应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Moneyman v2.316.0.0
48
安全评分
安全基线评分
48/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
4
高危
25
中危
4
信息
2
安全
隐私风险评估
9
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
4
中危安全漏洞
25
安全提示信息
4
已通过安全项
2
重点安全关注
0
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/freshchat/consumer/sdk/activity/ArticleDetailActivity.java, line(s) 447,20 com/freshchat/consumer/sdk/activity/BotFaqDetailsActivity.java, line(s) 121,12 com/freshchat/consumer/sdk/activity/FAQDetailsActivity.java, line(s) 137,11
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: Be/K2.java, line(s) 30 Ni/AbstractC1569a.java, line(s) 53 Ni/AbstractC3717a.java, line(s) 53
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: mx/moneyman/component/activity/pdf/PDFActivity.java, line(s) 74,12
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个9隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 Broadcast Receiver (mx.moneyman.messaging.NotificationsBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.exponea.sdk.services.ExponeaPushTrackingActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.exponea.sdk.services.ExponeaPushTrackingActivityOlderApi) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.exponea.sdk.receiver.AppUpdateReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (androidx.compose.ui.tooling.PreviewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 高优先级 Intent(999) - {2} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: Ie/b.java, line(s) 11 If/c.java, line(s) 39,40,41,42 T1/c.java, line(s) 114 Ul/AbstractC4510a.java, line(s) 19 Ul/a.java, line(s) 18 com/freshchat/consumer/sdk/util/cc.java, line(s) 150 com/idfinance/kmm/device/data_collection/collection_parts/HardwarePart.java, line(s) 102 com/metamap/sdk_components/crash_reporter/sentry/io/sentry/android/core/DefaultAndroidEventProcessor.java, line(s) 554,443 mx/moneyman/MMMXFileProvider.java, line(s) 22
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: Ul/AbstractC4510a.java, line(s) 19 Ul/a.java, line(s) 18
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: Al/d.java, line(s) 26,323,335,367 U5/d.java, line(s) 7,56 V5/s.java, line(s) 5,6,81 W6/C0420g.java, line(s) 6,7,153,314,1011,1221 W6/C1048g.java, line(s) 6,7,91,310,470,511,1597,2613,2852 W6/T2.java, line(s) 6,7,62 com/freshchat/consumer/sdk/c/b.java, line(s) 6,7,8,35,44,92 com/freshchat/consumer/sdk/c/e.java, line(s) 6,221 com/freshchat/consumer/sdk/c/k.java, line(s) 6,141 com/freshchat/consumer/sdk/c/l.java, line(s) 6,120,168 com/freshchat/consumer/sdk/c/n.java, line(s) 6,98,167,455,847 com/freshchat/consumer/sdk/c/w.java, line(s) 6,7,109,116,281,381 com/singular/sdk/internal/BatchManagerPersistenceSqlite.java, line(s) 7,8,119 com/singular/sdk/internal/SQLitePersistentQueue.java, line(s) 6,7,71,92
