应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
贪婪洞窟 v6.0.3
40
安全评分
安全基线评分
40/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
8
高危
24
中危
3
信息
1
安全
隐私风险评估
4
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
8
中危安全漏洞
24
安全提示信息
3
已通过安全项
1
重点安全关注
0
高危安全漏洞 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/tds/common/region/TdsRegionHelper.java, line(s) 70
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/quickgamesdk/activity/WeChatWebPayActivity.java, line(s) 267,274,15,16 com/quickgamesdk/fragment/AnnouncementFragment.java, line(s) 31,5 com/quickgamesdk/fragment/QGWebViewFragment.java, line(s) 138,149,4 com/quickgamesdk/fragment/login/CustomInLoginFragment.java, line(s) 69,13,14 com/quickgamesdk/fragment/pay/QGScanPayFragment.java, line(s) 53,6
高危安全漏洞 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: cn/thinkingdata/analytics/encrypt/c.java, line(s) 39 com/quickgamesdk/utils/QGSdkUtils.java, line(s) 226,240 com/quicksdk/utility/k.java, line(s) 108,121
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/quickgamesdk/activity/AliWebPayActivity.java, line(s) 44,43 com/quickgamesdk/activity/WeChatWebPayActivity.java, line(s) 46,44
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/nirvana/tools/core/UTSharedPreferencesHelper.java, line(s) 16,9 com/nirvana/tools/logger/utils/UTSharedPreferencesHelper.java, line(s) 31 com/quickgamesdk/skin/manager/util/PreferencesUtils.java, line(s) 24 org/cocos2dx/lib/Cocos2dxHelper.java, line(s) 374
高危安全漏洞 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
com/qq/gdt/action/j/a.java, line(s) 25
高危安全漏洞 使用弱加密算法
使用弱加密算法 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/nirvana/tools/core/CryptUtil.java, line(s) 146
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/bytedance/ad/common/uaid/identity/utils/EncryptUtils.java, line(s) 26
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 Activity (org.cocos2dx.cpp.AppActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.avalon.cave.wxapi.WXEntryActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.appsflyer.MultipleInstallBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.quickgamesdk.activity.LoginActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.quickgamesdk.activity.TempActivty) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.quickgamesdk.activity.QGVoucherActivty) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.quickgamesdk.activity.QGVoucherActivty) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.tencent.tauth.AuthActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (.wxapi.WXEntryActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (.wxapi.WXPayEntryActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.qk.plugin.customservice.view.ChatActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.bytedance.ads.convert.BDBridgeActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: cn/leancloud/push/NotifyUtil.java, line(s) 61,65 com/qq/gdt/action/e/h.java, line(s) 51 com/qq/gdt/action/e/i.java, line(s) 50 com/quickgamesdk/constant/Constant.java, line(s) 113 com/quickgamesdk/fragment/download/DownLoadFragment.java, line(s) 102,100,104 com/quickgamesdk/gamebox/service/DownloadService.java, line(s) 22 com/quickgamesdk/manager/InitManager.java, line(s) 203,579 com/quickgamesdk/manager/LoginManager.java, line(s) 373 com/quickgamesdk/manager/QGPayManager$5.java, line(s) 22 com/quickgamesdk/skin/manager/loader/SkinManager$1.java, line(s) 34 com/quickgamesdk/utils/AlbumHelper.java, line(s) 33 com/quickgamesdk/utils/PhotoPickerAdapter$ImgOnClickListener.java, line(s) 29 com/quickgamesdk/utils/QGSdkUtils.java, line(s) 71 com/quicksdk/c/a.java, line(s) 65,66 com/taptap/services/update/TapUpdateDownloadManager.java, line(s) 244 com/tencent/a/a/a/a/b.java, line(s) 19,27,47,49 ghostpili/C0341n.java, line(s) 69 ghostpili/C0489n.java, line(s) 72 ghostpili/fF.java, line(s) 320 org/cocos2dx/lib/Cocos2dxActivity.java, line(s) 161
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: cn/leancloud/LCACL.java, line(s) 13 cn/leancloud/LCFile.java, line(s) 36,37,33,39,34,32 cn/leancloud/LCUser.java, line(s) 37,40 cn/leancloud/cache/QueryResultCache.java, line(s) 166,91,158,85,151,173,44,124,116,109,131 cn/leancloud/core/RequestPaddingInterceptor.java, line(s) 16,15 cn/leancloud/gson/FileUploadTokenAdapter.java, line(s) 12 cn/leancloud/im/IntentUtil.java, line(s) 14 cn/leancloud/im/v2/Conversation.java, line(s) 77,82,86 cn/leancloud/livequery/LCLiveQuery.java, line(s) 35 cn/leancloud/livequery/LiveQueryConnectionListener.java, line(s) 57 cn/leancloud/push/AndroidNotificationManager.java, line(s) 21 cn/leancloud/push/LCNotificationManager.java, line(s) 20 cn/leancloud/search/LCSearchQuery.java, line(s) 24 cn/leancloud/session/MessageReceiptCache.java, line(s) 9 cn/leancloud/session/PersistentQueue.java, line(s) 15,28 cn/leancloud/session/SessionCacheHelper$SignatureCache.java, line(s) 9 cn/leancloud/session/SessionCacheHelper.java, line(s) 86,34,16 cn/leancloud/upload/FileUploadToken.java, line(s) 72 cn/leancloud/upload/QiniuAccessor.java, line(s) 45 cn/leancloud/upload/QiniuSlicingUploader.java, line(s) 25 cn/leancloud/utils/NotificationCompatExtras.java, line(s) 5,9 