应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
MovieBox v3.0.10.1110.03
47
安全评分
安全基线评分
47/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
6
高危
56
中危
3
信息
2
安全
隐私风险评估
8
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
6
中危安全漏洞
56
安全提示信息
3
已通过安全项
2
重点安全关注
0
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.transsion.subroom.deeplink.DeepLinkHandler][android:host=https://m.mvbrowse.com] App Link 资产验证 URL(https://m.mvbrowse.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:None)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: OoooO0/OooO0o.java, line(s) 311,19 OoooOOo/o0000.java, line(s) 829,21 OoooOOo/o0000oo.java, line(s) 884,24 com/applovin/impl/adview/a.java, line(s) 428,781,15 com/cloud/hisavana/sdk/common/activity/OfflineLandingActivity.java, line(s) 174,11,12 com/cloud/hisavana/sdk/common/activity/TAdInterstitialActivity.java, line(s) 458,22,23 com/cloud/hisavana/sdk/common/activity/TAdWebFormsActivity.java, line(s) 162,20,21 com/cloud/hisavana/sdk/f3.java, line(s) 438,14 com/cloud/tmc/miniapp/ad/interstitial/AdInterstitialHtmlView$Builder.java, line(s) 118,13 com/cloud/tmc/miniapp/ui/MiniShellFragment.java, line(s) 646,23 com/cloud/tmc/render/system/ShellWebView.java, line(s) 267,14 com/cloud/tmc/render/system/SystemWebView.java, line(s) 265,14 com/cloud/tmc/worker/WorkerManager.java, line(s) 172,5 com/cloud/tmc/worker/debug/WebviewWorker.java, line(s) 227,18 com/mbridge/msdk/advanced/signal/NativeAdvancedExpandDialog.java, line(s) 101,15 com/mbridge/msdk/click/o.java, line(s) 313,15,16 com/mbridge/msdk/mbbanner/common/communication/BannerExpandDialog.java, line(s) 101,15 com/mbridge/msdk/nativex/view/BaseMBMediaView.java, line(s) 1674,2086,26,27 com/mbridge/msdk/splash/signal/SplashExpandDialog.java, line(s) 100,15 com/mbridge/msdk/video/bt/module/MBridgeBTWebView.java, line(s) 381,14 com/mbridge/msdk/video/module/MBridgeAlertWebview.java, line(s) 109,7 com/mbridge/msdk/video/module/MBridgeH5EndCardView.java, line(s) 954,18
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: athena/n0.java, line(s) 16,20 athena/p0.java, line(s) 82,94 gt/a.java, line(s) 33 gt/b.java, line(s) 23,49 u60/d.java, line(s) 16,20 w10/c.java, line(s) 41
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: OoooOOo/o0000.java, line(s) 645,21 OoooOOo/o0000oo.java, line(s) 580,24 com/applovin/impl/adview/AppLovinWebViewBase.java, line(s) 21,5 com/applovin/impl/adview/l.java, line(s) 25,6 com/cloud/hisavana/sdk/common/activity/b.java, line(s) 293,18,19 com/cloud/tmc/worker/debug/WebviewWorker.java, line(s) 166,18 com/transsion/usercenter/laboratory/LaboratoryActivity.java, line(s) 99,7
高危安全漏洞 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
com/cloud/hisavana/sdk/x2.java, line(s) 97,98
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个8隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 Activity (com.transsion.subroom.activity.MainActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.transsion.subroom.deeplink.DeepLinkHandler) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.transsion.videodetail.StreamDetailActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.transsion.moviedetail.activity.MovieDetailActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.transsion.postdetail.ui.activity.LocalVideoDetailActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.transsion.postdetail.ui.activity.LocalVideoDetailActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.transsion.mbwidget.HotSubjectWidgetProvider) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.transsion.mbwidget.PlayWidgetProvider) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.transsion.mbwidget.guide.WidgetCallbackReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.transsion.lib.push.Receiver.NotificationReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.transsion.al.ka.AccountService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.transsion.al.ka.AccountSyncService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.transsion.al.ka.FastCleanerProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.transsion.al.ka.BootReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.cloud.tmc.miniapp.ui.MiniSchemaFilterActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.cloud.tmc.miniapp.ui.MiniSchemaFilterActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.cloud.tmc.miniapp.ui.multiprogress.MiniSubActivity1) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.cloud.tmc.miniapp.ui.multiprogress.MiniSubActivity2) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.cloud.tmc.miniapp.ui.multiprogress.MiniSubActivity3) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.cloud.tmc.miniapp.ui.multiprogress.MiniSubActivity4) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Service (com.cloud.tmc.miniapp.ipc.IpcMiniLauncherService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.cloud.tmc.miniapp.ipc.IpcMiniPSService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.tn.tranpay.activity.PayActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.cloud.hisavana.sdk.common.activity.MiniAppSchemeActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.transsion.spwaitkiller.test.TestSpWaitActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.cloud.tmc.component_api_ps.ipc.service.MiniAppProtocolMainService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.transsion.pushui.activity.TransparentActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.transsion.pushui.activity.PushActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.transsion.push.broadcast.FCMMessageReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.transsion.push.service.PushJobIntentService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.transsion.player.mediasession.MusicIntentReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.transsion.player.mediasession.MediaService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (androidx.media3.exoplayer.scheduler.PlatformScheduler$PlatformSchedulerService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.transsion.shorttv.ui.activity.ShortTvListActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Broadcast Receiver (com.mbridge.msdk.foundation.same.broadcast.NetWorkChangeReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 高优先级 Intent(2147483647) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 高优先级 Intent(999) - {2} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/journeyapps/barcodescanner/a.java, line(s) 215 com/mbridge/msdk/playercommon/exoplayer2/util/Util.java, line(s) 260 x60/d.java, line(s) 13
