应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Call Blocker v1.12.0.1477
46
安全评分
安全基线评分
46/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
8
高危
61
中危
4
信息
2
安全
隐私风险评估
12
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
8
中危安全漏洞
61
安全提示信息
4
已通过安全项
2
重点安全关注
1
高危安全漏洞 域配置不安全地配置为允许明文流量到达范围内的这些域。
Scope: 127.0.0.1
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/amazon/aps/ads/util/adview/ApsAdViewFetchUtils.java, line(s) 70,112,6 com/applovin/impl/adview/C0196a.java, line(s) 467,885,17 com/applovin/impl/adview/C0380a.java, line(s) 469,887,17 com/qualityinfo/internal/rh.java, line(s) 109,20,21
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/appvestor/android/stats/StatsUtils.java, line(s) 185,202 com/calldorado/util/crypt/AesCbcWithIntegrity.java, line(s) 294,317 com/connectivityassistant/sdk/domain/crypto/TUe6.java, line(s) 14 com/connectivityassistant/sdk/domain/crypto/TUr1.java, line(s) 29,39
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/qualityinfo/internal/rh.java, line(s) 704,702
高危安全漏洞 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/qualityinfo/internal/c4.java, line(s) 13,3
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/applovin/impl/adview/AppLovinWebViewBase.java, line(s) 23,5 com/applovin/impl/adview/l.java, line(s) 27,6
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/calldorado/c1o/sdk/framework/TUy1.java, line(s) 334 com/connectivityassistant/sdk/framework/TUp6.java, line(s) 121
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个12隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 Activity (call.blacklist.blocker.views.ChooseCountryActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.ui.settings.SettingsActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (call.blacklist.blocker.logging.FirebaseEventBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (call.blacklist.blocker.logging.LoggingControlReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (call.blacklist.blocker.cdo.DAUAlarmReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.cuebiq.cuebiqsdk.receiver.CoverageReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (call.blacklist.blocker.cdo.CCPABroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.ui.OverlayGuideActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.calldorado.receivers.chain.PhoneStateReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.calldorado.receivers.ActionReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.ui.settings.StateLegislationActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.permissions.PermissionCheckActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.search.manual_search.LoadingActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.ui.debug_dialog_items.DebugActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.ui.settings.LicensesActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.ui.wic.WicDialogActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.ui.aftercall.CallerIdActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.calldorado.receivers.cdfQWCBReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.calldorado.receivers.NewsDebugReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.calldorado.optin.receivers.LegislationTestReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.calldorado.optin.receivers.CDFQWCBReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.optin.OverlayGuideActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.optin.DoNotSellMyDataActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.optin.CpraLimitDataActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.optin.OptinActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.calldorado.optin.OptinDialogActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.appvestor.blocking.services.UpgradeForegroundService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.appvestor.blocking.receivers.BlockingPhoneStateReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.appvestor.blocking.receivers.DebugReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.m2catalyst.m2sdk.core.setup.ZombieInitializationSDKReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.m2catalyst.m2sdk.core.setup.M2SDKOpsReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.m2catalyst.m2sdk.data_collection.wifi.WifiSDKReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.cuebiq.cuebiqsdk.receiver.InitializationReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.cuebiq.cuebiqsdk.service.FlushService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.connectivityassistant.sdk.data.receiver.DataCollectorReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.connectivityassistant.sdk.framework.TUSDKRunningReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.cellrebel.sdk.utils.PhoneStateReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (androidx.compose.ui.tooling.PreviewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.amazon.aps.ads.activity.ApsInterstitialActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.amazon.device.ads.DTBInterstitialActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 高优先级 Intent(101) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 高优先级 Intent(998) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 高优先级 Intent(997) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/appvestor/blocking/migration/MigrationFromCdo6.java, line(s) 6,53,59 com/appvestor/blocking/migration/MigrationFromCdo7$migrateBlackListTable$1.java, line(s) 5,49 com/appvestor/blocking/migration/MigrationFromCdo7$migrateNumbersStartingWithTable$1.java, line(s) 5,49 com/appvestor/blocking/migration/MigrationFromCdo7$migratePrefixTable$1.java, line(s) 4,45 com/appvestor/blocking/migration/MigrationFromCdo7$migrateWhitelistTable$1.java, line(s) 4,46 com/appvestor/blocking/migration/MigrationFromCdo7.java, line(s) 7,108,114,120,126 com/calldorado/c1o/sdk/framework/TUa3.java, line(s) 3,210 com/calldorado/c1o/sdk/framework/TUc.java, line(s) 6,117,155,187,238,313,382,411 com/calldorado/c1o/sdk/framework/TUj9.java, line(s) 5,111 com/calldorado/c1o/sdk/framework/TUn8.java, line(s) 6,41,86,103,213 com/calldorado/c1o/sdk/framework/TUs3.java, line(s) 4,115 com/calldorado/c1o/sdk/framework/TUs7.java, line(s) 5,180,217,251 com/connectivityassistant/sdk/data/database/TUh7.java, line(s) 5,6,126,160 com/connectivityassistant/sdk/framework/TUb9.java, line(s) 6,41,81,138,154 com/connectivityassistant/sdk/framework/TUf0.java, line(s) 7,1188,1189,1190,1191,1192,1193,1194 com/connectivityassistant/sdk/framework/TUi4.java, line(s) 3,24 com/connectivityassistant/sdk/framework/TUj6.java, line(s) 5,110,140,167,229,265 com/connectivityassistant/sdk/framework/TUmm.java, line(s) 6,127,207 com/qualityinfo/internal/i2.java, line(s) 8,9,151,160 com/qualityinfo/internal/zb.java, line(s) 12,13,515,816,872,901,948,1063 net/sqlcipher/database/SQLiteDatabase.java, line(s) 609,1375,1394,359,389,830,837,1099,1359,1479,1615,1638,1789
