应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
凤凰之城 v1.0.3
48
安全评分
安全基线评分
48/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
2
高危
17
中危
2
信息
1
安全
隐私风险评估
2
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
2
中危安全漏洞
17
安全提示信息
2
已通过安全项
1
重点安全关注
0
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/alimm/tanx/core/ad/base/tanxc_new.java, line(s) 72,70 com/kc/openset/activity/OSETNativeViewAdAppInfoWebViewActivity.java, line(s) 48,47 com/kc/openset/activity/OSETWebViewActivity.java, line(s) 111,110
高危安全漏洞 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/octopus/ad/internal/utilities/SPUtils.java, line(s) 87
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.bytedance.android.openliveplugin.stub.activity.DouyinAuthorizeActivityProxy) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.bytedance.android.openliveplugin.stub.activity.DouyinAuthorizeActivityLiveProcessProxy) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/alimm/tanx/core/ad/ad/splash/SplashAdCacheManager.java, line(s) 88 com/alimm/tanx/core/ad/ad/template/rendering/feed/view/TanxFeedAdInteractionView.java, line(s) 82,81,83 com/alimm/tanx/core/ad/bean/BidInfo.java, line(s) 229 com/alimm/tanx/core/ad/bean/LogSwitchBean.java, line(s) 18 com/alimm/tanx/core/orange/bean/AppCommonBean.java, line(s) 11 com/alimm/tanx/core/orange/bean/WebConfigBean.java, line(s) 12 com/alimm/tanx/core/ut/bean/BaseUtBean.java, line(s) 66 com/bykv/vk/component/ttvideo/DataLoaderHelper.java, line(s) 628,991,1078,568 com/bykv/vk/component/ttvideo/TTVideoEngine.java, line(s) 224 com/bykv/vk/component/ttvideo/log/LiveLoggerService.java, line(s) 67 com/bykv/vk/openvk/component/video/b/iz/k.java, line(s) 116 com/octopus/ad/internal/utilities/DeviceInfo.java, line(s) 15 faceverify/x0.java, line(s) 36,33
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/alimm/tanx/core/view/player/cache/videocache/HttpProxyCacheServer.java, line(s) 33,124 com/bykv/vk/component/ttvideo/BuildConfig.java, line(s) 12 com/bykv/vk/component/ttvideo/DataLoaderHelper.java, line(s) 928 com/bykv/vk/component/ttvideo/VideoLiveManager.java, line(s) 3342 com/bykv/vk/component/ttvideo/log/LiveLoggerService.java, line(s) 40,821,1038 com/bykv/vk/component/ttvideo/mediakit/medialoader/BuildConfig.java, line(s) 15 com/bykv/vk/component/ttvideo/medialoader/MediaLoaderWrapper.java, line(s) 81 com/bykv/vk/component/ttvideo/player/TTPlayerConfiger.java, line(s) 51,52 com/bykv/vk/component/ttvideo/player/TTVersion.java, line(s) 14,19 com/bykv/vk/component/ttvideo/port/BuildConfig.java, line(s) 23 com/byted/live/api/BuildConfig.java, line(s) 4,9 com/hailiang/advlib/api/AiClkAdManager.java, line(s) 57 com/inno/innosecure/InnoSecureMain.java, line(s) 15 com/inno/innosecure/InnoSecureUtils.java, line(s) 310,15 com/kc/openset/advertisers/bz/BZConfig.java, line(s) 16 com/kc/openset/advertisers/bz/BuildConfig.java, line(s) 4 com/kc/openset/advertisers/gm/BuildConfig.java, line(s) 4 com/kc/openset/advertisers/gm/GMConfig.java, line(s) 17 com/kc/openset/advertisers/hl/BuildConfig.java, line(s) 4 com/kc/openset/advertisers/hl/HLConfig.java, line(s) 15 com/kc/openset/advertisers/jd/BuildConfig.java, line(s) 4 com/kc/openset/advertisers/ks/BuildConfig.java, line(s) 