应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
LightningX VPN v3.0.5
50
安全评分
安全基线评分
50/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
4
高危
19
中危
3
信息
3
安全
隐私风险评估
4
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
4
中危安全漏洞
19
安全提示信息
3
已通过安全项
3
重点安全关注
2
高危安全漏洞 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/applozic/mobicomkit/uiwidgets/conversation/adapter/DetailedConversationAdapter.java, line(s) 544,26 kd/x6.java, line(s) 309,12,13
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/applozic/mobicommons/encryption/EncryptionUtils.java, line(s) 38 sb/h.java, line(s) 75
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: d6/w7.java, line(s) 51
中危安全漏洞 基本配置配置为信任系统证书。
Scope: *
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.applozic.mobicomkit.uiwidgets.KmFirebaseMessagingService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.applozic.mobicomkit.broadcast.TimeChangeBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.applozic.mobicomkit.broadcast.ConnectivityReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: a5/m0.java, line(s) 5,6,107,141,160,169,219,326,343,704 a5/t0.java, line(s) 4,5,118 bc/i.java, line(s) 9,10,11,12,13,518 com/applozic/mobicomkit/api/conversation/database/MessageDatabaseService.java, line(s) 6,7,635,826 com/applozic/mobicomkit/database/MobiComDatabaseHelper.java, line(s) 4,5,34,35,36,37,38,39,64,67,70,73,76,79,81,82,93,96,99,102,105,108,111,114,117,120,123,126,129,132,135,138,141,144,147,150,153,156,159,162,165,168,171,174,177,180,183,186,189,192,195,198,201,204,207,210,213,216,219,222,225,228,230,231,232,233,234,235 io/kommunicate/database/KmDatabaseHelper.java, line(s) 4,31,50 n6/o.java, line(s) 5,6,163,348,660,1268,1291 n6/od.java, line(s) 3,58 n6/t.java, line(s) 4,5,15
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/applozic/mobicomkit/api/account/register/RegistrationResponse.java, line(s) 178,178 com/applozic/mobicomkit/api/account/user/UserClientService.java, line(s) 204 com/applozic/mobicomkit/api/attachment/FileMeta.java, line(s) 99 com/applozic/mobicomkit/api/attachment/urlservice/GoogleCloudURLService.java, line(s) 30,20 com/applozic/mobicomkit/api/attachment/urlservice/S3URLService.java, line(s) 36,26 com/applozic/mobicomkit/api/conversation/Message.java, line(s) 780,780 com/applozic/mobicomkit/api/conversation/MessageClientService.java, line(s) 358,240,486 com/applozic/mobicomkit/api/conversation/database/MessageDatabaseService.java, line(s) 663,379 com/applozic/mobicomkit/api/people/ChannelInfo.java, line(s) 117 com/applozic/mobicomkit/feed/ChannelFeed.java, line(s) 112 com/applozic/mobicomkit/feed/ChannelUsersFeed.java, line(s) 20 com/applozic/mobicomkit/feed/GroupInfoUpdate.java, line(s) 78 com/applozic/mobicomkit/feed/MessageResponse.java, line(s) 23 com/applozic/mobicomkit/sync/SyncUserBlockFeed.java, line(s) 26 com/applozic/mobicomkit/uiwidgets/conversation/richmessaging/models/KmRichMessageModel.java, line(s) 175 com/applozic/mobicomkit/uiwidgets/conversation/richmessaging/models/v2/KmAutoSuggestion.java, line(s) 35 com/applozic/mobicommons/people/channel/Channel.java, line(s) 264,264 com/applozic/mobicommons/people/channel/ChannelUserMapper.java, line(s) 79,79 com/applozic/mobicommons/people/channel/Conversation.java, line(s) 70 g9/b.java, line(s) 78 h9/e.java, line(s) 82 h9/w.java, line(s) 125 io/kommunicate/preference/KmPreference.java, line(s) 9 io/kommunicate/services/KmUserClientService.java, line(s) 103,229 m2/g.java, line(s) 76 p2/d.java, line(s) 37 p2/p.java, line(s) 95 p2/x.java, line(s) 84 p3/g.java, line(s) 83