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: B9/g.java, line(s) 39 G3/d.java, line(s) 33 I4/f.java, line(s) 43 Io/ktor/client/request/forms/FormPart.java, line(s) 88 K4/c.java, line(s) 39 K4/r.java, line(s) 85 K4/z.java, line(s) 96 Kh/memory/MemoryCache$Key.java, line(s) 58 S/C4175b.java, line(s) 11 T9/i.java, line(s) 184 Y0/C2087b0.java, line(s) 23 Y0/C4753b0.java, line(s) 25 Yn/j.java, line(s) 65 af/C1303g.java, line(s) 471 af/k.java, line(s) 47 coil/memory/MemoryCache$Key.java, line(s) 58 com/exponea/sdk/repository/CampaignRepositoryImpl.java, line(s) 24 com/exponea/sdk/repository/DeviceInitiatedRepositoryImpl.java, line(s) 18 com/exponea/sdk/repository/InAppContentBlockDisplayStateRepositoryImpl.java, line(s) 28 com/exponea/sdk/repository/InAppMessageDisplayStateRepositoryImpl.java, line(s) 26 com/exponea/sdk/repository/PushTokenRepositoryImpl.java, line(s) 22 com/exponea/sdk/repository/UniqueIdentifierRepositoryImpl.java, line(s) 11 com/exponea/sdk/telemetry/TelemetryManager.java, line(s) 39,37 com/idfinance/userbehavior/processor/model/AuthData.java, line(s) 73 com/metamap/metamap_sdk/Metadata.java, line(s) 29 com/metamap/sdk_components/crash_reporter/sentry/io/sentry/protocol/User.java, line(s) 70 com/metamap/sdk_components/feature/videokyc/fragment/RationaleFragment.java, line(s) 33 com/singular/sdk/internal/BaseApi.java, line(s) 14,15 com/singular/sdk/internal/BatchManagerPersistenceSqlite.java, line(s) 19 com/singular/sdk/internal/Constants.java, line(s) 174,90,150,151,152,153,52,45,55,47,48,57,168,95,64,65,66,178,154,76,175,81,112,173,155,93,179,122,120,126,123,124,125,100,119,127,169,181,129,142,180,115,102,79,139,176 com/singular/sdk/internal/SLRemoteConfiguration.java, line(s) 53,54,55,56,57,58 mx/moneyman/domain/model/response/main/widget/ConektaPaymentWidget.java, line(s) 95 mx/moneyman/domain/usecase/uxcam/a.java, line(s) 32 mx/moneyman/presentation/viewModel/authorizationArea/login/b.java, line(s) 56 mx/moneyman/ui/dialog/PayWithBonusesDialog.java, line(s) 43 mx/moneyman/ui/dialog/PromoCodeDialog.java, line(s) 21 mx/moneyman/ui/dialog/RateDialog.java, line(s) 20,22 mx/moneyman/ui/screens/container/InstallmentPaymentsCalendarFragment.java, line(s) 40 mx/moneyman/ui/screens/main/loan/rollover/RolloverFragment.java, line(s) 29,30
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: Bh/C0740k.java, line(s) 10 Bh/C1790k.java, line(s) 10 Bh/l.java, line(s) 10 Bh/z.java, line(s) 8 D/f.java, line(s) 15 F8/b.java, line(s) 3 G8/C1003c.java, line(s) 17 G8/C2517c.java, line(s) 18 Ng/d0.java, line(s) 13 Ni/AbstractC1569a.java, line(s) 15 Ni/AbstractC3717a.java, line(s) 14 O8/e.java, line(s) 6 Og/AbstractC1584a.java, line(s) 28 Og/AbstractC3864a.java, line(s) 28 Og/C1585b.java, line(s) 4 Pg/C1607a.java, line(s) 3 W6/k4.java, line(s) 46 Wf/C0505f.java, line(s) 3 Wf/C0518t.java, line(s) 3 Wf/C1152f.java, line(s) 3 Wf/C1165t.java, line(s) 3 Wf/F.java, line(s) 8 Wf/K.java, line(s) 16 Wq/y.java, line(s) 4 a0/b.java, line(s) 12 com/exponea/sdk/manager/FcmManagerImpl.java, line(s) 44 com/freshchat/consumer/sdk/service/c/aa.java, line(s) 8 com/freshchat/consumer/sdk/util/cc.java, line(s) 29
