应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Beat Layers v1.8.2
39
安全评分
安全基线评分
39/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在较高安全风险,需要重点关注
漏洞与安全项分布
5
高危
18
中危
1
信息
0
安全
隐私风险评估
8
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
5
中危安全漏洞
18
安全提示信息
1
已通过安全项
0
重点安全关注
0
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/ironsource/mediationsdk/utils/IronSourceAES.java, line(s) 70,136
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 489
高危安全漏洞 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/unity/purchasing/BuildConfig.java, line(s) 3,5
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: bolts/WebViewAppLinkResolver.java, line(s) 121,6,7
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个8隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (com.facebook.unity.FBUnityAppLinkActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.facebook.unity.FBUnityDeepLinkingActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.facebook.FacebookContentProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: bolts/MeasurementEvent.java, line(s) 19,20 com/flurry/android/Consent.java, line(s) 13,12 com/flurry/android/FlurryUnityApplication.java, line(s) 15 com/ironsource/adapters/admob/AdMobAdapter.java, line(s) 578,581,584,541,77,78,79 com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 76,77,650,185 com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 85,267,748 com/ironsource/adapters/supersonicads/SupersonicConfig.java, line(s) 23 com/ironsource/mediationsdk/C0038d.java, line(s) 218,333 com/ironsource/mediationsdk/C0055d.java, line(s) 217,332 com/ironsource/mediationsdk/CachedResponse.java, line(s) 42 com/ironsource/mediationsdk/InitConfig.java, line(s) 38 com/ironsource/mediationsdk/J.java, line(s) 1277,1260 com/ironsource/mediationsdk/server/ServerURL.java, line(s) 27,51 com/ironsource/mediationsdk/utils/IronSourceConstants.java, line(s) 76,86 com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 56,37,59,61 com/sglib/easymobile/androidnative/contacts/ContactsProvider.java, line(s) 22 com/sglib/easymobile/androidnative/gdpr/ConsentDialogButton.java, line(s) 9,8,10,12,11,13,14 com/sglib/easymobile/androidnative/gdpr/ConsentDialogToggle.java, line(s) 8,9,10,11,12,13,14 com/sglib/easymobile/androidnative/gdpr/ConsentDialogUnityMessagesSender.java, line(s) 53,83,84,54 com/sglib/easymobile/androidnative/gdpr/SplitContent.java, line(s) 9,12 com/sglib/easymobile/androidnative/gdpr/UnityColor.java, line(s) 10,11,12,13 com/sglib/easymobile/androidnative/media/CameraActivity.java, line(s) 19 com/sglib/easymobile/androidnative/media/DeviceCamera.java, line(s) 13,14,15 com/sglib/easymobile/androidnative/media/DeviceGallery.java, line(s) 30,31 com/sglib/easymobile/androidnative/notification/NotificationCategory.java, line(s) 11,15,16,17,12,13,18,19,21,20,22,23,24,25,14,26,27 com/sglib/easymobile/androidnative/notification/NotificationCategoryGroup.java, line(s) 10,11 com/sglib/easymobile/androidnative/notification/NotificationDefines.java, line(s) 7,11 com/sglib/easymobile/androidnative/notification/NotificationRequest.java, line(s) 8,9,10,11,12,13,14,15,16,17 com/sglib/easymobile/androidnative/notification/NotificationResponse.java, line(s) 8,9
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 44,381 com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 35,178,302 com/ironsource/mediationsdk/J.java, line(s) 183 com/ironsource/mediationsdk/config/VersionInfo.java, line(s) 13 com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 58,457
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/sglib/easymobile/androidnative/media/CameraActivity.java, line(s) 103
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/ironsource/mediationsdk/utils/e.java, line(s) 14 com/ironsource/mediationsdk/utils/g.java, line(s) 6 hm/mod/update/up2.java, line(s) 17
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/ironsource/environment/h.java, line(s) 415,198 com/ironsource/mediationsdk/utils/h.java, line(s) 146,253 com/ironsource/sdk/utils/SDKUtils.java, line(s) 248 com/sglib/easymobile/androidnative/media/DeviceGallery.java, line(s) 127,167,171 com/sglib/easymobile/androidnative/media/Utilities.java, line(s) 92
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 390 com/ironsource/sdk/controller/t.java, line(s) 24 com/ironsource/sdk/utils/SDKUtils.java, line(s) 170
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/ironsource/b/a.java, line(s) 5,6,120,125 com/ironsource/environment/f.java, line(s) 6,7,25,47,111
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/ironsource/sdk/utils/d.java, line(s) 33,35
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: bolts/WebViewAppLinkResolver.java, line(s) 111,86