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: c4/m0.java, line(s) 1145,1297,1303 com/applozic/mobicommons/file/FileUtils.java, line(s) 398 com/applozic/mobicommons/file/LocalStorageProvider.java, line(s) 114 com/sanlian/shanlian/a.java, line(s) 150 com/sanlian/shanlian/singbox/SingBoxVpnService.java, line(s) 562 e0/k.java, line(s) 216 hd/i.java, line(s) 125,145 hd/j.java, line(s) 136
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: aa/b.java, line(s) 51 af/e.java, line(s) 122 ea/y.java, line(s) 66 ic/b.java, line(s) 85 l4/a.java, line(s) 20
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: c4/m0.java, line(s) 55 d6/u2.java, line(s) 19 de/a.java, line(s) 3 de/b.java, line(s) 4 ee/a.java, line(s) 4 m3/o.java, line(s) 4 n6/fd.java, line(s) 42
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: aa/c.java, line(s) 52 com/applozic/mobicommons/file/FileUtils.java, line(s) 179 com/journeyapps/barcodescanner/b.java, line(s) 259
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: n3/d.java, line(s) 47 n6/fd.java, line(s) 247 v3/l.java, line(s) 137
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/sanlian/shanlian/singbox/SingBoxVpnService.java, line(s) 671
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个4隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "delivery_report_pref_key" : "DELIVERY_REPORT_ENABLE" "device_key_string" : "DEVICE_KEY_STRING" "facebook_app_id" : "3542276252653495" "facebook_client_token" : "2ad94a08e9755dbc0cdb396c929a40fd" "google_api_key" : "AIzaSyD659kmLdLx4nwCA8TLF9HWQ6YyPfUEvig" "google_app_id" : "1:332246665429:android:d97a9856fe50006f327a5c" "google_crash_reporting_api_key" : "AIzaSyD659kmLdLx4nwCA8TLF9HWQ6YyPfUEvig" "group_sms_freq_key" : "GROUP_SMS_FREQ_KEY" "library_zxingandroidembedded_author" : "JourneyApps" "library_zxingandroidembedded_authorWebsite" : "https://journeyapps.com/" "phone_number_key" : "phone_number_key" "received_sms_sync_pref_key" : "RECEIVED_SMS_SYNC_FLAG" "sent_sms_sync_pref_key" : "SENT_SMS_SYNC_FLAG" "user_key_string" : "SU_USER_KEY_STRING" "webhook_enable_key" : "WEBHOOK_ENABLE_KEY" cc2751449a350f668590264ed76692694a80308a VGhpcyBpcyB0aGUgcHJlZml4IGZvciBCaWdJbnRlZ2Vy 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 VGhpcyBpcyB0aGUga2V5IGZvcihBIHNlY3XyZZBzdG9yYWdlIEFFUyBLZXkK 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc 9b8f518b086098de3d77736f9458a3d2f6f95a37 470fa2b4ae81cd56ecbcda9735803434cec591fa VGhpcyBpcyB0aGUga2V5IGZvciBhIHNlY3VyZSBzdG9yYWdlIEFFUyBLZXkK df6b721c8b4d3b6eb44c861d4415007e5a35fc95 c56fb7d591ba6704df047fd98f535372fea00211 VGhpcyBpcyB0aGUgcHJlZml4IGZvciBhIHNlY3VyZSBzdG9yYWdlCg
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a2/c.java, line(s) 223 a2/h.java, line(s) 1018 aa/b.java, line(s) 55,76 b3/a.java, line(s) 69,89,94,99,70,90,95,100 b3/d.java, line(s) 20,21 b3/j.java, line(s) 39,42 b6/q.java, line(s) 32 ba/c.java, line(s) 98,277,280,106,107,311,317 bc/c0.java, line(s) 83,132,201,264,279,344,357,363,380,385,473,482,87,477 bc/e0.java, line(s) 24 bc/i.java, line(s) 176,312,328,374,447,524,581,547 c4/f0.java, line(s) 83 c4/m0.java, line(s) 691,702,709 c4/n0.java, line(s) 88 c4/w.java, line(s) 163 c9/g.java, line(s) 31,41,22,51,61,71 