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: a50/f.java, line(s) 237 com/amazonaws/mobileconnectors/s3/transferutility/TransferObserver.java, line(s) 102 com/amazonaws/services/s3/model/S3ObjectSummary.java, line(s) 53 com/applovin/impl/sdk/AppLovinSdkInitializationConfigurationImpl.java, line(s) 219,165 com/applovin/impl/sdk/j.java, line(s) 1773 com/applovin/mediation/MaxSegment.java, line(s) 38 com/applovin/mediation/ads/MaxAdView.java, line(s) 205,195 com/applovin/mediation/ads/MaxAppOpenAd.java, line(s) 82,72 com/applovin/mediation/ads/MaxInterstitialAd.java, line(s) 104,94 com/applovin/mediation/ads/MaxRewardedAd.java, line(s) 131,121 com/applovin/mediation/nativeAds/MaxNativeAdLoader.java, line(s) 104,99 com/applovin/sdk/AppLovinSdk.java, line(s) 147 com/applovin/sdk/AppLovinSdkSettings.java, line(s) 134 com/applovin/sdk/AppLovinWebViewActivity.java, line(s) 23 com/bykv/vk/openvk/Kjv/Kjv/Yhp/Yhp/Pdn.java, line(s) 160 com/cloud/config/bean/CloudConfigResponse.java, line(s) 65 com/cloud/config/utils/CommonUtils.java, line(s) 32 com/cloud/tmc/integration/bridge/FrameworkStorageBridge.java, line(s) 12 com/cloud/tmc/integration/bridge/WifiBridge.java, line(s) 493 com/cloud/tmc/integration/utils/l.java, line(s) 55 com/google/android/libraries/places/internal/zzbqu.java, line(s) 35 com/hisavana/common/bean/AdditionalInfo.java, line(s) 204 com/hisavana/common/bean/Network.java, line(s) 139 com/mbridge/msdk/MBridgeConstans.java, line(s) 16,51 com/mbridge/msdk/foundation/download/core/DownloadCommon.java, line(s) 21 com/mbridge/msdk/foundation/download/core/DownloaderReporter.java, line(s) 12 com/mbridge/msdk/foundation/entity/CampaignEx.java, line(s) 38 com/mbridge/msdk/foundation/entity/m.java, line(s) 444 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSessionManager.java, line(s) 36 com/mbridge/msdk/video/dynview/moffer/MOfferModel.java, line(s) 116 com/transsion/ad/strategy/AdUrlParameterManager.java, line(s) 104 com/transsion/baselib/db/video/VideoLandAdBean.java, line(s) 97 com/transsion/infra/gateway/core/bean/RequestBean.java, line(s) 92 com/transsion/moviedetailapi/bean/User.java, line(s) 123 com/transsion/player/longvideo/ui/LongVodPlayerView.java, line(s) 137 com/transsion/push/PushConstants.java, line(s) 67,99,140 com/transsion/push/bean/PushAppInfo.java, line(s) 17 com/transsion/push/bean/PushConfigHelper.java, line(s) 17 com/transsion/push/bean/PushRequest$SelfDestroyContentData.java, line(s) 15 com/transsion/push/bean/PushRequest$TopicContentData.java, line(s) 21 com/transsion/push/bean/PushRequest.java, line(s) 47,52 com/transsion/quickjs/api/CodeItem.java, line(s) 106 com/transsion/upgradesdk/bean/RequestBean.java, line(s) 314 com/transsion/upload/bean/TstTokenEntity.java, line(s) 151 com/transsnet/loginapi/bean/Country.java, line(s) 79 com/vungle/ads/internal/b.java, line(s) 31,9,25,39,12,47,26 com/vungle/ads/internal/network/c.java, line(s) 353 com/vungle/ads/internal/signals/SignalManager.java, line(s) 31,33 com/vungle/ads/internal/task/CleanupJob.java, line(s) 22 com/vungle/ads/internal/ui/AdActivity.java, line(s) 49 h/a.java, line(s) 128 r10/b.java, line(s) 77 t6/d.java, line(s) 49
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: athena/h0.java, line(s) 4,5,6,98,99,100,101,122,123,127,130,131,135,138,139 athena/k.java, line(s) 7,8,9,58,110,295,406,438 com/amazonaws/mobileconnectors/s3/transferutility/TransferTable.java, line(s) 4,8,9,10,11,12,16,20,24,28,32 com/apm/insight/e/a/a.java, line(s) 4,37 com/apm/insight/e/a/b.java, line(s) 4,44,45,38 com/bykv/vk/openvk/Kjv/Kjv/Yhp/Yhp/Yhp.java, line(s) 5,6,157,163,164,166,168 com/bykv/vk/openvk/preload/geckox/a/b.java, line(s) 6,7,86 com/cloud/hisavana/sdk/database/HisavanaContentProvider.java, line(s) 9,486 com/cloud/hisavana/sdk/e0.java, line(s) 4,226 com/cloud/hisavana/sdk/l1.java, line(s) 6,111 com/cloud/hisavana/sdk/p.java, line(s) 8,663,722 com/cloud/hisavana/sdk/r1.java, line(s) 5,6,23,26,27,28,29,36,37,38,39,51,52,53,54,55,56,62,63,64,65,72,73,74,75,76,77,79,80 com/facebook/biddingkit/logging/d.java, line(s) 6,7,19,27 com/hisavana/mediation/config/ConfigContentProvider.java, line(s) 7,74 com/mbridge/msdk/foundation/db/BatchReportDao.java, line(s) 6,93 com/mbridge/msdk/foundation/db/b.java, line(s) 6,83 com/mbridge/msdk/foundation/db/c.java, line(s) 5,146 com/mbridge/msdk/foundation/db/e.java, line(s) 6,1144,1287,1349,1419,1492 com/mbridge/msdk/foundation/db/g.java, line(s) 4,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73 com/mbridge/msdk/foundation/download/database/DatabaseHelper.java, line(s) 6,99,152,223,231 com/mbridge/msdk/tracker/b.java, line(s) 4,5,22,36,37,51,52 eg/m0.java, line(s) 6,7,89,105,159,265,296,306,367,457 eg/u0.java, line(s) 5,6,117 g6/f.java, line(s) 7,8,9,10,11,12,113,123 jg/b.java, line(s) 6,7,25 jg/c.java, line(s) 6,54 t9/b0.java, line(s) 3,51,55,59,63,67,71 ym/d.java, line(s) 5,6,15 ym/e.java, line(s) 5,37,164 z3/b.java, line(s) 6,7,24 z3/c.java, line(s) 6,54
