导航菜单
登录 注册

应用安全检测报告

应用安全检测报告,支持文件搜索、内容检索和AI代码分析

移动应用安全检测报告

应用图标

⁡⁡⁡⁡⁡⁡⁡点⁡⁡⁡点⁡⁡⁡通⁡⁡⁡⁡⁡⁡⁡⁡ v1.7.8

Android APK 4626e85f...
64
安全评分

安全基线评分

64/100

低风险

综合风险等级

风险等级评定
  1. A
  2. B
  3. C
  4. F

应用安全状况良好,可正常使用

漏洞与安全项分布

0 高危
8 中危
1 信息
2 安全

隐私风险评估

0
第三方跟踪器

隐私安全
未检测到第三方跟踪器


检测结果分布

高危安全漏洞 0
中危安全漏洞 8
安全提示信息 1
已通过安全项 2
重点安全关注 0

中危安全漏洞 应用已启用明文网络流量 

[android:usesCleartextTraffic=true]
应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。

中危安全漏洞 应用数据存在泄露风险 

未设置[android:allowBackup]标志
建议将 [android:allowBackup] 显式设置为 false。默认值为 true,允许通过 adb 工具备份应用数据,存在数据泄露风险。

中危安全漏洞 Activity () 未受保护。 

存在 intent-filter。
检测到  Activity 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Activity 被显式导出,存在安全风险。

中危安全漏洞 Broadcast Receiver () 未受保护。 

存在 intent-filter。
检测到  Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。

中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
cap/apddt/ddtap/apddtap/ParticipantListActivity.java, line(s) 152
cap/apddt/ddtap/apddtap/chat/a.java, line(s) 580
co/daily/model/CallConfiguration.java, line(s) 346
co/daily/model/Info.java, line(s) 211
co/daily/model/ice_config/IceServers.java, line(s) 134
obfuse/NPStringFog.java, line(s) 6
x2/C1075f0.java, line(s) 54

中危安全漏洞 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
C0/A.java, line(s) 9
C0/AbstractC0256c.java, line(s) 9
C0/AbstractC0265l.java, line(s) 6
C0/y.java, line(s) 13
H1/m.java, line(s) 8
H1/w.java, line(s) 7
d0/b.java, line(s) 18
h2/C0746f.java, line(s) 11
o2/o.java, line(s) 10
u0/a.java, line(s) 3
u0/b.java, line(s) 4
v0/a.java, line(s) 4

中危安全漏洞 MD5是已知存在哈希冲突的弱哈希 

MD5是已知存在哈希冲突的弱哈希
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
cap/apddt/ddtap/apddtap/W0.java, line(s) 59