cn/leancloud/utils/NotificationCompatJellybean.java, line(s) 20,24 cn/leancloud/utils/RemoteInputCompatJellybean.java, line(s) 15 com/alicom/tools/networking/NetConstant.java, line(s) 10,19 com/alicom/tools/networking/SSLFactory.java, line(s) 23,24,14,15 com/avalon/game/account/LeitingSDKUtil.java, line(s) 142,88,89,90,91,92,93,94,100,101,102,103,104,105,107,108,109,110,111,112,113,114,115,116,117,118,119,121,120,122,123,124,125,126,127,128,129 com/avalon/game/util/HuaweiGlobalParam.java, line(s) 6,7 com/avalon/game/util/HuaweiRSAUtil.java, line(s) 22,23,131 com/avalon/game/util/RSA/RSACoder.java, line(s) 20,21 com/avos/avoscloud/AVConstants.java, line(s) 14,15 com/avos/avoscloud/AVFile.java, line(s) 25,24 com/avos/avoscloud/AVOSCloud.java, line(s) 18,20,21 com/avos/avoscloud/AVUser.java, line(s) 32 com/avos/avoscloud/AppRouterManager.java, line(s) 12,19,20,21,23,24,25 com/nirvana/tools/logger/UaidTracker.java, line(s) 20,21,22 com/nirvana/tools/logger/utils/LocalDeviceUtil.java, line(s) 13 com/nirvana/tools/logger/utils/UTSharedPreferencesHelper.java, line(s) 14,15 com/qq/gdt/action/e.java, line(s) 387 com/qq/gdt/action/j/b.java, line(s) 70 com/quickgamesdk/constant/Constant.java, line(s) 111,38,51,103,104,108,91,61,40,99,19 com/tapsdk/bootstrap/account/TDSUser.java, line(s) 52,57 com/tapsdk/bootstrap/wrapper/TapBootstrapServiceImpl.java, line(s) 21,22,18,25 com/taptap/sdk/AccessToken.java, line(s) 26 com/tds/common/account/AccountUser.java, line(s) 13 com/tds/common/entities/AccessToken.java, line(s) 91 com/tds/common/reactor/internal/schedulers/NewThreadWorker.java, line(s) 27,36 com/tds/common/region/TdsRegionHelper.java, line(s) 20 com/tds/common/utils/GUIDHelper.java, line(s) 11 com/tds/common/websocket/drafts/Draft_6455.java, line(s) 54 ghostpili/tG.java, line(s) 77 org/cocos2dx/cpp/AVCloudManager.java, line(s) 57 org/cocos2dx/cpp/AppActivity.java, line(s) 120,124,70,78,77,112,116,69,66,74,75,121,125,113,117,67 org/cocos2dx/cpp/CaveApplication.java, line(s) 9 org/java_websocket/drafts/Draft_6455.java, line(s) 56
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: cn/leancloud/im/v2/AndroidDatabaseDelegate$DBHelper.java, line(s) 4,5,32,33,34,82,89,100,111,122,123,124,127,138,149,152,155,166,169,180,183,186,196 cn/thinkingdata/analytics/e/c.java, line(s) 5,6,7,49,50,56,57,58 com/nirvana/tools/logger/cache/db/AbstractDatabase.java, line(s) 6,361 com/nirvana/tools/logger/cache/db/DBHelper.java, line(s) 4,5,23,24,25,34 com/qq/gdt/action/c/a/a.java, line(s) 6,7,182,276,321 com/qq/gdt/action/c/b.java, line(s) 6,7,188,223,328,374 com/quickgamesdk/gamebox/db/DBHelper.java, line(s) 4,5,27,32,33 com/quickgamesdk/gamebox/db/ThreadDAOImple.java, line(s) 6,47,52 com/taptap/sdk/internal/user/CurrentUserProvider.java, line(s) 9,10,11,41,46 com/taptap/services/update/download/core/breakpoint/BreakpointSQLiteHelper.java, line(s) 6,7,97,116,133,169,190,242 org/cocos2dx/lib/Cocos2dxLocalStorage.java, line(s) 5,6,48
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: a/a/a/e/c.java, line(s) 12 cn/leancloud/codec/MDFive.java, line(s) 28,41,84 cn/thinkingdata/core/utils/MessageDigestUtils.java, line(s) 12 com/alicom/tools/networking/ParamsUtils.java, line(s) 54 com/avalon/game/tools/MeiZuMD5.java, line(s) 10 com/avalon/game/tools/NUBIAMd5Util.java, line(s) 12,32 com/avalon/game/tools/ToolsUtil.java, line(s) 11 com/avalon/game/tools/VivoSignUtils.java, line(s) 83 com/avalon/game/util/RSA/Coder.java, line(s) 22 com/avalon/game/util/Util.java, line(s) 185 com/avos/avoscloud/utils/StringUtils.java, line(s) 70 com/bytedance/ad/common/uaid/identity/utils/EncryptUtils.java, line(s) 79 com/ipaynow/wechatpay/plugin/g/d/a.java, line(s) 28 com/nirvana/tools/core/AppUtils.java, line(s) 115 com/nirvana/tools/core/CryptUtil.java, line(s) 199 com/nirvana/tools/logger/utils/LocalDeviceUtil.java, line(s) 20 com/qq/gdt/action/j/d.java, line(s) 55 com/quickgamesdk/utils/QGSdkUtils.java, line(s) 124,199 com/quicksdk/utility/f.java, line(s) 150 com/quicksdk/utility/k.java, line(s) 43,65,86 com/taptap/services/update/download/core/Util.java, line(s) 123 com/tds/common/utils/CommonUtils.java, line(s) 12 com/tds/common/widgets/image/ImageUtil.java, line(s) 59 com/tencent/mm/a/b.java, line(s) 10
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: cn/leancloud/push/AndroidNotificationManager.java, line(s) 18 cn/leancloud/utils/StringUtil.java, line(s) 8 com/avalon/game/util/CommonUtil.java, line(s) 16 com/avos/avoscloud/AVUtils.java, line(s) 35 com/avos/avoscloud/utils/StringUtils.java, line(s) 7 com/qq/gdt/action/b.java, line(s) 18 com/quicksdk/utility/f.java, line(s) 19 com/taptap/sdk/net/Api.java, line(s) 23 com/taptap/sdk/ui/CodeUtil.java, line(s) 7 com/tds/common/net/util/HttpUtil.java, line(s) 29 com/tds/common/websocket/drafts/Draft_6455.java, line(s) 46 com/tds/protobuf/AbstractProtobufList.java, line(s) 6 com/tds/protobuf/BooleanArrayList.java, line(s) 6 com/tds/protobuf/DoubleArrayList.java, line(s) 5 com/tds/protobuf/FloatArrayList.java, line(s) 5 com/tds/protobuf/IntArrayList.java, line(s) 6 com/tds/protobuf/Internal$ProtobufList.java, line(s) 4 com/tds/protobuf/LazyStringArrayList$ByteArrayListView.java, line(s) 4 com/tds/protobuf/LazyStringArrayList.java, line(s) 9 com/tds/protobuf/LongArrayList.java, line(s) 6 com/tds/protobuf/UnmodifiableLazyStringList.java, line(s) 9 com/tds/xxhash/XXHashFactory.java, line(s) 8 ghostpili/C0426qd.java, line(s) 14 ghostpili/C0574qd.java, line(s) 14 ghostpili/iI.java, line(s) 30 org/java_websocket/drafts/Draft_6455.java, line(s) 15