中危安全漏洞 IP地址泄露
IP地址泄露 Files: Ap/a.java, line(s) 31 Jf/RunnableC0668c.java, line(s) 514 Jf/p.java, line(s) 10,12,12,10,12 Jq/C3029a.java, line(s) 32 Zp/C0554a.java, line(s) 34 Zp/C4982a.java, line(s) 43 mx/moneyman/ui/screens/registration/stepCalculator/transformation/StepCalculatorRegistrationTransformationFragment$handleEffect$1$1$1.java, line(s) 53
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: Be/C0689q0.java, line(s) 146 Be/C1739q0.java, line(s) 152 Io/ktor/client/plugins/cache/storage/a.java, line(s) 33 Ni/AbstractC1569a.java, line(s) 32 Ni/AbstractC3717a.java, line(s) 32 T5/k.java, line(s) 33 W6/k4.java, line(s) 108 com/freshchat/consumer/sdk/util/cc.java, line(s) 202
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: Io/sentry/android/core/internal/util/j.java, line(s) 27,27,27,27,27 Xd/a.java, line(s) 8,8,8,8,8,8 com/metamap/sdk_components/crash_reporter/sentry/io/sentry/android/core/util/RootChecker.java, line(s) 23,23,23,23,23
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: C9/C0791a.java, line(s) 41 C9/C1886a.java, line(s) 62 Io/ktor/client/plugins/websocket/WebSocketContent.java, line(s) 89 Io/sentry/SentryOptions.java, line(s) 957 J8/q.java, line(s) 91 L/C0749b.java, line(s) 206 com/metamap/sdk_components/crash_reporter/sentry/io/sentry/util/StringUtils.java, line(s) 36 com/singular/sdk/internal/Utils.java, line(s) 546 mx/moneyman/App.java, line(s) 103 xk/a.java, line(s) 709
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: Jf/k.java, line(s) 125,126 com/metamap/sdk_components/feature/webcontainer/WebVerificationFragment.java, line(s) 349,346
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: Jf/k.java, line(s) 130,126
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/161268235105/namespaces/firebase:fetch?key=AIzaSyDLLWmuV2qssqhV8fJSahiiN9VvZXs7rAs ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"MMMX_14506_B": "false"
},
"state": "UPDATE",
"templateVersion": "3"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 华为HMS Core 应用ID的=> "com.huawei.hms.client.appid" : "appid=107726729" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" "automaticSessionTracking" : "false" "com.google.firebase.crashlytics.mapping_file_id" : "04fca5a367e645928da3e2b6f8562062" "facebook_app_id" : "485512645804811" "fb_client_secret" : "15a818efec5891801e03d1e515ee2616" "firebase_database_url" : "https://moneyman-mx.firebaseio.com" "freshchat_file_provider_authority" : "mx.moneyman.fileprovider" "google_api_key" : "AIzaSyDLLWmuV2qssqhV8fJSahiiN9VvZXs7rAs" "google_app_id" : "1:161268235105:android:33460087b212540c8d2320" "google_crash_reporting_api_key" : "AIzaSyDLLWmuV2qssqhV8fJSahiiN9VvZXs7rAs" "password_recovery_support_description_phone" : "8004221022" "private_area_help" : "Ayuda" "projectToken" : "testToken" "registration_tenth_step_decline_go_to_private_area" : "<u>Finalizar</u>" "sessionTimeout" : "60" 