中危安全漏洞 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
89F9E587F2CD82EAC581CCF7
8ACCF789C0CF8EE5F28BF7D7
8ACCF789C0CF8EE5F28BF7D785D2FB82CACE86F7D984D3F48EFAC18AC8C087F8CC88D9F3
060419111D5B484A1B1E190307014F0E0A5D0403020F5115080E17004D0F535E070454145A140854595606
2423222F4E89C0C694F0E084F5F789C8CA
8BF5DE88F9CC82D8E787EFDE
86CFF984F5FF81F0C288FDC385D6DB80CCC8
8ACCF789C0CF82EAC58BFFC789EDDC81FDDD88E5DD84C3F683DDE68AC8E089EDDC83DDC889D9D7
88C3C584E8ED80C5F381CCF7
07033B080A0408351E0F09505C535C5A81C9D595E7C088FDCD83FBC998CCED
0F1E09130108034B020B0200081D120E0A1C403622332B26352A27203432322B33312C312B2F20282D3328353A213E28
88ECC184F2D181F2D289CDFC86D5FD88D9F3
1A051F0F54110E025C00170B06064F14111D1C1557525A565F5A061C1103121E0E15114F1A131D
060419111D5B484A410C1F0E195B53144B4A174508550F4F140C060B5F0C11074E1216171C5F0F080005
86FEDA84E1F78EFFFD88ECD785D2FB8FCBDC8BE0E086C9D182C1C386C4C8
0F1E09130108034B020B0200081D120E0A1C40332C2D223E372D3D2035
1D04180F54110E025C00170B06064F14111D1C1557525A565F
88F9FE84D2E18EDFD48BF5E688CDEF
07033B080A0408351E0F09505C535C5A81C9D595E7C08BD6D583FBC998CCED
88F9FE84D2E180F1DA88F8DA88D4C782E0F987D3E3
1A051F0F54110E025C00170B06064F14111D1C1557525A565F5A061C1103121E0E15114F1B141D
88ECE084E4C082FCDA87E4F489C1CE5D45
86CFF684EBC483D9E886DEC384CAD08FD1D74298C2D687E6EA83E4DE98D2FA8BE4C2
88F8D288F9D582EAC581CCF7
8ACCF789C0CF82EAC58AC8E089EDDC83DDC889D9D7
8BF5DE88F9CC8EDFD48BF5E688CDEF
88ECE084E4C082FCDA86CFF387E0C48FD3F788E7DB8ED2ED8FCAC587F7E089C1F4
8ACDCD86CFCF82CBE886D6EC89C9C28EFCD686DED384CAE680DEE38BDEF784FEF658
2D11010D2D0D0E001C1A96FEEC8ADCFB80D6DF98D9C4
bb392ec0-8d4d-11e0-a896-0002a5d5c51b
86FEDA84E1F781F0C288FDC384CAD08FD1D74298C2D687E6EA8DDDFB
0F1E09130108034B1C0B044302010F094B31213E23242D352E333B3A2932222620292237
c06c8400-8e06-11e0-9cb6-0002a5d5c51b
8BF5DE88F9CC80F1DA88F8DA88D4C782E0F987D3E3
8ACDCD86CFCF82CBE886D6EC88E9EC81F3C286CFF387E0C482F5E581CCF2
88ECC787E0E981F8F186DFC887F3E28EFCE281CCEC
86CEFE84EBC481D6DA8BF6E186CEE0
2D11010D2D0D0E001C1A96FEEC8ADCFB80D6DF98D9C45441
86CEFE84EBC483D9E886DEC384E1D6
87C1D186C5CE8EE2FF86CFF3
88E7CD87DDF48FEBC58BFFFB88F4EE81F9C88ACCF789C0CF82F5FF89D7DD
060419111D5B484A410C1F0E195B53144B4A174508550F4F140C060B5F0C11074E1216171C5F0E090B020C
88C3C584E8ED80C5F38AC8E089EDDC83DDC889D9D7
8ACCF789C0CF82EAC581CCF7
0F1E09130108034B020B0200081D120E0A1C403123323924353A22263F2324312226293E3D
2D11010D2D0D0E001C1A96F1CB8BE9FA80D5E595E1F781DDEB8DC5DD98D2E688F2EA81CFF2
86D7EB88CCF081DDC088EFFE84D2E382DDCA
81CCF687E7E182F9DA8BEFE384D6E388D9E8
86CFF984F5FF81F0C288FDC385D6DB80CCC84298C2D687E6EA8DDDFB
86DFDA87DFE380F1DA88F8DA84EBD083DFD98BC1E284D7F4
0F1E09130108034B020B0200081D120E0A1C402022323A3E292A26273624222F352E2A3C3D
041F040F4E13080A1F4E96E5F18BEBF88ACEE295D1E18BF1C880C3E195D4F48BE4D681C8C5
0D1F004F0F0F03171D07144300000F0811131A19020F1D4F290A1C2005010D
0F1E09130108034B020B0200081D120E0A1C402228222133233A333B34242E
88ECC787E0E981F8F186DFC887F3E28EFCE281CCE187F9C181D6E78BFACD84EBC483D9E886DEC38ED2E0
060419111D5B484A410C1F0E195B53144B4A174508550F4F140C060B5F0C11074E1216171C5F180F0C080901
060419111D5B484A410C1F0E195B53144B4A174508550F4F140C060B5F0C11074E150A1D035F1F00000508082D00110004
060419111D5B484A131E1943050F080B1C5C0D1F42175F4E0A00171A1903064315080E170003
0D1F004F090E08021E0B5E0C0F0A13080C1640170012400E15025C0D1F03120D131E1506
cf7b4b49662799ab09c41488b3729b88fda2dbf73151a15b2f6735b960f6818c
060419111D5B484A410C1F0E195B53144B4A174508550F4F140C060B5F0C11074E150A1D035F070E070F
0D1F004F0614061217075E1E181D1502085C2C05040D0A241F
86DED384CAE68FC2D189CBFC
8BF5DE88F9CC80F1DA88F8DA84EBD083DFD98BC1E284D7F4
060419111D5B484A080615030B0759555D4A40140C08021849061D41
060419111D5B484A410C1F0E195B53144B4A174508550F4F140C060B5F0C11074E040A1C08190A4E0B13150A00221F0A
86D7EB88CCF081DDC088EFFE84D2E382DDCA64583F2C36525657438BF5D184C0D881E5D587E7C388CCF94E6F94C3D388FDC684D7F89AC1E589DEC084C3E85C405E
8BFACD84EBC483D9E886DEC3
060419111D5B484A410C1F0E195B53144B4A174508550F4F140C060B5F0C11074E150A1D035F0E130B001300
0F1E09130108034B020B0200081D120E0A1C402228202A3E372D3D203532323A203320
8ACCF789C0CF82C1C386C4C8
060419115C22080B1C0B131908010F