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: XI/K0/XI/XI$K0.java, line(s) 46 a/a/a/d/b/f.java, line(s) 28 cn/leancloud/codec/SHA1.java, line(s) 27 com/alicom/tools/networking/ParamsUtils.java, line(s) 84 com/avos/avoscloud/AVUtils.java, line(s) 1682 com/bytedance/ad/common/uaid/identity/utils/EncryptUtils.java, line(s) 68 com/ipaynow/wechatpay/plugin/d/a/a.java, line(s) 15 com/qq/gdt/action/j/a.java, line(s) 21 com/taptap/sdk/net/Api.java, line(s) 155 com/tds/common/net/util/HttpUtil.java, line(s) 107 com/tds/common/tracker/TdsTrackerHandler.java, line(s) 385 com/tds/common/websocket/drafts/Draft_6455.java, line(s) 527 ghostpili/C0470ru.java, line(s) 215 org/java_websocket/drafts/Draft_6455.java, line(s) 518 org/repackage/a/a/a/a/c.java, line(s) 57
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: cn/thinkingdata/analytics/ThinkingAnalyticsSDK.java, line(s) 951,949 com/quickgamesdk/fragment/login/CustomInLoginFragment.java, line(s) 47,42 com/quickgamesdk/manager/SliderBarV2Manager.java, line(s) 133,128 com/taptap/sdk/ui/WebBlock.java, line(s) 282,275
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/quickgamesdk/fragment/login/CustomInLoginFragment.java, line(s) 43,42 com/quickgamesdk/manager/SliderBarV2Manager.java, line(s) 129,128 com/quickgamesdk/view/PrivaceDialogLayout.java, line(s) 94,93
中危安全漏洞 IP地址泄露
IP地址泄露 Files: cn/leancloud/network/DNSDetoxicant.java, line(s) 20 cn/leancloud/network/SimpleNetworkingDetector.java, line(s) 21 cn/thinkingdata/analytics/h/b.java, line(s) 64,64 com/avalon/game/account/LeitingSDKUtil.java, line(s) 395 com/avos/avoscloud/DNSAmendNetwork.java, line(s) 59 com/bytedance/ads/convert/BuildConfig.java, line(s) 12 com/bytedance/ads/convert/utils/BusinessConstant.java, line(s) 17 com/bytedance/ads/convert/utils/EventReporter.java, line(s) 78 com/bytedance/ads/convert/utils/EventReporterV2.java, line(s) 72 com/bytedance/ads/convert/utils/EventReporterV3.java, line(s) 46 com/ipaynow/wechatpay/plugin/g/d/a.java, line(s) 56,58,90
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个4隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息
凭证信息=> "reyun_appkey" : "QK{{$reyun_appkey}}"
凭证信息=> "tt_appid" : "QK0"
凭证信息=> "ALP_KEY" : "QK0"
微信分享的=> "WX_APP_SECRET" : "QK{{$wx_app_secret}}"
凭证信息=> "AD_APP_ID" : "AD{{$ad_app_id}}"
QQ授权的=> "QQ_APP_ID" : "QK0"
微信分享的=> "WX_APP_ID" : "QK0"
凭证信息=> "IQY_APP_ID" : "QK0"
凭证信息=> "ks_appId" : "QK0"
凭证信息=> "gdt_appSecretKey" : "QK0"
"app_id" : "413063252186"
"facebook_app_id" : "759252852917751"
tsvezhhlefbdj1jbkohynipehgtpk353sfonvbtlyxaraqxy
glvame9g0qlj3a4o29j5xdzzrypxvvb30jt4vnvm66klph4r
EBE24B477A8B4B78AAD81A51AF7DF432
01360240043788015936020505
nsjV57o+phSlqM0B5aPiMScxWJmCzFRX4NKcjt6KGP+3GpzmTyrpavnYQtHasperH
258EAFA5-E914-47DA-95CA-C5AB0DC85B11
-39280363481451541647
014a06685f0JVDULT/MIGfMA0GCSqGSIb3DQEBAQUAA4G
nEwZBdmFsb24xEDAOBgNVBAMTB3N1IGNoYW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
e3a87987e094ba59d545cbf06fec5666f7cf9623
nAQDeVIEraQt46HGp15hK8q7AjlU3d5KJnG3t+iNxHp0hkus/pMvoga07x+HU+xv8gs3Tb+Nv9PUE
ndFkd5mLqb164/56l8DwM6I1KsgWsfZDYnDR4k2a3AgMBAAGjITAfMB0GA1UdDgQWBBR6Py378uFb
6X8Y4XdM2Vhvn0KfzcEatGnWaNU=
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/YHP9utFGOhGk7Xf5L7jOgQz5
ngZlTTem7Pjdm1V9bJgQ6iQvFHsvT+vNgJ3wAIRd+iCMXm8y96yZhD2+SH5odBYS2
2FDgvkGVlKtvyo6NX8HbSycCiDHWR2gaqJRI3JrAqT9lGxZAxTnmUE8MNnhRWfoNZJHX2
90E4DEDAD9B1CB57EA1538871ED468A7
18ry1wsn1p7808tagf2ka7sy1omna3nihe45cet0ne4xhg46
0f9bd3a1352efa7446ab2dcd985833e744ccfd05
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5se07mkN71qsSJHjZ2Z0+Z+4LlLvf2sz7Md38VAa3EmAOvI7vZp3hbAxicL724ylcmisTPtZQhT/9C+25AELqy9PN9JmzKpwoVTUoJvxG4BoyT49+gGVl6s6zo1byNoHUzTfkmRfmC9MC53HvG8GwKP5xtcdptFjAIcgIR7oAWQIDAQAB
nCBMCU0MxCzAJBgNVBAcTAkNEMQ8wDQYDVQQKEwZBdmFsb24xDzANBgNVBAsTBkF2YWxvbjEQMA4G
dee6172daef74f0895c7d185956ac0a7
nA1UEAxMHc3UgY2hhbzAgFw0xODAxMDQxMjUzNTJaGA8yMDcyMTAwNzEyNTM1MlowWzELMAkGA1UE
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6YCzxZS0FaWDOdtwgcHJ
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLShWjAtxJv3g2VPIYOOAv4rnVDdLkdseKm7+KOkCBLV9SKY5oqksFaXcLZ+nRnjnczhze5eGKhevwliUyag6x96GyXI2WagKIoB7Uwl2byl0xB5bNvYzf+x/DKHTSoGJshU6shXWXcjGFq+mUiPhM3WGZoqdY+vvqOWD+tga8XQIDAQAB
308201ff30820168a003020102020422e04046300d06092a864886f70d01010505003044310b300906035504061302434e3109300706035504081300310930070603550407130031093007060355040a130031093007060355040b13003109300706035504031300301e170d3139303131313130323032325a170d3434303130353130323032325a3044310b300906035504061302434e3109300706035504081300310930070603550407130031093007060355040a130031093007060355040b1300310930070603550403130030819f300d06092a864886f70d010101050003818d0030818902818100a607f5728d95a2eb09b3b6cbb853ae53769b47a7837a6f1b1b9e56670cef097ba3ad3bebcafcb814f6a123a4534360c6752f2390e0466a11088d2906e06d28e2992ec3007dbfb3880072c2ba8acc64926c417bcad42c26f29496b1345667f92a782c644c6c39f2d767995a2bb82fe6ade74da98383668f5b6a3a2bf945dc18630203010001300d06092a864886f70d010105050003818100a2e7ea7b0510a17b5a3cf28c6118abff0122ece2f9c80ad614c54fa5d7d5128048a7e9eb5f8721d0768caab3dde8a0c108af5bd3088d2e58a7f51730f7cb6b7a27f467a3bd84693785c8833a71b4a25530f871d4ed90fba438c024f940f00cc61f31ac23bb99f705430c8f9e0f06c4c443a893af756e0f83690b66f8445517aa