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/amazon/device/ads/DTBMetricsConfiguration.java, line(s) 179 com/amazon/device/ads/WebResourceService.java, line(s) 106 com/cellrebel/sdk/tti/DownloadMeasurer.java, line(s) 45 com/cellrebel/sdk/tti/UploadMeasurer.java, line(s) 56 com/m2catalyst/m2sdk/logger/ZipUtils.java, line(s) 89
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: call/blacklist/blocker/BuildConfig.java, line(s) 11,7 call/blacklist/blocker/ads/billing/BillingClientWrapper.java, line(s) 69 call/blacklist/blocker/cuebiq/CuebiqInitClass.java, line(s) 21,24 call/blacklist/blocker/logging/MetaLogger.java, line(s) 29 call/blacklist/blocker/managers/integrity/model/AppValidationConfig.java, line(s) 87 call/blacklist/blocker/models/FirebaseConfig.java, line(s) 194 call/blacklist/blocker/utils/Constants.java, line(s) 12 call/blacklist/blocker/utils/StatsLogger.java, line(s) 14 call/blacklist/blocker/views/main/MainActivity.java, line(s) 146,149,143 com/amazon/device/ads/DTBAdInterstitial.java, line(s) 17 com/amazon/device/ads/DTBAdLoader.java, line(s) 6,7,9,8,10 com/amazon/device/ads/DTBAdRequest.java, line(s) 45 com/amazon/device/ads/DTBMetricsConfiguration.java, line(s) 21,22,23 com/amazon/device/ads/DtbConstants.java, line(s) 69,12,19,14,15,17,16,18,32,72,73,75 com/amazon/device/ads/DtbDeviceData.java, line(s) 22,23,24,25,26,27,28,29,30,31,32,33,34 com/amazon/device/ads/DtbDeviceRegistration.java, line(s) 26,27,28,30,31 com/applovin/impl/sdk/AppLovinSdkInitializationConfigurationImpl.java, line(s) 161,211 com/applovin/impl/sdk/C0382k.java, line(s) 1318 com/applovin/impl/sdk/C0566k.java, line(s) 1319 com/applovin/mediation/MaxSegment.java, line(s) 37 com/applovin/mediation/ads/MaxAdView.java, line(s) 132,122 com/applovin/mediation/ads/MaxAppOpenAd.java, line(s) 68,58 com/applovin/mediation/ads/MaxInterstitialAd.java, line(s) 78,68 com/applovin/mediation/ads/MaxRewardedAd.java, line(s) 90,80 com/applovin/mediation/nativeAds/MaxNativeAdLoader.java, line(s) 71,66 com/applovin/sdk/AppLovinSdk.java, line(s) 149 com/applovin/sdk/AppLovinSdkSettings.java, line(s) 132 com/applovin/sdk/AppLovinWebViewActivity.java, line(s) 27 com/appvestor/adssdk/ads/model/config/providers/ApplovinConfig.java, line(s) 115 com/appvestor/android/stats/StatsUtils.java, line(s) 100,101,98,99 com/appvestor/android/stats/firebase/FirebaseKey.java, line(s) 205,258,311 com/calldorado/c1o/sdk/framework/TUj8.java, line(s) 81 com/cellrebel/sdk/database/Preferences.java, line(s) 354 com/cellrebel/sdk/networking/beans/request/AuthRequestModel.java, line(s) 216,216 com/connectivityassistant/sdk/data/task/command/qTUq.java, line(s) 46 com/connectivityassistant/sdk/domain/TUyy.java, line(s) 33 com/connectivityassistant/sdk/domain/model/TUu3.java, line(s) 170 com/connectivityassistant/sdk/framework/TUt2.java, line(s) 38 com/cuebiq/cuebiqsdk/Contextual.java, line(s) 776 com/cuebiq/cuebiqsdk/api/generic/HttpHeader.java, line(s) 163 com/cuebiq/cuebiqsdk/models/rawmodels/AppSettingsRawV1.java, line(s) 95 com/cuebiq/cuebiqsdk/models/settings/AppSettings.java, line(s) 70 com/cuebiq/cuebiqsdk/usecase/init/migration/DirtyMigration.java, line(s) 46 com/m2catalyst/m2sdk/business/models/VerifyAPIKeyVO.java, line(s) 46 com/m2catalyst/m2sdk/configuration/M2Configuration.java, line(s) 258 com/m2catalyst/m2sdk/data_collection/wipePostObject.java, line(s) 122 com/m2catalyst/m2sdk/external/FirebaseAnalytics.java, line(s) 11 com/m2catalyst/m2sdk/external/M2SDKConfiguration.java, line(s) 243 com/qualityinfo/internal/wc.java, line(s) 11,10 com/vungle/ads/internal/Constants.java, line(s) 75,15,57,99,24,121,60 com/vungle/ads/internal/model/Cookie.java, line(s) 29 com/vungle/ads/internal/model/OmSdkData.java, line(s) 139 com/vungle/ads/internal/network/FailedTpat.java, line(s) 233 com/vungle/ads/internal/signals/SignalManager.java, line(s) 37,41 com/vungle/ads/internal/task/CleanupJob.java, line(s) 28 com/vungle/ads/internal/task/CleanupJobKt.java, line(s) 12 com/vungle/ads/internal/ui/AdActivity.java, line(s) 61 org/jose4j/jwk/PublicJsonWebKey.java, line(s) 96
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/amazon/aps/shared/APSAnalytics.java, line(s) 13 com/amazon/aps/shared/ApsMetrics.java, line(s) 17 com/applovin/impl/m7.java, line(s) 18 com/applovin/impl/z6.java, line(s) 63 com/calldorado/c1o/sdk/framework/TUa.java, line(s) 10 com/calldorado/c1o/sdk/framework/TUc4.java, line(s) 54 com/calldorado/c1o/sdk/framework/TUm7.java, line(s) 20 com/calldorado/c1o/sdk/framework/TUo7.java, line(s) 14 com/calldorado/c1o/sdk/framework/TUq3.java, line(s) 15 com/calldorado/c1o/sdk/framework/TUr1.java, line(s) 12 com/calldorado/c1o/sdk/framework/TUs2.java, line(s) 7 com/calldorado/stats/AsyncStatsCommunicationWorker.java, line(s) 38 com/calldorado/stats/StatsCommunicationWorker.java, line(s) 28 com/calldorado/ui/aftercall/CallerIdActivity.java, line(s) 101 com/calldorado/ui/shared_wic_aftercall/viewpager/pages/reminder_page/ReminderBroadcastReceiver.java, line(s) 14 com/calldorado/ui/shared_wic_aftercall/viewpager/pages/reminder_page/ReminderViewPage.java, line(s) 45 com/calldorado/util/workmanagers/CalldoradoCommunicationWorker.java, line(s) 27 com/cellrebel/sdk/trafficprofile/TrafficProfileMeasurer.java, line(s) 26 com/cellrebel/sdk/trafficprofile/TrafficProfileRandomizer.java, line(s) 7 com/cellrebel/sdk/trafficprofile/udp/messages/UdpPackageMessage.java, line(s) 6 com/cellrebel/sdk/tti/UploadMeasurer.java, line(s) 6 com/connectivityassistant/sdk/common/measurements/speedtest/TUj0.java, line(s) 7 com/connectivityassistant/sdk/common/measurements/speedtest/TUz1.java, line(s) 9 