4 com/kc/openset/advertisers/sg/BuildConfig.java, line(s) 4 com/kc/openset/advertisers/tanx/BuildConfig.java, line(s) 4 com/kc/openset/advertisers/zy/ZYConfig.java, line(s) 16,44 com/octopus/ad/Octopus.java, line(s) 21 com/octopus/ad/internal/a/h.java, line(s) 84,115,119,125 com/octopus/ad/internal/a/p.java, line(s) 5,9 com/octopus/ad/internal/network/ServerResponse.java, line(s) 1370 com/octopus/ad/internal/o.java, line(s) 344,213 com/octopus/ad/internal/utilities/StringUtil.java, line(s) 254,255 com/octopus/ad/internal/utilities/UrlUtil.java, line(s) 121 com/octopus/ad/internal/utilities/UserEnvInfoUtil.java, line(s) 140 com/octopus/ad/model/c.java, line(s) 1755 com/ss/android/downloadlib/l/am.java, line(s) 476 m1/a.java, line(s) 127 m2/e.java, line(s) 276
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/alimm/tanx/core/utils/MD5Utils.java, line(s) 43,61 com/alimm/tanx/core/view/player/cache/videocache/ProxyCacheUtils.java, line(s) 47 com/alimm/tanx/core/web/cache/utils/MD5Utils.java, line(s) 27 com/bykv/vk/openvk/component/video/api/f/iz.java, line(s) 17 com/hailiang/advlib/common/e.java, line(s) 36 com/octopus/ad/internal/a/q.java, line(s) 41 com/octopus/ad/internal/utilities/HashingFunctions.java, line(s) 27 com/octopus/ad/internal/utilities/StringUtil.java, line(s) 177,332 com/tanx/monitor/utils/TanxPlatformUtil.java, line(s) 132 faceverify/t0.java, line(s) 74,116,185,205,243,270,308,337,377 s/c.java, line(s) 134 u3/b.java, line(s) 25
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/alimm/tanx/core/utils/FileUtils.java, line(s) 297,543 com/bykv/vk/component/ttvideo/player/TTCrashUtil.java, line(s) 170 com/bykv/vk/component/ttvideo/utils/HardWareInfo.java, line(s) 186 com/czhj/devicehelper/cnoaid/a.java, line(s) 364,365 com/jd/android/sdk/coreinfo/CoreInfo.java, line(s) 623 com/kc/openset/sdk/adv/ADVDeviceUtils.java, line(s) 255,256,574,575 com/kc/openset/util/ApkDownloader.java, line(s) 266 com/octopus/ad/internal/a/t.java, line(s) 15,26 com/octopus/ad/utils/a/a.java, line(s) 108,109 com/octopus/ad/utils/b/c.java, line(s) 47,38,47 com/octopus/ad/utils/b/h.java, line(s) 13,13 com/octopus/ad/utils/b/i.java, line(s) 161,164 com/ss/android/downloadlib/addownload/am.java, line(s) 218 com/ss/android/downloadlib/addownload/v.java, line(s) 151,153 com/ss/android/downloadlib/l/cd.java, line(s) 142,199,272 d/d.java, line(s) 138,142,167,169 e0/h.java, line(s) 34,64,107 m1/a.java, line(s) 75 w0/a.java, line(s) 39 z1/a.java, line(s) 55,56
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/bykv/vk/component/ttvideo/utils/b.java, line(s) 6 com/czhj/wire/internal/ImmutableList.java, line(s) 9 com/czhj/wire/internal/MutableOnWriteList.java, line(s) 8 com/hailiang/advlib/common/d.java, line(s) 15 com/octopus/ad/internal/utilities/DeviceInfo.java, line(s) 12 y2/a.java, line(s) 3
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: XI/K0/XI/XI.java, line(s) 78 a2/o.java, line(s) 73 com/czhj/devicehelper/cnoaid/impl/p.java, line(s) 31 com/hailiang/advlib/open/oaid/hla/g.java, line(s) 75 com/octopus/ad/b/h/g.java, line(s) 61 com/octopus/ad/internal/utilities/HashingFunctions.java, line(s) 37 com/octopus/ad/utils/a/b/n.java, line(s) 71 net/security/device/api/id/oaid/OppoImpl.java, line(s) 41