n97gGNTXVrVoUPa8cWwq4XPmvgmq4pmmNdjpAx4EtC43TkBEJg55y+sTVdMFCON8ZX8bS8zt3IdYx
32613270436339175011491843028022
39280363481451541647
2FsPONw4QOqEQkzYvoiuVATWxbyQmsCJ
q3er6vs0dkawy15skjeuktf7l4eam438wn5jkts2j7fpf2y3
nf3udjhnnsbe99qg04j7oslck4w1yp2geewcy1kp6wskbu5w
nBhMCQ04xCzAJBgNVBAgTAlNDMQswCQYDVQQHEwJDRDEPMA0GA1UEChMGQXZhbG9uMQ8wDQYDVQQL
MIIDVzCCAj+gAwIBAgIEaPDBjjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJDTjELMAkGA1UE
n+APJWeeIsUEJHi0FSf3EmwAtNgcJwLYed8Lrem+2+qvFY8RRjH3w4jT/wl2HKGEY
56d509de67e58e8e41001931
iuuztdrr4mj683kbsmwoalt1roaypb5d25eu0f23lrfsthgn
npD6CFRNtN1DVvpw+H4tNkF5yB1TwAUlbNNhSuc7hi4YpttiZlSqEnl8UlX+9OWOi
f3395d2467a39be335cbf82c5fb0a3a5b13ba628
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIxHA9yAi16YbRRJqi+UB5jhbb
c5af4bc6a2afa7a1f8a3f02e56de16b59c6ba358
a9fd366d46f47b9a0842cfbe06ba624f2c006d6e
tgIBkg304BUpjGHLSq1wYYb0Xs77pMIm
nVYybynPLOAvsvtfG4x9CCKc2OpDZfrTfB1sMzLhkjjhmt+cYlNe8UO1FY1hiKocVRdpiZaacUn3r
143mgzglqmg4d0simqtn1zswggcro2ykugj76th8l38u3cm5
nIVQ3z98C02kQEgPU8jANBgkqhkiG9w0BAQsFAAOCAQEAHRpfagOzTmBM4gSDL5aMr7qyZg59Prw/
na7GByE8EjwrQOPkrznZs6con7gTfzjLwTWr4o6SKq5WkuwMmRhkbyeaNS0hcJeVwCg/bw+f8j8hG
8273fe9a49b546709fab2c14e459df1e
n4aw0AoExz4atTkUlZJIf9eNLj7ogTlQGANNzE2R/uskFse2GsCqJKFTk4UraBkzf
090E4DEDAD9B1CB57EA1538871ED468A7
QxciDjdHjuAIf8VCsqhmGK3OZV7pBQTZ
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a/a/a/e/b.java, line(s) 30,35,19,25 bin/mt/signature/KillerApplication99$j.java, line(s) 69,152 cn/leancloud/codec/AES.java, line(s) 43,45,90,93,96,99,102,105,116,119,122,125,128,131 cn/leancloud/codec/Base64Decoder.java, line(s) 109 cn/leancloud/core/LeanCloud.java, line(s) 44,45 cn/leancloud/logging/DefaultLogger.java, line(s) 54,75,63,84,57,78,51,72,60,81,93 cn/leancloud/utils/LocalBroadcastManager.java, line(s) 129,134,141,145,161,171 cn/leancloud/utils/NotificationCompatJellybean.java, line(s) 99,113,117,166,185,208,211 cn/leancloud/utils/RemoteInput$ImplBase.java, line(s) 13,18 cn/thinkingdata/analytics/TDConfig.java, line(s) 141 cn/thinkingdata/analytics/TDFirstEvent.java, line(s) 33 cn/thinkingdata/analytics/TDWebAppInterface.java, line(s) 109,65,80,118 cn/thinkingdata/analytics/ThinkingAnalyticsSDK$a.java, line(s) 24 cn/thinkingdata/analytics/ThinkingAnalyticsSDK$f.java, line(s) 52,58,83,64 cn/thinkingdata/analytics/ThinkingAnalyticsSDK.java, line(s) 944,957,128,139,251,281,460,479,721,852,863,1140,1177,1264,290,431,715,846,963,1045,1051 cn/thinkingdata/analytics/ThinkingDataRuntimeBridge$i.java, line(s) 31 cn/thinkingdata/analytics/ThinkingDataRuntimeBridge.java, line(s) 458,475,171,225 cn/thinkingdata/analytics/aop/push/TAPushProcess.java, line(s) 35,60,72,85,82 cn/thinkingdata/analytics/b.java, line(s) 149 cn/thinkingdata/analytics/d/a$d$a.java, line(s) 35 cn/thinkingdata/analytics/d/b$a.java, line(s) 35 cn/thinkingdata/analytics/d/b.java, line(s) 281,112,223,231,243,259,304,318,340,344,365,328 cn/thinkingdata/analytics/e/b$a$a.java, line(s) 95,93,102 cn/thinkingdata/analytics/e/b$b$a.java, line(s) 73,103,44,129,135 cn/thinkingdata/analytics/e/b$b.java, line(s) 105,110,113,64,88,93,179 cn/thinkingdata/analytics/e/c.java, line(s) 48,55,107,151,160 cn/thinkingdata/analytics/e/e.java, line(s) 50,51,53,72,78,101,104 cn/thinkingdata/analytics/e/g$a.java, line(s) 34,46 cn/thinkingdata/analytics/e/g.java, line(s) 33 cn/thinkingdata/analytics/encrypt/c.java, line(s) 29,43,20 cn/thinkingdata/analytics/f/a.java, line(s) 61,110 cn/thinkingdata/analytics/h/g.java, line(s) 59,42,45,50,55 cn/thinkingdata/analytics/h/j.java, line(s) 26 cn/thinkingdata/core/preset/TDPresetModel.java, line(s) 71,74 cn/thinkingdata/core/preset/TDPresetUtils.java, line(s) 50,55,61,66,73 cn/thinkingdata/core/router/ClassUtils$1.java, line(s) 46 cn/thinkingdata/core/router/_TRouter.java, line(s) 47 cn/thinkingdata/core/utils/LogUtil.java, line(s) 13,18,23,38,44,50,61,64,72,77,82,87 cn/thinkingdata/core/utils/TAReflectUtils.java, line(s) 65,121,151,45,125,96,104,107 cn/thinkingdata/core/utils/TDCommonUtil.java, line(s) 73 cn/thinkingdata/core/utils/pool/DefaultPoolExecutor.java, line(s) 34,65 cn/thinkingdata/core/utils/pool/DefaultThreadFactory.java, line(s) 24,35 com/alicom/tools/networking/PopRequest.java, line(s) 78,124 com/alicom/tools/networking/Request.java, line(s) 77 com/alicom/tools/networking/SSLFactory.java, line(s) 67 com/alicom/tools/networking/StringUtil.java, line(s) 16 com/alipay/test/a.java, line(s) 13,14,20,21,27,28,34,35,41,42,48,49,55,56,62,63,69,70,76,77,83,84,90,91,97,98,101,102,105,106,109,110,113,114,117,118,121,122,125,126,129,130,133,134,137,138,141,142 com/avalon/cave/wxapi/WXEntryActivity.java, line(s) 25 com/avalon/game/account/LeitingSDKUtil$10$1.java, line(s) 17 com/avalon/game/account/LeitingSDKUtil$2.java, line(s) 20 com/avalon/game/account/LeitingSDKUtil$5.java, line(s) 13,18 com/avalon/game/account/LeitingSDKUtil$6.java, line(s) 14,20,73,29,31,46,59 