com/connectivityassistant/sdk/common/measurements/speedtest/upload/TUj0.java, line(s) 11 com/connectivityassistant/sdk/common/measurements/speedtest/upload/TUw4.java, line(s) 5 com/connectivityassistant/sdk/common/measurements/udptest/TUqq.java, line(s) 5 com/connectivityassistant/sdk/common/throughput/TUr6.java, line(s) 11 com/connectivityassistant/sdk/common/throughput/TUz1.java, line(s) 13 com/connectivityassistant/sdk/common/utils/TUd3.java, line(s) 10 com/connectivityassistant/sdk/data/job/TUu1.java, line(s) 177 com/connectivityassistant/sdk/framework/TUbTU.java, line(s) 44 com/connectivityassistant/sdk/framework/TUe3.java, line(s) 17 com/connectivityassistant/sdk/framework/TUk2.java, line(s) 13 com/connectivityassistant/sdk/framework/TUr5.java, line(s) 9 com/connectivityassistant/sdk/framework/TUx.java, line(s) 8 com/fdossena/speedtest/core/upload/Uploader.java, line(s) 5 com/m2catalyst/m2sdk/speed_test/legacy/NetworkDiagnosticTools.java, line(s) 36 com/m2catalyst/m2sdk/utils/h.java, line(s) 19 com/qualityinfo/IS.java, line(s) 14 com/qualityinfo/internal/CT.java, line(s) 20 com/qualityinfo/internal/ff.java, line(s) 8 com/qualityinfo/internal/g3.java, line(s) 7 com/qualityinfo/internal/gd.java, line(s) 6 com/qualityinfo/internal/p3.java, line(s) 17 com/qualityinfo/internal/p4.java, line(s) 4 org/jacoco/core/runtime/AbstractRuntime.java, line(s) 3
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/m2catalyst/m2sdk/core/setup/M2SDKOpsReceiver.java, line(s) 178,377 com/qualityinfo/internal/p2.java, line(s) 355,506 com/vungle/ads/internal/platform/AndroidPlatform.java, line(s) 246
中危安全漏洞 IP地址泄露
IP地址泄露 Files: call/blacklist/blocker/BuildConfig.java, line(s) 12,15 call/blacklist/blocker/genericoptin/ThirdParties.java, line(s) 286,318 com/applovin/impl/AbstractC0288l3.java, line(s) 102,104,99,103,108,96,97,101,92,110,105,107,109,93,106,95,98,112,111,100,94 com/applovin/impl/AbstractC0472l3.java, line(s) 104,106,101,105,110,98,99,103,94,112,107,109,111,95,108,97,100,114,113,102,96 com/applovin/mediation/adapters/GoogleAdManagerMediationAdapter.java, line(s) 719 com/applovin/mediation/adapters/GoogleMediationAdapter.java, line(s) 780 com/applovin/mediation/adapters/amazonadmarketplace/BuildConfig.java, line(s) 9 com/applovin/mediation/adapters/facebook/BuildConfig.java, line(s) 9 com/applovin/mediation/adapters/google/BuildConfig.java, line(s) 9 com/applovin/mediation/adapters/googleadmanager/BuildConfig.java, line(s) 9 com/applovin/mediation/adapters/vungle/BuildConfig.java, line(s) 9 com/calldorado/c1o/sdk/framework/TUm7.java, line(s) 358 com/calldorado/c1o/sdk/framework/TUo7.java, line(s) 811 com/calldorado/c1o/sdk/framework/TUu6.java, line(s) 281 com/calldorado/receivers/chain/CommunicationEndWorker.java, line(s) 270 com/cellrebel/sdk/utils/Utils.java, line(s) 205 com/connectivityassistant/sdk/common/throughput/TUgTU.java, line(s) 26 com/connectivityassistant/sdk/domain/model/TUe1.java, line(s) 22 com/connectivityassistant/sdk/framework/TUg8.java, line(s) 797 com/connectivityassistant/sdk/framework/TUs1.java, line(s) 36 com/m2catalyst/m2sdk/configuration/M2Configuration.java, line(s) 74 com/m2catalyst/m2sdk/configuration/i.java, line(s) 116 com/m2catalyst/m2sdk/core/setup/M2SDKOpsReceiver.java, line(s) 177 com/m2catalyst/m2sdk/external/M2SDK.java, line(s) 297 com/qualityinfo/IC.java, line(s) 428,428 com/qualityinfo/internal/CT.java, line(s) 407 com/qualityinfo/internal/o9.java, line(s) 98
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: call/blacklist/blocker/presentation/base/extensions/ActivityExtensionsKt.java, line(s) 27 com/cellrebel/sdk/utils/Utils.java, line(s) 147
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/amazon/device/ads/DtbDeviceData.java, line(s) 73 com/applovin/impl/AbstractC0265i4.java, line(s) 361 com/applovin/impl/AbstractC0449i4.java, line(s) 363 com/applovin/impl/sdk/utils/StringUtils.java, line(s) 43 com/appvestor/android/stats/StatsUtils.java, line(s) 184,201 com/calldorado/util/crypt/AesCbcWithIntegrity.java, line(s) 337 com/calldorado/util/crypt/Cryption.java, line(s) 60 org/java_websocket/drafts/Draft_6455.java, line(s) 189
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/calldorado/c1o/sdk/framework/TUjTU.java, line(s) 219,219,219,219,219 com/cellrebel/sdk/utils/RootUtil.java, line(s) 22,22,22,24,22,24,22,22 com/connectivityassistant/sdk/framework/TUvTU.java, line(s) 94,94,94,94,94
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/cellrebel/sdk/youtube/player/a.java, line(s) 198,194 com/qualityinfo/internal/lg.java, line(s) 632,640 com/qualityinfo/internal/rh.java, line(s) 653,661
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/applovin/impl/adview/l.java, line(s) 25,21 com/vungle/ads/internal/platform/WebViewUtil.java, line(s) 36,32
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/825649563188/namespaces/firebase:fetch?key=AIzaSyAkg_ZF1SI4Viq_A8RHNPj92ygs3afNM-k ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"OPTIN_TO_USE": "1",
"USE_MAVLINK_ADS": "false",
"USE_NEW_ADS_FOR_CALLER": "2",
"ad_placeholder_variation": "0",
"ads_sdk_config": "{}",
"ads_sdk_config_av": "{\"preloadAmount\":1,\"failThreshold\":3,\"backFillDelay\":{\"backFillDelay\":1000,\"initialBackFillDelay\":4000},\"applovinNativeConfig\":{\"adUnit\":\"e9c528a27b213db9\"},\"gamConfig\":{\"adUnit\":\"/181874094/com.ztnstudio.notepad_inapp_native_avads_gz_banner\"}}",
"ads_sdk_config_bv": "{ \"preloadAmount\": 1, \"failThreshold\": 3, \"backFillDelay\": { \"backFillDelay\": 1000, \"initialBackFillDelay\": 4000 }, \"applovinNativeConfig\": { \"adUnit\": \"059586d0c1b55299\" }, \"gamConfig\": { \"adUnit\": \"/181874094/com.ztnstudio.notepad_inapp_native_avads_gz_icon\" } }",
"ads_sdk_config_cv": "{ \"preloadAmount\": 1, \"failThreshold\": 3, \"backFillDelay\": { \"backFillDelay\": 1000, \"initialBackFillDelay\": 4000 }, \"applovinNativeConfig\": { \"adUnit\": \"ef5aed0709e4c52a\" }, \"gamConfig\": { \"adUnit\": \"/181874094/com.ztnstudio.notepad_inapp_native_avads_gz_control\" } }",
"aea_ads_sdk_8_1_7": "{\"preloadAmount\":1,\"failThreshold\":3,\"backfillDelay\":1000,\"initialBackfillDelay\":4000,\"applovinNativeAdUnit\":\"33821c30c48549b4\",\"gamAdUnit\":\"/181874094/info.myapp.allemailaccess_inapp_final_AdsSDK\",\"applovinSdkKey\":\"v9NXTSNp02Na7oJxSSPXhei9s36dqobC_MC6Z514hnxhh9ZHvvnThDsFt2S2FNBzzPqKER8xCqMJyoGUf4PONJ\",\"startMuted\":true,\"adMobNativeAdUnit\":\"ca-app-pub-7756523234329066/8168846080\",\"preloadingEnabled\":true,\"primaryProvider\":\"applovin\",\"secondaryProvider\":\"gam\",\"sequentialLoading\":false}",