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: c2/i.java, line(s) 9,10,11,12,13,513 com/alimm/tanx/core/view/player/cache/videocache/sourcestorage/DatabaseSourceInfoStorage.java, line(s) 6,7,63 com/bykv/vk/openvk/component/video/b/iz/iz/yo.java, line(s) 4,5,14,20,21,23,25 com/octopus/ad/internal/a/b/a.java, line(s) 6,7,53 com/ss/android/downloadlib/yo/iz.java, line(s) 4,5,17,22 j0/a.java, line(s) 4,37 j0/b.java, line(s) 4,31,32,42 n3/b.java, line(s) 4,5,31,39
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/alimm/tanx/core/bridge/TanxJsBridge.java, line(s) 34,32
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: ms/bz/bd/c/Pgl/s0.java, line(s) 31
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/octopus/ad/internal/utilities/WebviewUtil.java, line(s) 94,90
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "privateKeyP2" : "#e$r" d41d8cd98f00b204e9800998ecf8427e zyeyJkdXJhdGlvbiI6ODY0MDAsImluaXRTbyI6ZmFsc2UsImdldEJvb3RJZCI6dHJ1ZSwiZGF0YSI6W3sicGtnIjoiY29tLmJhaWR1LnNlYXJjaGJveCIsInNpZCI6IjMifSx7InBrZyI6ImNvbS5jdWJpYy5hdXRvaG9tZSIsInNpZCI6IjIifSx7InBrZyI6ImNvbS5qaW5nZG9uZy5hcHAubWFsbCIsInNpZCI6IjEifSx7InBrZyI6ImNvbS50YW9iYW8udGFvYmFvIiwic2lkIjoiNCJ9LHsicGtnIjoiY29tLmF1dG9uYXZpLm1pbmltYXAiLCJzaWQiOiI1In0seyJwa2ciOiJjb20uYWxpYmFiYS5hbmRyb2lkLnJpbWV0Iiwic2lkIjoiNiJ9LHsicGtnIjoiY29tLlVDTW9iaWxlIiwic2lkIjoiNyJ9LHsicGtnIjoiY29tLmVnLmFuZHJvaWQuQWxpcGF5R3Bob25lIiwic2lkIjoiOCJ9LHsicGtnIjoiY29tLnNhbmt1YWkubWVpdHVhbiIsInNpZCI6IjkifSx7InBrZyI6ImNvbS5zaW5hLndlaWJvIiwic2lkIjoiMTAifSx7InBrZyI6ImNvbS50YW9iYW8ubGl0ZXRhbyIsInNpZCI6IjExIn0seyJwa2ciOiJjb20udG1hbGwud2lyZWxlc3MiLCJzaWQiOiIxMiJ9LHsicGtnIjoiY29tLnRhb2Jhby5saXZlIiwic2lkIjoiMTMifSx7InBrZyI6ImNvbS56aGlodS5hbmRyb2lkIiwic2lkIjoiMTQifSx7InBrZyI6ImNvbS50ZW5jZW50LmthcmFva2UiLCJzaWQiOiIxNSJ9LHsicGtnIjoiY29tLnF1YXJrLmJyb3dzZXIiLCJzaWQiOiIxNiJ9LHsicGtnIjoiY29tLnNzLmFuZHJvaWQudWdjLmF3ZW1lIiwic2lkIjoiMTcifSx7InBrZyI6Im1lLmVsZSIsInNpZCI6IjE4In0seyJwa2ciOiJjb20uUXVuYXIiLCJzaWQiOiIxOSJ9LHsicGtnIjoiY29tLnh1bm1lbmcucGluZHVvZHVvIiwic2lkIjoiMjAifSx7InBrZyI6ImNvbS5zbWlsZS5naWZtYWtlciIsInNpZCI6IjIxIn0seyJwa2ciOiJjb20ua3VhaXNob3UubmVidWxhIiwic2lkIjoiMjIifSx7InBrZyI6ImNvbS5zZHUuZGlkaS5wc25nZXIiLCJzaWQiOiIyMyJ9LHsicGtnIjoiY29tLmRpZGFwaW5jaGUuYm9va2luZyIsInNpZCI6IjI0In0seyJwa2ciOiJhaXIudHYuZG91eXUuYW5kcm9pZCIsInNpZCI6IjI1In0seyJwa2ciOiJjb20ueGluZ2luLnhocyIsInNpZCI6IjI2In0seyJwa2ciOiJjb20uamQuanJhcHAiLCJzaWQiOiIyNyJ9LHsicGtnIjoiY29tLnlvdWt1LnBob25lIiwic2lkIjoiMjgifSx7InBrZyI6ImNvbS5vcHBvLnN0b3JlIiwic2lkIjoiMjkifSx7InBrZyI6ImNvbS5oZXl0YXAubWFya2V0Iiwic2lkIjoiMzAifSx7InBrZyI6ImNvbS5tZncucm9hZGJvb2siLCJzaWQiOiIzMSJ9LHsicGtnIjoiY29tLnNoaXpodWFuZy5kdWFwcCIsInNpZCI6IjMyIn0seyJwa2ciOiJjb20uYWNoaWV2by52aXBzaG9wIiwic2lkIjoiMzMifSx7InBrZyI6ImNvbS50YW91Lm1haW1haSIsInNpZCI6IjM0In0seyJwa2ciOiJjb20uc2Fua3VhaS5tZWl0dWFuLnRha2VvdXRuZXciLCJzaWQiOiIzNSJ9LHsicGtnIjoiY29tLnNzLmFuZHJvaWQudWdjLmF3ZW1lLmxpdGUiLCJzaWQiOiIzNiJ9LHsicGtnIjoiY29tLmFuanVrZS5hbmRyb2lkLmFwcCIsInNpZCI6IjM3In0seyJwa2ciOiJjb20uc3MuYW5kcm9pZC5hcnRpY2xlLm5ld3MiLCJzaWQiOiIzOCJ9LHsicGtnIjoiY29tLnRhb2Jhby5pZGxlZmlzaCIsInNpZCI6IjM5In0seyJwa2ciOiJjb20udWNtb2JpbGUubGl0ZSIsInNpZCI6IjQwIn0seyJwa2ciOiJjb20ueXVuY2VudGVjaG5vbG9neS5nb2Q0c29uZ3MiLCJzaWQiOiI0MSJ9LHsicGtnIjoiY29tLmZ6eWNpbmMuY2hhcmdpbmdlYXJudHJlYXN1cmUiLCJzaWQiOiI0MiJ9LHsicGtnIjoiY29tLnl1bmNlbnRlY2x0ZC5icm93c2luZ2hpZ2giLCJzaWQiOiI0MyJ9LHsicGtnIjoiY29tLm5uZGNpbmMuZ3Vlc3Npbmdzb25nbmFtZSIsInNpZCI6IjQ0In0seyJwa2ciOiJjb20uZ3JlZW5wb2ludC5hbmRyb2lkLm1jMTAwODYuYWN0aXZpdHkiLCJzaWQiOiI0NSJ9LHsicGtnIjoiY29tLnd1ZGFva291LmhpcHBvIiwic2lkIjoiNDYifSx7InBrZyI6ImNvbS5jYWluaWFvLndpcmVsZXNzIiwic2lkIjoiNDcifSx7InBrZyI6ImNvbS50YW9iYW8udHJscCIsInNpZCI6IjQ4In0seyJwa2ciOiJjb20ua2FvbGEiLCJzaWQiOiI0OSJ9LHsicGtnIjoiY29tLnRhb2Jhby5tb2JpbGUuZGlwZWwiLCJzaWQiOiI1MCJ9LHsicGtnIjoiY29tLnN1bmluZy5tb2JpbGUuZWJ1eSIsInNpZCI6IjUxIn0seyJwa2ciOiJjbi5hbWF6b24ubVNob3AuYW5kcm9pZCIsInNpZCI6IjUyIn0seyJwa2ciOiJjb20udGhlc3RvcmUubWFpbiIsInNpZCI6IjUzIn0seyJwa2ciOiJjb20uTW9iaWxlVGlja2V0Iiwic2lkIjoiNTQifSx7InBrZyI6ImNvbS5zaHVxaS5jb250cm9sbGVyIiwic2lkIjoiNTUifSx7InBrZyI6ImNvbS50YW9iYW8ubW9iaWxlLmRpcGVpIiwic2lkIjoiNTYifSx7InBrZyI6ImNvbS5xaXlpLnZpZGVvIiwic2lkIjoiNTcifSx7InBrZyI6ImN0cmlwLmFuZHJvaWQudmlldyIsInNpZCI6IjU4In0seyJwa2ciOiJjb20ubmV0ZWFzZS5jbG91ZG11c2ljIiwic2lkIjoiNTkifSx7InBrZyI6ImNvbS50aWFueWFuY2hhLnNreWV5ZSIsInNpZCI6IjYwIn0seyJwa2ciOiJjb20ua214cy5yZWFkZXIiLCJzaWQiOiI2MSJ9LHsicGtnIjoiY29tLnRhb2Jhby50cmlwIiwic2lkIjoiNjIifSx7InBrZyI6ImNvbS5hbGliYWJhLndpcmVsZXNzLmxzdHJldGFpbGVyIiwic2lkIjoiNjMifSx7InBrZyI6ImNvbS5tbWJhbmcubmVpZ2hib3Job29kIiwic2lkIjoiNjQifSx7InBrZyI6ImNvbS55YXlhLnpvbmUiLCJzaWQiOiI2NSJ9LHsicGtnIjoiY29tLmFsaWJhYmEud2lyZWxlc3MiLCJzaWQiOiI2NiJ9LHsicGtnIjoiY29tLmF1dG9uYXZpLm1pbmltYXAuY3VzdG9tIiwic2lkIjoiNjcifSx7InBrZyI6ImNvbS5rd2FpLnRoYW5vcyIsInNpZCI6IjY4In0seyJwa2ciOiJjb20ubGlhbmppYS5iZWlrZSIsInNpZCI6IjY5In0seyJwa2ciOiJjb20uYmFua2NvbW0uQmFua2NvbW0iLCJzaWQiOiI4MiJ9LHsicGtnIjoiY29tLnRhb2Jhby5ldGFvIiwic2lkIjoiODMifSx7InBrZyI6ImNvbS5kdW93YW4ubW9iaWxlIiwic2lkIjoiODQifSx7InBrZyI6ImNvbS5uZXRlYXNlLnlhbnh1YW4iLCJzaWQiOiI4NSJ9XSwiY2FuR2V0UGtnIjpmYWxzZSwiaXB2NiI6ZmFsc2UsImRvbWFpbiI6IntcInNka2xvZ1wiOlwiaHR0cDovL3Nka2xvZy56aGFuZ3l1eWlkb25nLmNuXCIsXCJzZGtcIjpcImh0dHA6Ly9zZGsuemhhbmd5dXlpZG9uZy5jblwifSIsInZlcnNpb24iOiIxNzQ1NTYxNDg2MzkwIiwic3NsIjpmYWxzZSwiZmlsdGVyTGV2ZWwiOjB9 Y29tLmJ1bi5taWl0bWRpZC5jb3JlLk1kaWRTZGtIZWxwZXI Y29tLmJ1bi5taWl0bWRpZC5pbnRlcmZhY2VzLklJZGVudGlmaWVyTGlzdGVuZXI Y29tLmJ1bi5zdXBwbGllci5JSWRlbnRpZmllckxpc3RlbmVy
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a2/g.java, line(s) 50,111,127,52,71,93,152,191,86,132 c2/c0.java, line(s) 70,123,172,235,250,308,321,327,344,349,437,446,74,441 c2/e0.java, line(s) 25 c2/i.java, line(s) 168,298,314,369,442,519,585,542 com/alimm/tanx/core/TanxCoreManager.java, line(s) 63,65 com/alimm/tanx/core/TanxCoreSdk.java, line(s) 58,83,27 com/alimm/tanx/core/ad/interaction/AdClickHandler.java, line(s) 59 com/alimm/tanx/core/bridge/TanxJsBridge.java, line(s) 61 com/alimm/tanx/core/config/TanxConfig.java, line(s) 168 com/alimm/tanx/core/config/TanxCoreConfig.java, line(s) 141 com/alimm/tanx/core/image/ImageManager.java, line(s) 32 com/alimm/tanx/core/net/NetWorkManager.java, line(s) 93 com/alimm/tanx/core/net/okhttp/tanxc_for.java, line(s) 36 com/alimm/tanx/core/request/UploadLogSwitchRequest.java, line(s) 53,67 com/alimm/tanx/core/utils/FileUtils.java, line(s) 509 com/alimm/tanx/core/utils/LogUtils.java, line(s) 111,114,74,93,118,121,68,125,128,132,135,139,142 