680329ce-d3de-42bd-9924-aa5fbf1eae00 0b7cbf35-00cd-4a36-b2a1-c4c51450ec31 15093286649467af38a51b1ca1fab0bade51f08ce865c33041bdd8749eccacda c942008a-ab47-42e3-82b0-5cbafb068344 6f6e1127d05f60ff45f94025eed187d2e5b0ed5c06e173d8a9cfdc9d91eef37d 2497c79b4842963dfb14882f555b01a3 a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc 470fa2b4ae81cd56ecbcda9735803434cec591fa 0be0c184-73d2-49d2-aa90-31c3895c2c54 2549da984e643aa1ae2421f93be1975bda89b57b9951fac9bd039b016a3c0054 2c02a6d4aae6a9cd77d337abdd098511f103d84f8395c772a94a34d121ae7373 a93970b5a0a7977a580f5ebf95f8fab22ca2998533ff5e98ed551097857d64b0 7d73d21f1bd82c9e5268b6dcf9fde2cb vlx8eswivwxt8cx4pcubl7qw0jti20kafw6vfb4lney5f2n3yx684ycpp6fqxi9r 19dca50b-3467-488b-b1fa-47fb9258901a a177a801e7cb45f7a260e21b26bff805 df6b721c8b4d3b6eb44c861d4415007e5a35fc95 Q0FMR05CNG13SDQwTzFoMHBkUXBlOENv cc2751449a350f668590264ed76692694a80308a 430d3892-0dba-4185-9da3-3ea153ea97e9 d7085b56323c0e9be9ef249549c398772c5164ba2e6eabc580f2314d0d13e653 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 DefaultPersonalDataMMMX37703BWithSearchBirthPlacePopUpComponent 90bd96d1c0b3dbe341cc5a33f373183a 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 adfb3d38bf8add9fb22a9af09bf301655a1bd0279155e783907dcfd1fa6b00c5 01c2dfe19412e19f2ae95f9153f5f5a4 73463f9d-70de-41f8-857a-58590bdd5903 05eaf27b-3955-4151-a524-f423615efeb2 9a49d084d065d4101264fc12d252cdc93de3ae7eebaf8e6555ee763e66f6374f bW9jLnRuZXRub2NyZXN1ZWxnb29nLnNwcGEuc25lam9yMjNmOTRvaGJrYm1ycDBsdWlvNXNpYjJxaW0tNTAxNTMyODYyMTYx 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 44c9606e-b679-11ec-98a3-c2e3554b379c 8bc75b20878d945814e8132a5cfc0b765561913f32f3015aef231c1ee927d567 f1721ba7-17c8-4e61-a1c2-a88501fbb8c4 61a911a6b8ebac001bf9d86e 67e2bde9-3c20-4259-b8e4-428b4f89ca8d 9b8f518b086098de3d77736f9458a3d2f6f95a37 82f3a4259c65b57e95956adfae933ff3e7f5fa82c3059540f5df7075d7d07ed6 4cae4f6d019060b8103052db0ec8b1ae4ce68727e0e429961c856d3f4127a5c1 sha256/MEoHg00WiHr7B7YsglFnBA86hNAOh7CwV92Pgbdxj8M= sha256/4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng= c56fb7d591ba6704df047fd98f535372fea00211 5819a49eb7ae2358c65356b0c927d16e85215988ce5fdacca8e9dc8d687aa68c 2553bec8539f01144581fa2cc02db277b197794ff2db73f67e4a06260eacd5b5
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: A1/a.java, line(s) 137 A2/AbstractC0586a.java, line(s) 521,527,630,645,235,241 A2/AbstractC1257a.java, line(s) 530,536,639,654,244,250 A6/C0600a.java, line(s) 110,212 A6/C1271a.java, line(s) 115,217 A6/C1272b.java, line(s) 39,52,61,71 Al/d.java, line(s) 217,220,256,257 B/RunnableC0542c.java, line(s) 303 B2/AbstractC0873f.java, line(s) 22 B2/AbstractC1616f.java, line(s) 22 B7/d.java, line(s) 56 B7/k.java, line(s) 174,178 B7/n.java, line(s) 78 B9/C0587c.java, line(s) 34 B9/C1637c.java, line(s) 37 B9/a.java, line(s) 36 B9/d.java, line(s) 36 Be/X2.java, line(s) 11 C/A.java, line(s) 304 C2/AbstractC0899b.java, line(s) 