"app_validation": "{ \"enabled\": \"true\", \"key\": \"bmk0t+CXVOKFoWBUhV1zH2zXv7kno0TPgJYyw42vzXQ=\", \"validation_percent\": 50 }",
"appsflyer_enabled": "true",
"back_button_behavior": "0",
"cellrebel_enable": "true",
"cmp_enabled": "false",
"cmp_enabled_fab": "true",
"cmp_hide_for_banked_users": "true",
"cmp_show_after_optin": "false",
"config_in_app_adkey": "",
"consent_days_interval": "2",
"cu_conditions": "",
"cu_enabled": "true",
"cu_terms_id": "11",
"enable_5g_detection": "true",
"enable_dnd_cards": "false",
"fab_buy_ad_free_enable": "1",
"firebase_notification_interval_hours": "1000000000",
"firebase_optin_overlay_a11_strategy": "0",
"firebase_optin_transition_animation": "2",
"firebase_overlay_tutorial_delay_ms": "700",
"firebase_reoptin_interval_hours": "0",
"firebase_screens_order": "welcome,location,overlay,notification,chinese",
"firebase_screens_order_q": "welcome,overlay,notification,location,chinese",
"firebase_should_send_notification": "false",
"flash_ads_module_config": "{\"preloadAmount\":1,\"backFillDelay\":{\"backFillDelay\":1000,\"initialBackFillDelay\":4000},\"applovinNativeConfig\":{\"adUnit\":\"9e51655ba1ab86f4\"},\"gamConfig\":{\"adUnit\":\"/181874094/flashalerts.flashlight.calls.messages_inapp_final_test\"}}",
"flash_alert_maps_api_key": "AIzaSyBG8RFi7rNfLJZ3zI23ENzAy3gaLaP0SYQ",
"gamez_op_url": "{ \"isActive\": true, \"url\": \"https://8945.play.gamezop.com/\" }",
"google_placesapi_enable": "true",
"in_app_ads_config": "{\"Type\": \"1\", \"AdTypePrio\": \"1\", \"AdProviderPriority\": \"4\", \"rendererType\": 0, \"MopubNativeAdUintID\": \"\", \"MopubBannerAdUintID\": \"\", \"GoogleMediationNativeAdUintID\": \"\", \"AppLovinAdUnitID\": \"8d2ca766bf905c5c\" }",
"in_app_appopen_ads": "",
"in_app_rating_controller": "false",
"inapp_update": "",
"interstitials_on_startup_enabled": "false",
"legal_urls": "{\"pp\":\"https://legal.appvestor.com/privacy-policy-for-call-blacklist-blocker/\",\"eula\":\"https://legal.appvestor.com/end-user-license-agreement\"}",
"m2_enable_data": "true",
"m2_enable_sdk": "true",
"maps_api_key": "AIzaSyBG8RFi7rNfLJZ3zI23ENzAy3gaLaP0SYQ",
"only_use_main_process": "false",
"ookla_conditions": "",
"ookla_enable": "false",
"optin_overlay_forced": "0",
"optin_variation": "A",
"os_conditions": "eula",
"os_enable": "true",
"os_terms_id": "11",
"outlogic_conditions": "",
"outlogic_enable": "true",
"overlay_reoptin_variation": "1",
"places_api_mode": "0",
"qonversion_enabled": "true",
"recording_flow": "baseline",
"reoptin_days": "0,1,3",
"reoptin_experiment": "",
"reoptin_hours_interval": "9-11",
"screen_recording": "false",
"sr_ads_sdk_test": "{\"splashLoadTime\":7000,\"splashShowTime\":2000,\"preloadAmount\":1,\"failThreshhold\":2,\"initialBackfillDelay\":4000,\"backfillDelay\":1000,\"applovinNativeAdUnit\":\"fa34cfeab45d502d\",\"aoaAdUnit\":\"ca-app-pub-7756523234329066/7863686060\",\"adMobSplashBannerAdUnit\":\"ca-app-pub-7756523234329066/7907918093\",\"applovinSdkKey\":\"v9NXTSNp02Na7oJxSSPXhei9s36dqobC_MC6Z514hnxhh9ZHvvnThDsFt2S2FNBzzPqKER8xCqMJyoGUf4PONJ\",\"interAplAdUnit\":\"83d261c0965e8f44\",\"interGamAdUnit\":\"/181874094/screen.recorder.capture.video.record_interstitial_final\",\"interPreloading\":false,\"startMuted\":true}",
"test_test": "bums",
"us_legislation": "[{\"state\":\"California\",\"privacy_act\":\"California Consumer Privacy Act\",\"privacy_act_short\":\"CCPA\",\"meta_state_code\":1000},{\"state\":\"Colorado\",\"privacy_act\":\"Colorado Privacy Act\",\"privacy_act_short\":\"CPA\",\"meta_state_code\":1001},{\"state\":\"Connecticut\",\"privacy_act\":\"Connecticut Data Privacy Act\",\"privacy_act_short\":\"CTDPA\",\"meta_state_code\":1002},{\"state\":\"Virginia\",\"privacy_act\":\"Virginia Consumer Data Protection Act\",\"privacy_act_short\":\"VCDPA\"},{\"state\":\"Utah\",\"privacy_act\":\"Utah Consumer Privacy Act\",\"privacy_act_short\":\"UCPA\"},{\"state\":\"Texas\",\"privacy_act\":\"Texas Personal Privacy and Security Act\",\"privacy_act_short\":\"TDPSA\",\"meta_state_code\":1005},{\"state\":\"Oregon\",\"privacy_act\":\"Oregon Consumer Privacy Act\",\"privacy_act_short\":\"OCPA\",\"meta_state_code\":1004},{\"state\":\"Montana\",\"privacy_act\":\"Montana Consumer Data Privacy Act\",\"privacy_act_short\":\"MCPA\",\"meta_state_code\":1006},{\"state\":\"Iowa\",\"privacy_act\":\"Iowa Data Privacy Law\",\"privacy_act_short\":\"IDP\"},{\"state\":\"Delaware\",\"privacy_act\":\"Delaware Personal Data Privacy Act\",\"privacy_act_short\":\"DPDA\",\"meta_state_code\":1007},{\"state\":\"Nebraska\",\"privacy_act\":\"Nebraska Data Privacy Act\",\"privacy_act_short\":\"NDPA\",\"meta_state_code\":1008},{\"state\":\"New Hampshire\",\"privacy_act\":\"New Hampshire Privacy Act\",\"privacy_act_short\":\"NHPA\",\"meta_state_code\":1009},{\"state\":\"New Jersey\",\"privacy_act\":\"New Jersey Data Privacy Law\",\"privacy_act_short\":\"NJDPL\",\"meta_state_code\":1010},{\"state\":\"Tennessee\",\"privacy_act\":\"Tennessee Information Protection Act\",\"privacy_act_short\":\"TIPA\"},{\"state\":\"Minnesota\",\"privacy_act\":\"Minnesota Consumer Data Privacy Act\",\"privacy_act_short\":\"MCDPA\",\"meta_state_code\":1011}]",
"xmode_enabled": "false",
"ztn_ads_module_config": "{\"preloadAmount\":1,\"backFillDelay\":{\"backFillDelay\":1000,\"initialBackFillDelay\":4000},\"applovinNativeConfig\":{\"adUnit\":\"ae483601fad6236a\"},\"gamConfig\":{\"adUnit\":\"/181874094/com.ztnstudio.notepad_inapp_final_AMP\"}}",
"ztn_map_key": "AIzaSyBG8RFi7rNfLJZ3zI23ENzAy3gaLaP0SYQ"
},
"state": "UPDATE",