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/apm/insight/entity/d.java, line(s) 18 com/apm/insight/l/n.java, line(s) 74,85,94 com/apm/insight/nativecrash/a.java, line(s) 610 com/cloud/h5update/utils/h.java, line(s) 103,109,115,121 com/cloud/h5update/utils/l.java, line(s) 285 com/cloud/hisavana/net/utils/StorageUtils.java, line(s) 111,99,107 com/cloud/tmc/integration/bridge/FileBridge.java, line(s) 542 com/cloud/tmc/integration/utils/FileUtil.java, line(s) 755 com/cloud/tmc/integration/utils/share/ShareStrategy.java, line(s) 133,166 com/cloud/tmc/miniutils/util/d0.java, line(s) 119,36,104,155 com/cloud/tmc/miniutils/util/r.java, line(s) 24,28 com/cloud/tmc/miniutils/util/v.java, line(s) 24,28 com/danikula/videocache/p.java, line(s) 9 com/mbridge/msdk/foundation/same/report/crashreport/b.java, line(s) 55 com/mbridge/msdk/foundation/tools/r0.java, line(s) 39,68,55 com/pgl/ssdk/z.java, line(s) 80 com/tmc/network/HttpClient.java, line(s) 168 com/transsion/ad/a.java, line(s) 15,19 com/transsion/api/gateway/utils/ObjectLogUtils.java, line(s) 373 com/transsion/baselib/db/AppEsDatabase.java, line(s) 15 com/transsion/baselib/db/download/DownloadBean.java, line(s) 967 com/transsion/core/log/ObjectLogUtils.java, line(s) 244 com/transsion/infra/gateway/core/utils/ObjectLogUtils.java, line(s) 262 com/transsion/ninegridview/helper/FileHelper.java, line(s) 168,197 com/transsion/ninegridview/preview/GifImagePreviewActivity.java, line(s) 542 com/transsion/player/exo/a.java, line(s) 116 com/transsion/postdetail/util/PostSaveHelper.java, line(s) 121 com/transsion/postdetail/util/VideoSaver.java, line(s) 26 com/transsion/sdk/oneid/a.java, line(s) 7 com/transsion/sdk/oneid/f.java, line(s) 40 com/transsion/subtitle_download/task/b.java, line(s) 96,100 com/transsion/transfer/impl/ClientViewModel.java, line(s) 203 com/transsion/transfer/wifi/util/c.java, line(s) 18 com/vungle/ads/internal/platform/c.java, line(s) 238 kx/a.java, line(s) 29 ox/d.java, line(s) 10 pu/i.java, line(s) 19,39 ro/d.java, line(s) 77,147 ur/b.java, line(s) 69,66,74,83 z9/b.java, line(s) 213,214
中危安全漏洞 IP地址泄露
IP地址泄露 Files: ao/j.java, line(s) 42 athena/n.java, line(s) 116 athena/v.java, line(s) 222 com/apm/insight/entity/Header.java, line(s) 68 com/apm/insight/h/b.java, line(s) 106,108,117 com/apm/insight/k/b.java, line(s) 150 com/apm/insight/nativecrash/a.java, line(s) 575 com/apm/insight/runtime/j.java, line(s) 14 com/applovin/impl/l3.java, line(s) 103,105,100,104,109,97,98,102,93,111,106,108,110,94,107,96,99,113,112,101,95 com/applovin/mediation/adapters/google/BuildConfig.java, line(s) 9 com/cloud/hisavana/sdk/g1.java, line(s) 77 com/cloud/hisavana/sdk/t1.java, line(s) 187 com/cloud/tmc/integration/bridge/NetworkBridge.java, line(s) 241 com/danikula/videocache/HttpProxyCacheServer.java, line(s) 48,52,58,70 com/hisavana/common/BuildConfig.java, line(s) 8 com/hisavana/common/param/CloudConfigParam.java, line(s) 43 com/hisavana/common/tracking/TrackingManager.java, line(s) 30 com/mbridge/msdk/advanced/view/a.java, line(s) 59 com/tn/tranpay/TranPay.java, line(s) 50 com/transsion/api/gateway/config/c.java, line(s) 4 com/transsion/api/gateway/config/d.java, line(s) 4 com/transsion/athena/data/AppIdData.java, line(s) 53 com/transsion/gslb/BuildConfig.java, line(s) 11,13 com/transsion/gslb/Worker.java, line(s) 205 com/transsion/push/config/a.java, line(s) 36,87,104 com/transsion/push/tracker/PushTracker.java, line(s) 59 com/transsion/push/tracker/Tracker.java, line(s) 70,151 com/transsion/push/utils/h0.java, line(s) 46 com/transsion/sdk/oneid/e.java, line(s) 251 com/transsion/sdk/oneid/f.java, line(s) 252 com/transsion/transfer/androidasync/AsyncSSLSocketWrapper.java, line(s) 53 com/transsion/transfer/wifi/util/WifiUtils$getCorrectP2pAddress$2.java, line(s) 70 hq/e.java, line(s) 166
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/applovin/impl/i4.java, line(s) 145 com/applovin/impl/sdk/utils/StringUtils.java, line(s) 40 com/google/android/libraries/places/internal/zzju.java, line(s) 31 com/pgl/ssdk/t.java, line(s) 62 com/transsion/transfer/androidasync/http/h0.java, line(s) 123 uk/a.java, line(s) 53
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: athena/c0.java, line(s) 21 c4/s1.java, line(s) 11 com/amazonaws/retry/PredefinedRetryPolicies.java, line(s) 9 com/apm/insight/e.java, line(s) 9 com/applovin/impl/m7.java, line(s) 16 com/applovin/impl/z6.java, line(s) 57 com/cloud/hisavana/sdk/common/activity/TAdInterstitialActivity.java, line(s) 65 com/cloud/tmc/miniapp/base/BaseActivity.java, line(s) 35 com/google/android/libraries/places/internal/zzbih.java, line(s) 12 com/google/android/libraries/places/internal/zzbik.java, line(s) 3 com/google/android/libraries/places/internal/zzbnj.java, line(s) 11 com/google/android/libraries/places/internal/zzbnp.java, line(s) 6 com/google/android/libraries/places/internal/zzbpo.java, line(s) 9 com/google/android/libraries/places/internal/zzbsf.java, line(s) 21 com/google/android/libraries/places/internal/zzbvn.java, line(s) 6 com/mbridge/msdk/dycreator/baseview/rewardpopview/MBAcquireRewardPopView.java, line(s) 27 com/mbridge/msdk/playercommon/exoplayer2/source/ShuffleOrder.java, line(s) 4 com/mbridge/msdk/playercommon/exoplayer2/trackselection/RandomTrackSelection.java, line(s) 7 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/CachedContentIndex.java, line(s) 21 com/transsion/ga/AthenaAnalytics.java, line(s) 26 com/transsion/push/utils/NotificationUtil.java, line(s) 502 com/transsion/subtitle_download/utils/e.java, line(s) 11 com/transsnet/downloader/core/task/GetFileInfoTask.java, line(s) 18 com/transsnet/downloader/core/thread/b.java, line(s) 10 cr/e.java, line(s) 13 dt/h.java, line(s) 21 e4/b.java, line(s) 14 fh/e0.java, line(s) 4 ig/r1.java, line(s) 11 ih/b.java, line(s) 15 ll/d.java, line(s) 10 n4/f0.java, line(s) 4 o70/a.java, line(s) 13 ol/m.java, line(s) 13 y10/b.java, line(s) 13 zm/b.java, line(s) 45