com/avalon/game/account/LeitingSDKUtil$7.java, line(s) 26,30 com/avalon/game/account/LeitingSDKUtil$9.java, line(s) 13 com/avalon/game/account/LeitingSDKUtil.java, line(s) 290,365,369,385,704,723,729,738,743,810,561,913,417,429,439,449 com/avalon/game/account/SDKUTIL$4.java, line(s) 9 com/avalon/game/account/SDKUTIL$6.java, line(s) 9 com/avalon/game/account/SDKUTIL.java, line(s) 37,46,55,68 com/avalon/game/pay/PayBaseUtil.java, line(s) 261 com/avalon/game/tools/NUBIAMD5Signature.java, line(s) 52,54 com/avalon/game/tools/SignUtilmeizu.java, line(s) 37 com/avalon/game/tools/ToolsUtil.java, line(s) 26,27,30 com/avalon/game/tools/UserIdUtil.java, line(s) 13,21,24,36 com/avalon/game/tools/VivoSignUtils.java, line(s) 28 com/avalon/game/util/CommonUtil.java, line(s) 46,56,71,86,94,102,106 com/avalon/game/util/MyIapUtil.java, line(s) 138,140 com/avalon/game/util/RSA/Base64.java, line(s) 88,89,462,729,756,798,437,446,447 com/avalon/game/util/Util.java, line(s) 94,96,100,104,115,80,138,151,202 com/avos/avoscloud/AVInternalLogger.java, line(s) 21,26,56,61,31,36,11,16,41,46,51 com/avos/avoscloud/LogUtil.java, line(s) 13,17 com/avos/avoscloud/signature/AES.java, line(s) 42,44,87,90,93,96,99,102,113,116,119,122,126,129 com/avos/avoscloud/signature/Base64Decoder.java, line(s) 116 com/bun/miitmdid/w.java, line(s) 37 com/bytedance/ad/common/uaid/identity/utils/RequestBodyUtils.java, line(s) 76 com/bytedance/ads/convert/BDBridgeActivity.java, line(s) 82,46,79,22,43,59 com/bytedance/ads/convert/BDConvert.java, line(s) 75,57 com/bytedance/ads/convert/broadcast/StickyBroadcastManager$BR.java, line(s) 21 com/bytedance/ads/convert/broadcast/StickyBroadcastManager.java, line(s) 37 com/bytedance/ads/convert/utils/ClickIdHeaderTimelyCallback.java, line(s) 30,32 com/bytedance/ads/convert/utils/ClickIdSPUtil.java, line(s) 49 com/bytedance/ads/convert/utils/EventReporter.java, line(s) 44,50,54,123,137,144,150,135 com/bytedance/ads/convert/utils/EventReporterV2.java, line(s) 42,48,102,116,126,136,114 com/bytedance/ads/convert/utils/EventReporterV3.java, line(s) 23,28,80 com/bytedance/ads/convert/utils/NetWorkUtils.java, line(s) 18,45,53 com/example/android/trivialdrivesample/util/Security.java, line(s) 28,31,44,47,50,53,56 com/ipaynow/wechatpay/plugin/api/a.java, line(s) 76 com/ipaynow/wechatpay/plugin/c/e.java, line(s) 15 com/ipaynow/wechatpay/plugin/c/g.java, line(s) 21 com/ipaynow/wechatpay/plugin/d/c/a.java, line(s) 128 com/ipaynow/wechatpay/plugin/d/c/b.java, line(s) 47 com/ipaynow/wechatpay/plugin/e/c.java, line(s) 42,133,51,142,45,136,39,130,48,54,139,145 com/ipaynow/wechatpay/plugin/manager/route/a.java, line(s) 61 com/kwai/monitor/oaid/OADIDSDKHelper.java, line(s) 34,61,63,80,85,89,93 com/kwai/monitor/oaid/OADIDSDKHelper25$IIdentifierListener25.java, line(s) 25 com/kwai/monitor/oaid/OADIDSDKHelper25.java, line(s) 30,32,51,55 com/netease/htprotect/poly/a.java, line(s) 22 com/nirvana/tools/core/BaseDelegate.java, line(s) 20,12 com/nirvana/tools/core/EncryptUtils.java, line(s) 54,105 com/nirvana/tools/core/MobileNetRequestManager$1.java, line(s) 28 com/nirvana/tools/core/MobileNetRequestManager.java, line(s) 113,45,72,107,116,137 com/nirvana/tools/core/NetworkUtils.java, line(s) 31,47,70 com/nirvana/tools/logger/cache/db/AbstractDatabase.java, line(s) 38 com/nirvana/tools/logger/cache/db/DBHelper.java, line(s) 27,37 com/nirvana/tools/logger/utils/ConsoleLogUtils.java, line(s) 14,20,26,32,38 com/qk/plugin/qkfx/Manager.java, line(s) 13 com/qk/plugin/qkfx/SetGameRolePlugin$1.java, line(s) 22,34 com/qk/plugin/qkfx/SetGameRolePlugin.java, line(s) 22,31,33,41,52,58,55 com/qq/gdt/action/j/o.java, line(s) 32,37,7,17,25 com/quickgamesdk/QGManager$1$1.java, line(s) 17 com/quickgamesdk/QGManager$8.java, line(s) 11 com/quickgamesdk/QGManager.java, line(s) 103,185,339,405,66,111,119,180,217,246 com/quickgamesdk/activity/AliWebPayActivity.java, line(s) 54,116 com/quickgamesdk/activity/CpLoginActivity$QuickGameJsInterface.java, line(s) 20 com/quickgamesdk/activity/CpLoginActivity.java, line(s) 29,75,39,55,68,78 com/quickgamesdk/activity/GameSliderBarActivityV2.java, line(s) 78,67 com/quickgamesdk/activity/LoginActivity.java, line(s) 58,81,91,97,102,107,112,118,129,136 com/quickgamesdk/activity/PayActivity.java, line(s) 38 com/quickgamesdk/activity/QGVoucherActivty$2.java, line(s) 27,36,42 com/quickgamesdk/activity/QGVoucherActivty$3.java, line(s) 22,25 com/quickgamesdk/activity/QGVoucherActivty.java, line(s) 34,39 com/quickgamesdk/activity/QGWXEntryActivity.java, line(s) 37,48,32 com/quickgamesdk/activity/TempActivty.java, line(s) 76,81,86,91,96 com/quickgamesdk/activity/WeChatWebPayActivity.java, line(s) 45,52,211,256,306,341,352,362,76,79,95,114,316,322,374,385,391,397,403,409 com/quickgamesdk/constant/Constant.java, line(s) 133,136,137 com/quickgamesdk/floatview/QGFloatView.java, line(s) 140,180,199 com/quickgamesdk/floatview/content/QGContent.java, line(s) 79 com/quickgamesdk/floatview/content/QGFloatContent.java, line(s) 166,178,208,229,336 com/quickgamesdk/floatview/logo/QGFloatLogo.java, line(s) 402,113,132,152 com/quickgamesdk/fragment/BaseFragment.java, line(s) 255,278,313 com/quickgamesdk/fragment/CertificationFragment$6.java, line(s) 33 com/quickgamesdk/fragment/CertificationFragment.java, line(s) 