117 C2/AbstractC1827b.java, line(s) 117 C8/g.java, line(s) 18,19,20 C9/C0791a.java, line(s) 34,45 C9/C1886a.java, line(s) 55,66 D6/c.java, line(s) 59,65,366,391,95,105,124,153,194,361,62,144,168,171,189,303 F2/c.java, line(s) 105,806,821,835,1064,1068,1072,1154,1163,1267,1272,1427,1834 F8/g.java, line(s) 237,255,62,66,72,75,147 G2/AbstractC1260c.java, line(s) 43 G2/AbstractC2447c.java, line(s) 43 G2/C1258b.java, line(s) 81 G2/C1266f.java, line(s) 112,85,119 G2/C1282u.java, line(s) 29,41,90,141,190,207,233 G2/C2445b.java, line(s) 81 G2/C2453f.java, line(s) 116,89,123 G2/C2469u.java, line(s) 29,41,90,141,190,207,233 G2/Z.java, line(s) 154,183 G2/p0.java, line(s) 32,44,51,60 G2/u0.java, line(s) 56,101,93 G4/d.java, line(s) 165 H/a.java, line(s) 17 H4/e.java, line(s) 179,205 H7/l.java, line(s) 22,37,30,36,42,43 I6/C1431f.java, line(s) 34 I6/C2771f.java, line(s) 34 I6/RunnableC1430e.java, line(s) 39,48,52 I6/RunnableC2770e.java, line(s) 39,48,52 I9/c.java, line(s) 310,165 Ie/d.java, line(s) 64 Io/sentry/a2.java, line(s) 33 Io/sentry/android/core/C1158l.java, line(s) 29,23,27,34 Io/sentry/android/core/C2818l.java, line(s) 30,24,28,35 Io/sentry/android/core/r.java, line(s) 107 Io/sentry/android/replay/h.java, line(s) 23 J1/s.java, line(s) 68 J3/AbstractC1438c.java, line(s) 50,54 J3/AbstractC2944c.java, line(s) 50,54 J4/b.java, line(s) 120,140 J6/AbstractC1442a.java, line(s) 39,52,158,161 J6/AbstractC2948a.java, line(s) 42,55,161,164 J6/C1443b.java, line(s) 107,124,130,157,184 J6/C1445d.java, line(s) 30 J6/C1450i.java, line(s) 13 J6/C2949b.java, line(s) 113,130,136,163,190 J6/C2951d.java, line(s) 34 J6/HandlerC1448g.java, line(s) 45,58,79,76,85,113 J6/HandlerC2954g.java, line(s) 45,58,79,76,85,113 J6/i.java, line(s) 44,50 J6/o.java, line(s) 53,45 J6/t.java, line(s) 35,73,87,107,131,159,184,41 J6/u.java, line(s) 107 J6/v.java, line(s) 24,35 J6/w.java, line(s) 28 J6/x.java, line(s) 59 J6/y.java, line(s) 47,29,57 J8/q.java, line(s) 33 Jf/C0351f.java, line(s) 85,127 Jf/C0671f.java, line(s) 88,130 Jf/k.java, line(s) 226 K2/m.java, line(s) 60 K2/o.java, line(s) 33 K4/B.java, line(s) 69,81 K4/h.java, line(s) 137 K5/b.java, line(s) 73,78,83 K5/w.java, line(s) 201,204,209 K6/AbstractC1470e.java, line(s) 37 K6/AbstractC3263e.java, line(s) 37 K6/C1468c.java, line(s) 61,95,102 K6/C1471f.java, line(s) 30,43 K6/C3261c.java, line(s) 61,95,102 K6/C3262d.java, line(s) 86,96,130,136,141,147,155,164 K6/C3264f.java, line(s) 123,158,167,219,40,53 K6/HandlerC1472g.java, line(s) 27 K6/HandlerC3265g.java, line(s) 28 K6/l.java, line(s) 42 K6/o.java, line(s) 58,62 Kf/C1334b.java, line(s) 10 Kf/C3293b.java, line(s) 10 Kh/D.java, line(s) 261 L/C0220b.java, line(s) 49 L/C0749b.java, line(s) 60,220,231,214 L3/C1497a.java, line(s) 73 L3/C3389a.java, line(s) 73 L4/k.java, line(s) 53,118 L4/l.java, line(s) 31,56,60,67,106,124,128,132,150,161,165,151 L5/AbstractC1510d.java, line(s) 427 L5/AbstractC1511e.java, line(s) 137 