com/alimm/tanx/core/utils/SysUtils.java, line(s) 63,59 com/alimm/tanx/core/utils/ThreadUtils.java, line(s) 67,72,262,458,674,156 com/alimm/tanx/core/utils/tanxc_break.java, line(s) 8 com/alimm/tanx/core/utils/tanxc_void.java, line(s) 15 com/alimm/tanx/core/view/player/ui/TanxPlayerView.java, line(s) 291,307,310,311,316,481 com/alimm/tanx/core/web/cache/CacheWebViewLog.java, line(s) 9 com/alimm/tanx/ui/TanxSdk.java, line(s) 46,51,54,61 com/alimm/tanx/ui/image/glide/Glide.java, line(s) 174,354,171,353 com/alimm/tanx/ui/image/glide/disklrucache/DiskLruCache.java, line(s) 406 com/alimm/tanx/ui/image/glide/gifdecoder/GifDecoder.java, line(s) 178,196,211,177,195,210,93,250,259 com/alimm/tanx/ui/image/glide/gifdecoder/GifHeaderParser.java, line(s) 76,104,75,103 com/alimm/tanx/ui/image/glide/gifencoder/AnimatedGifEncoder.java, line(s) 139,138 com/alimm/tanx/ui/image/glide/load/data/AssetPathFetcher.java, line(s) 32,33 com/alimm/tanx/ui/image/glide/load/data/HttpUrlFetcher.java, line(s) 48,47 com/alimm/tanx/ui/image/glide/load/data/LocalUriFetcher.java, line(s) 33,34 com/alimm/tanx/ui/image/glide/load/data/MediaStoreThumbFetcher.java, line(s) 128,127 com/alimm/tanx/ui/image/glide/load/engine/CacheLoader.java, line(s) 28,33,27,32 com/alimm/tanx/ui/image/glide/load/engine/DecodeJob.java, line(s) 68,73,85,96,149,155,167,187,192,204,125 com/alimm/tanx/ui/image/glide/load/engine/Engine.java, line(s) 184,192,200,210,170 com/alimm/tanx/ui/image/glide/load/engine/EngineRunnable.java, line(s) 41,40,90,95,91,96 com/alimm/tanx/ui/image/glide/load/engine/bitmap_recycle/LruBitmapPool.java, line(s) 118,127,149,204,78,106,117,126,148,158,181,188,203,84,159,182,189,107 com/alimm/tanx/ui/image/glide/load/engine/cache/DiskLruCacheWrapper.java, line(s) 54,65,90,107,55,66,91,108 com/alimm/tanx/ui/image/glide/load/engine/cache/MemorySizeCalculator.java, line(s) 99,86 com/alimm/tanx/ui/image/glide/load/engine/executor/FifoPriorityThreadPoolExecutor.java, line(s) 75,74 com/alimm/tanx/ui/image/glide/load/engine/prefill/BitmapPreFillRunner.java, line(s) 73,72 com/alimm/tanx/ui/image/glide/load/model/ResourceLoader.java, line(s) 29,30 com/alimm/tanx/ui/image/glide/load/model/StreamEncoder.java, line(s) 32,31 com/alimm/tanx/ui/image/glide/load/resource/bitmap/BitmapEncoder.java, line(s) 42,45 com/alimm/tanx/ui/image/glide/load/resource/bitmap/Downsampler.java, line(s) 87,86 com/alimm/tanx/ui/image/glide/load/resource/bitmap/ImageHeaderParser.java, line(s) 149,159,171,179,197,213,223,226,229,232,235,148,158,170,178,196,212,222,225,228,231,234 com/alimm/tanx/ui/image/glide/load/resource/bitmap/ImageVideoBitmapDecoder.java, line(s) 36,37 com/alimm/tanx/ui/image/glide/load/resource/bitmap/RecyclableBufferedInputStream.java, line(s) 46,45 com/alimm/tanx/ui/image/glide/load/resource/bitmap/TransformationUtils.java, line(s) 110,166,52,61,72,109,163,53,62,73,74,75,78 com/alimm/tanx/ui/image/glide/load/resource/gif/GifResourceDecoder.java, line(s) 88 com/alimm/tanx/ui/image/glide/load/resource/gif/GifResourceEncoder.java, line(s) 73,72,117,118 com/alimm/tanx/ui/image/glide/manager/RequestManagerFragment.java, line(s) 103,104 com/alimm/tanx/ui/image/glide/manager/RequestManagerRetriever.java, line(s) 113,114,125 