61 com/quickgamesdk/fragment/PhoneBindFragment$5.java, line(s) 54 com/quickgamesdk/fragment/download/DownLoadFragment.java, line(s) 111,160,174,176,182 com/quickgamesdk/fragment/login/AccountLoginFragment$15.java, line(s) 24 com/quickgamesdk/fragment/login/AccountLoginFragment$16.java, line(s) 21 com/quickgamesdk/fragment/login/AccountLoginFragment$17.java, line(s) 41 com/quickgamesdk/fragment/login/AccountLoginFragment.java, line(s) 273,281,800,813,277,605,772 com/quickgamesdk/fragment/login/AccountRegisterFragment$8.java, line(s) 21,45 com/quickgamesdk/fragment/login/AccountRegisterFragment.java, line(s) 237 com/quickgamesdk/fragment/login/CustomInLoginFragment.java, line(s) 75,124,83,169 com/quickgamesdk/fragment/login/SwitchAccountFragment.java, line(s) 97,110,129,134 com/quickgamesdk/fragment/pay/QGPayFragment$3$1.java, line(s) 31 com/quickgamesdk/fragment/pay/QGPayFragment$3.java, line(s) 22 com/quickgamesdk/fragment/pay/QGPayFragment.java, line(s) 130,147,293,390,77,85,88,157,159,164 com/quickgamesdk/fragment/pay/QGScanPayFragment$2.java, line(s) 22 com/quickgamesdk/fragment/pay/QGScanPayFragment.java, line(s) 105 com/quickgamesdk/fragment/pay/QGSetPayPasswordFragment$7$1.java, line(s) 16 com/quickgamesdk/fragment/usercenter/LimitFragment.java, line(s) 20 com/quickgamesdk/fragment/usercenter/PhoneUnbindFragment$5.java, line(s) 48 com/quickgamesdk/fragment/usercenter/PhoneUnbindFragment.java, line(s) 150 com/quickgamesdk/gamebox/service/DownloadService.java, line(s) 68,70 com/quickgamesdk/manager/DataManager$3.java, line(s) 72,78 com/quickgamesdk/manager/InitManager$12.java, line(s) 21 com/quickgamesdk/manager/InitManager$14.java, line(s) 15,20 com/quickgamesdk/manager/InitManager$9.java, line(s) 15,20 com/quickgamesdk/manager/InitManager.java, line(s) 80,102,152,157,170,183,200,260,273,293,312,333,423,431,440,448,457,465,482,490,512,540,550,600,613,95,177,186,207,263,523,558,623 com/quickgamesdk/manager/LoginManager$1.java, line(s) 33 com/quickgamesdk/manager/LoginManager$11.java, line(s) 21,39 com/quickgamesdk/manager/LoginManager$17.java, line(s) 19,46,36 com/quickgamesdk/manager/LoginManager$8.java, line(s) 18 com/quickgamesdk/manager/LoginManager.java, line(s) 69,83,190,215,243,278,370,375,499,77,283,298,381,416 com/quickgamesdk/manager/QGFloatViewManager.java, line(s) 25,26,34,38,46 com/quickgamesdk/manager/QGFragmentManager.java, line(s) 85 com/quickgamesdk/manager/QGPayManager$10.java, line(s) 14,18 com/quickgamesdk/manager/QGPayManager$3$1.java, line(s) 16 com/quickgamesdk/manager/QGPayManager$3.java, line(s) 32,27 com/quickgamesdk/manager/QGPayManager$8.java, line(s) 21,32,38 com/quickgamesdk/manager/QGPayManager$9$1.java, line(s) 24,30,33,36,19 com/quickgamesdk/manager/QGPayManager$9.java, line(s) 28 com/quickgamesdk/manager/QGPayManager.java, line(s) 107,187,203,623,677,860,865,868,881,886,933,167,216,605,647,686,705,890 com/quickgamesdk/manager/SliderBarV2Manager$12$2.java, line(s) 17 com/quickgamesdk/manager/SliderBarV2Manager$MyWebViewClient$1.java, line(s) 24,18 com/quickgamesdk/manager/SliderBarV2Manager$QuickGameJsInterface.java, line(s) 41,103,114,137,333,221,355,358,395,400,284 com/quickgamesdk/manager/SliderBarV2Manager$UIRecive.java, line(s) 23,31 com/quickgamesdk/manager/SliderBarV2Manager.java, line(s) 146,161,219,263,304,327,595,623,641,836,186,198,228,321,382,419,423,437,448,478,481,491,503,515,530,548,566,576,588,598,667,745,756 com/quickgamesdk/manager/ThirdManager.java, line(s) 65,71,74,83,87,114,243,274,4657,159,217,257,277,283,4662 com/quickgamesdk/net/QGParameter.java, line(s) 38 com/quickgamesdk/plugin/PluginManager.java, line(s) 61,67,37,95,112 com/quickgamesdk/plugin/bytedance/AfterInitPlugin.java, line(s) 21,23,35,38 com/quickgamesdk/plugin/bytedance/AfterLoginPlugin.java, line(s) 15,33,22 com/quickgamesdk/plugin/bytedance/Manager.java, line(s) 13 com/quickgamesdk/plugin/bytedance/OnPausePlugin.java, line(s) 14 com/quickgamesdk/plugin/bytedance/OnPayPlugin.java, line(s) 21,30,48 com/quickgamesdk/plugin/bytedance/OnRegistPlugin.java, line(s) 16,34 com/quickgamesdk/plugin/bytedance/OnResumePlugin.java, line(s) 15 com/quickgamesdk/plugin/bytedance/PluginUtiles.java, line(s) 17 com/quickgamesdk/plugin/bytedance/SetGameRolePlugin.java, line(s) 15,29,35 com/quickgamesdk/skin/manager/util/L.java, line(s) 20,21,40,41,30,31,50,51,15,16,35,36,25,26,45,46 com/quickgamesdk/utils/DownLoadUtils$1.java, line(s) 21,39,47,16 com/quickgamesdk/utils/EventReporter$1.java, line(s) 23,31 com/quickgamesdk/utils/EventReporter.java, line(s) 50,58,90,96,107,115,150,157,166,189 com/quickgamesdk/utils/FileUtils.java, line(s) 72,45,59,75,100 com/quickgamesdk/utils/HolidayUtils.java, line(s) 33,46,56,72 com/quickgamesdk/utils/MiitHelper.java, line(s) 153,194,103,107,27,62,78,83,88,93,98,111,119,123 com/quickgamesdk/utils/QGCrashHandler.java, line(s) 75,44,72,80,85 com/quickgamesdk/utils/QGSdkUtils.java, line(s) 649,659,661,667,701,731,96,99,320,358,711,230,244 com/quickgamesdk/utils/WriteTimeUtils.java, line(s) 80,86,158,219,223,236,249 com/quickgamesdk/view/PrivaceDialogLayout.java, line(s) 101,118,142,131,147,156 com/quickgamesdk/view/QGPayListAdapter.java, line(s) 111,115,118,127,131,133,137,148 