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: athena/v.java, line(s) 460 com/amazonaws/services/s3/AmazonS3Client.java, line(s) 715 com/amazonaws/services/s3/internal/MD5DigestCalculatingInputStream.java, line(s) 41 com/amazonaws/util/Md5Utils.java, line(s) 21,52 com/apm/insight/l/m.java, line(s) 70 com/bykv/vk/openvk/preload/geckox/utils/d.java, line(s) 35 com/cloud/config/utils/CommonUtils.java, line(s) 243 com/cloud/h5update/utils/i.java, line(s) 38 com/cloud/sdk/commonutil/util/o.java, line(s) 17 com/cloud/tmc/integration/utils/share/ShareStrategy.java, line(s) 100 com/mbridge/msdk/foundation/download/resource/MBResourceManager.java, line(s) 99 com/mbridge/msdk/foundation/tools/l0.java, line(s) 17,31 com/pgl/ssdk/t.java, line(s) 41 com/tn/tranpay/device/a.java, line(s) 28 com/transsion/api/gateway/utils/EncoderUtil.java, line(s) 41 com/transsion/infra/gateway/core/utils/b.java, line(s) 36 com/transsion/mbtools/MD5HashProvider.java, line(s) 35 com/transsion/player/utils/a.java, line(s) 28 com/transsion/push/helper/b.java, line(s) 22 com/transsion/transfer/wifi/util/b.java, line(s) 22 e7/f.java, line(s) 38 gt/c.java, line(s) 35 l10/d.java, line(s) 20 m8/c.java, line(s) 44 np/a.java, line(s) 33,66 pu/e.java, line(s) 12 t9/r.java, line(s) 34 w10/c.java, line(s) 67 z7/b.java, line(s) 10
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: OoooO0O/OooO0O0.java, line(s) 72,78 com/applovin/impl/adview/l.java, line(s) 23,19 com/cloud/hisavana/sdk/common/widget/InteractiveWebView.java, line(s) 78,70 com/cloud/hisavana/sdk/common/widget/webview/ActionWebView.java, line(s) 64,47,75 com/cloud/tmc/render/system/ShellWebView.java, line(s) 155,160 com/cloud/tmc/render/system/SystemWebView.java, line(s) 154,159 com/cloud/tmc/worker/debug/WebviewWorker.java, line(s) 175,179 com/mbridge/msdk/foundation/webview/BrowserView.java, line(s) 283,281 com/mbridge/msdk/mbsignalcommon/base/BaseWebView.java, line(s) 75,73 com/transsion/payment/lib/strategy/ui/PayWebFragment.java, line(s) 448,435 com/transsion/usercenter/setting/WebViewActivity.java, line(s) 95,85 com/vungle/ads/internal/platform/e.java, line(s) 31,27 vu/b.java, line(s) 96,83
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: OoooO0O/OooO0O0.java, line(s) 79,78 com/cloud/hisavana/sdk/common/activity/TAdWebFormsActivity.java, line(s) 296,286 com/cloud/hisavana/sdk/common/widget/InteractiveWebView.java, line(s) 84,70 com/cloud/tmc/render/system/ShellWebView.java, line(s) 162,163,164,165,166,160 com/cloud/tmc/render/system/SystemWebView.java, line(s) 161,159 com/cloud/tmc/worker/debug/WebviewWorker.java, line(s) 180,179
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: z9/b.java, line(s) 720,760
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/696179319202/namespaces/firebase:fetch?key=AIzaSyDoUlg4QWx_EYkLV9IoIzaRvysnE_7G_EQ ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"app_update_interval_days": "0",
"app_update_switch": "true",
"dauupupup_config": "{ \"enable\": true }",
"diff_update_patch_mode": "2",
"download_foreground_service": "false",
"download_okhttp": "true",
"download_range_size": "5242880",
"endpoints": "[{\"host\":\"api6.aoneroom.com\",\"ip\":\"47.254.154.255\",\"scheme\":\"https\"}]",
"iOSMarshes": "[\"1.1.0\"]",
"is_open_consume_report": "false",
"k_trending_refresh_time": "800",
"key_app_keep_alive": "false",
"key_app_period_report": "-1",
"key_auto_update_dialog": "false",
"key_open_prefer": "false",
"key_total_show_times": "3",
"mmkv_key_accumulative_playing_time": "50",
"mmkv_key_is_open_ad": "true",
"multithreading_download": "true",
"one_clicked_download_close": "false",
"permanent_notification_switch": "true",
"prefetch_dns_hosts": "{\"hosts\":[\"vacdn.aoneroom.com\",\"pacdn.aoneroom.com\",\"acdn.aoneroom.com\",\"vacdn.hakunaymatata.com\",\"vgorigin.hakunaymatata.com\"]}",
"pull_notification_deadline": "15",
"watch_dog_timeout": "4000"
},
"state": "UPDATE",
"templateVersion": "206"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "gateway_secret_online" : "76iRl07s0xSN9jqmEWAt79EBJZulIQIsV64FZr2O" 凭证信息=> "tpush_app_id" : "8534b43bc794414987957009b5060377" 阿里云推流SDK的=> "com.aliyun.alivc_license.licensefile" : "assets/license.crt" 凭证信息=> "gateway_secret_test" : "Xqn2nnO41/L92o1iuXhSLHTbXvY4Z5ZZ62m8mSLA" 阿里云推流SDK的=> "com.aliyun.alivc_license.licensekey" : "volXpoYXKsoRJDDPt89df7215938a4eb88c536e67cd49923c" 凭证信息=> "tpush_app_key" : "8fc969cd4a4b4e9190c38322875b0f09" AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-5464101117258718~2034480240" "login_pwd_done" : "Soumettre" "google_client_token" : "696179319202-hekemrrgc6kdd33tfr0sktarq53808ga.apps.googleusercontent.com" "library_zxingandroidembedded_author" : "JourneyApps" "download_authorization" : "Otorisasi" "dyStrategy.privateAddress" : "privateAddress" "google_crash_reporting_api_key" : "AIzaSyDoUlg4QWx_EYkLV9IoIzaRvysnE_7G_EQ" "login_pwd_done" : "Submit" "download_authorization" : "Autorisation" "login_pwd_done" : "Enviar" "login_pwd_done" : "Kirim" "login_pwd_done" : "Hantar" "library_zxingandroidembedded_authorWebsite" : "https://journeyapps.com/" "google_api_key" : "AIzaSyDoUlg4QWx_EYkLV9IoIzaRvysnE_7G_EQ" "download_authorization" : "Awtorisasyon" "download_authorization" : "Authorization" "login_pwd_done" : "Isumite" "download_authorization" : "Pengesahan" "google_app_id" : "1:696179319202:android:95d8023b7c40a39d1d52fb" 2a6980ede6ae77ce66f55b52702a3b6b ea621e991f9e4353c74e708cec62b4ff nCBMIc2hhbmdoYWkxETAPBgNVBAcTCHNoYW5naGFpMQswCQYDVQQKEwJtaTESMBAGA1UECxMJdHJh MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNrm4jErOdstd1P5L1X/ 5970c1ffed2920c3b2d80da029fe3944- 3-d861b25a-1edf-11eb-adc1-0242ac120002 orAitN2YRTqgCPUHW8KJW7r1IUY= 1896ff1657b2408daeb264ba6d370bf2 nDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJNGGRDEkB7PAdQiWEsFPHyCFbhADX7i8/XbiELN 031A68C3912D796E235A72EE0BF89C16 e90a38f8313cd010419e55bde1e55126 0000016742C00BDA259000000168CE0F13200000016588840DCE7118A0002FBF1C31C3275D78 h7KsLkfPW+xUhoPBD+QqJk2MWrfXYN== nv0rK4NFlJGyQ7KKvmY1f8ymg3jSal9zj7SQ0yTvuo+xxzvzNly1f4BZC8spU1LMquQEUEWSdaH4b 