28 cm/aptoide/pt/account/view/LoginSignUpCredentialsFragment.java, line(s) 43 cm/aptoide/pt/app/view/MoreBundleFragment.java, line(s) 41 cm/aptoide/pt/bottomNavigation/BottomNavigationActivity.java, line(s) 23 cm/aptoide/pt/database/room/RoomNotification.java, line(s) 6 cm/aptoide/pt/database/room/RoomStore.java, line(s) 10 cm/aptoide/pt/dataprovider/WebService.java, line(s) 25 cm/aptoide/pt/dataprovider/model/v3/CheckUserCredentialsJson.java, line(s) 226 cm/aptoide/pt/home/HomeFragment.java, line(s) 51 cm/aptoide/pt/home/bundles/BundlesRepository.java, line(s) 11 cm/aptoide/pt/networking/Pnp1AuthorizationInterceptor.java, line(s) 10 cm/aptoide/pt/preferences/LocalPersistenceAdultContent.java, line(s) 5,4 cm/aptoide/pt/preferences/managed/ManagedKeys.java, line(s) 13,18,8,25,26 cm/aptoide/pt/promotions/ClaimPromotionDialogFragment.java, line(s) 32 cm/aptoide/pt/themes/ThemeManager.java, line(s) 47 cm/aptoide/pt/view/DeepLinkManager.java, line(s) 62 cm/aptoide/pt/view/app/ListStoreAppsFragment.java, line(s) 27 cm/aptoide/pt/view/fragment/GridRecyclerSwipeWithToolbarFragment.java, line(s) 14 cm/aptoide/pt/view/settings/SettingsFragment.java, line(s) 63,65,61,62,60,66,67,68,70 com/aptoide/aptoide_ab_testing/model/Distribution.java, line(s) 76 com/aptoide/aptoide_ab_testing/model/EvalContext.java, line(s) 133 com/aptoide/aptoide_ab_testing/model/Flag.java, line(s) 194 com/aptoide/aptoide_ab_testing/model/PostEvaluationResponseJson.java, line(s) 146,146 com/aptoide/aptoide_ab_testing/model/Variant.java, line(s) 83
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: cm/aptoide/pt/database/room/RoomInstalled.java, line(s) 70 cm/aptoide/pt/install/installer/DefaultInstaller.java, line(s) 39 cm/aptoide/pt/view/ActivityModule.java, line(s) 230 e/h/a/k0/f.java, line(s) 507,507 io/sentry/android/core/w0.java, line(s) 97,190,79
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: cm/aptoide/pt/download/FileDownloadTask.java, line(s) 46 cm/aptoide/pt/utils/AptoideUtils.java, line(s) 1029 e/h/a/k0/f.java, line(s) 241
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: cm/aptoide/pt/ads/AdsRepository.java, line(s) 19 cm/aptoide/pt/utils/AptoideUtils.java, line(s) 64 i/a/g/h.java, line(s) 16 i/a/g/l.java, line(s) 26 j/t.java, line(s) 4
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: cm/aptoide/pt/preferences/PRNGFixes.java, line(s) 189,193 cm/aptoide/pt/utils/AptoideUtils.java, line(s) 951,1058 io/sentry/util/u.java, line(s) 19
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: c/u/a/g/a.java, line(s) 5,6,7,8,98,118 e/e/b/a/i/b0/j/r0.java, line(s) 5,6,129,220,243,268,335,396,532,647 e/e/b/a/i/b0/j/t0.java, line(s) 4,5,133 e/h/a/f0/d.java, line(s) 5,117,272,297 e/h/a/f0/e.java, line(s) 5,6,16,17,40,41,44,45 io/rakam/api/b.java, line(s) 6,7,8,9,10,237,238,239,240,426,427,428,429,458,470,471
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: c/r/b.java, line(s) 112 cm/aptoide/pt/account/view/PhotoFileGenerator.java, line(s) 29
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: io/sentry/android/core/internal/util/r.java, line(s) 27,27,27,27,27