com/quickgamesdk/view/QGTitleBar.java, line(s) 213,205 com/quickgamesdk/view/SwitchAccountAdapter.java, line(s) 99,103 com/quickgamesdk/view/VoucherAdapter.java, line(s) 69 com/quicksdk/Extend.java, line(s) 76,81,86,91,46,55 com/quicksdk/Payment$1.java, line(s) 37,58,68,49 com/quicksdk/Payment.java, line(s) 96,101 com/quicksdk/QuickSdkApplication.java, line(s) 22,36,30 com/quicksdk/QuickSdkSplashActivity.java, line(s) 36 com/quicksdk/Sdk.java, line(s) 86,105 com/quicksdk/User.java, line(s) 83,50,65,74,88,101,111,121,154 com/quicksdk/apiadapter/channel/check/d.java, line(s) 89,160 com/quicksdk/apiadapter/channel/check/g.java, line(s) 33 com/quicksdk/apiadapter/channel/check/w.java, line(s) 51 com/quicksdk/apiadapter/channel/check/z$3.java, line(s) 23,27,31,35 com/quicksdk/apiadapter/channel/check/z.java, line(s) 46,68,133,150 com/quicksdk/apiadapter/quickgame/ActivityAdapter.java, line(s) 34,37,51,58,65,70,75,79,88,93,106,111 com/quicksdk/apiadapter/quickgame/CheckGameRoleInfo.java, line(s) 127,20,27,33,38,47,54,60,65,74,81,87,92,101,106,115,122 com/quicksdk/apiadapter/quickgame/ExtendAdapter.java, line(s) 36,137,172,188,153,160,163,167,192 com/quicksdk/apiadapter/quickgame/PayAdapter.java, line(s) 52,83,110,54,90,102 com/quicksdk/apiadapter/quickgame/SdkAdapter.java, line(s) 42,80,114,154,29,32,33,61,72,101,135,146 com/quicksdk/apiadapter/quickgame/UserAdapter.java, line(s) 44,79,105,115,144,153,169,187,86,97,125,136,176 com/quicksdk/c/a$1.java, line(s) 68,63 com/quicksdk/c/a.java, line(s) 74 com/quicksdk/c/b.java, line(s) 28,26 com/quicksdk/c/e.java, line(s) 77,80 com/quicksdk/ex/ExCollector.java, line(s) 109,28,37,42,67,84,98 com/quicksdk/ex/ExUtils.java, line(s) 44,48,49 com/quicksdk/ex/a.java, line(s) 38,305 com/quicksdk/ex/b.java, line(s) 23,38,49 com/quicksdk/net/Connect$11.java, line(s) 69,72 com/quicksdk/net/Connect$13.java, line(s) 51,55,108,77,95,99 com/quicksdk/net/Connect$2.java, line(s) 72,92,96 com/quicksdk/net/Connect$3.java, line(s) 84 com/quicksdk/net/Connect$4.java, line(s) 54,65,67 com/quicksdk/net/Connect$6.java, line(s) 34,41,58,60 com/quicksdk/net/Connect$8.java, line(s) 30,39,41 com/quicksdk/net/Connect$9.java, line(s) 28,31 com/quicksdk/net/Connect.java, line(s) 216,234,257,275,353,397,419,424,531,240,283,286,314,317,361,364,405,408,470,487,489,511,537,541 com/quicksdk/net/a.java, line(s) 99,288,337,675,317 com/quicksdk/notifier/a.java, line(s) 19,30 com/quicksdk/notifier/b.java, line(s) 20,32 com/quicksdk/notifier/c.java, line(s) 29,76,89,42,54 com/quicksdk/notifier/d.java, line(s) 24,35 com/quicksdk/notifier/e.java, line(s) 21,33,45 com/quicksdk/notifier/f.java, line(s) 18,26,33 com/quicksdk/plugin/PluginManager.java, line(s) 56,60,86,93,41,120,135,150,167 com/quicksdk/utility/AppConfig.java, line(s) 141,152 com/quicksdk/utility/FileUtils.java, line(s) 75 com/quicksdk/utility/a.java, line(s) 25 com/quicksdk/utility/b.java, line(s) 37,71,82,87,96 com/quicksdk/utility/c.java, line(s) 37 com/quicksdk/utility/d.java, line(s) 69 com/quicksdk/utility/f.java, line(s) 120,204 com/quicksdk/utility/h.java, line(s) 25,32,15,42 com/quicksdk/utility/i.java, line(s) 50,84 com/quicksdk/utility/k.java, line(s) 164,172,201,251,112 com/tapsdk/bootstrap/net/NetUtil.java, line(s) 32 com/tapsdk/bootstrap/utils/BootstrapLogger.java, line(s) 17,23,25,13,30 com/taptap/sdk/IscTapLoginService.java, line(s) 24 com/taptap/sdk/Log.java, line(s) 7 com/taptap/sdk/TapLoginHelper.java, line(s) 142 com/taptap/sdk/TokenValidChecker$1.java, line(s) 18 com/taptap/sdk/TokenValidChecker.java, line(s) 32 com/taptap/services/update/TapUpdateLogger.java, line(s) 127,130,156,158,136,139,118,121,145,148 com/taptap/services/update/download/core/Util.java, line(s) 99,81,108,90 com/tds/common/account/LoginStatusManager.java, line(s) 216 com/tds/common/bridge/utils/BridgeLogger.java, line(s) 17,9,13 com/tds/common/bridge/utils/BridgeReflect.java, line(s) 107 com/tds/common/localize/LocalizeStore.java, line(s) 25 com/tds/common/log/Logger.java, line(s) 74,83,126,138,92,101,56,65,110,118 com/tds/common/notch/helper/SystemProperties.java, line(s) 30,34,47 com/tds/common/reactor/internal/util/RxRingBuffer.java, line(s) 24 com/tds/common/reactor/plugins/RxJavaHooks.java, line(s) 108 com/tds/common/region/TdsRegionHelper.java, line(s) 48 com/tds/common/tracker/SdkDurationStatistics$2.java, line(s) 41,45,48 com/tds/common/tracker/SdkDurationStatistics$5.java, line(s) 43 com/tds/common/tracker/SdkDurationStatistics.java, line(s) 46,51,56,88,93,176 com/tds/common/tracker/TdsTrackerHandler.java, line(s) 403,181,186,196,216,220,222,224,226,248,253,261,263,269,277,287,315,353,381 com/tds/common/tracker/TdsTrackerManager.java, line(s) 37 com/tds/common/utils/DeviceUtils.java, line(s) 86,96 com/tds/common/utils/NetworkUtil.java, line(s) 26,56 com/tds/common/utils/TapGameUtil.java, line(s) 59,80,84,116,120,157 com/tds/common/websocket/util/LogUtil.java, line(s) 13,21,32 com/tds/common/widgets/behavior/BottomSheetBehavior.java, line(s) 727 com/tds/lz4/LZ4Factory.java, line(s) 155,156 com/tds/plugin/click/SingleClickUtil.java, line(s) 31,46 com/tds/util/Native.java, line(s) 53 com/tds/xxhash/XXHashFactory.java, line(s) 138,139 com/tencent/a/a/a/a/b.java, line(s) 25,31,46,37,54 