L5/AbstractC1512f.java, line(s) 494,495 L5/AbstractC3402d.java, line(s) 360,370,378,393,416,542 L5/AbstractC3403e.java, line(s) 644 L5/AbstractC3404f.java, line(s) 562,563 L5/o.java, line(s) 117,132 L7/f.java, line(s) 21,29,30 L7/j.java, line(s) 86,107,85,106 M4/i.java, line(s) 37,47,78,84,50,85 M6/C1561D.java, line(s) 251,379 M6/C1567f.java, line(s) 308,527 M6/C3507D.java, line(s) 253,407 M6/C3513f.java, line(s) 360,579 M6/V.java, line(s) 97,101 M6/Y.java, line(s) 27,36 M8/a.java, line(s) 23,28,33 M8/b.java, line(s) 30,26,34,61 M8/f.java, line(s) 70 N/g.java, line(s) 155,191,203,213,396 N8/RunnableC1497f.java, line(s) 119 N8/RunnableC3645f.java, line(s) 133 O1/e.java, line(s) 141 O1/g.java, line(s) 223 O1/h.java, line(s) 32,104 O1/j.java, line(s) 121,126 O1/l.java, line(s) 138 O1/n.java, line(s) 122,201,209,260,263,264,265,269 O1/v.java, line(s) 159,190 O4/C0243g.java, line(s) 15 O4/C0252p.java, line(s) 80,85,93,107,81,88,96,110 O4/C0812g.java, line(s) 15 O4/C0813h.java, line(s) 68 O4/C0821p.java, line(s) 80,85,93,107,81,88,96,110 O4/M.java, line(s) 75,76 O4/N.java, line(s) 42 O5/C1722h.java, line(s) 142,165,180 O5/C3823h.java, line(s) 141,164,179 O6/AbstractC1731f.java, line(s) 127,157,264,271,277,286 O6/AbstractC3832f.java, line(s) 127,157,264,271,277,286 O6/AbstractC3845t.java, line(s) 81,84,87,90,93,96,104,107,110,113,150,157 O6/AbstractDialogInterfaceOnClickListenerC3847v.java, line(s) 17 O6/E.java, line(s) 34 O6/Q.java, line(s) 39,54 O6/W.java, line(s) 43,48 P3/q.java, line(s) 467 P5/C1765d.java, line(s) 95,311 P5/C3896d.java, line(s) 167,383 Q4/AbstractC1784a.java, line(s) 632,624 Q4/AbstractC3967a.java, line(s) 684,676 Q4/b.java, line(s) 64 Q6/C0276d.java, line(s) 151 Q6/C0866d.java, line(s) 152 R4/A.java, line(s) 42,49,54 R4/C0305c.java, line(s) 60,69 R4/C0306d.java, line(s) 19 R4/C0895c.java, line(s) 61,70 R4/C0896d.java, line(s) 19 R4/j.java, line(s) 21,24 R4/m.java, line(s) 22,38,42,46,52,140,159,167,182,187,189,192,196,204 R4/p.java, line(s) 47,50,48,51 R4/t.java, line(s) 63,67,71,75,79,92,104,93 R5/C1819c.java, line(s) 49 R5/C4060c.java, line(s) 49 R6/C1823a.java, line(s) 35 R6/C4064a.java, line(s) 34 Rd/a.java, line(s) 148,261 S1/AbstractC0311e.java, line(s) 63 S1/AbstractC0935e.java, line(s) 72,129,132,159 S1/F.java, line(s) 111 S1/V.java, line(s) 49,84,90,112,176,186,250,258,68,94,124,166 S1/g0.java, line(s) 30 S2/C0957b.java, line(s) 127,135 S2/C0980z.java, line(s) 344 T5/AbstractC1894e.java, line(s) 34 T5/AbstractC4287e.java, line(s) 35 T5/C1891b.java, line(s) 104,83 T5/C4284b.java, line(s) 104,83 T5/k.java, line(s) 68 U1/InputConnectionC1920E.java, line(s) 279 U1/InputConnectionC4353E.java, line(s) 279 U1/b.java, line(s) 54 U2/b.java, line(s) 80,137,171 U2/d.java, line(s) 97 U5/AbstractC1965e.java, line(s) 1009 U5/AbstractC4398e.java, line(s) 1020 U5/a.java, line(s) 95 Uc/C1900a.java, line(s) 90 Uc/C4441a.java, line(s) 94 V1/C4552b.java, line(s) 45 V1/d.java, line(s) 39,44 V1/g.java, line(s) 