应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Advance Pay v1.5
52
安全评分
安全基线评分
52/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
0
高危
53
中危
1
信息
2
安全
隐私风险评估
2
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
0
中危安全漏洞
53
安全提示信息
1
已通过安全项
2
重点安全关注
0
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (com.user.a4keygen.MainActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.user.a4keygen.activity.SplashActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.user.a4keygen.PolicyManagementActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.user.a4keygen.SetupManagementLaunchActivity) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.user.a4keygen.FinalizeActivity) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_DEVICE_ADMIN [android:exported=true] 检测到 Activity 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.user.a4keygen.policy.locktask.KioskModeActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.user.a4keygen.provision.GetProvisioningModeActivity) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_DEVICE_ADMIN [android:exported=true] 检测到 Activity 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.user.a4keygen.provision.ProvisioningSuccessActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.user.a4keygen.activity.EmiReminderScreenActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.user.a4keygen.activity.ResetPasswordWithToken) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.user.a4keygen.activity.AppLockActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.user.a4keygen.activity.CameraLockActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.user.a4keygen.activity.CallLockActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.user.a4keygen.DeviceAdminReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_DEVICE_ADMIN [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.user.a4keygen.receiver.SMSreceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BROADCAST_SMS [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.user.a4keygen.receiver.SimChangeReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.user.a4keygen.receiver.InstallReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.user.a4keygen.receiver.PhoneStatReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.user.a4keygen.receiver.ActionReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.user.a4keygen.receiver.BootcompleteReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.user.a4keygen.receiver.TrueCallerCallReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.user.a4keygen.receiver.ScreenStatusReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.user.a4keygen.receiver.UninstallIntentReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.user.a4keygen.receiver.UsbReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.user.a4keygen.services.FirebaseMessanging) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.user.a4keygen.services.LockService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.user.a4keygen.services.LockTestService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.user.a4keygen.services.PreventUserService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.user.a4keygen.services.AuthenticationFeedBackService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.user.a4keygen.UserIconContentProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.user.a4keygen.comp.ProfileOwnerService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_DEVICE_ADMIN [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.user.a4keygen.comp.DeviceOwnerService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_DEVICE_ADMIN [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.user.a4keygen.DeviceAdminService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_DEVICE_ADMIN [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.user.a4keygen.receiver.CustumeReceiverContact) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.user.a4keygen.receiver.CustomReceiverSendLocationMsgLink) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 高优先级 Intent(1000) - {2} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/user/a4keygen/activity/DummySurface.java, line(s) 75 com/user/a4keygen/activity/E1RegisterActivity.java, line(s) 61 com/user/a4keygen/activity/RegisterActivity.java, line(s) 47 org/junit/runner/manipulation/Ordering.java, line(s) 8
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/user/a4keygen/CommonReceiverOperations.java, line(s) 87 com/user/a4keygen/DeviceAdminReceiver.java, line(s) 129 com/user/a4keygen/UserIconContentProvider.java, line(s) 180 com/user/a4keygen/policy/NetworkLogsFragment.java, line(s) 110 com/user/a4keygen/services/WallpaperWorker.java, line(s) 102 com/user/a4keygen/util/AppUtil.java, line(s) 27 com/user/a4keygen/util/UpdateUtils.java, line(s) 37
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/user/a4keygen/activity/E1RegisterActivity.java, line(s) 587 com/user/a4keygen/activity/ResetPasswordWithToken.java, line(s) 73 com/user/a4keygen/policy/resetpassword/ResetPasswordWithTokenFragment.java, line(s) 140 com/user/a4keygen/services/PasswordRemovalService.java, line(s) 153 com/user/a4keygen/services/ResetPasswordForegroundService.java, line(s) 119 com/user/a4keygen/services/ResetPasswordWorker.java, line(s) 91
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/user/a4keygen/activity/DummySurface.java, line(s) 544 com/user/a4keygen/activity/ForeGroundGetLocationSendMassageLinkActivity.java, line(s) 34 com/user/a4keygen/common/BaseSearchablePolicyPreferenceFragment.java, line(s) 25,24 com/user/a4keygen/common/keyvaluepair/KeyValuePairDialogFragment.java, line(s) 35,38,40 com/user/a4keygen/policy/CrossProfileCalendarFragment.java, line(s) 24,25 com/user/a4keygen/policy/OverrideApnFragment.java, line(s) 31,32,34 com/user/a4keygen/policy/PolicyManagementFragment.java, line(s) 128,129,131,132,133,135,136,137,139,141,142,143,144,145,146,147,148,151,153,154,156,157,158,162,167,165,166,168,288,169,170,173,174,175,176,177,178,179,181,183,184,186,188,189,190,195,152,196,197,192,193,194,198,199,200,201,202,203,204,205,206,207,211,212,213,214,215,216,217,218,223,224,225,227,228,229,230,231,232,233,234,235,236,237,239,240,241,242,243,244,245,248,249,250,251,252,253,258,259,260,261,262,263,264,265,266,269,272,273,274,275,276,277,280,281,282,283,284,285,289,246,254 com/user/a4keygen/policy/SecurityLogsFragment.java, line(s) 21 com/user/a4keygen/policy/locktask/KioskModeActivity.java, line(s) 32 com/user/a4keygen/policy/resetpassword/ResetPasswordService.java, line(s) 22 com/user/a4keygen/profilepolicy/ProfilePolicyManagementFragment.java, line(s) 25,26,27,28,29,30,33,34,35,36 com/user/a4keygen/profilepolicy/apprestrictions/AppRestrictionsProxyHandler.java, line(s) 21,22 com/user/a4keygen/receiver/CustomReceiverSendLocationMsgLink.java, line(s) 11 com/user/a4keygen/search/PreferenceIndexSqliteOpenHelper.java, line(s) 121 com/user/a4keygen/services/LocationForegroundService.java, line(s) 49 com/user/a4keygen/services/LocationViaMsgForeService.java, line(s) 49 com/user/a4keygen/services/WallpaperWorker.java, line(s) 31
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/user/a4keygen/search/PreferenceIndexSqliteOpenHelper.java, line(s) 8,9,77
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: org/junit/rules/TemporaryFolder.java, line(s) 79,163