com/tencent/a/a/a/a/c.java, line(s) 32,46 com/tencent/a/a/a/a/d.java, line(s) 22,31 com/tencent/a/a/a/a/e.java, line(s) 19,27 com/tencent/a/a/a/a/h.java, line(s) 14,40,61,44 ghostpili/AbstractC0290lc.java, line(s) 17 ghostpili/AbstractC0438lc.java, line(s) 18 ghostpili/C0007ag.java, line(s) 21 ghostpili/C0029bc.java, line(s) 21 ghostpili/C0131fb.java, line(s) 36 ghostpili/C0155ag.java, line(s) 22 ghostpili/C0177bc.java, line(s) 21 ghostpili/C0193hl.java, line(s) 9 ghostpili/C0222ip.java, line(s) 36 ghostpili/C0279fb.java, line(s) 40,99,143 ghostpili/C0280kt.java, line(s) 25 ghostpili/C0289lb.java, line(s) 55 ghostpili/C0341hl.java, line(s) 9 ghostpili/C0364nw.java, line(s) 81 ghostpili/C0370ip.java, line(s) 37 ghostpili/C0428kt.java, line(s) 26 ghostpili/C0437lb.java, line(s) 56 ghostpili/C0468rs.java, line(s) 432 ghostpili/C0479sc.java, line(s) 21 ghostpili/C0480sd.java, line(s) 31,58 ghostpili/C0512nw.java, line(s) 82 ghostpili/C0520od.java, line(s) 55,70 ghostpili/C0616rs.java, line(s) 434 ghostpili/C0627sc.java, line(s) 22 ghostpili/C0628sd.java, line(s) 32,59 ghostpili/Cif.java, line(s) 51 ghostpili/ComponentCallbacks2C0258jy.java, line(s) 196,201,203,209,212,227,234,383 ghostpili/ComponentCallbacks2C0406jy.java, line(s) 197,202,204,210,213,228,235,384 ghostpili/ComponentCallbacks2C0419px.java, line(s) 59,189 ghostpili/ComponentCallbacks2C0567px.java, line(s) 61,191 ghostpili/RunnableC0351nj.java, line(s) 63,141,351 ghostpili/RunnableC0499nj.java, line(s) 64,142,352 ghostpili/ViewTreeObserverOnPreDrawListenerC0221io.java, line(s) 19 ghostpili/ViewTreeObserverOnPreDrawListenerC0369io.java, line(s) 20 ghostpili/Y.java, line(s) 41,55,124,147,161,167,172 ghostpili/aF.java, line(s) 29 ghostpili/bD.java, line(s) 35,175 ghostpili/bK.java, line(s) 30,40,51,83 ghostpili/bQ.java, line(s) 23 ghostpili/bW.java, line(s) 50,64,69,74 ghostpili/cK.java, line(s) 143,159,174 ghostpili/cL.java, line(s) 27 ghostpili/cQ.java, line(s) 38 ghostpili/cU.java, line(s) 47,57 ghostpili/cZ.java, line(s) 46 ghostpili/dR.java, line(s) 108 ghostpili/eC.java, line(s) 18 ghostpili/fL.java, line(s) 33 ghostpili/fO.java, line(s) 67 ghostpili/fT.java, line(s) 37,43 ghostpili/iY.java, line(s) 40 ghostpili/jD.java, line(s) 15 ghostpili/lN.java, line(s) 31 ghostpili/lT.java, line(s) 50,53,59,66,71 ghostpili/nZ.java, line(s) 129 ghostpili/oL.java, line(s) 107,148 ghostpili/pG.java, line(s) 21 ghostpili/pJ.java, line(s) 53,70,82,95,137,144,158,160,171,182 ghostpili/tF.java, line(s) 39,43,45,51,115 org/cocos2dx/cpp/AVCloudManager$1.java, line(s) 24 org/cocos2dx/cpp/AVCloudManager$10$1$2.java, line(s) 28,31 org/cocos2dx/cpp/AVCloudManager$10.java, line(s) 25,37,40,44,46,60,62,66,68,76 org/cocos2dx/cpp/AVCloudManager$12.java, line(s) 25,41,47 org/cocos2dx/cpp/AVCloudManager$4.java, line(s) 14,16 org/cocos2dx/cpp/AVCloudManager$7.java, line(s) 15,18 org/cocos2dx/cpp/AVCloudManager$8.java, line(s) 15,19,21,26 org/cocos2dx/cpp/AVCloudManager$9.java, line(s) 12,14 org/cocos2dx/cpp/AVCloudManager.java, line(s) 118,168,224,232,243,260,321,333,343,352,359,388,396,398,406,416,423,428,432,463,468,473,481,489,514,564,576,605,635,639 org/cocos2dx/cpp/AppActivity.java, line(s) 314,331,364,383,56,128,133,136 org/cocos2dx/lib/Cocos2dxActivity.java, line(s) 258,260,265,99,102,151,174 org/cocos2dx/lib/Cocos2dxBitmap.java, line(s) 287,96,42,49 org/cocos2dx/lib/Cocos2dxEditBoxDialog.java, line(s) 174 org/cocos2dx/lib/Cocos2dxGLSurfaceView.java, line(s) 49,64,242 org/cocos2dx/lib/Cocos2dxHelper.java, line(s) 104,117,119,517,668,115,427,486,488,491,528,532,535,552,556,560 org/cocos2dx/lib/Cocos2dxHttpURLConnection.java, line(s) 41,58,84,98,99,117,184,201,210,220,307,73 org/cocos2dx/lib/Cocos2dxLocalStorage.java, line(s) 54,86 org/cocos2dx/lib/Cocos2dxMusic.java, line(s) 53,69,199 org/cocos2dx/lib/Cocos2dxSound.java, line(s) 211 org/cocos2dx/lib/Cocos2dxVideoView.java, line(s) 141,174,178,328,333 org/cocos2dx/lib/Cocos2dxWebView.java, line(s) 31 pub/devrel/easypermissions/EasyPermissions.java, line(s) 138,140,34 pub/devrel/easypermissions/helper/ActivityPermissionHelper.java, line(s) 36 pub/devrel/easypermissions/helper/BaseSupportPermissionsHelper.java, line(s) 19 uk/co/senab/photoview/PhotoViewAttacher.java, line(s) 42,227,346 uk/co/senab/photoview/gestures/CupcakeGestureDetector.java, line(s) 54 uk/co/senab/photoview/log/LoggerDefault.java, line(s) 15,19,39,43,23,27,7,11,31,35
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/quickgamesdk/manager/SliderBarV2Manager.java, line(s) 7,555
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/bytedance/ad/common/uaid/identity/AbsUAIDFetcher.java, line(s) 45,56,45,56
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: cn/leancloud/core/AppRouter.java, line(s) 45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,96 cn/leancloud/core/PaasClient.java, line(s) 30,39,47,30,39,47 cn/leancloud/service/RealtimeClient.java, line(s) 47,47 cn/leancloud/websocket/OKWebSocketClient.java, line(s) 58,57,62,56,56 com/alicom/tools/networking/SSLFactory.java, line(s) 64,61,63,64,60,60 ghostpili/eJ.java, line(s) 93,92,100,91,91 org/cocos2dx/lib/Cocos2dxHttpURLConnection.java, line(s) 81,79,81,77,78,78
综合安全基线评分总结
贪婪洞窟 v6.0.3
Android APK
40
综合安全评分
中风险