"templateVersion": "2194"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.calldorado.AppId" : "b0-85a95c2c-656b-49c7-a35b-1813b1a8a128" AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-7756523234329066~5725310291" 凭证信息=> "com.cuebiq.sdk.AppKey" : "@string/cuebiq_appkey" "com.google.firebase.crashlytics.mapping_file_id" : "5dbd3afae6ed457ebb03e55a3d05c1d6" "cuebiq_appkey" : "aCALdora" "db_key" : "9FUiOzJkIkTKmJS" "facebook_client_token" : "f182f8794a02845395e5aeb14502bc60" "firebase_database_url" : "https://android-apps-696ef.firebaseio.com" "google_api_key" : "AIzaSyAkg_ZF1SI4Viq_A8RHNPj92ygs3afNM-k" "google_app_id" : "1:825649563188:android:68839fcc3b8be1f7" "google_crash_reporting_api_key" : "AIzaSyAkg_ZF1SI4Viq_A8RHNPj92ygs3afNM-k" "library_android_database_sqlcipher_authorWebsite" : "https://www.zetetic.net/sqlcipher/" 32670510020758816978083085130507043184471273380659243275938904335757337482424 njhy7Yai2oFPrrBaBTf4x1Edud4eZFWMSPn/aECW6i8oyfCtGNnvf7Tw4QhTCkFnJ 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151 c56fb7d591ba6704df047fd98f535372fea00211 nVmljdG9yaWExIDAeBgNVBAoTF1R1dGVsYSBUZWNobm9sb2dpZXMgTHRkMQwwCgYD nBEkRoR27jWIlfE9aoa9zYJQF2kIo3Pnd4SL5/Q== 27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 nhvcNAQEBBQADggEPADCCAQoCggEBALe9GnuB3BNMGAbc2Ue9BhDTErtCn8NRBfzy a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc nVQQLEwNPcHMxGzAZBgNVBAMTElR1dGVsYSBTaWduaW5nMjAyMjCCASIwDQYJKoZI Ct4eTlXHBIY2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF cc2751449a350f668590264ed76692694a80308a a5c71f6aff54eb34c826d952c285eaf0650b4259c83ae598962681a6429b63f6 n78t6PHBsMi4veTZKYlG44+7OqEwfWZ0039ufrXPfb+Qof1bVkg9aqiEpiBFcOsnU nZuTa74Kvz0xGlRyJ3OePMZVawdMMFzXEjDk9bz66JazL0lcId/Tp5rxTIplfXy9C a9-1456f4fe-8de1-4e23-9316-32eee11a1c3f naWVudCBDQSBHMjAeFw0yMjA2MDkwMDAwMDBaFw0yNTA2MDkyMzU5NTlaMIGIMQsw nBBYEFOsVwbxONEpZDj7+hfSIv0H40rqBMDQGA1UdEQQtMCuBKXR1dGVsYStzaWdu 41058363725152142129326129780047268409114441015993725554835256314039467401291 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 nAgEAPZnLxWRtOV03/AOJYkKOvSYF9dqK4jiDI5U6GiLno8arF6C4yIg98cUmpjix ndENBRzIuY3JsMH0GCCsGAQUFBwEBBHEwbzAkBggrBgEFBQcwAYYYaHR0cDovL29j nBwMEMIGpBgNVHR8EgaEwgZ4wTaBLoEmGR2h0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNv naG5vbG9naWVzIEx0ZDEbMBkGA1UEAxMSVHV0ZWxhIFNpZ25pbmcyMDI0MIIBIjAN f316dd95f9a9bca77896e051ff94db9c nbS9EaWdpQ2VydEFzc3VyZWRHMlNNSU1FUlNBNDA5NlNIQTM4NDIwMjRDQTEuY3Js MIIGfzCCBGegAwIBAgIQDnRvyvE6sGlgHqDJOO4EQjANBgkqhkiG9w0BAQsFADBi nBzAChkpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk 16df3a5a5acb93b5bddeed1ff942d87c ef1fef927dcae695e66f6da9881c3d7d nCiv3imByibTJBvTX7tzQvcPNsxO4ozd4VD0WNp1lvxZxwggnyBVJ7RAW8i2xgpA0 nUyJwBVqnDQm1oBpy4llS0ng2mFJAflqQyYfWZ90eJKLsqtS+ekIJfPyyL/70D1aG 36134250956749795798585127919587881956611106672985015071877198253568414405109 56e4e562fea6dd86645e82d525ab862a a6f32595e8dc686f68dd94b670e24220 j70UUkwW+JEfWjpZJRWun8WQxLBoXVAR67p+D5zddDDJnK7qE0RlUbiJ079tWcKEqN39xeKw9Zmq+k8svN97Og== Y29tLnR1dGVsYXRlY2hub2xvZ2llcy5zZGsuZnJhbWV3b3JrLlR1dGVsYVNES1N0YW5kYXJk nb2x1bWJpYTESMBAGA1UEBxMJVmFuY291dmVyMSAwHgYDVQQKExdUdXRlbGEgVGVj VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN 726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439 9b8f518b086098de3d77736f9458a3d2f6f95a37 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112316 nZXJ0LmNvbS9DUFMwgYsGA1UdHwSBgzCBgDA+oDygOoY4aHR0cDovL2NybDMuZGln 115792089237316195423570985008687907853269984665640564039457584007908834671663 39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 57896044618658097711785492504343953926634992332820282019728792003956564819949 naW5nMjAyNEB0dXRlbGF0ZWNobm9sb2dpZXMuY29tMBQGA1UdIAQNMAswCQYHZ4EM 115792089237316195423570985008687907852837564279074904382605163141518161494337 nTlRSQ0EtQkMxMjIxMTAwMQswCQYDVQQGEwJDQTEZMBcGA1UECBMQQnJpdGlzaCBD nzxAzvl1foUuHLulVSAZI9MQEona2BaFrpdiW1YJuPTb91B9qCFENOWVgJ7bLBNyI nninQ3Pbat5lbwY5hwVxcxhX6npKLm4FzXCRmDMYfYKYuXP1+Y8XSasmvLNqjmnyX nMURpZ2lDZXJ0IEFzc3VyZWQgRzIgU01JTUUgUlNBNDA5NiBTSEEzODQgMjAyNCBD n9w0BAQsFAAOCAQEAJxX4xZg8wR5YBcPbAVY0PTbof0UskTOwIr4ccB5mPTRYVK7E nOGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRENsaWVu 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057148 115792089210356248762697446949407573530086143415290314195533631308867097853948 687975afd9fd4dc3d74d17d17c540593 1093849038073734274511112390766805569936207598951683748994586394495953116150735016013708737573759623248592132296706313309438452531591012912142327488478985984 n4mVGXoVlAWtuH6xVlTpO1RvK1vCZSFf/z64JOMkuqEkcaaM= nZ/O2oEl7mNw9Y+jmAHj8ugjPGY0xQteqOhGnO9tIYTtdhoOygM1V+BdkUsTBGfoQ 115792089210356248762697446949407573530086143415290314195533631308867097853951 n0oAtKg88zgRCbYkOHonEJL7stdP7WpuQdgL1rlMmExJ8ltUVeZlor0azEuEmpH+J ba8521283ce82e974e4c16a057c846d7 6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449 nOjA4BgpghkgBhv1sBAECMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2lj 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 no4IB+zCCAfcwHwYDVR0jBBgwFoAU95uiTtOXxfQ0D0MOgYXOkZMyr/kwHQYDVR0O 17bc850c5202085229c57abf448ee425 JYwegjASYZFI9NoTK9X80NtFm6x5gBc/PjDiLCIK18MLySENcJ+wrk8SjPpPw8Ou 8c5044427ca963c09170641ce6641766 nMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOjA4BgNVBAMT nwt1I2r3nKorDYpotLjOl3G5lhumdzmWcR0LIGLlV4JtSIu/ZDe69uRMGBgBNf3eM 10giOLzvVnN70pytwa4acvVMxf6pFMez1mFHIVHohCo2AdnQs 26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 nRzJTTUlNRVJTQTQwOTZTSEEzODQyMDI0Q0ExLmNydDANBgkqhkiG9w0BAQsFAAOC 48439561293906451759052585252797914202762949526041747995844080717082404635286 MIIFiDCCBHCgAwIBAgIQDdAIBk1BHPDNyMujLrtR2DANBgkqhkiG9w0BAQsFADBq ny2M9PIkiWqEkmtaH6we7TKxwLcLbZNfl3OnNKSrYOJS9NkQvllKXAqZOKCVRBtcC 8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 nME2gS6BJhkdodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk nd3cuZGlnaWNlcnQuY29tMSkwJwYDVQQDEyBEaWdpQ2VydCBBc3N1cmVkIElEIENs nqBVqVJnfO97atBihYKn1X6jTMDAMBgNVHRMBAf8EAjAAMDQGA1UdEQQtMCuBKXR1 nFrL5Jswk27N4hVahCNguOpRF9O+bJtO1ratuWV8rklsyw/exc1uGrWvSP6nyE83X nIB/dEvb2QqM0husAtG+r9wP33S7bkm7C9VHSlZATLeBHltwVbkn7Rua6HBTOZnyS nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 55066263022277343669578718895168534326250603453777594175500187360389116729240 ndGVsYStzaWduaW5nMjAyMkB0dXRlbGF0ZWNobm9sb2dpZXMuY29tMA4GA1UdDwEB nCQYDVQQGEwJDQTEZMBcGA1UECBMQQnJpdGlzaCBDb2x1bWJpYTERMA8GA1UEBxMI df6b721c8b4d3b6eb44c861d4415007e5a35fc95 nY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURDbGllbnRDQUcyLmNydDANBgkqhkiG nggIFMB8GA1UdIwQYMBaAFKViIFDcu1tXl60jjzXiVGypfvlOMB0GA1UdDgQWBBQN 52c3345eec7052f0539c991a32e2abb5 Vd99BKh6pxt3mXSDJzHuVrCq52xBXAKVahbuFb6dqBc 2661740802050217063228768716723360960729859168756973147706671368418802944996427808491545080627771902352094241225065558662157113545570916814161637315895999846 