8fb9548e62ef8b007d7fa7c9d6d00479 rvde5sbMtJH1szWIuROLvT7cgSo= LdxThdi1WBKUL75ULBPBD+QqJk2MWrfXYN== 6bc9377253249575a8d9767c13dacf0a f36c832c8dbb162c49b46a7a6dd47fbd nAwEAAaMhMB8wHQYDVR0OBBYEFPhF9NTKPS53Ky1VpHlJ9A7KtgZIMA0GCSqGSIb3DQEBCwUAA4IB fa007ff1d5c14939b7d52a5d87247b5f VzmY1jLJle/7PNkpIf5xjD6zt4gYjyTpgnmGzPW 1fffbd46e501ef2aa1bccfc7df8cf2d6 DFK/HrQgJ+zQW+xUhoPwJ7JgY7K0DkeAWrfXYN== oDHEZ4Lm5sZiwsh8dtqapizKvY4= 5603aeef91bb9cca8a85955d1c7170e6 nCGSS6NKf4glPrFbTM97aE9ZKGUiMALIV8W7FClAgLZdtTZkL5XEQdbX4RB/C6edc NxZIy4OwQRj+5dw9rjrnM5yFu4VC9sLjydbJn 936dcbdd57fe235fd7cf61c2e93da3c4 DFKwWgtuDkKwLZPwD+z8H+N/xjK+n3eyNVx6ZVPn5jcincKZx5f5ncN= nbnNzaW9uMRIwEAYDVQQDEwl0c29uZXJvb20wIBcNMjIwNzE1MDYxMjM5WhgPMjEyMTA2MjEwNjEy Xqn2nnO41/L92o1iuXhSLHTbXvY4Z5ZZ62m8mSLA b2a05735a17d000fa32c26fa416047b5 nMzlaMGgxCzAJBgNVBAYTAkNOMREwDwYDVQQIEwhzaGFuZ2hhaTERMA8GA1UEBxMIc2hhbmdoYWkx 66f0d16c89ca3154e5a973ea LdxThdi1WBKUL75ULBPwJ7JgY7K0DkeAWrfXYN== 63D4BEBEBC7ABCA4BC6A796B6AB06B766A6C7D706B6B756F70B07B6F71A4A5AEBCB2D4BEBEBC6A69BCA4BC7A6B69B16A796B6AB06B767D72726A6C65B07B6F71BCB2D4BEBEBC6A7BBCA4BC7A6B7BB16A796B6AB06B767D72726A6C65B07B6F71BCB2D4BEBEBC6F69BCA4BC7A6B69B06B767D72726A6C65B07B6F71BCB2D4BEBEBC6F7BBCA4BC7A6B7BB06B767D72726A6C65B07B6F71BCB2D4BEBEBC7BBCA4BCAF726F777B6F7078AF68A8AF696E726F7D7A7B6F7078BCB2D4BEBEBC77BCA4BCAF726F777B6F7078AF68ADAF6B797B6C796ABCB2D4BEBEBC69BCA4BCAF7D6A7679707DAF7B76797B736E6F75706AAF68ACAF696E726F7D7ABCB2D4BEBEBC787BBCA4BC68AEAC7BBCB2D4BEBEBC787ABCA4BC68AEAC7ABCB2D4BEBEBC7879BCA4BC68AEAC79BCB2D4BEBEBC7568BCA4BC7D7C7B7A79787776757473AD71706F6EBCB2D4BEBEBC67BCA4BCABA7ADA899A99B9CAD9CA5A6AC9BAEABA9AEADAB99A9ACADA8A79D9D98A9AA9DBCD461D4D4 toZ2GRnRjC9P5VVUdCpOrFH8lfQ= DFK/HrQgJ+zQW+xUhoPBD+QqJk2MWrfXYN== a94f3a8f4d60d3a62bc9ff277e23feb3 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 nh6xd1k46u83XIJ1e8jCvRdmPfGZgmsvRywz2CHsg1R6UHFNQYsCDN1ivtAbEWdBGcMKZpIyM8stL 2bc73422bda01b29bc651b6bc21e6e78 1h3dnydEtMCjLg71Vy09IwC04GNKvP2HPJT b7801ad36c0a0e4c7fc1f1e72bb04b2d f2d43eb546cb4cd9ad61fe9adec150d4 2bddbb51c7874e7a906ceb55a75b9124- n7Y4NX7g27EhoYeo+cXCbT29mwyWkrK7BpSr1h8Vj h7KsLkfPW+xUhoPwJ7JgY7K0DkeAWrfXYN== DkPtYdQTLkfAW+xUhoPwJ7JgY7K0DkeAWrfXYN== faRHiiBsLon6/wpfe968tOlMSCc7BwcEB3V9EdjwE 209d0b40e1b24b81a4fbd9ea150165ec nAQBU4giovyh8cOLL864VVyErzONrMBKKOyaGCa2z3OqPm1d5NwVWvhxO1ct/3z6hjhGj5GtgUOjg e99237f24ede40f4a9fd56a08a1c30a5- 92762936dcbdd57fe235fd7cf61c2e93da3c4 DFKwWgtuDkKwLZPwD+z8H+N/xj26Vjcdx5KyVj5GxVN= jfAKrXw/TPNCdeLsGb3zKOIkaSI= MIIDcTCCAlmgAwIBAgIEHfgaIzANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJDTjERMA8GA1UE DFKwWgtuDkKwLZPwD+z8H+N/xjQZxVfV+T2SZVe6V2xS5c5n H7hrEWjsdDFUBi6MnMWxcaS3zLQ= M5zdV8/VsUEWm2Ff8xQoeC0dpjk= YkRXhr5AWBPfNgzuH7JQ+2Ha 4kx7eUDImQCtxhdmZFPeQvoM1ig= 61e43091d911c7e773efd9189332fadb 76iRl07s0xSN9jqmEWAt79EBJZulIQIsV64FZr2O nb8sVTSfWGog6bVbQMgXMUHySYXI6hhEE7Ww9g7NJlVLzgjawiqQmXU1AFKIGkAOLqxGc3LO7licC DFeuWkH0W+xUhoPwJ7JgY7K0DkeAWrfXYN== b88eab70ee8e445a836225f7fd7c7180- ZRN9QpqcTxje5UH3bV1RuugwitxkqB53 nCzAJBgNVBAoTAm1pMRIwEAYDVQQLEwl0cmFuc3Npb24xEjAQBgNVBAMTCXRzb25lcm9vbTCCASIw 42d6df6edbe84bdd926fab309aa48261- DkP3hrKuHoPMH+zwL+fALkK/WQc5x5zH+TcincKNNVfWNVJcVM== 0c797eb7adf7787e513fa3e6ff4af75e Y7c14Z2TDbv/Y+xgHFeXDrcshBPUYFT= nGCerxYdLtDbJ69Rux4lgE5C9a6qLfV6BzjJYONk/vQhGQYT6qes+TFtXV0hvF8UM 4287038e8589daee6007cf5dc19a4571 nzFx18H12iZ9gG1VztMbHetvImBoXeCOwjTc5RnGIz+Hya96pxJLK2DcSlAaHEs1H nMV7DmdtodVkISEXRxWbWqu2CKxnvK1Aq5Qbn50AJGpdkJx6DWEPtHQzl2OZvvldmdtVRgX0MujL7 DFKwWgtuDkKwLZPwD+z8H+N/xj26Vjcdx5KanjKnxVN= 0a4a8ed888f04551bcef55e4d31187ff- d032d16004107ab36995c6a05b960f25 HkzwDFeD4QuyLdx5igfZYcu9xTM9NN== 470fa2b4ae81cd56ecbcda9735803434cec591fa 41db2f5cea9549f584c0bae3a7b1b1c9- edef8ba9-79d6-4ace-a3c8-27dcd51d21ed 2da995508e09b317cd125e39a34e9033 nnN2ifla6sVu23y78FMiL6smp9ayE7Y3gSEfB3md4nvEUpyRUu4wYLIf9nVR36okK blhOM3W9V/bVQhsWAcLYwPU6n24= MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gdcC1kYZd3jArKYosx9FQ91KzxbRt32 a675d4e34806d9830871c01a4db0b4d7
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: OoooOOo/o0000OO0.java, line(s) 251 a3/e.java, line(s) 374,379 a3/g.java, line(s) 65 a3/h.java, line(s) 39,72 a3/i.java, line(s) 50,216 a3/m.java, line(s) 99 ag/a.java, line(s) 27,13,19,26,39,46,47 ai/i.java, line(s) 55 athena/j0.java, line(s) 129,130,131,132,133 b3/f.java, line(s) 46,70 bs/j.java, line(s) 33 ce/e.java, line(s) 43 cf/b.java, line(s) 36,46,72,81 com/amazonaws/logging/AndroidLog.java, line(s) 41,48,23,28,61,81,67,74 com/apm/insight/a.java, line(s) 140,146,230 com/apm/insight/b/i.java, line(s) 50 com/apm/insight/h/a.java, line(s) 97 com/apm/insight/h/b.java, line(s) 86 com/apm/insight/k/a.java, line(s) 81 com/apm/insight/k/j.java, line(s) 129 com/apm/insight/runtime/l.java, line(s) 92 com/applovin/impl/sdk/n.java, line(s) 53,111,87,133 com/applovin/impl/w3.java, line(s) 46,50,56 com/avery/subtitle/DefaultSubtitleEngine.java, line(s) 118,200,208,153,418,447 com/bykv/vk/openvk/Kjv/Kjv/Yhp/Yhp/enB.java, line(s) 174,184,324 com/bykv/vk/openvk/Kjv/Kjv/Yhp/Yhp/fWG.java, line(s) 170,191,225,285,290,295,309,314,369,385,394,435,494,555,559,307,335,449 com/bykv/vk/openvk/Kjv/Kjv/Yhp/Yhp/mc.java, line(s) 409 com/bykv/vk/openvk/preload/falconx/a/a.java, line(s) 52 com/bykv/vk/openvk/preload/geckox/logger/DefaultLogger.java, line(s) 21,29,34 com/bytedance/adsdk/Yhp/enB.java, line(s) 1090 com/bytedance/adsdk/ugeno/Pdn/mc/Kjv.java, line(s) 113,163 com/bytedance/adsdk/ugeno/Pdn/mc/Yhp.java, line(s) 279 com/bytedance/adsdk/ugeno/VN/GNk.java, line(s) 1517 com/bytedance/adsdk/ugeno/core/Kjv.java, line(s) 71 com/bytedance/adsdk/ugeno/core/Pdn.java, line(s) 155,333 com/bytedance/adsdk/ugeno/fWG/Kjv.java, line(s) 23 com/cicada/player/utils/Logger.java, line(s) 143,134,141 com/cloud/config/AbsConfigStore.java, line(s) 177 com/cloud/hisavana/net/CommonOkHttpClient$3.java, line(s) 75 