com/applozic/mobicomkit/api/attachment/AttachmentManager.java, line(s) 172,176,180,204 com/applozic/mobicomkit/api/attachment/AttachmentTask.java, line(s) 110 com/applozic/mobicomkit/api/conversation/schedule/MessageSenderTimerTask.java, line(s) 15 com/applozic/mobicomkit/api/conversation/selfdestruct/DisappearingMessageTask.java, line(s) 24 com/applozic/mobicomkit/api/notification/MobiComPushReceiver.java, line(s) 111 com/applozic/mobicomkit/api/notification/VideoCallNotificationHelper.java, line(s) 118 com/applozic/mobicomkit/uiwidgets/attachmentview/KmDocumentView.java, line(s) 99 com/applozic/mobicomkit/uiwidgets/conversation/ConversationUIService.java, line(s) 526 com/applozic/mobicomkit/uiwidgets/conversation/activity/ConversationActivity.java, line(s) 544 com/applozic/mobicomkit/uiwidgets/conversation/activity/MobicomLocationActivity.java, line(s) 114 com/applozic/mobicommons/commons/core/utils/DBUtils.java, line(s) 18 com/applozic/mobicommons/commons/core/utils/LocationUtils.java, line(s) 30,33 com/applozic/mobicommons/commons/core/utils/Utils.java, line(s) 257 com/applozic/mobicommons/commons/image/ImageLoader.java, line(s) 216 com/applozic/mobicommons/commons/image/PhotoDecodeRunnable.java, line(s) 44,57,72,82,87,101,114 com/applozic/mobicommons/file/LocalStorageProvider.java, line(s) 45 com/applozic/mobicommons/task/executor/ExecutorAsyncTask.java, line(s) 108 com/journeyapps/barcodescanner/a.java, line(s) 603,653,114,299,402,464 com/journeyapps/barcodescanner/b.java, line(s) 107,182,265 com/sanlian/shanlian/singbox/SingBoxVpnService.java, line(s) 265 d0/g.java, line(s) 91,247 d0/j1.java, line(s) 195,211,217,265,296,306,317,325,194,210,216,264,295,305,316,324,148,220,270,287 d0/v.java, line(s) 42 d0/v1.java, line(s) 84 d3/e.java, line(s) 36,35,60,76,61,77 d3/f.java, line(s) 12,11 d3/k.java, line(s) 108,109 d3/l.java, line(s) 158,159,170 d3/n.java, line(s) 89,90 d3/o.java, line(s) 117,118 d6/b7.java, line(s) 65 d6/g7.java, line(s) 66,113,59 d6/i7.java, line(s) 24 d6/n7.java, line(s) 21 d6/p1.java, line(s) 37,66,81,96,36,63,78 d6/p7.java, line(s) 24 d6/q7.java, line(s) 24 d6/r6.java, line(s) 76 d6/t2.java, line(s) 61 d6/t6.java, line(s) 142 d6/u2.java, line(s) 167,155,164,173,367,373,397,408 e/e.java, line(s) 171 e/f.java, line(s) 2290,1508,1514,1964,2351,1249 e/m.java, line(s) 100 e/p.java, line(s) 91,105,115 e/s.java, line(s) 55,65,80,90,107,119,131,140,153,167,179 e/v.java, line(s) 54,69 e3/e.java, line(s) 44,51,62,67,43,50,55,61,66,56 e6/v.java, line(s) 115,131,137,117,123,132,138 ea/a0.java, line(s) 58,49,50,57,79,80,35 ea/b1.java, line(s) 93,97,105,114,128,149,164,136,141,157,92,96,104,113,124,148,163,43 ea/c.java, line(s) 245,313,316,153,167,177,201,228,240,272,279 ea/c0.java, line(s) 76,95,108 ea/d.java, line(s) 69,68,91,95,97 ea/g.java, line(s) 86,85 ea/h0.java, line(s) 30 ea/l.java, line(s) 27,26 ea/m0.java, line(s) 40,49,74,84,117,54,57,60,108,111,39,73,83,116 ea/o.java, line(s) 28 ea/o0.java, line(s) 51 ea/p0.java, line(s) 41,51,93,87,123,70,70,90,104,108 ea/q0.java, line(s) 36 ea/t0.java, line(s) 135,142,149,156,167,78,78 ea/u0.java, line(s) 43,56,94,146,93,111,111,140,161,174,190 ea/y.java, line(s) 118,95,113 ea/y0.java, line(s) 26,25 f0/c.java, line(s) 56 f0/d.java, line(s) 66 f0/h.java, line(s) 142,151,265 f9/t.java, line(s) 136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154 fc/d.java, line(s) 