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-5389160260063028~2982824200" "com.google.firebase.crashlytics.mapping_file_id" : "18651666d6e84952b2ae388bbb3f7e0e" "facebook_app_id" : "477114135645153" "facebook_client_token" : "ab3495bb67f3e5f6db2b832e09705991" "google_api_key" : "AIzaSyCc60S0ms7zR1xi4cp1JANTkBXF5NhcnTM" "google_app_id" : "1:163274999232:android:d2f50a914eb80031be7425" "google_crash_reporting_api_key" : "AIzaSyCc60S0ms7zR1xi4cp1JANTkBXF5NhcnTM" "password" : "Password" "search_suggestion_provider_authority" : "cm.aptoide.pt.provider.SearchSuggestionProvider" "store_suggestion_provider_authority" : "cm.aptoide.pt.provider.StoreSearchSuggestionProvider" "store_username" : "Nickname" "password" : "Passwort" "store_username" : "Nick" "password" : "Salasana" "store_username" : "Nimimerkki" "store_username" : "Nickname" "password" : "Wachtwoord" "store_username" : "Weergavenaam" "store_username" : "Pseudonim" "store_username" : "Pseudonim" "store_username" : "Pseudo" "password" : "Lozinka" "store_username" : "Nadimak" "store_username" : "Apodo" "password" : "Password" "store_username" : "Nickname" "password" : "Palavra-passe" "store_username" : "Alcunha" "password" : "Palavra-passe" "store_username" : "Apelido" "password" : "Password" "store_username" : "Nickname" "store_username" : "Nickname" "password" : "Password" "store_username" : "Nickname" b8af70fd9fdad33866f205f20eefc404 308203643082024ca0030201020204503fc625300d06092a864886f70d01010505003073310b30090603550406130270743110300e06035504081307556e6b6e6f776e310f300d060355040713064c6973626f6e31153013060355040a130c4361697861204d61676963613110300e060355040b13074170746f696465311830160603550403130f4475617274652053696c76656972613020170d3132303833303139353933335a180f32303934313031393139353933335a3073310b30090603550406130270743110300e06035504081307556e6b6e6f776e310f300d060355040713064c6973626f6e31153013060355040a130c4361697861204d61676963613110300e060355040b13074170746f696465311830160603550403130f4475617274652053696c766569726130820122300d06092a864886f70d01010105000382010f003082010a0282010100a7032cb40819b62cd596bc1c121951724e9a7d6612222d63dab58a18970339f77911b8e2a0665aa15efb051d4dd710c99e1fcaea006a651b7c113a71649c315e27122b9e0a214a240f34559394cca116c609d5bbf670ed85c7b983f0026154278bffd2b53d8aea4735ed99c39ea45db004c16bee078bb0b40e38ae510cacd1955a4e3eb90347d344cdcce07bddb89d9cd2077558914179a8157a87eac86e1b1a07a3f697a5f3f6512e276741d76bcc0c4809117c279fbd55d8c2b3d70468fbe4869394d9f2740bcccdf727da10c06de5c6a0d2f893bce078e058604726d32ab17e3b113a3dcbe0c22f2532738cae8cc5fa98c6b8306680b07ef8f0fca5d5910b0203010001300d06092a864886f70d01010505000382010100361152e42ece11bfd72e5795c9e91079b39c5280e30e3394671ca108fd7de9c3cebef2fc2f5ba752664ba44fcddaf49e91a1d7683cafdc11275fa7c1487ae78a659a8dae5d696cd93de810c67f127568dfa60c1962ec5ad2a3ea0560f75ad4a2ea9d388d4497b561242f090de2d3347dd32494ba6305735fa21d82f037f4355583fdfb1f46a56c19526969ba5f7f556cca9b9069cd9a9e3cd566d2b8c33138609e8794fb0abb11d33ed2c507f7f7df9ce24b3b64713ccdf2450bb5ec4efedba541dce271c8b3759b340b0467c06624cd3881b769a1d4a1b1fc0bec97d6b8561b032089ab8ca108595759bbd9b95fd43a3d28f518fb9d193125c8fa9b224f831c 89014bfa01a24259b961735ba5eda557 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 919afcc635fd11ea817c025656b09b22 7e316c0a1665c11b439c50fb81744638 c56fb7d591ba6704df047fd98f535372fea00211 