3757180025770020463545507224491183603594455134769762486694567779615544477440556316691234405012945539562144444537289428522585666729196580810124344277578376784 a1db628c39cdf06d4c6eb28e6d77635f nfjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFYGCCsGAQUF YpwB4iJrU5AJSXUWdfPW6LXf8xtH/DFIZOw29NI5kN0= nRzJTTUlNRVJTQTQwOTZTSEEzODQyMDI0Q0ExLmNybDCBjQYIKwYBBQUHAQEEgYAw naWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEQ2xpZW50Q0FHMi5jcmwwPqA8oDqG nc3AuZGlnaWNlcnQuY29tMEcGCCsGAQUFBzAChjtodHRwOi8vY2FjZXJ0cy5kaWdp 2c8ef9feacad595728b0cc5aaf8fcae8 c973d475ad1425c19460b151e097fe16 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 nDzXLEs0grbb6VkIp9+Fq4AxWJaFgSjJi7frU7pglqqovAWsefvlFCTV8TrcVD5MG da67ad7539ab0d638e74781a7909c32c 9782e9de17d4219afed99fa7d9c65c2a 115792089210356248762697446949407573529996955224135760342422259061068512044369 nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA68p3uMzz7t85eI/PrXBL7RcNPU3t sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1WlUzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDprecbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy e9026ffd475a1a3691e6b2ce637a9b92aab1073ebf53a67c5f2583be8a804ecb
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: call/blacklist/blocker/CallBlockerApp.java, line(s) 231 call/blacklist/blocker/app_session_logs/SessionLogs.java, line(s) 48,53 call/blacklist/blocker/cdo/CustomCallViewReceiver.java, line(s) 23,28 call/blacklist/blocker/cdo/DAUAlarmManagerHelper.java, line(s) 55,59,66,72,77 call/blacklist/blocker/cdo/DAUAlarmReceiver.java, line(s) 40 call/blacklist/blocker/cuebiq/CuebiqInitClass.java, line(s) 50,51,52,75,76,77 call/blacklist/blocker/genericoptin/ThirdParties$deleteOutlogicData$1.java, line(s) 133,140 call/blacklist/blocker/genericoptin/ThirdParties$startOutlogicTracking$1.java, line(s) 64,70 call/blacklist/blocker/genericoptin/ThirdParties$startOutlogicTracking$2.java, line(s) 40 call/blacklist/blocker/genericoptin/ThirdParties.java, line(s) 124,126,133,138,149,152,205,222,247,249,257,264,266,272,274,278,280,286,289,292,297,303,305,308,311,313,318,320 call/blacklist/blocker/helpers/DeleteUserDataCommunicator.java, line(s) 30 call/blacklist/blocker/helpers/OnUpgradeReceiver.java, line(s) 31,56,62,65,77 call/blacklist/blocker/logging/FirebaseEventBroadcastReceiver.java, line(s) 17,34 call/blacklist/blocker/logging/LoggingControlReceiver.java, line(s) 49 call/blacklist/blocker/logging/MetaLogger.java, line(s) 58 call/blacklist/blocker/presentation/base/cmp/CMPManager$presentConsent$1.java, line(s) 113,124 call/blacklist/blocker/presentation/base/cmp/CMPManager.java, line(s) 214,221,230,241,250,257 call/blacklist/blocker/rating/RatingDialogCalculations.java, line(s) 29,32 call/blacklist/blocker/rating/RatingHelper.java, line(s) 30 call/blacklist/blocker/views/blocklist/BlockListNavFragment.java, line(s) 321 call/blacklist/blocker/views/main/MainActivity.java, line(s) 360,377,385,584,900 com/amazon/aps/ads/ApsLog.java, line(s) 21,31,37 com/amazon/aps/ads/activity/ApsInterstitialActivity.java, line(s) 163 com/amazon/aps/ads/model/ApsSlotInfoExtra.java, line(s) 129 com/amazon/aps/shared/APSAnalytics.java, line(s) 74,78,81,106,115 com/amazon/aps/shared/analytics/APSEvent.java, line(s) 52,98,127 com/amazon/aps/shared/util/APSNetworkManager.java, line(s) 35,115,117,123,38,49,56,62,72,75,88,129,181 com/amazon/aps/shared/util/ApsAsyncUtil.java, line(s) 18,21 com/amazon/device/ads/AdRegistration.java, line(s) 223,330,624,645,695,723,610,665,312,316,717,720,239 com/amazon/device/ads/DTBAdMRAIDController.java, line(s) 144,207,272,421,527,573,576,597,600,611,614,620 com/amazon/device/ads/DTBAdMRAIDExpandedController.java, line(s) 87 com/amazon/device/ads/DTBAdMRAIDInterstitialController.java, line(s) 45,222,247 com/amazon/device/ads/DTBAdNetworkInfo.java, line(s) 25 com/amazon/device/ads/DTBAdRequest.java, line(s) 209,212,214,258,265,272,315,719,207,274,382,506,528,682,761,269,304,413,492,495,698,133,385,398,820 com/amazon/device/ads/DTBAdResponse.java, line(s) 211,291 com/amazon/device/ads/DTBAdUtil.java, line(s) 60,130,133,193,278,281,309,314,433,436,439,442,445,448 com/amazon/device/ads/DTBInterstitialActivity.java, line(s) 65 com/amazon/device/ads/DTBMetricReport.java, line(s) 61 com/amazon/device/ads/DTBMetricsConfiguration.java, line(s) 181,252,101,168,193,207,222,73,307,325 com/amazon/device/ads/DTBMetricsProcessor.java, line(s) 67,72,75,77,82,81,84,88 com/amazon/device/ads/DTBTimeTrace.java, line(s) 66,46,58,69,82,92,117 com/amazon/device/ads/DtbAdRequestParamsBuilder.java, line(s) 121,90 com/amazon/device/ads/DtbAdvertisingInfo.java, line(s) 13,20,27,30,43,42 com/amazon/device/ads/DtbCommonUtils.java, line(s) 141,144,147,150,153,156,210,213,216,219,222,225,237,299,128,108 com/amazon/device/ads/DtbDebugProperties.java, line(s) 96,104,138,143,146,149,155,161,167,181 com/amazon/device/ads/DtbDeviceData.java, line(s) 94,99,134,136,181,197,161 com/amazon/device/ads/DtbDeviceRegistration.java, line(s) 146,156,168,209,295,366,409,429,435,439,136,142,228,237,419,457,509,104,107,173,176,222,260,267,279,283,330,351,361,386,389,416,488 com/amazon/device/ads/DtbFireOSServiceAdapter.java, line(s) 24,26,36,39 com/amazon/device/ads/DtbGeoLocation.java, line(s) 47,87,93,96,99,102,105,72,75 com/amazon/device/ads/DtbGooglePlayServices.java, line(s) 76 com/amazon/device/ads/DtbHttpClient.java, line(s) 47,80,91,103,112,166,167,176 com/amazon/device/ads/DtbLog.java, line(s) 30,37,109,119,48,57,129,157,164,173,16,73,139,100,149 com/amazon/device/ads/DtbMetrics.java, line(s) 118,144,146,153,160,170,173,176,182,185,189 com/amazon/device/ads/DtbOmSdkSessionManager.java, line(s) 112,225,78,87,202,216 com/amazon/device/ads/DtbPackageNativeData.java, line(s) 26,43 com/amazon/device/ads/DtbSharedPreferences.java, line(s) 451,271 com/amazon/device/ads/DtbThreadService.java, line(s) 22,30 com/amazon/device/ads/WebResourceService.java, line(s) 98 com/applovin/impl/C0422w3.java, line(s) 48,52,58 com/applovin/impl/C0606w3.java, line(s) 50,54,60 com/applovin/impl/sdk/C0386o.java, line(s) 33,120,23,124,43,69,49,106 com/applovin/impl/sdk/C0570o.java, line(s) 34,121,24,125,44,70,50,107 com/appvestor/adssdk/ads/manager/AvAds.java, line(s) 1663 com/appvestor/adssdk/ads/model/logs/adfailed/AdFailedLoadLog.java, line(s) 44,82,41,82 com/appvestor/adssdk/ads/model/logs/adfailed/providers/AdMobFailedLog.java, line(s) 