com/alimm/tanx/ui/image/glide/manager/SupportRequestManagerFragment.java, line(s) 99,100 com/alimm/tanx/ui/image/glide/request/GenericRequest.java, line(s) 283,215,282,325,340,346,384,162 com/alimm/tanx/ui/image/glide/request/target/ViewTarget.java, line(s) 40,41 com/alimm/tanx/ui/image/glide/util/ByteArrayPool.java, line(s) 35,34 com/alimm/tanx/ui/image/glide/util/ContentLengthInputStream.java, line(s) 39,38 com/alimm/tanx/ui/ut/AdUtAnalytics.java, line(s) 69,74 com/aliyun/sls/android/producer/LogProducerHttpTool.java, line(s) 68,71,74 com/bykv/vk/component/ttvideo/DataLoaderHelper.java, line(s) 177,638,677,681,792,797,882,936,1009,1016,1095,1108,1133,1163,1178,1255,1374,1387,1403,1492,568,628,685,702,724,732,740,784,901,991,1027,1048,1078,1144,1148,1324,1345,1389,1449 com/bykv/vk/component/ttvideo/TTVideoEngine.java, line(s) 375,380,917,972,1048,156,212,224,239,273,331,345,414,428,442,475,481,497,574,600,625,649,701,718,725,738,748,757,788,847,891,894,912,920,943,951,959,970,987,997,1015,1057,1116,1120,1127,1136,1149,1158,1163,1169,1183,1203,1212,1221,1233 com/bykv/vk/component/ttvideo/VideoLiveManager.java, line(s) 563,1330,413,526,715,759,763,783,807,823,835,870,884,1131,1284,1288,1290,1298,1303,1310,1314,1757,1783,1784,1787,1788,1807,1814,1847,1856,1914,1919,1934,1939,1945,1949,1955,2125,2149,2250,2270,2294,2349,2435,2487,2491,2494,2500,2502,2617,3230,3233,3241,3242,3243,3250,3252,3319,3322,3656,3760,3791,3836,3842,3889,3895,3926,3945,3952,3974,3983,4031,4067,4428,4456,4476,4508,4606,4612,4690,4985,4989,2119,3277,3908 com/bykv/vk/component/ttvideo/a.java, line(s) 36,205 com/bykv/vk/component/ttvideo/log/LiveLoggerService.java, line(s) 1418,376,673,679,712,727,732,737,742,1160,1187,1415,1460,1464,1474,1525 com/bykv/vk/component/ttvideo/log/d.java, line(s) 70,67,76,79,106 com/bykv/vk/component/ttvideo/log/e.java, line(s) 18,26 com/bykv/vk/component/ttvideo/mediakit/downloader/AVMDLDownLoadTask.java, line(s) 142,148 com/bykv/vk/component/ttvideo/mediakit/downloader/AVMDLHttpExcutor.java, line(s) 48 com/bykv/vk/component/ttvideo/mediakit/downloader/AVMDLResponse.java, line(s) 105 com/bykv/vk/component/ttvideo/mediakit/medialoader/AVMDLDataLoader.java, line(s) 497,500,1157 com/bykv/vk/component/ttvideo/mediakit/medialoader/AVMDLDataLoaderConfigure.java, line(s) 186,205,183 com/bykv/vk/component/ttvideo/medialoader/MediaLoaderWrapper.java, line(s) 86,48,61,106,119,172,192,199,209,238,241,252,317 com/bykv/vk/component/ttvideo/playerwrapper/MediaPlayerWrapper.java, line(s) 42,52 com/bykv/vk/component/ttvideo/retry/RetryProcessor.java, line(s) 136,146,154,161,189,237 com/czhj/devicehelper/DeviceHelper.java, line(s) 42,74,126,130 com/czhj/devicehelper/cnoaid/com/qiku/id/QikuIdmanager.java, line(s) 31 com/czhj/devicehelper/cnoaid/g.java, line(s) 21 com/czhj/devicehelper/cnoaid/impl/g.java, line(s) 97 com/czhj/devicehelper/cnoaid/impl/h.java, line(s) 44,68,81,108,123,146,149,180 com/czhj/devicehelper/honor/identifier/a.java, line(s) 47,33,39 com/czhj/devicehelper/honor/identifier/b.java, line(s) 34,36,56,58,77,116,40,62,69,73,93,108,110,112,115,130 com/czhj/devicehelper/msaoaId/a.java, line(s) 56,87,93,122,128,148,177 com/czhj/volley/CacheDispatcher.java, line(s) 36,48,67,177,59,88,165 