com/cloud/hisavana/net/CommonOkHttpClient.java, line(s) 74,86,98,211 com/cloud/hisavana/net/disklrucache/DiskLruCache.java, line(s) 286 com/cloud/hisavana/net/disklrucache/impl/DiskCacheImpl.java, line(s) 61,128,160 com/cloud/hisavana/net/impl/HttpCallbackImpl.java, line(s) 105,134,143,182 com/cloud/hisavana/net/utils/StorageUtils.java, line(s) 55,65,78,88,124,134,27,44,103 com/cloud/hisavana/sdk/api/config/AdManager.java, line(s) 49,53,53 com/cloud/hisavana/sdk/h1.java, line(s) 7 com/cloud/sdk/commonutil/util/DeviceUtil.java, line(s) 214 com/cloud/sdk/commonutil/util/MitNetUtil.java, line(s) 35,100 com/cloud/sdk/commonutil/util/RunTimer.java, line(s) 45 com/cloud/sdk/commonutil/util/a.java, line(s) 29 com/cloud/sdk/commonutil/util/m.java, line(s) 27 com/cloud/sdk/commonutil/util/o.java, line(s) 19 com/cloud/sdk/commonutil/util/p.java, line(s) 38,58 com/cloud/sdk/commonutil/widget/TranCircleImageView.java, line(s) 81,287 com/cloud/tmc/component_api_ps/ipc/MiniAppProtocolIpcProcessor.java, line(s) 81 com/cloud/tmc/integration/resource/processor/PackageResourceProcessor.java, line(s) 74,151 com/cloud/tmc/integration/utils/AppUtils.java, line(s) 238 com/cloud/tmc/integration/utils/q.java, line(s) 104,253,295,315,342,371,389 com/cloud/tmc/kernel/log/TmcLogger.java, line(s) 26,122,10,38,45 com/cloud/tmc/kernel/utils/NetworkUtil.java, line(s) 200,226 com/cloud/tmc/kernel/utils/TmcGsonUtils.java, line(s) 36,51,72 com/cloud/tmc/miniapp/ipc/IpcMiniLauncherService.java, line(s) 114,153 com/cloud/tmc/miniapp/ipc/a.java, line(s) 55 com/cloud/tmc/miniapp/ui/MiniSchemaFilterActivity.java, line(s) 49,138,174 com/cloud/tmc/miniutils/util/ImageUtils.java, line(s) 57,61,65 com/cloud/tmc/miniutils/util/NetworkUtils.java, line(s) 170,184,198,386 com/cloud/tmc/miniutils/util/PermissionUtils.java, line(s) 122,127,132,135,241,335 com/cloud/tmc/miniutils/util/UtilsActivityLifecycleImpl.java, line(s) 138,191,200,214 com/cloud/tmc/miniutils/util/UtilsTransActivity.java, line(s) 74 com/cloud/tmc/miniutils/util/d0.java, line(s) 235 com/cloud/tmc/miniutils/util/e0.java, line(s) 64 com/cloud/tmc/miniutils/util/h0.java, line(s) 66,70,73,104,159 com/cloud/tmc/miniutils/util/i.java, line(s) 162 com/cloud/tmc/miniutils/util/t.java, line(s) 68 com/cloud/tmc/worker/debug/WebviewWorker.java, line(s) 410 com/contrarywind/view/WheelView.java, line(s) 387 com/danikula/videocache/q.java, line(s) 13,26,32 com/dzapk/lifeok.java, line(s) 156,202 com/facebook/biddingkit/logging/b.java, line(s) 18,27 com/github/lzyzsd/jsbridge/BridgeHelper.java, line(s) 97,190 com/github/lzyzsd/jsbridge/BridgeWebViewClient.java, line(s) 117 com/google/android/libraries/places/api/model/zzce.java, line(s) 138 com/google/android/libraries/places/internal/zzju.java, line(s) 23,34 com/google/android/libraries/places/widget/AutocompleteFragment.java, line(s) 197,63,196,64 com/google/android/libraries/places/widget/AutocompleteSupportFragment.java, line(s) 82,77,81,78 com/hisavana/admoblibrary/excuter/AdmobNative.java, line(s) 92 com/hisavana/adxlibrary/excuter/AdxNative.java, line(s) 222 com/hisavana/common/base/BaseAd.java, line(s) 100,131,171 com/hisavana/common/bean/AdCache.java, line(s) 321,373,443 com/hisavana/common/utils/MediaLogUtil.java, line(s) 27,47,55,63 com/hisavana/common/utils/MediationImageLoader.java, line(s) 29 com/hisavana/fblibrary/excuter/FanNative.java, line(s) 115 com/hisavana/mediation/ad/TAdNativeView.java, line(s) 323 com/hisavana/mediation/config/CloudControlConfigSync.java, line(s) 316,217 com/hisavana/mediation/config/TAdManager.java, line(s) 290,293 com/hisavana/mintegral/executer/MintegralSplash.java, line(s) 186 com/iab/omid/library/applovin/publisher/b.java, line(s) 32,34 com/iab/omid/library/applovin/utils/d.java, line(s) 17,24 com/iab/omid/library/bytedance2/publisher/b.java, line(s) 32,34 com/iab/omid/library/bytedance2/utils/d.java, line(s) 17,24 com/iab/omid/library/hisavana/publisher/b.java, line(s) 31,33 com/iab/omid/library/mmadbridge/publisher/b.java, line(s) 31,33 com/iab/omid/library/vungle/publisher/b.java, line(s) 31,33 com/journeyapps/barcodescanner/CameraPreview.java, line(s) 100,355,430 com/journeyapps/barcodescanner/a.java, line(s) 221 com/journeyapps/barcodescanner/camera/CameraInstance.java, line(s) 29,44,57,69 com/journeyapps/barcodescanner/camera/a.java, line(s) 100,118 com/journeyapps/barcodescanner/camera/h.java, line(s) 66,119,306,210,218,262,270 com/mbridge/msdk/dycreator/baseview/MBScrollView.java, line(s) 74 com/mbridge/msdk/dycreator/bus/BackgroundPoster.java, line(s) 47 com/mbridge/msdk/dycreator/bus/EventBus.java, line(s) 302,307,309,455,477,497 com/mbridge/msdk/dycreator/engine/a.java, line(s) 168 com/mbridge/msdk/dycreator/utils/g.java, line(s) 11 com/mbridge/msdk/foundation/controller/b.java, line(s) 63 com/mbridge/msdk/foundation/same/report/crashreport/c.java, line(s) 96 com/mbridge/msdk/foundation/same/report/d.java, line(s) 55 com/mbridge/msdk/foundation/tools/l0.java, line(s) 19 com/mbridge/msdk/foundation/tools/o0.java, line(s) 63,70,56,84,91 com/mbridge/msdk/mbnative/controller/NativeController.java, line(s) 1930 com/mbridge/msdk/mbnative/controller/d.java, line(s) 551 com/mbridge/msdk/mbnative/report/b.java, line(s) 95,112 com/mbridge/msdk/playercommon/exoplayer2/ExoPlayerImpl.java, line(s) 543 com/mbridge/msdk/playercommon/exoplayer2/ExoPlayerImplInternal.java, line(s) 630,844,1185,1190,1195,1262 com/mbridge/msdk/playercommon/exoplayer2/MediaPeriodHolder.java, line(s) 208 com/mbridge/msdk/playercommon/exoplayer2/SimpleExoPlayer.java, line(s) 301,881 com/mbridge/msdk/playercommon/exoplayer2/audio/DefaultAudioSink.java, line(s) 653,184,193,202,684 com/mbridge/msdk/playercommon/exoplayer2/drm/ClearKeyUtil.java, line(s) 43 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSession.java, line(s) 332 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSessionManager.java, line(s) 