22 com/appvestor/adssdk/ads/model/logs/adfailed/providers/ApplovinAdFailedLog.java, line(s) 22 com/appvestor/adssdk/ads/model/logs/adfailed/providers/GamAdFailedLog.java, line(s) 22 com/appvestor/adssdk/ads/model/logs/adshown/AdMobAdLog.java, line(s) 47,98 com/appvestor/adssdk/ads/model/logs/adshown/ApplovinAdLog.java, line(s) 35,82,44,82 com/appvestor/adssdk/ads/model/logs/adshown/GamAdLog.java, line(s) 47,98 com/appvestor/adssdk/ads/rendering/ApplovinRenderingUtils.java, line(s) 40 com/appvestor/adssdk/ads/rendering/GamRenderingUtilKt.java, line(s) 36,64 com/appvestor/android/stats/logging/StatsLogger$logcatLogger$1.java, line(s) 21,27,23,19,25 com/appvestor/blocking/BlockLog.java, line(s) 91,132,109,97,127,85,121,103,115 com/borax12/materialdaterangepicker/date/DayPickerView.java, line(s) 60,165,177,59,164,176 com/borax12/materialdaterangepicker/time/AmPmCirclesView.java, line(s) 57 com/borax12/materialdaterangepicker/time/CircleView.java, line(s) 37 com/borax12/materialdaterangepicker/time/RadialPickerLayout.java, line(s) 218,240,282 com/borax12/materialdaterangepicker/time/RadialSelectorView.java, line(s) 96,154,164 com/borax12/materialdaterangepicker/time/RadialTextsView.java, line(s) 134,188,197 com/borax12/materialdaterangepicker/time/TimePickerDialog.java, line(s) 362,514 com/calldorado/c1o/sdk/framework/AnaSDKService.java, line(s) 24,97,125,174,245,236 com/calldorado/c1o/sdk/framework/SDKStandard.java, line(s) 735,596,725,743,231 com/calldorado/c1o/sdk/framework/TUbTU.java, line(s) 282 com/calldorado/c1o/sdk/framework/TUdd.java, line(s) 171,434 com/calldorado/c1o/sdk/framework/TUt4.java, line(s) 127,132,139,143,159,169 com/calldorado/c1o/sdk/framework/cTUc.java, line(s) 88 com/calldorado/inappupdate/InAppUpdateActivity.java, line(s) 149,160 com/calldorado/inappupdate/InAppUpdateConfig.java, line(s) 45 com/calldorado/inappupdate/InAppUpdateLogHelper.java, line(s) 29 com/calldorado/inappupdate/InAppUpdateManager.java, line(s) 131,138,144,150,169,181,182,192,193,211,220,231,241,292,305,310 com/calldorado/inappupdate/UpgradeReceiver.java, line(s) 18 com/calldorado/inappupdate/notification/NotificationManager.java, line(s) 72 com/calldorado/inappupdate/notification/NotificationWorker$doWork$2$job$1.java, line(s) 44 com/calldorado/inappupdate/notification/NotificationWorker.java, line(s) 38,63,65,69 com/calldorado/inappupdate/notification/WorkerScheduler.java, line(s) 64 com/calldorado/optin/AutoStartPermissionHelper.java, line(s) 131,141,145,186,197,217 com/calldorado/optin/CpraLimitDataActivity.java, line(s) 46 com/calldorado/optin/DoNotSellMyDataActivity.java, line(s) 49,57 com/calldorado/optin/OptinActivity.java, line(s) 48,56,63,98,158,171,185,196,201,211,223,245,247,252,256,273,281,289,293,347,357,360,369,389,398,414,149 com/calldorado/optin/OptinApi.java, line(s) 92,136 com/calldorado/optin/OptinDialogActivity.java, line(s) 15,22,34 com/calldorado/optin/OptinNotificationBroadcast.java, line(s) 11 com/calldorado/optin/OverlayGuideActivity.java, line(s) 43,114 com/calldorado/optin/PreferencesManager.java, line(s) 46,57,72,76,89,137,167,179,280,648,111 com/calldorado/optin/ReoptinNotificationReceiver.java, line(s) 13 com/calldorado/optin/ThirdPartyConsentDialog.java, line(s) 73 com/calldorado/optin/USLegislationSheet.java, line(s) 184 com/calldorado/optin/Utils.java, line(s) 74,93,95,351,370,372,375,385,331 com/calldorado/optin/pages/BasePage.java, line(s) 120,153,175,192,93 com/calldorado/optin/pages/ChinesePage.java, line(s) 105 com/calldorado/optin/pages/ChinesePageHelper.java, line(s) 17 com/calldorado/optin/pages/FullScreenIntentPage.java, line(s) 85 com/calldorado/optin/pages/InfoPhonePage.java, line(s) 65 com/calldorado/optin/pages/LocationPage.java, line(s) 54,101,130,190,192,230,246,253,264,281 com/calldorado/optin/pages/LocationPageHelper.java, line(s) 24,29 com/calldorado/optin/pages/NotificationPage.java, line(s) 73,125 com/calldorado/optin/pages/NotificationPageHelper.java, line(s) 21 com/calldorado/optin/pages/OverlayPage.java, line(s) 35,48,60,66,76,151,187,206,250,253,272,278 com/calldorado/optin/pages/WelcomePage.java, line(s) 78,79,80,89,95,100,107,155,169,283,295,328,362,517,537,540,547,553,560,577,582,589,606,611,618,634,644 com/calldorado/optin/pages/WelcomePageHelper.java, line(s) 46,59 com/calldorado/optin/progressbar/StateProgressBar.java, line(s) 236,858,866,869 com/calldorado/optin/progressbar/utils/FontManager.java, line(s) 35 com/calldorado/optin/receivers/OptinUpgradeReceiver.java, line(s) 15,18 com/calldorado/receivers/cdfQWCBReceiver.java, line(s) 46 com/calldorado/stats/AsyncStatsCommunicationWorker.java, line(s) 60 com/calldorado/ui/shared_wic_aftercall/viewpager/CalldoradoFeatureView.java, line(s) 54 com/calldorado/ui/wic/TimePickerLayout.java, line(s) 54,56,59 com/cellrebel/sdk/networking/ApiClient.java, line(s) 107 com/cellrebel/sdk/utils/CpuDataProvider.java, line(s) 12,16 com/cellrebel/sdk/utils/CpuUtilisationReader.java, line(s) 97,193,226,229 com/cellrebel/sdk/utils/ForegroundObserver.java, line(s) 130,134,161,168,173,179,186 com/cellrebel/sdk/utils/SettingsManager.java, line(s) 35,40,52 com/cellrebel/sdk/workers/CollectTraceRouteWorker.java, line(s) 145,196,210,214 com/cellrebel/sdk/workers/ForegroundWorker.java, line(s) 32,54,61,66,70,74 com/cellrebel/sdk/workers/MetaWorker.java, line(s) 24 com/cellrebel/sdk/workers/TrackingManager.java, line(s) 127,220,223,231,234,243,253,278,294,328,334,341,409,415,432,446,458,461,484,527,531,558,564,595,613,626 com/cellrebel/sdk/youtube/player/a.java, line(s) 287 com/connectivityassistant/sdk/common/measurements/base/TUw4.java, line(s) 78 com/connectivityassistant/sdk/framework/TUqTU.java, line(s) 31 com/connectivityassistant/sdk/framework/sTUs.java, line(s) 129 com/cuebiq/cuebiqsdk/utils/logger/SDKLoggerKt.java, line(s) 76,91,81,86,131,136,141,146 com/fdossena/speedtest/core/worker/SpeedtestWorker.java, line(s) 254 com/iab/omid/library/amazon/publisher/b.java, line(s) 30,32 com/iab/omid/library/amazon/utils/d.java, line(s) 18,11,25 com/iab/omid/library/applovin/publisher/b.java, line(s) 31,33 com/iab/omid/library/applovin/utils/d.java, line(s) 25,11,18 com/iab/omid/library/vungle/publisher/b.java, line(s) 30,32 com/iab/omid/library/vungle/utils/d.java, line(s) 18,11,25 