145,153,159,30,42,67,72,82,88,89,91,103,116,122,136,151,172,186,197,208,34,45,94 fd/n.java, line(s) 418 g0/e.java, line(s) 386,391 g0/g.java, line(s) 70 g0/h.java, line(s) 41,73 g0/i.java, line(s) 57,228 g0/m.java, line(s) 105 g1/a.java, line(s) 31 g3/h.java, line(s) 148,16,516,107 g4/c.java, line(s) 71 g5/b.java, line(s) 23,41,50,60 gd/g0.java, line(s) 51 h0/a.java, line(s) 155,164,206,216 h0/m.java, line(s) 45,68 h3/i.java, line(s) 52,132,133,53 hd/j.java, line(s) 180 i2/n.java, line(s) 103,132,143 id/l.java, line(s) 130 j/g.java, line(s) 168,211,270 j1/b.java, line(s) 53,68,76,100,204,217,325,350,356,375,393,60 j2/c.java, line(s) 185,194,139,184,191,140 j3/a.java, line(s) 20 j6/m.java, line(s) 83,31 j7/a.java, line(s) 528 jd/j.java, line(s) 11,21,30 k/c.java, line(s) 276 k0/o.java, line(s) 42 k1/d.java, line(s) 82 k2/a.java, line(s) 289 k5/b.java, line(s) 88,102,77 k5/b0.java, line(s) 55,54 k5/c0.java, line(s) 47,29,64 k5/d.java, line(s) 83,96,117,195,231,246,82,95,116,194,230,245,113,129,141,253,274,294 k5/k.java, line(s) 15,12,12 k5/u.java, line(s) 35,72,135,34,71,85,134,179,208,237,270,86,180,209,238,271,41,169 k5/w.java, line(s) 22 k5/y.java, line(s) 28,35,27,34 k8/a.java, line(s) 123,133,145,149 k8/b.java, line(s) 40,55,62 k8/c.java, line(s) 112 ka/e0.java, line(s) 109,111 ka/h.java, line(s) 41 ka/h0.java, line(s) 82,95,197,208,217,291,309,111,317 ka/j0.java, line(s) 38,51,44 ka/l.java, line(s) 60,67,28 ka/z.java, line(s) 143,85 kd/d4.java, line(s) 105 kd/f.java, line(s) 74 l1/a.java, line(s) 165,170,177,181,197,207 l2/d.java, line(s) 100,127,99,126 l2/e.java, line(s) 72,101,108,71,100,107 l3/a.java, line(s) 63,64 l4/c.java, line(s) 95 l5/d.java, line(s) 121,169,176 l5/d0.java, line(s) 31,34,56 l5/h.java, line(s) 46,110,55,93,153,159,168,171 l5/i.java, line(s) 40,68 l5/i0.java, line(s) 54,56,50 l5/l.java, line(s) 26 l5/u.java, line(s) 47 l5/y.java, line(s) 71,89,93,121,128,53 la/a.java, line(s) 125,133,137 lc/b.java, line(s) 10,14,28,32 m1/a.java, line(s) 24 m3/g.java, line(s) 240,245,250 m3/k0.java, line(s) 62,133 m3/o0.java, line(s) 63,53 m3/y0.java, line(s) 183,483,488 m4/a0.java, line(s) 153 m4/x.java, line(s) 104 m5/l.java, line(s) 20 m7/d.java, line(s) 149,182 ma/c.java, line(s) 117 ma/f.java, line(s) 35 n0/f.java, line(s) 51 n2/b.java, line(s) 54,53 n2/j.java, line(s) 85,112,84,111,115,121,128,125,129 n2/l.java, line(s) 55,54 n3/c.java, line(s) 21 n3/f.java, line(s) 72 n3/l0.java, line(s) 174,193 n3/m.java, line(s) 217 n5/d1.java, line(s) 114,391 n5/f.java, line(s) 252,361 n5/f2.java, line(s) 32 n5/g1.java, line(s) 50 n5/h1.java, line(s) 38 n5/i2.java, line(s) 20,29 n5/m0.java, line(s) 301,90,298,299,300,314,315 n5/m2.java, line(s) 26 n5/n2.java, line(s) 42,95,100,66,68 n5/p0.java, line(s) 27 n5/q.java, line(s) 173,237 n5/u0.java, line(s) 25 n5/z1.java, line(s) 50 n6/i5.java, line(s) 150 n7/b.java, line(s) 68 o2/c.java, line(s) 105,104 o2/e.java, line(s) 65,64 o5/a.java, line(s) 18 o5/a1.java, line(s) 102 o5/b1.java, line(s) 28 o5/c.java, line(s) 425,443,490,494,498,504 o5/c0.java, line(s) 95,98,124,127,130,161,169 o5/c1.java, line(s) 29 o5/e1.java, line(s) 46 o5/f0.java, line(s) 26 o5/j0.java, line(s) 120,135,146,155 o5/k1.java, line(s) 49,54 o5/o1.java, line(s) 50 o5/x0.java, line(s) 33 p/c.java, line(s) 141 p0/b.java, line(s) 65 p0/e2.java, line(s) 49,60 p0/i2.java, line(s) 44,53,67,87,101,116,130 p0/k0.java, line(s) 1374,1247,1373 p0/o2.java, line(s) 