286 com/mbridge/msdk/playercommon/exoplayer2/extractor/mkv/MatroskaExtractor.java, line(s) 486 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp3/VbriSeeker.java, line(s) 66 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp3/XingSeeker.java, line(s) 52 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/FragmentedMp4Extractor.java, line(s) 300,1064 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/MetadataUtil.java, line(s) 57,64,70,193,237,249,259 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/PsshAtomUtil.java, line(s) 70,95 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/TrackEncryptionBox.java, line(s) 63 com/mbridge/msdk/playercommon/exoplayer2/extractor/ogg/VorbisUtil.java, line(s) 212 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/AdtsReader.java, line(s) 114 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/Id3Reader.java, line(s) 32 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/PesReader.java, line(s) 56,109,112 com/mbridge/msdk/playercommon/exoplayer2/extractor/wav/WavHeaderReader.java, line(s) 49,74,85,96 com/mbridge/msdk/playercommon/exoplayer2/mediacodec/MediaCodecInfo.java, line(s) 50 com/mbridge/msdk/playercommon/exoplayer2/mediacodec/MediaCodecRenderer.java, line(s) 624 com/mbridge/msdk/playercommon/exoplayer2/mediacodec/MediaCodecUtil.java, line(s) 451,268,277,286,293,296,329,351,356,364,373 com/mbridge/msdk/playercommon/exoplayer2/metadata/id3/Id3Decoder.java, line(s) 193,198,207,218,434 com/mbridge/msdk/playercommon/exoplayer2/offline/DownloadManager.java, line(s) 329,469 com/mbridge/msdk/playercommon/exoplayer2/offline/DownloadService.java, line(s) 157 com/mbridge/msdk/playercommon/exoplayer2/source/chunk/BaseMediaChunkOutput.java, line(s) 49 com/mbridge/msdk/playercommon/exoplayer2/source/chunk/ChunkSampleStream.java, line(s) 398 com/mbridge/msdk/playercommon/exoplayer2/source/chunk/ChunkedTrackBlacklistUtil.java, line(s) 25,27 com/mbridge/msdk/playercommon/exoplayer2/text/cea/Cea708Decoder.java, line(s) 934,496,500,504,605,782,793,834,846,869,883 com/mbridge/msdk/playercommon/exoplayer2/text/cea/CeaUtil.java, line(s) 27 com/mbridge/msdk/playercommon/exoplayer2/text/dvb/DvbParser.java, line(s) 562 com/mbridge/msdk/playercommon/exoplayer2/text/ssa/SsaDecoder.java, line(s) 48,53,58,67 com/mbridge/msdk/playercommon/exoplayer2/text/subrip/SubripDecoder.java, line(s) 45,73,76 com/mbridge/msdk/playercommon/exoplayer2/text/ttml/TtmlDecoder.java, line(s) 85,96,112,241 com/mbridge/msdk/playercommon/exoplayer2/text/webvtt/WebvttCue.java, line(s) 61 com/mbridge/msdk/playercommon/exoplayer2/text/webvtt/WebvttCueParser.java, line(s) 121,254,274,277,377,406 com/mbridge/msdk/playercommon/exoplayer2/upstream/DefaultDataSource.java, line(s) 81 com/mbridge/msdk/playercommon/exoplayer2/upstream/DefaultHttpDataSource.java, line(s) 83,98,120,117 com/mbridge/msdk/playercommon/exoplayer2/upstream/Loader.java, line(s) 130,180,186,198 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/CachedRegionTracker.java, line(s) 137 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/SimpleCache.java, line(s) 115 com/mbridge/msdk/playercommon/exoplayer2/util/AtomicFile.java, line(s) 36,94 com/mbridge/msdk/playercommon/exoplayer2/util/EventLogger.java, line(s) 159 com/mbridge/msdk/playercommon/exoplayer2/video/DummySurface.java, line(s) 87,93 com/mbridge/msdk/playercommon/exoplayer2/video/MediaCodecVideoRenderer.java, line(s) 405,411,630 com/mbridge/msdk/tracker/b.java, line(s) 25,40,55 com/mbridge/msdk/tracker/c.java, line(s) 28,41,58,74,81,107,133,157,183,213,237,260,279,303,322,343,350,377,396 com/mbridge/msdk/tracker/j.java, line(s) 38 com/mbridge/msdk/tracker/k.java, line(s) 74,87,97,280 com/mbridge/msdk/tracker/m.java, line(s) 26,100,111,155,162,185 com/mbridge/msdk/tracker/network/c0.java, line(s) 34,42 com/mbridge/msdk/tracker/o.java, line(s) 55,86,136,149 com/mbridge/msdk/tracker/q.java, line(s) 38 com/mbridge/msdk/tracker/s.java, line(s) 98,121,131,288,296,300 com/mbridge/msdk/tracker/x.java, line(s) 61,64,67 com/mbridge/msdk/widget/FeedbackRadioGroup.java, line(s) 65 com/noober/background/BackgroundFactory.java, line(s) 44,81 com/permissionx/guolindev/request/InvisibleFragment.java, line(s) 843 com/quickjs/w.java, line(s) 126,168 com/tmc/network/HttpClient.java, line(s) 186 com/tn/lib/logger/impl/LogcatLoggerImpl.java, line(s) 37,74,87,82,66 com/tn/lib/net/manager/NetServiceGenerator.java, line(s) 113,126 com/tn/tranpay/device/TNDeviceHelper.java, line(s) 33,42 com/transsion/api/gateway/utils/LogUtils.java, line(s) 411,332 com/transsion/api/gateway/utils/ObjectLogUtils.java, line(s) 399,303 com/transsion/banner/OpSubBannerNew.java, line(s) 381 com/transsion/baselib/config/CrashHandler.java, line(s) 63 com/transsion/baselib/report/AppPeriodReport.java, line(s) 76 com/transsion/baselib/report/t.java, line(s) 74,84,156,166,185,191 com/transsion/baseui/music/MusicFloatView.java, line(s) 189 com/transsion/baseui/widget/jumpingbeans/JumpingBeansSpan.java, line(s) 50 com/transsion/core/log/LogUtils.java, line(s) 210,131 com/transsion/core/log/ObjectLogUtils.java, line(s) 270,178 com/transsion/edcation/CourseManager$subscribeCourse$1.java, line(s) 123 com/transsion/edcation/CourseManager$subscribeCourseById$1.java, line(s) 112 com/transsion/gslb/GslbSdk.java, line(s) 174,186 com/transsion/infra/gateway/core/utils/ObjectLogUtils.java, line(s) 288,196 com/transsion/mb/config/manager/ConfigManager.java, line(s) 95,98 com/transsion/moviedetail/activity/MovieDetailActivity.java, line(s) 80 com/transsion/moviedetail/staff/MovieStaffActivity.java, line(s) 412,438,449 com/transsion/player/DashDemoActivity.java, line(s) 77,222,229,231,247 com/transsion/player/exo/ORExoPlayer.java, line(s) 244,257,265,291,293,427,488,657,1003,1021,1043,1056,1114,1138,1167,1176,1182,1325 com/transsion/player/longvideo/helper/j.java, line(s) 68 