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-4625431977080857~5649199308" 5a255ffaef9ae5f9a4fda339304db40bf1ccc81a c56fb7d591ba6704df047fd98f535372fea00211 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 PXcLL0UKItMidAhxW1FqlTZuEDtXQGbSNmwScA== EzJ8Qy5GzuMQAUZFKkWt9RYbZwRm dYdvTgV3hux0klVZAFyOrXaZbQ== acSPoiQQGE5hxJ+1JQ1SAWvegr8lVyopTf0= 9b8f518b086098de3d77736f9458a3d2f6f95a37 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 cc2751449a350f668590264ed76692694a80308a C38FB23A402222A0C17D34A92F971D1F df6b721c8b4d3b6eb44c861d4415007e5a35fc95 a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: OooO/OooO00o.java, line(s) 26,57,60 OooO0oO/OooO0OO.java, line(s) 18,20,22,26 OooO0oO/OooO0o.java, line(s) 17,20 bitter/jnibridge/JNIBridge.java, line(s) 62 bolts/MeasurementEvent.java, line(s) 61,73 com/flurry/android/FlurryAgent.java, line(s) 902 com/flurry/android/FlurryUnityApplication.java, line(s) 56 com/iab/omid/library/ironsrc/d/c.java, line(s) 18,11 com/ironsource/a/b.java, line(s) 42 com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 625 com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 719 com/ironsource/b/a.java, line(s) 84,106 com/ironsource/environment/a.java, line(s) 45,366 com/ironsource/environment/e.java, line(s) 90,185,197,202,203 com/ironsource/environment/k.java, line(s) 35 com/ironsource/mediationsdk/C0061m.java, line(s) 186 com/ironsource/mediationsdk/J.java, line(s) 1237 com/ironsource/mediationsdk/ac.java, line(s) 155 com/ironsource/mediationsdk/integration/IntegrationHelper.java, line(s) 73,31,36,95,109,113,127,132,27,34,61,86,92,105,123,130 com/ironsource/mediationsdk/logger/a.java, line(s) 34,27,23,29 com/ironsource/sdk/a/d.java, line(s) 39 com/ironsource/sdk/b/b.java, line(s) 35,61,100 com/ironsource/sdk/c/c.java, line(s) 111,185 com/ironsource/sdk/controller/x.java, line(s) 324,332,412,896,991,1011,1040,1060,1082,1102,1128,1148,1177,1334,1352,2010,1786 com/ironsource/sdk/service/Connectivity/a.java, line(s) 50 com/ironsource/sdk/service/Connectivity/e.java, line(s) 82,96 com/ironsource/sdk/service/d.java, line(s) 48 com/ironsource/sdk/utils/Logger.java, line(s) 12,18,24,30,40,48,53,59,65,71 com/sglib/easymobile/androidnative/Helper.java, line(s) 12,16,8 com/sglib/easymobile/androidnative/media/GalleryActivity.java, line(s) 53,28 com/yasirkula/unity/NativeShare.java, line(s) 24 hm/mod/update/up1.java, line(s) 47,118 org/fmod/AudioDevice.java, line(s) 40,46,55,28,32,26 org/fmod/FMOD.java, line(s) 44 org/fmod/FMODAudioDevice.java, line(s) 73 org/fmod/MediaCodec.java, line(s) 119,181,183,82,88,136,52,72,79,85,111,185,225 org/fmod/a.java, line(s) 77 org/sqlite/database/DatabaseUtils.java, line(s) 71,82,601,669 org/sqlite/database/DefaultDatabaseErrorHandler.java, line(s) 17,51,55 org/sqlite/database/sqlite/CloseGuard.java, line(s) 67 org/sqlite/database/sqlite/SQLiteConnection.java, line(s) 877,248 org/sqlite/database/sqlite/SQLiteConnectionPool.java, line(s) 172,255,269,281,496,97,218,393 org/sqlite/database/sqlite/SQLiteCursor.java, line(s) 79,104,78,152 org/sqlite/database/sqlite/SQLiteDatabase.java, line(s) 748,326,468,481,881,743,747,141 org/sqlite/database/sqlite/SQLiteDebug.java, line(s) 9,10,11 org/sqlite/database/sqlite/SQLiteOpenHelper.java, line(s) 118,157 org/sqlite/database/sqlite/SQLiteQuery.java, line(s) 30 org/sqlite/database/sqlite/SQLiteQueryBuilder.java, line(s) 133,132 rm/aa/adremover/RMApplication.java, line(s) 39 spacemadness/com/lunarconsole/console/ActionRegistry.java, line(s) 65 spacemadness/com/lunarconsole/console/Console.java, line(s) 72,80,88,96 spacemadness/com/lunarconsole/console/ConsoleLogEntryDispatcher.java, line(s) 48 spacemadness/com/lunarconsole/console/ConsoleLogView.java, line(s) 144,87,193,331,337,428 spacemadness/com/lunarconsole/console/ConsolePluginImpl.java, line(s) 76,119,288,367,397,411,423,433,509,519,79,220,224,370,391,417,607,108,145,426,438 spacemadness/com/lunarconsole/console/ConsoleViewState.java, line(s) 73,86,96 spacemadness/com/lunarconsole/console/ManagedPlatform.java, line(s) 58 spacemadness/com/lunarconsole/console/NativeBridge.java, line(s) 26,34,42,50,58,66,74,82,90,103,17,100 spacemadness/com/lunarconsole/console/NativePlatform.java, line(s) 32 spacemadness/com/lunarconsole/console/VariableType.java, line(s) 16 spacemadness/com/lunarconsole/console/WarningView.java, line(s) 80,90,101 spacemadness/com/lunarconsole/core/NotificationCenter.java, line(s) 108 spacemadness/com/lunarconsole/settings/PluginSettingsIO.java, line(s) 19,28 spacemadness/com/lunarconsole/ui/gestures/GestureRecognizer.java, line(s) 22 spacemadness/com/lunarconsole/utils/StackTrace.java, line(s) 21 spacemadness/com/lunarconsole/utils/StringUtils.java, line(s) 283 spacemadness/com/lunarconsole/utils/UIUtils.java, line(s) 22
综合安全基线评分总结
Beat Layers v1.8.2
Android APK
39
综合安全评分
高风险