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/user/a4keygen/policy/utils/Attestation.java, line(s) 15,104
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "apn_password" : "Password" "apn_user" : "User" "app_restrictions_key" : "Key:" "com.google.firebase.crashlytics.mapping_file_id" : "00000000000000000000000000000000" "google_api_key" : "AIzaSyDYlkzSqf_8dopLkQQaWnF2byOMaNtUfME" "google_app_id" : "1:571183701834:android:660eab91488d4a07966bb3" "google_crash_reporting_api_key" : "AIzaSyDYlkzSqf_8dopLkQQaWnF2byOMaNtUfME" "lock_task_feature_keyguard" : "Keyguard" "password_complexity_high" : "High" "password_complexity_low" : "Low" "password_complexity_medium" : "Medium" "password_complexity_none" : "None" "password_quality_alphabetic" : "Alphabetic" "password_quality_alphanumeric" : "Alphanumeric" "password_quality_complex" : "Complex" "password_quality_numeric" : "Numeric" "password_quality_something" : "Something" "password_quality_unspecified" : "Unspecified" "private_dns_mode_apply" : "Set" "private_dns_mode_automatic" : "Automatic" "private_dns_mode_off" : "Off" "private_dns_mode_unknown" : "Unknown" "reset_password_fragment_activate" : "Activate" "reset_password_fragment_status" : "Status:" "reset_password_token_active" : "Active" "reset_password_token_inactive" : "Inactive" "reset_password_token_none" : "(None)" "wifi_password" : "Password" 108227331716938854486 116236586495608597412 104975032913794657436 102900881430972127662 115689974473245611074 114086488966392774375 115692419157693982480 107249238548766465686 107553576993887939202 105802296568707948043
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/user/a4keygen/AddAccountActivity.java, line(s) 117,90,130,133,140,143 com/user/a4keygen/CommonReceiverOperations.java, line(s) 93,46,50,98,42 com/user/a4keygen/DeviceAdminReceiver.java, line(s) 72,106,148,250,322,345,358,88,114,120,122,130,143,169,299,422,427,433,439,445,454,99 com/user/a4keygen/DevicePolicyManagerGatewayImpl.java, line(s) 47,108,125,146,160,174,189,205,211,218,224,238,278,289,300,311,322,336,363,379,424,453,472,483,494,505,517,523,534,549,565,577,580,603,609,620,641,653,674,686,701,707,723,734,748,765,270,271,430,459 com/user/a4keygen/FinalizeActivity.java, line(s) 59,45 com/user/a4keygen/PolicyManagementActivity.java, line(s) 138,147,117,126,114,123 com/user/a4keygen/ShellCommand.java, line(s) 105,2032,2038,989,1014,1021,1164,1174,1182,1207,1220,1252,1276,1299,1323,1348,1381,1417,1441,1465,1490,1524,1553,1577,1604,1648,1682,1711,1735,1742,1776,1982 com/user/a4keygen/UserIconContentProvider.java, line(s) 52,81,85,102,106,42,46,79,94,118,120,123,133,175,185,210 com/user/a4keygen/activity/DummySurface.java, line(s) 457,440,448,463,586,494,495,1137 com/user/a4keygen/activity/E1RegisterActivity.java, line(s) 224,446,223 com/user/a4keygen/activity/ForeGroundGetLocationActivity.java, line(s) 113,114 com/user/a4keygen/activity/ForeGroundGetLocationSendMassageLinkActivity.java, line(s) 140,141 com/user/a4keygen/activity/LockingActvity.java, line(s) 175,190 com/user/a4keygen/activity/PermissionActivity.java, line(s) 288,374 com/user/a4keygen/activity/PreventUserActivity.java, line(s) 49 com/user/a4keygen/activity/RegisterActivity.java, line(s) 488,492,496,522,526,173 com/user/a4keygen/activity/ShowEmiAndOtherDetailsActivity.java, line(s) 117,97,101,111,107,115 com/user/a4keygen/common/BaseSearchablePolicyPreferenceFragment.java, line(s) 176,180,184 com/user/a4keygen/common/CertificateUtil.java, line(s) 31 com/user/a4keygen/common/PermissionsHelper.java, line(s) 20,29,56 com/user/a4keygen/common/ReflectionUtil.java, line(s) 68 com/user/a4keygen/common/RestrictionManagerCompat.java, line(s) 54,65,74 com/user/a4keygen/common/ToggleComponentsArrayAdapter.java, line(s) 