com/transsion/player/longvideo/ui/LongVodPlayerView.java, line(s) 3502 com/transsion/player/mediasession/d.java, line(s) 17 com/transsion/player/shorttv/preload/VideoPreloadManager.java, line(s) 61,67,72,77,84,90,210,214,218 com/transsion/player/shorttv/preload/g.java, line(s) 56,68,107,115,122,125,143,158,178,184 com/transsion/postdetail/layer/local/u0.java, line(s) 355 com/transsion/postdetail/viewmodel/LocalVideoDetailViewModel.java, line(s) 48 com/transsion/push/db/PermanentPushDatabase.java, line(s) 26 com/transsion/push/service/JobIntentService$f.java, line(s) 33,35,73 com/transsion/push/service/JobIntentService.java, line(s) 109 com/transsion/push/service/PushServiceHelper.java, line(s) 302 com/transsion/push/utils/s0.java, line(s) 327 com/transsion/search/activity/SearchManagerActivity.java, line(s) 52 com/transsion/search/speech/f.java, line(s) 17 com/transsion/search/viewmodel/SearchWorkViewModel$getVideoHistoryList$1.java, line(s) 85 com/transsion/shorttv/ui/fragment/ShortTvDetailListFragment.java, line(s) 547,549,573,1196 com/transsion/spwaitkiller/SpWaitKiller.java, line(s) 201 com/transsion/spwaitkiller/test/TestSpWaitActivity.java, line(s) 93,99,109,115 com/transsion/startup/StartupManager.java, line(s) 538 com/transsion/startup/pref/anr/ANRWatchDog.java, line(s) 44 com/transsion/startup/pref/anr/d.java, line(s) 13 com/transsion/startup/pref/consume/AppStartReport.java, line(s) 147 com/transsion/subroom/activity/SplashActivity$toMain$1$1$onResolved$2.java, line(s) 43 com/transsion/transfer/androidasync/AsyncNetworkSocket.java, line(s) 253 com/transsion/transfer/androidasync/AsyncServer.java, line(s) 75,600,818 com/transsion/transfer/androidasync/c0.java, line(s) 258 com/transsion/transfer/androidasync/http/HybiParser.java, line(s) 246 com/transsion/transfer/androidasync/http/j.java, line(s) 156,157,175 com/transsion/transfer/androidasync/http/server/AsyncHttpServer.java, line(s) 262 com/transsion/transfer/androidasync/http/server/c.java, line(s) 86 com/transsion/usercenter/setting/SettingActivity.java, line(s) 453 com/transsion/usercenter/setting/labelsfeedback/sender/FBSender.java, line(s) 62 com/transsnet/downloader/adapter/DownloadedHolder.java, line(s) 303 com/transsnet/downloader/core/ForegroundService.java, line(s) 17,24,29,37 com/transsnet/downloader/core/thread/b.java, line(s) 151 com/transsnet/downloader/util/DocumentsUtils.java, line(s) 373,376 com/transsnet/downloader/viewmodel/y.java, line(s) 61,271 com/transsnet/login/LoginLikeActivity.java, line(s) 311 com/vungle/ads/internal/util/o.java, line(s) 30,40,53,72,85,93,106 dt/j.java, line(s) 33,85,86 e1/g.java, line(s) 170,216,273 en/d.java, line(s) 17 eo/d.java, line(s) 104,178 eq/a.java, line(s) 80,117,115 es/a.java, line(s) 36 f6/e.java, line(s) 85,71,75 ff/b.java, line(s) 8 fo/a.java, line(s) 24 fz/b.java, line(s) 76,83,90,96,108,119 g7/e.java, line(s) 32 gl/c.java, line(s) 23,30 h6/a.java, line(s) 98 hb/a.java, line(s) 42,132,166,229 hj/g.java, line(s) 33,40,43,52,87 hj/o.java, line(s) 179 i30/a.java, line(s) 17,22 ia/b.java, line(s) 14,20,22,28,30,9,12 iw/n.java, line(s) 121 j3/b.java, line(s) 47,79,94 j3/d.java, line(s) 113 j6/b.java, line(s) 31 k2/n1.java, line(s) 42,57,60,63 kn/d.java, line(s) 17 ku/f.java, line(s) 237 l3/a.java, line(s) 123,1049,1057,1126,1136,1320,1600,1604,1608 l6/e.java, line(s) 252,255 l6/j.java, line(s) 1019,1022 lc/a.java, line(s) 79 lh/k.java, line(s) 31 li/a.java, line(s) 43,64 mf/a.java, line(s) 44,47,205,211 mf/d.java, line(s) 55 mf/e.java, line(s) 20 mo/b.java, line(s) 45,50,97 n2/a.java, line(s) 15 n2/e.java, line(s) 24 n9/b.java, line(s) 87 oi/b.java, line(s) 80 ol/f.java, line(s) 173,202,200 org/lsposed/hiddenapibypass/l.java, line(s) 71,151 org/mvel2/ast/Stacklang.java, line(s) 93 pl/j.java, line(s) 90 pu/c.java, line(s) 28,29 pu/i.java, line(s) 34,42 q8/a.java, line(s) 155,161,168,175,181,189,268,275 qi/i.java, line(s) 668 qn/d.java, line(s) 17 r3/b.java, line(s) 59,73,80,103,215,224,342,348,371,66 r4/f.java, line(s) 86,92,98,104,118 ro/b.java, line(s) 250,254 ro/d.java, line(s) 101 s3/a.java, line(s) 177,182,189,193,209,219 sk/b.java, line(s) 26 sl/b.java, line(s) 78 to/a.java, line(s) 36 uk/a.java, line(s) 57,79 uu/e.java, line(s) 38 uu/f.java, line(s) 90 uu/h.java, line(s) 17,22 v1/h.java, line(s) 65 v2/a.java, line(s) 96,99 v2/c.java, line(s) 78,80 v2/d.java, line(s) 126,128 v2/f.java, line(s) 161,163 v7/a.java, line(s) 7,13,8,14 vl/e.java, line(s) 33,69 vl/g.java, line(s) 32 w10/f.java, line(s) 16,34 wj/f.java, line(s) 36,19,54,64 wl/a.java, line(s) 12 wo/a.java, line(s) 43,65 x2/a.java, line(s) 160,259 x3/o.java, line(s) 33,38 xf/i.java, line(s) 33,40,43,51,78,81,84,87,90 ym/c.java, line(s) 276 ym/n.java, line(s) 48 ym/p.java, line(s) 105 ym/s.java, line(s) 239 z0/c.java, line(s) 162,166 z2/c.java, line(s) 65 z2/d.java, line(s) 70 z2/h.java, line(s) 237 z9/b.java, line(s) 56,1164 zi/e.java, line(s) 191
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/cloud/hisavana/sdk/f.java, line(s) 5,183 com/cloud/tmc/integration/bridge/SetClipboardBridge.java, line(s) 4,37 com/transsion/postdetail/comment/CommentDeleteDialogFragment.java, line(s) 5,203,204 com/transsion/share/share/ShareDialogFragment.java, line(s) 7,798,799 com/transsion/web/share/a.java, line(s) 6,132,235 ev/s.java, line(s) 5,288 q10/c.java, line(s) 5,99
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/cloud/h5update/utils/j.java, line(s) 130
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: athena/v.java, line(s) 79,101,201,417 com/mbridge/msdk/thrid/okhttp/internal/c.java, line(s) 267,266,265,265 com/mbridge/msdk/tracker/network/toolbox/h.java, line(s) 61,150 o70/b.java, line(s) 490,417
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/apm/insight/nativecrash/a.java, line(s) 318,318,318,318,318 z9/b.java, line(s) 861,62,62,62,62,62
综合安全基线评分总结
MovieBox v3.0.10.1110.03
Android APK
47
综合安全评分
中风险