com/czhj/volley/NetworkDispatcher.java, line(s) 58 com/czhj/volley/Request.java, line(s) 150,155 com/czhj/volley/RequestQueue.java, line(s) 91 com/czhj/volley/VolleyLog.java, line(s) 61,64,95,51,100,104,114,119,123 com/czhj/volley/VolleyThreadFactory.java, line(s) 8 com/czhj/volley/toolbox/BasicNetwork.java, line(s) 91,139,134,145,154,176 com/czhj/volley/toolbox/FileDownloadNetwork.java, line(s) 92,114,124,155 com/czhj/volley/toolbox/FileDownloadRequest.java, line(s) 52 com/czhj/volley/toolbox/HttpHeaderParser.java, line(s) 164 com/czhj/volley/toolbox/ImageRequest.java, line(s) 133 com/hailiang/advlib/api/AiClkAdManager.java, line(s) 87,113,132 com/hailiang/advlib/common/d.java, line(s) 306,208 com/hailiang/advlib/common/e.java, line(s) 32 com/hailiang/advlib/core/a.java, line(s) 26,32,48 com/hailiang/advlib/ui/banner/ADBanner.java, line(s) 31 com/hailiang/advlib/ui/front/ADBrowser.java, line(s) 19 com/hailiang/advlib/ui/front/InciteADActivity.java, line(s) 18 com/inno/innosecure/InnoSecureMain.java, line(s) 28,34,111,170,195,208 com/inno/innosecure/InnoSecureUtils.java, line(s) 110,125,197,237,247,338,373,383 com/jd/android/sdk/coreinfo/util/Logger.java, line(s) 14,20,22,29,35,48,50,71,77,79,86,92,94 com/kc/openset/oaid/repackage/qiku/QikuIdmanager.java, line(s) 36 com/kc/openset/sdk/adv/ADVDeviceUtils.java, line(s) 69 com/kwai/library/ipneigh/KwaiIpNeigh.java, line(s) 47,50 com/octopus/ad/AdActivity.java, line(s) 85 com/octopus/ad/BannerAdView.java, line(s) 58 com/octopus/ad/b/a/a.java, line(s) 28,45,33,48,59,61,76,80 com/octopus/ad/b/f/a.java, line(s) 25,47 com/octopus/ad/b/h/g.java, line(s) 32,56,29,35,37 com/octopus/ad/b/j/a.java, line(s) 29,32 com/octopus/ad/b/j/b.java, line(s) 210,84,97,104,114,120,123,207,296 com/octopus/ad/b/j/c.java, line(s) 24 com/octopus/ad/internal/a/a/d.java, line(s) 65 com/octopus/ad/internal/a/a/e.java, line(s) 52,50 com/octopus/ad/internal/a/h.java, line(s) 149,251,281,284,189,241,268,290,126,169,218 com/octopus/ad/internal/a/j.java, line(s) 143,43 com/octopus/ad/internal/a/m.java, line(s) 52,71,74,85,49,76 com/octopus/ad/internal/a/o.java, line(s) 148,172,174 com/octopus/ad/internal/a/q.java, line(s) 58 com/octopus/ad/internal/a/t.java, line(s) 19,38,19,38 com/octopus/ad/internal/activity/BrowserAdActivity.java, line(s) 106,163 com/octopus/ad/internal/activity/DownloadDialogActivity.java, line(s) 115,275 com/octopus/ad/internal/activity/a.java, line(s) 178,155 com/octopus/ad/internal/c.java, line(s) 90,91,101,143,177,107,112,117,128 com/octopus/ad/internal/d.java, line(s) 102,130 com/octopus/ad/internal/f.java, line(s) 23,144,80 com/octopus/ad/internal/nativead/a.java, line(s) 103,124,137,142,178,253,266 com/octopus/ad/internal/nativead/b.java, line(s) 33,25,35,66 com/octopus/ad/internal/nativead/c.java, line(s) 1808,233 com/octopus/ad/internal/network/ServerResponse.java, line(s) 228,701,873,1003,227,273 com/octopus/ad/internal/network/a.java, line(s) 110,170 com/octopus/ad/internal/o.java, line(s) 344,416 com/octopus/ad/internal/p.java, line(s) 42,50,22,24 com/octopus/ad/internal/q.java, line(s) 24 com/octopus/ad/internal/utilities/DeviceInfo.java, line(s) 67 com/octopus/ad/internal/utilities/DeviceInfoUtil.java, line(s) 36 