308205653082034ca00302010202044df76b53300d06092a864886f70d01010505003073310b30090603550406130270743110300e06035504081307556e6b6e6f776e310f300d060355040713064c6973626f6131153013060355040a130c4361697861204d61676963613110300e060355040b1307556e6b6e6f776e311830160603550403130f4475617274652053696c76656972613020170d3131303631343134303831395a180f32303933303830323134303831395a3073310b30090603550406130270743110300e06035504081307556e6b6e6f776e310f300d060355040713064c6973626f6131153013060355040a130c4361697861204d61676963613110300e060355040b1307556e6b6e6f776e311830160603550403130f4475617274652053696c766569726130820222300d06092a864886f70d01010105000382020f003082020a02820201026cfe7512fa0c40520971ee83e227208e072a1e1962a4fd0cd5c709e33dc45ce856e9ddc2b9a918394e96ec462d5fea2db81c443b9dbedd75a1031a1f1593b86eef83302f9ecdc0dfd227a3e11ccedb056e58c79b9177dbefba122a390dac88a90a317cb55a9171ab428b46c2e29b5d7fef2e823f5985b9c165a1edba7c82b4f8d5e3aa346996019cb8b7bcc768f5fdae15975add5e53c1fc022e4c99dababf3a80c5a09680ba4b8889cc4399940d92d11c289268d3f2671b98f871964f21c5870d9a1c72c8fbea65a637a06643f246e733fff37b7db4020fd2b6e7343fdbac2ddd20f8a48710d944d8f76432a3225f72c6a50c4e76247fb9256f294eeb9e24080ad28094fbfcfa6e4b5a85d652b1c5d967b39ee1272955a134a0ff1e89bb01f98d710204c72ca4c9dd44ecdd81358a8ef920fa371edd1bfc097c81678aa31b059b9218eba5c0ed2c209bd799a3ecab19e5e3b0e3d18029bf156b37e091969b4e5ae5024475b038b4d841e0e88580fd433154f606f1f7c14527f00509dd7448911e1ec44cb1e94f7dce59459e95438c4a245103d14fff047f97d14bf38f1802d84727b0f3aa98e02e8840892c629e303f76965e186de1d92263ec17e35aa224c33856d59095cf9195042ebfb5fd4703ef8add7ccf923640f266c22e432232f5c6b0873d99ebd509f9e66a77506eabef04ae1d9cf5edb40e13bc1cff39917da8b70203010001300d06092a864886f70d010105050003820202000069a29624d30983fdec4c4bf685f2f479214fda52e272a74ae8aee8bc7aae441ba79977cdd251cf5b21c56ee631dd1e17da28a2bd87d1190b4c1cc440140251e38af40aa694e6d3965c31b36ade9deccde0ca403639031f44f42e395b575a125cd210fd54e9ac760af1ed72c7b91f8f771074f6cafe0d28ab840510ee98a46eb84225be218ff6f90d036f47ec2e7dbfa067e9498cc633e5cab354ab86013b4d8047312643cdfbb6b3654dc26a87af0f4d83b2b0c6ad28d026483788daeda241c8e2631311e0e0d48c6f9284904cc4df114336c207e4c4f468f80f82f2d6917d8ec6b9e63fa2a0f126f668f8220667c92d26d55b5da7a4144b8693c0dec479a3c63b1d43eb96868eac1cb786e2f4b327bad553fc9ffe2dada3ab11bd6b1d7a623a92e821192b0dbcdabf0e4c361561bb5abb970d11e477050d56957fc8961106d2aaf1f209cbdde733a7a6e0577fd35d32f048e887b0e92c9415871e5b0d7458fe682256494b6c9443d04a076842d56374ee4c184a5c64a71c6818eafaa6dcbd66aae917907080d4895b7b0c941a4fae00be891666c0bdeb8b9331d0ff61d7ec2c26b80156aa64263e925dc9d84279bdb1e27e0403b57c14a1b2647a98c858ee20c92b967fb1eb963147fe390958e7c914fce69e1e2eb06139279b70a8eeabe99500ddf04223c3343e5c9b2722635856c65593aae9d2dbf3da704f79e8145f008e 305bdd41-271f-4618-a1ea-0793da9e04ef df6b721c8b4d3b6eb44c861d4415007e5a35fc95 a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc ace60f6352f6dd9289843b5b0b2ab3d4 cc2751449a350f668590264ed76692694a80308a d37fe27d97b8305241dccf817ceb2c1d 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 jtcoe3puh462k3igthcrkmi918i30edh47c1tksma0pe1uqmuhc2o7i3g7ansalg 9b8f518b086098de3d77736f9458a3d2f6f95a37
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: c/a/k/a/a.java, line(s) 100 c/a/o/g.java, line(s) 126,159,240 c/g/b/d.java, line(s) 202 c/g/b/k/f.java, line(s) 328 c/i/e/c.java, line(s) 527,532 c/i/e/e.java, line(s) 83 c/i/e/f.java, line(s) 41,76 c/i/e/g.java, line(s) 49,107 c/i/e/j.java, line(s) 96,99 c/i/e/k.java, line(s) 96 c/i/i/b.java, line(s) 35,47,49,61,63,83,86 c/k/a/c.java, line(s) 396 c/o/a/a.java, line(s) 30 c/p/a/b.java, line(s) 45,60,68,92,189,208,316,343,349,52 c/p/b/c.java, line(s) 74 c/q/a/a.java, line(s) 160,165,172,176,192,202 