66,108,177,240,310 V1/i.java, line(s) 42,99,112,133,143 V2/C4561g.java, line(s) 304 V2/b.java, line(s) 15 V4/a.java, line(s) 53,62,69,76 V4/e.java, line(s) 21,24 V4/m.java, line(s) 44,45 W5/C2031b.java, line(s) 40 W5/C4611b.java, line(s) 40 W6/C0403c2.java, line(s) 218 W6/C0454m3.java, line(s) 126,145,120,142 W6/C1031c2.java, line(s) 214 W6/C1082m3.java, line(s) 131,150,125,147 W6/k4.java, line(s) 1031 W7/a.java, line(s) 170,188,192 W7/c.java, line(s) 33,51,61 W7/d.java, line(s) 86 X4/r.java, line(s) 120,121 Xl/C4724a.java, line(s) 79 Xl/a.java, line(s) 72 Y6/C2152a.java, line(s) 73,88 Y6/C4818a.java, line(s) 74,93 Y7/j.java, line(s) 100 Y8/b.java, line(s) 41,46 Y8/c.java, line(s) 155,243 Y8/f.java, line(s) 61 Y8/h.java, line(s) 184,144,599 Y8/i.java, line(s) 34,54 Y8/j.java, line(s) 29,33 Y8/l.java, line(s) 40,125,43,100,51,59,62 Z5/RunnableC2226o.java, line(s) 94,295 Z5/RunnableC4940o.java, line(s) 95,296 Z5/y.java, line(s) 20 Z6/a.java, line(s) 104,111,178,208,284,296,118,225 Z6/h.java, line(s) 57,62,87,96 Zc/c.java, line(s) 112 ai/c.java, line(s) 489,343 b5/i.java, line(s) 44,45 com/arkivanov/decompose/errorhandler/ErrorHandlersKt$onDecomposeError$1.java, line(s) 29 com/caverock/androidsvg/e.java, line(s) 379,226 com/caverock/androidsvg/j.java, line(s) 75 com/caverock/androidsvg/k.java, line(s) 261,797,267,339 com/caverock/androidsvg/n.java, line(s) 892 com/exponea/sdk/telemetry/model/EventLog.java, line(s) 33,87 com/exponea/sdk/telemetry/upload/VSAppCenterAPIErrorAttachmentLog.java, line(s) 53,65,125,125,59,125,44,125,47,125 com/exponea/sdk/telemetry/upload/VSAppCenterAPIErrorLog.java, line(s) 58,146,67,146,64,146,49,146,52,146 com/exponea/sdk/telemetry/upload/VSAppCenterAPIEventLog.java, line(s) 51,115,42,115,45,115 com/exponea/sdk/util/Logger.java, line(s) 94,175,118,154 com/freshchat/consumer/sdk/activity/m.java, line(s) 248,255,257 com/freshchat/consumer/sdk/i/b.java, line(s) 68,179,310 com/freshchat/consumer/sdk/service/a/g.java, line(s) 25 com/freshchat/consumer/sdk/ui/af.java, line(s) 34 com/freshchat/consumer/sdk/ui/b.java, line(s) 232 com/freshchat/consumer/sdk/util/ad.java, line(s) 76,87,99,111,123,141,157 com/freshchat/consumer/sdk/util/ae.java, line(s) 302,113,129,145,184 com/freshchat/consumer/sdk/util/au.java, line(s) 16 com/freshchat/consumer/sdk/util/cf.java, line(s) 474,826,906,930,937,950,952 com/freshchat/consumer/sdk/util/cj.java, line(s) 89 com/metamap/sdk_components/crash_reporter/sentry/io/sentry/SystemOutLogger.java, line(s) 20,29,38 com/metamap/sdk_components/featue_common/ui/camera/PhotoCameraFragment.java, line(s) 171 com/singular/sdk/Singular.java, line(s) 355,356 com/singular/sdk/internal/BatchManager.java, line(s) 152,153,166,189 com/singular/sdk/internal/BatchManagerPersistenceSqlite.java, line(s) 218,220 com/singular/sdk/internal/DeviceIDManager.java, line(s) 65,69 com/singular/sdk/internal/DeviceInfo.java, line(s) 286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,285 