56 com/user/a4keygen/common/Util.java, line(s) 207,113,131,211,215 com/user/a4keygen/comp/BindDeviceAdminFragment.java, line(s) 185,99 com/user/a4keygen/comp/BindDeviceAdminServiceHelper.java, line(s) 36,41,50,55 com/user/a4keygen/comp/DeviceOwnerService.java, line(s) 44 com/user/a4keygen/comp/ProfileOwnerService.java, line(s) 70 com/user/a4keygen/cosu/CosuConfig.java, line(s) 122,88,164,105,170 com/user/a4keygen/cosu/EnableCosuActivity.java, line(s) 147,148,70,72,97,108,114,130,159,182,192 com/user/a4keygen/feedback/AppStatesService.java, line(s) 39,41 com/user/a4keygen/policy/MeteredDataRestrictionInfoAdapter.java, line(s) 43 com/user/a4keygen/policy/NetworkLogsFragment.java, line(s) 102,63,99 com/user/a4keygen/policy/OverrideApnFragment.java, line(s) 187 com/user/a4keygen/policy/PolicyManagementFragment.java, line(s) 3068,3679,854,2436,2443,2446,2449,2452,2598,2769,3038,3298,3557,3601,3688,3693,3699,3702,1561,1658,3066 com/user/a4keygen/policy/SecurityLogsFragment.java, line(s) 88,54,68,83 com/user/a4keygen/policy/UserRestrictionsDisplayFragment.java, line(s) 73 com/user/a4keygen/policy/UserRestrictionsParentDisplayFragment.java, line(s) 59 com/user/a4keygen/policy/blockuninstallation/BlockUninstallationInfoArrayAdapter.java, line(s) 55 com/user/a4keygen/policy/keymanagement/GenerateKeyAndCertificateTask.java, line(s) 93,97,100,104,108,160,77,80,82 com/user/a4keygen/policy/keymanagement/SignAndVerifyTask.java, line(s) 48,51,54,57,60 com/user/a4keygen/policy/locktask/KioskModeActivity.java, line(s) 167 com/user/a4keygen/policy/locktask/SetLockTaskFeaturesFragment.java, line(s) 75,94,88 com/user/a4keygen/policy/networking/AlwaysOnVpnFragment.java, line(s) 108,111 com/user/a4keygen/policy/networking/PrivateDnsModeFragment.java, line(s) 90,99,105 com/user/a4keygen/policy/networking/SetPrivateDnsTask.java, line(s) 43 com/user/a4keygen/policy/resetpassword/ResetPasswordService.java, line(s) 33,57,114,103 com/user/a4keygen/policy/utils/AuthorizationList.java, line(s) 153,160 com/user/a4keygen/policy/wifimanagement/WifiEapTlsCreateDialogFragment.java, line(s) 192,220,241 com/user/a4keygen/profilepolicy/apprestrictions/AppRestrictionsProxyHandler.java, line(s) 116,57,72,130,136,165 com/user/a4keygen/profilepolicy/crossprofileintentfilter/AddCrossProfileIntentFilterFragment.java, line(s) 127 com/user/a4keygen/profilepolicy/delegation/DelegationFragment.java, line(s) 84,116,123,151 com/user/a4keygen/profilepolicy/permission/ManageAppPermissionsFragment.java, line(s) 98,88 com/user/a4keygen/provision/PostProvisioningTask.java, line(s) 110,112,130,144,38 com/user/a4keygen/provision/ProvisioningSuccessActivity.java, line(s) 25 com/user/a4keygen/receiver/ApiCallWorker.java, line(s) 44,47,51 com/user/a4keygen/receiver/BootcompleteReceiver.java, line(s) 20 com/user/a4keygen/receiver/CustomReceiverSendLocationMsgLink.java, line(s) 25,29,34,36 com/user/a4keygen/receiver/DailyApiCallWorkScheduler.java, line(s) 15 com/user/a4keygen/receiver/GetLoanDetailsDailyWorker.java, line(s) 49,54,60,64,66,70,76,79,92,96,97,98,100,102,106,112,117,122,126,128,132,138,141,225 com/user/a4keygen/receiver/InstallReceiver.java, line(s) 30,32 com/user/a4keygen/receiver/PhoneStatReceiver.java, line(s) 18,24,29,31 com/user/a4keygen/receiver/PhonecallReceiver.java, line(s) 35,40 com/user/a4keygen/receiver/ServiceWorker.java, line(s) 17,24,32 com/user/a4keygen/receiver/SimChangeReceiver.java, line(s) 25,29,34,36,52 com/user/a4keygen/receiver/TokenVerificationWorker.java, line(s) 32,64,67,46,49,70 com/user/a4keygen/receiver/TrueCallerCallReceiver.java, line(s) 44,32 com/user/a4keygen/receiver/UninstallIntentReceiver.java, line(s) 56,59,63,18,29 