com/m2catalyst/m2sdk/speed_test/legacy/NetworkDiagnosticTools.java, line(s) 500 com/nineoldandroids/animation/PropertyValuesHolder.java, line(s) 71,73,116,136,221,223,263,281,283,333,335 com/qualityinfo/BackgroundTestJobService.java, line(s) 57 com/qualityinfo/ConnectivityJobService.java, line(s) 89,96 com/qualityinfo/ConnectivityService.java, line(s) 76,107 com/qualityinfo/IC.java, line(s) 835,828,841,846 com/qualityinfo/InsightCore.java, line(s) 860,894,1018,878,897,1020,1025,1033,1050 com/qualityinfo/InsightJobService.java, line(s) 61 com/qualityinfo/InsightStarter.java, line(s) 25 com/qualityinfo/internal/BT.java, line(s) 708,140,684 com/qualityinfo/internal/C0129b.java, line(s) 79,92,98 com/qualityinfo/internal/C0130c.java, line(s) 29,40,53 com/qualityinfo/internal/C0132e.java, line(s) 221,95 com/qualityinfo/internal/C0133f.java, line(s) 18,32,35 com/qualityinfo/internal/C2911b.java, line(s) 82,95,101 com/qualityinfo/internal/C2912c.java, line(s) 31,42,55 com/qualityinfo/internal/C2914e.java, line(s) 223,97 com/qualityinfo/internal/C2915f.java, line(s) 19,33,36 com/qualityinfo/internal/a7.java, line(s) 76 com/qualityinfo/internal/ab.java, line(s) 28,36,47,69,74,82,89,101,110 com/qualityinfo/internal/b7.java, line(s) 112,137 com/qualityinfo/internal/bg.java, line(s) 599 com/qualityinfo/internal/c0.java, line(s) 29,67 com/qualityinfo/internal/ce.java, line(s) 38 com/qualityinfo/internal/cf.java, line(s) 152,157,166,173,184,192,31,37 com/qualityinfo/internal/d1.java, line(s) 97,102 com/qualityinfo/internal/d2.java, line(s) 63 com/qualityinfo/internal/d4.java, line(s) 17,42 com/qualityinfo/internal/ec.java, line(s) 67,155 com/qualityinfo/internal/f9.java, line(s) 104,192,204 com/qualityinfo/internal/fg.java, line(s) 493,730,743,768,779,790,801,846,854,926,955,1030,1012 com/qualityinfo/internal/ge.java, line(s) 42 com/qualityinfo/internal/i2.java, line(s) 58,75,129,139,195,205,224,239,264,272,303,309,314,328,111,318,339 com/qualityinfo/internal/kb.java, line(s) 60 com/qualityinfo/internal/kh.java, line(s) 17,26,41 com/qualityinfo/internal/l5.java, line(s) 42,48,59,70,77,108,113,118,128,135,156,158,160 com/qualityinfo/internal/lg.java, line(s) 233,242,252 com/qualityinfo/internal/n.java, line(s) 293,300,532,547,129,428 com/qualityinfo/internal/n0.java, line(s) 222 com/qualityinfo/internal/ne.java, line(s) 249,295 com/qualityinfo/internal/nf.java, line(s) 14,36,76,79 com/qualityinfo/internal/o1.java, line(s) 80 com/qualityinfo/internal/o5.java, line(s) 229,356,225,260,350 com/qualityinfo/internal/o9.java, line(s) 126,257 com/qualityinfo/internal/p2.java, line(s) 357,330,367,645 com/qualityinfo/internal/p9.java, line(s) 23,32,48,65,77,88 com/qualityinfo/internal/q1.java, line(s) 82 com/qualityinfo/internal/t4.java, line(s) 71,88 com/qualityinfo/internal/t8.java, line(s) 138,153,215 com/qualityinfo/internal/tg.java, line(s) 322 com/qualityinfo/internal/ub.java, line(s) 387,561,632,779 com/qualityinfo/internal/ue.java, line(s) 112 com/qualityinfo/internal/uf.java, line(s) 28 com/qualityinfo/internal/v2.java, line(s) 96 com/qualityinfo/internal/w.java, line(s) 57,78,102,95 com/qualityinfo/internal/w8.java, line(s) 161,1363,1370,1418,146,628,1159,1172,1190,1541,1548,1564,1613,1924,1940 com/qualityinfo/internal/wf.java, line(s) 285,115,233 com/qualityinfo/internal/x.java, line(s) 69,119,131,190,195 com/qualityinfo/internal/xa.java, line(s) 25,41 com/qualityinfo/internal/y5.java, line(s) 20,40 com/qualityinfo/internal/z.java, line(s) 424,446,469,1191,1201,1211,1241,1273,1336 com/qualityinfo/internal/za.java, line(s) 20,31,51 com/qualityinfo/internal/zb.java, line(s) 332,365,397,431,467,499,532,611,640,673,692,702,987,1050,1256,1447,1589,1772,1811,1894,1914,1958,2008,2058,2134 com/qualityinfo/internal/ze.java, line(s) 150,160,186,228,248 com/umlaut/crowd/service/BackgroundTestWorker.java, line(s) 41 com/umlaut/crowd/service/ConnectivityWorker.java, line(s) 109,73 com/vungle/ads/internal/util/Logger.java, line(s) 28,36,74,53,82,61,90 net/sqlcipher/AbstractCursor.java, line(s) 139 net/sqlcipher/BulkCursorToCursorAdaptor.java, line(s) 44,66,106,117,161,188,213,36,82,199 net/sqlcipher/DatabaseUtils.java, line(s) 118,159,600,611 net/sqlcipher/DefaultDatabaseErrorHandler.java, line(s) 14,24,26,30,18 net/sqlcipher/database/SQLiteCompiledSql.java, line(s) 50,62,75,86 net/sqlcipher/database/SQLiteContentHelper.java, line(s) 25 net/sqlcipher/database/SQLiteDatabase.java, line(s) 181,1116,1127,1491,1499 net/sqlcipher/database/SQLiteDebug.java, line(s) 8,9,10,11,12,13 net/sqlcipher/database/SQLiteOpenHelper.java, line(s) 128,147 net/sqlcipher/database/SQLiteProgram.java, line(s) 45,51 net/sqlcipher/database/SQLiteQuery.java, line(s) 115 net/sqlcipher/database/SQLiteQueryBuilder.java, line(s) 223,222 net/sqlcipher/database/SqliteWrapper.java, line(s) 29,39,53,63,73 org/greenrobot/eventbus/Logger.java, line(s) 39 org/koin/android/logger/AndroidLogger.java, line(s) 42,52,54,46,50 qTl/unZ.java, line(s) 38
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/calldorado/optin/OverlayGuideActivity.java, line(s) 4,32 com/calldorado/ui/settings/SettingsActivity.java, line(s) 7,1576
安全提示信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密
此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 Files: net/sqlcipher/database/SupportHelper.java, line(s) 12,1
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://android-apps-696ef.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/calldorado/c1o/sdk/framework/TUjTU.java, line(s) 117,117,117,117,117,117 com/cellrebel/sdk/utils/RootUtil.java, line(s) 236 com/connectivityassistant/sdk/framework/TUvTU.java, line(s) 84,84,84,84,84,84 com/qualityinfo/internal/p2.java, line(s) 549,549,549,549,549,549
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/calldorado/c1o/sdk/framework/kTUk.java, line(s) 84,82,84,80,81,81 com/cellrebel/sdk/networking/ApiClient.java, line(s) 104,122 com/cellrebel/sdk/networking/FullX509TrustManager.java, line(s) 13,12,11,11 com/connectivityassistant/sdk/framework/TUf3.java, line(s) 46,44,46,42,43,43 com/m2catalyst/m2sdk/network/d.java, line(s) 63,63
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.googletagmanager.com) 通信。
{'ip': '180.163.150.41', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
综合安全基线评分总结
Call Blocker v1.12.0.1477
Android APK
46
综合安全评分
中风险