安全提示信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
A/e.java, line(s) 140
B/d.java, line(s) 306,310
C/c.java, line(s) 422
C2/d.java, line(s) 423
L/d.java, line(s) 211
O/b.java, line(s) 30
O/f.java, line(s) 451
V/e.java, line(s) 57,88
X0/C1035g.java, line(s) 286
cap/apddt/ddtap/apddtap/C0551a.java, line(s) 28,43,88
cap/apddt/ddtap/apddtap/MainActivity.java, line(s) 299,314,338,353,392,396,459,589,940,977,986,1002,1007,1034,1200,1203,1293,1326,420,653,1037,1148,1338,248,285,1044,1345,1385
cap/apddt/ddtap/apddtap/ParticipantListActivity.java, line(s) 110,58,70,93,373
cap/apddt/ddtap/apddtap/chat/ChatActivity.java, line(s) 164,170,176,182,188,194,200,206,212,248,254,260,266,272,278,284,290,296,312,326
cap/apddt/ddtap/apddtap/chat/a.java, line(s) 531,575,461
cap/apddt/ddtap/apddtap/services/DemoActiveCallService.java, line(s) 19
cap/apddt/ddtap/apddtap/services/DemoCallService.java, line(s) 293,306,873,884,894,1028,1031,186,326,826,843,1117,194,238,324,491,499,511,526,544,554,569,579,585,592,612,618,624,633,641,649,664,674,680,691,697,703,709,715,720,1058,1083,1128,1139,1148,820
cap/apddt/ddtap/apddtap/services/ScreenShareService.java, line(s) 19,25
cap/apddt/ddtap/apddtap/services/a.java, line(s) 43,57,89,118
co/daily/CallClient.java, line(s) 414,526,531,1698,2263,2311,2436,2446,3122,3135,3246,3315,262,366,400,495,238,335,343,466,552,566,779,2450,2708,2764,3149,3177,3213,3290,3334,3351,2324
co/daily/capture/VideoTrackCapturerToBitmap.java, line(s) 99,129
co/daily/capture/VideoTrackCapturerToSurface.java, line(s) 47,54,103,117
co/daily/context/CallClientSharedContext.java, line(s) 51,196,218
co/daily/internal/camera/c.java, line(s) 478,142
co/daily/internal/screen/DailyScreenCapturerAndroid.java, line(s) 37
co/daily/util/CallClientGetterState.java, line(s) 189,199,210,185,206
co/daily/util/DailyAudioManager.java, line(s) 166,171,222,245,268
co/daily/util/DailyWebRTCDevicesManager.java, line(s) 127
co/daily/util/NativeTrackManager.java, line(s) 113,119,148,164
co/daily/util/ScreenVideoCapturer.java, line(s) 158,84,92,100,155,178,239,243,250
co/daily/view/VideoTextureView.java, line(s) 147,176,193,208,224,268,277,285
co/daily/view/VideoView.java, line(s) 234,94,235,273,274,280,292,294,316,328
g/c.java, line(s) 112,133,127
h/MenuItemC0721c.java, line(s) 265
h0/C0725c.java, line(s) 52
l2/e.java, line(s) 52,52,72
u0/C0989d.java, line(s) 166,199
v0/b.java, line(s) 40
x/z.java, line(s) 1129

已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 

此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4

Files:
K2/d.java, line(s) 105,104,103
K2/e.java, line(s) 123,113,122,132,121,121
K2/j.java, line(s) 107,106,105,105
K2/k.java, line(s) 226,214,225,224,224

已通过安全项 此应用程序没有隐私跟踪程序 

此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。

综合安全基线评分总结

应用图标

⁡⁡⁡⁡⁡⁡⁡点⁡⁡⁡点⁡⁡⁡通⁡⁡⁡⁡⁡⁡⁡⁡ v1.7.8

Android APK
64
综合安全评分
低风险