380,397,134,146,153,162,49,68,371 p0/w.java, line(s) 101 p2/h.java, line(s) 530,529,574,588,275 p2/i.java, line(s) 55,56 p2/k.java, line(s) 14,165 p2/q.java, line(s) 161 p2/z.java, line(s) 65,66 p6/a.java, line(s) 74,85,89,99 p7/g.java, line(s) 654 q0/k.java, line(s) 187 q1/c.java, line(s) 136 q2/i.java, line(s) 137,177,138,178 q2/j.java, line(s) 108,120,192,227,107,119,140,147,173,191,201,216,226,141,148,179,202,217 q3/l.java, line(s) 143,153,161,246,279,290,311,349 q6/a.java, line(s) 120,187,134,201 r0/d.java, line(s) 140 r2/e.java, line(s) 37,43,71,81,38,72,44,84 r2/i.java, line(s) 124,108 r3/e.java, line(s) 42 r3/f.java, line(s) 157,460 r5/b.java, line(s) 91,102 rb/a.java, line(s) 58,103,115,167 rb/e.java, line(s) 258,219 s0/b0.java, line(s) 41,40 s0/c.java, line(s) 53,62 s0/k.java, line(s) 59,68 s2/a.java, line(s) 92,89 s5/g.java, line(s) 18 s5/p.java, line(s) 19,16 s5/q.java, line(s) 74,47,56 sb/h.java, line(s) 33 t3/a.java, line(s) 178 t4/k.java, line(s) 37,44,47,55,85,90,95,100,105 t6/h.java, line(s) 51 ta/e.java, line(s) 35,73 ta/g.java, line(s) 39,32 tb/l.java, line(s) 98 u2/c.java, line(s) 16,15 u2/d.java, line(s) 44,43 u2/f.java, line(s) 101,100 u2/s.java, line(s) 91,94 u2/t.java, line(s) 37,36 u8/f.java, line(s) 269,368,372,235 ua/a.java, line(s) 13 ub/a.java, line(s) 83,106,124 ub/c.java, line(s) 26,27,31,36,42,63,65,71,81,105,111,125,132,135,137,143,155,158,160,169,172,184,190 ub/g.java, line(s) 46,62,81,98,132,50,69,86,102 ub/h.java, line(s) 65,84,310,128,222,252,218,224,266,274 ub/l.java, line(s) 28 ub/n.java, line(s) 28 ub/q.java, line(s) 39,40 v0/c.java, line(s) 163 v3/f.java, line(s) 303 v3/i.java, line(s) 146,69 v3/l.java, line(s) 86,115 v5/j.java, line(s) 25 w/d.java, line(s) 385 w4/a.java, line(s) 15,22,29,14,21,28,42,43,49,50 x/f.java, line(s) 294 x2/i.java, line(s) 181,199,215,225,234,259,266,341,351,363,375,380,180,198,208,213,217,223,227,258,265,340,350,362,374,379 x2/k.java, line(s) 94,281,93,160,280,340,353,161,217,341 x2/l.java, line(s) 41,47,42,48 x2/p.java, line(s) 42,43 x2/u.java, line(s) 110,115,127,136,143,111,116,128,137,144,145,146,150 x2/x.java, line(s) 132,129 x7/i.java, line(s) 31,22,38,45,30,37,44,51,52,58,59 y1/b.java, line(s) 81 y3/a.java, line(s) 131 y9/b.java, line(s) 28 z/a.java, line(s) 195,106,170 z1/m0.java, line(s) 36,73 z8/g.java, line(s) 34,41,44,53,87 z8/o.java, line(s) 195
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: m3/p0.java, line(s) 24,24 m3/y0.java, line(s) 298,298 m4/z.java, line(s) 57,57 t3/j.java, line(s) 220,220 z3/b.java, line(s) 105,105
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/applozic/mobicomkit/uiwidgets/conversation/fragment/MobiComConversationFragment.java, line(s) 10,3183
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: d6/k7.java, line(s) 32 f9/j.java, line(s) 289,289,290 x7/w.java, line(s) 24
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: ze/a.java, line(s) 340,270,339,351,311,323,323,367
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/332246665429/namespaces/firebase:fetch?key=AIzaSyD659kmLdLx4nwCA8TLF9HWQ6YyPfUEvig ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app-measurement.com) 通信。
{'ip': '180.163.150.34', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (firebase-settings.crashlytics.com) 通信。
{'ip': '180.163.150.34', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
综合安全基线评分总结
LightningX VPN v3.0.5
Android APK
50
综合安全评分
中风险