com/singular/sdk/internal/LicenseChecker.java, line(s) 68,65,95,111 com/singular/sdk/internal/SingularInstance.java, line(s) 51,52,53 com/singular/sdk/internal/SingularLog.java, line(s) 23,71,30,78,92,37,85 com/singular/sdk/internal/SingularRequestHandler.java, line(s) 107,108,109,145,146 com/singular/sdk/internal/Utils.java, line(s) 218 d7/C0865h.java, line(s) 43 d7/C2180h.java, line(s) 46 g5/n0.java, line(s) 37 g5/o0.java, line(s) 59 g9/A.java, line(s) 28,34 g9/AbstractServiceC1011h.java, line(s) 57 g9/AbstractServiceC2525h.java, line(s) 62 g9/B.java, line(s) 70,135,34,42,73,81,84,87 g9/C.java, line(s) 18 g9/C1014k.java, line(s) 24 g9/C2524g.java, line(s) 157,396,420,450,486,528,576,630,701,766,865,975,1098,119,143,148,150,182,217,249,263,271,279,289,299,317,319,386,390,392,639,775 g9/C2528k.java, line(s) 30 g9/CallableC1012i.java, line(s) 63,66,78,84,87,45,73 g9/CallableC2526i.java, line(s) 66,69,81,87,90,48,76 g9/G.java, line(s) 25 g9/H.java, line(s) 126,41,64,118,137,143 g9/J.java, line(s) 19 g9/L.java, line(s) 46,49,93,36,38,41,63,72,84,109 g9/r.java, line(s) 24,27,39,48 g9/s.java, line(s) 106,37,96,81,89,103 g9/t.java, line(s) 44,57,72,91 g9/v.java, line(s) 26 g9/y.java, line(s) 342,352 g9/z.java, line(s) 29,45 i2/b.java, line(s) 39 mx/moneyman/ui/screens/main/loan/loan_details/LoanDetailsFragment.java, line(s) 1061,1060,1078 mx/moneyman/ui/views/UploadDocumentsView.java, line(s) 237 n1/a.java, line(s) 63,69 n1/f.java, line(s) 33,35 n1/i.java, line(s) 33,35 n1/l.java, line(s) 46,50 o3/C3800t.java, line(s) 187 o3/S.java, line(s) 216 od/b.java, line(s) 39 r2/a.java, line(s) 46,73 v7/AbstractC1970a.java, line(s) 28 v7/AbstractC4573a.java, line(s) 37 xc/h.java, line(s) 103 z0/f.java, line(s) 565,547,564
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: K5/C3258a.java, line(s) 30,30 K5/p.java, line(s) 20,20 K5/w.java, line(s) 130,130 R5/g.java, line(s) 229,229 X5/C2070b.java, line(s) 83,83 X5/C4683b.java, line(s) 82,82
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: Ip/b.java, line(s) 4,86 Jp/c.java, line(s) 12,94,155 i1/C1388d.java, line(s) 4,127 i1/C2728d.java, line(s) 4,134,128 mx/moneyman/ui/screens/main/loan/referralProgram/ReferralProgramFragment.java, line(s) 12,138,167
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://moneyman-mx.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: Tk/a.java, line(s) 159,593,591,591 Wj/a.java, line(s) 222,77,119,158,71,77,77
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: Io/sentry/android/core/internal/util/j.java, line(s) 26,26,26,26,26,26 Jf/RunnableC0668c.java, line(s) 287 W6/D2.java, line(s) 157 com/metamap/sdk_components/crash_reporter/sentry/io/sentry/android/core/DefaultAndroidEventProcessor.java, line(s) 449 com/metamap/sdk_components/crash_reporter/sentry/io/sentry/android/core/util/RootChecker.java, line(s) 59,23,23,23,23,23,23,62
综合安全基线评分总结
Moneyman v2.316.0.0
Android APK
48
综合安全评分
中风险