c/r/a.java, line(s) 229,347,396,398,193,200,202,208,329,331,341,344,385,106,137,196,204,211,224,235,247,264,310 c/r/b.java, line(s) 53,64,66,93,95,113,129,169,211,233,283,295,299,301,306,89,97,106,221,237,252,291 c/s/a/b.java, line(s) 74 c/u/a/c.java, line(s) 36,39,51,29,43 c/v/a/c.java, line(s) 485,649,663,682 c/w/a.java, line(s) 35 c/x/i0.java, line(s) 34,86 c/x/y.java, line(s) 37,46,48 c/y/a/a/i.java, line(s) 246,249 cm/aptoide/aptoideviews/common/StringUtilsKt.java, line(s) 44,47 cm/aptoide/aptoideviews/downloadprogressview/DownloadProgressView$stateMachine$1.java, line(s) 48,206,327,493,619,747 cm/aptoide/pt/AptoideFirebaseNotificationService.java, line(s) 107 cm/aptoide/pt/app/view/AppCoinsInfoFragment.java, line(s) 127,130 cm/aptoide/pt/crashreports/CrashReport.java, line(s) 31,45,56 cm/aptoide/pt/dataprovider/ws/v7/ListSearchAppsRequest.java, line(s) 145 cm/aptoide/pt/editorial/EditorialFragment.java, line(s) 250 cm/aptoide/pt/editorialList/EditorialListFragment.java, line(s) 66 cm/aptoide/pt/home/HomeFragment.java, line(s) 96 cm/aptoide/pt/install/installer/Root.java, line(s) 32,33,43,44,66,67,96,97 cm/aptoide/pt/install/remote/RemoteInstallationSenderManager.java, line(s) 50,61,78,100 cm/aptoide/pt/logger/Logger.java, line(s) 66,90,71,98,103,79,40,59,45,51 cm/aptoide/pt/networking/image/ImageLoader.java, line(s) 91,98,117,133,142,151,160,173,182,215,224,241,250,259,276,287,290,299,308,323,332,349 cm/aptoide/pt/notification/NotificationWorker.java, line(s) 36 cm/aptoide/pt/root/RootShell.java, line(s) 317,315,311,322 cm/aptoide/pt/root/containers/RootClass.java, line(s) 182,51,54,101,179,244 com/airbnb/epoxy/i.java, line(s) 37 com/airbnb/epoxy/p.java, line(s) 15,20,25,30,39 com/aptoide/aptoide_ab_testing/model/EvalDebugLog.java, line(s) 21,51 com/aptoide/aptoide_ab_testing/model/SegmentDebugLog.java, line(s) 20,49 e/b/a/a/a.java, line(s) 7,13,8,14 e/e/b/a/i/z/a.java, line(s) 15,22,29,14,21,28,42,43,49,50 e/e/b/c/a0/g.java, line(s) 259 e/e/b/c/m/h.java, line(s) 49 e/e/b/c/x/d.java, line(s) 134,167 e/e/b/c/y/b.java, line(s) 79 e/f/a/a/a$a.java, line(s) 39 e/f/a/a/a$b.java, line(s) 35 e/f/a/a/a.java, line(s) 24,59,69,79,91,106,165,182 io/rakam/api/h.java, line(s) 21,28,35,42,54,61 io/sentry/android/core/i0.java, line(s) 75,73,65,69,77 io/sentry/n5.java, line(s) 18,27,33 k/b/f/i.java, line(s) 5,9,10 rx/n/e/h.java, line(s) 21 rx/q/c.java, line(s) 253
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: cm/aptoide/pt/ApplicationModule.java, line(s) 477,478,479,899,995,1132,1188,1200,1546,1790,1918,1924,1930 cm/aptoide/pt/abtesting/ABTestServiceProvider.java, line(s) 27,27 cm/aptoide/pt/dataprovider/WebService.java, line(s) 80,80 com/aptoide/aptoide_ab_testing/network/FlagrApiService.java, line(s) 39,39 com/aptoide/authentication/network/RemoteAuthenticationService.java, line(s) 106,107,106
已通过安全项 此应用程序使用Safety Net API。
此应用程序使用Safety Net API。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#safetynet Files: cm/aptoide/pt/analytics/FirstLaunchAnalytics.java, line(s) 14
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: io/sentry/android/core/internal/util/r.java, line(s) 69,27,27,27,27,27,27
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/163274999232/namespaces/firebase:fetch?key=AIzaSyCc60S0ms7zR1xi4cp1JANTkBXF5NhcnTM ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
综合安全基线评分总结
Aptoide v9.22.5.3
Android APK
56
综合安全评分
中风险