com/octopus/ad/internal/utilities/DownloadFactory.java, line(s) 209,162 com/octopus/ad/internal/utilities/ImageService.java, line(s) 98,111 com/octopus/ad/internal/utilities/UserEnvInfo.java, line(s) 23,37,45 com/octopus/ad/internal/utilities/ViewUtil.java, line(s) 333,383 com/octopus/ad/internal/utilities/WebviewUtil.java, line(s) 103,110,20 com/octopus/ad/internal/v.java, line(s) 63 com/octopus/ad/internal/video/AdVideoView.java, line(s) 140,716,720,142,158,273,274,788,803,274,671,671,803 com/octopus/ad/internal/view/AdViewImpl.java, line(s) 472,519,534,663,716,721,739,755,768,1351,1367,1391,1558,1613,1622,1759,1878,1902,1943,2217,2333,222,1457 com/octopus/ad/internal/view/InterstitialAdViewImpl.java, line(s) 94,112,190,217,293,56,308,312 com/octopus/ad/internal/view/SplashAdViewImpl.java, line(s) 236,275,216,356 com/octopus/ad/topon/OctopusATBannerAdapter.java, line(s) 34,44,51,100,144,152,160,165,178 com/octopus/ad/topon/OctopusATInitManager.java, line(s) 72,97,117,120 com/octopus/ad/topon/OctopusATInterstitialAdapter.java, line(s) 30,34,41,48,58,68,75,112,158 com/octopus/ad/topon/OctopusATNativeAdapter.java, line(s) 34,44,59,102,144 com/octopus/ad/topon/OctopusATNativeExpressAd.java, line(s) 62,68,74,80 com/octopus/ad/topon/OctopusATNativeUnifiedAd.java, line(s) 69,91,97,103,109 com/octopus/ad/topon/OctopusATRewardVideoAdapter.java, line(s) 37,44,51,58,68,78,85,92,96,118,122,129,137,147,157,164,211,277 com/octopus/ad/topon/OctopusATSplashAdapter.java, line(s) 31,35,42,50,60,70,77,116,162 com/octopus/ad/utils/a/f.java, line(s) 13,21 com/octopus/ad/utils/c.java, line(s) 96 com/sigmob/windad/Splash/WindSplashAD.java, line(s) 60,155,237 com/sigmob/windad/WindAds.java, line(s) 77,139,162,191,395,321,357,390,341 com/sigmob/windad/natives/WindNativeUnifiedAd.java, line(s) 111,127,168 com/sigmob/windad/rewardVideo/WindRewardVideoAd.java, line(s) 38 com/sskj/flutter_plugin_ad/VideoHomeActivity.java, line(s) 23,27,32,36,40,44,48,133,138 com/tanx/monitor/utils/Log.java, line(s) 20,26 d/c.java, line(s) 29,48,63 m1/a.java, line(s) 76,181 m2/e.java, line(s) 275 o/b.java, line(s) 82 o2/a.java, line(s) 11 o2/b.java, line(s) 11 q1/b.java, line(s) 63,67,199,203,406,412,424,510,289,298,302,309,313,328 r1/a.java, line(s) 65 r1/b.java, line(s) 30,60,97 r1/c.java, line(s) 37,43,52,69,106,62 r1/d.java, line(s) 34,61 r3/c.java, line(s) 12 u3/a.java, line(s) 11,17,31 v1/a.java, line(s) 45 v1/b.java, line(s) 41,47 w/a.java, line(s) 37,61,66,73,35,76 x/a.java, line(s) 17 x/r.java, line(s) 68,109,113,187,190,214,220,228,391,326 x/t.java, line(s) 80,84,89 x/u.java, line(s) 34 y3/a.java, line(s) 19,31,33 y3/d.java, line(s) 16,28 y3/e.java, line(s) 17 y3/f.java, line(s) 17 y3/g.java, line(s) 47,104 y3/k.java, line(s) 27 y3/p.java, line(s) 23 y3/q.java, line(s) 29 y3/u.java, line(s) 22,25 y3/v.java, line(s) 17 y3/x.java, line(s) 47,56,60 z1/e.java, line(s) 30,54,64 z1/f.java, line(s) 17,26
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/octopus/ad/internal/network/ServerResponse.java, line(s) 5,554
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/jd/android/sdk/coreinfo/a.java, line(s) 34,34,34,34,34 com/octopus/ad/utils/b/i.java, line(s) 254,254,254,254
综合安全基线评分总结
凤凰之城 v1.0.3
Android APK
48
综合安全评分
中风险