com/user/a4keygen/search/BaseIndexableFragment.java, line(s) 22 com/user/a4keygen/search/PolicySearchFragment.java, line(s) 116 com/user/a4keygen/search/XmlIndexableFragment.java, line(s) 38 com/user/a4keygen/services/AppLockService.java, line(s) 35,42 com/user/a4keygen/services/AudioPlayingService.java, line(s) 49,114,144,57,98,101,122,153,156 com/user/a4keygen/services/AutoLockService.java, line(s) 47,52,63 com/user/a4keygen/services/AutoScreenRemindForegroundService.java, line(s) 36 com/user/a4keygen/services/CallLockService.java, line(s) 33,38,55,58 com/user/a4keygen/services/CameraWorker.java, line(s) 34,38,43,47 com/user/a4keygen/services/FirebaseMessanging.java, line(s) 76,432,681,683,688,434,441,466,480,490,77,91,145,654,656,663,666,676 com/user/a4keygen/services/ForegroundTokenService.java, line(s) 46,54,75,80,50 com/user/a4keygen/services/GetContactWorker.java, line(s) 52,53,74,105,57,78,82,92,95,113,116 com/user/a4keygen/services/GetLocationWorker.java, line(s) 166,167 com/user/a4keygen/services/LastLocationWorker.java, line(s) 56,79,47,61,42 com/user/a4keygen/services/LocationControlForegroundService.java, line(s) 38,45,73,77,83,107 com/user/a4keygen/services/LocationForegroundService.java, line(s) 77,82,88,113,123,131,163,174,177,193,196,200,240,250,255,300,338,342,345,120,135,145,166,169,208,234,259,263,267,271 com/user/a4keygen/services/LocationViaMsgForeService.java, line(s) 77,82,88,113,122,130,162,173,176,192,195,199,239,268,306,310,313,119,134,144,165,168,207,233 com/user/a4keygen/services/LockTestService.java, line(s) 49,64,66,99,41,82,84 com/user/a4keygen/services/MyCallScreeningService.java, line(s) 14,17 com/user/a4keygen/services/OfflineCodeUpdateWorker.java, line(s) 26,41,44,47 com/user/a4keygen/services/PasswordRemovalService.java, line(s) 47,56,89,97,99,102,105,108,111,114,162,81,121 com/user/a4keygen/services/PreventUserService.java, line(s) 148 com/user/a4keygen/services/RebootService.java, line(s) 34,40 com/user/a4keygen/services/ResetPasswordForegroundService.java, line(s) 60,67,128,129,133,62,70,87,135,139 com/user/a4keygen/services/ResetPasswordWorker.java, line(s) 42,100,101,105,44,51,59,108,113 com/user/a4keygen/services/UserAppRemoveService.java, line(s) 54,62,75,84,136,152,154,156,159,165,170,205,219,79 com/user/a4keygen/services/WallpaperWorker.java, line(s) 51,75,111,126,84,88,96,113,131,135,80 com/user/a4keygen/transferownership/PickTransferComponentFragment.java, line(s) 81 com/user/a4keygen/util/AutoStartPermissionHelper.java, line(s) 124,127,132,137 com/user/a4keygen/util/BatteryManagerUtil.java, line(s) 88,89,153,168,179 com/user/a4keygen/util/CallHistory.java, line(s) 52,58,82,84,87,91,95,99,55 com/user/a4keygen/util/CustomViewGroup.java, line(s) 19 com/user/a4keygen/util/HomeKeyLocker.java, line(s) 253,42,128 com/user/a4keygen/util/HomePreventLocker.java, line(s) 253,80,131,155 com/user/a4keygen/util/NotificationHelper.java, line(s) 21 com/user/a4keygen/util/SimLogUtils.java, line(s) 26,28 com/user/a4keygen/util/UStats.java, line(s) 26,27,34,35,49,50,56,76,77,78 com/user/a4keygen/util/Unused.java, line(s) 105,106,98,99 com/user/a4keygen/util/UpdateUtils.java, line(s) 42,48 com/user/a4keygen/webutil/WebClientService.java, line(s) 111,118 junit/runner/BaseTestRunner.java, line(s) 150 junit/runner/Version.java, line(s) 12 junit/textui/TestRunner.java, line(s) 88,112,137
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/user/a4keygen/network/ApiClient.java, line(s) 60,60
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/571183701834/namespaces/firebase:fetch?key=AIzaSyDYlkzSqf_8dopLkQQaWnF2byOMaNtUfME ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
综合安全基线评分总结
Advance Pay v1.5
Android APK
52
综合安全评分
中风险