应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
管控平台 v5.2.3.0.
45
安全评分
安全基线评分
45/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
10
高危
76
中危
3
信息
2
安全
隐私风险评估
3
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
10
中危安全漏洞
76
安全提示信息
3
已通过安全项
2
重点安全关注
0
高危安全漏洞 Activity(com.iflytek.mdmservice.ui.ShowActivity)易受 Android Task Hijacking/StrandHogg 攻击。
Activity 启动模式为 "singleTask" 时,恶意应用可将自身置于栈顶,导致任务劫持(StrandHogg 1.0),易被钓鱼攻击。建议将启动模式设为 "singleInstance" 或 taskAffinity 设为空(taskAffinity=""),或将 target SDK 版本(23) 升级至 28 及以上以获得平台级防护。
高危安全漏洞 Activity(com.iflytek.mdmservice.ui.LockActivity)易受 Android Task Hijacking/StrandHogg 攻击。
Activity 启动模式为 "singleTask" 时,恶意应用可将自身置于栈顶,导致任务劫持(StrandHogg 1.0),易被钓鱼攻击。建议将启动模式设为 "singleInstance" 或 taskAffinity 设为空(taskAffinity=""),或将 target SDK 版本(23) 升级至 28 及以上以获得平台级防护。
高危安全漏洞 Activity(com.iflytek.mdmservice.ui.BatteryActivity)易受 Android Task Hijacking/StrandHogg 攻击。
Activity 启动模式为 "singleTask" 时,恶意应用可将自身置于栈顶,导致任务劫持(StrandHogg 1.0),易被钓鱼攻击。建议将启动模式设为 "singleInstance" 或 taskAffinity 设为空(taskAffinity=""),或将 target SDK 版本(23) 升级至 28 及以上以获得平台级防护。
高危安全漏洞 Activity (com.iflytek.mdmservice.ui.BatteryActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(23)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 Activity (com.igexin.sdk.GActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(23)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 Activity(com.iflytek.mdmservice.policy.ui.WarnActivity)易受 Android Task Hijacking/StrandHogg 攻击。
Activity 启动模式为 "singleTask" 时,恶意应用可将自身置于栈顶,导致任务劫持(StrandHogg 1.0),易被钓鱼攻击。建议将启动模式设为 "singleInstance" 或 taskAffinity 设为空(taskAffinity=""),或将 target SDK 版本(23) 升级至 28 及以上以获得平台级防护。
高危安全漏洞 Activity(com.iflytek.oauth.activity.behaviorlogin.EDUBehaviorRiskWebActivity)易受 Android Task Hijacking/StrandHogg 攻击。
Activity 启动模式为 "singleTask" 时,恶意应用可将自身置于栈顶,导致任务劫持(StrandHogg 1.0),易被钓鱼攻击。建议将启动模式设为 "singleInstance" 或 taskAffinity 设为空(taskAffinity=""),或将 target SDK 版本(23) 升级至 28 及以上以获得平台级防护。
高危安全漏洞 使用弱加密算法
使用弱加密算法 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/iflytek/user/stu/DesCyUtils.java, line(s) 16,19
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/iflytek/oauth/activity/behaviorlogin/web/EDUBehaviorOriginalWebViewEx.java, line(s) 257,256 com/iflytek/oauth/activity/c.java, line(s) 38,69,108
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/iflytek/opensdk/zhkt/a/e.java, line(s) 177
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 Content Provider (com.iflytek.mdmservice.provider.FrozenAppProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.iflytek.mdmservice.ui.LockActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.iflytek.mdmservice.ui.BatteryActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.iflytek.mdmservice.service.BackgroundService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.iflytek.mdmservice.service.MdmApiService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.iflytek.mdmservice.service.MdmSdkService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.AdminReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_DEVICE_ADMIN [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.EduClassReceiver) 未受保护。
存在 intent-filter。 检测到 Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmCameraReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmUsbStateReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmGpsControlReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmTimeSettingReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmBluetoothReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmStoreDownloadFlagReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmWhiteUrlReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmPowerOffReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmWifiAdvanceReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmNavigationReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmKeypadReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmClearPwdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmResetFactoryReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmCleanAppsReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmSilentInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmEyeComfortReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmColorBlindnessReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmEyeProtectReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmResetNetworkReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.ToastReceiver) 未受保护。
存在 intent-filter。 检测到 Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.TimeChangeReceiver) 未受保护。
存在 intent-filter。 检测到 Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.InstallSourceControlReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.WakeWorkerReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.OpenAdminReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.EyeProtectListenerReceiver) 未受保护。
存在 intent-filter。 检测到 Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.SyncTimeReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.iflytek.mdmservice.provider.PolicyProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.iflytek.mdmservice.provider.PolicyTempProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.iflytek.mdmservice.provider.PolicyHelperProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.iflytek.mdmservice.provider.WoBListProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.iflytek.mdmservice.provider.MdmProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.iflytek.mdmservice.provider.AppInfoProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.iflytek.mdmservice.provider.AlarmProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.iflytek.mdmservice.provider.AppInfoOpenProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.iflytek.mdmservice.provider.DeviceInfoProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.iflytek.mdmservice.provider.UserInfoProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.iflytek.mdmservice.provider.SystemConfigProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.MdmRefeshServiceData) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.LaunchReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.LogoutReceiver) 未受保护。
存在 intent-filter。 检测到 Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.StipulationReceiver) 未受保护。
存在 intent-filter。 检测到 Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.ScreenWakeLockReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.igexin.sdk.PushActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.igexin.sdk.GActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.igexin.sdk.GActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.EnvironmentSwitcherReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.TrustAppReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.iflytek.mdm.permission.CALL_API</br>protectionLevel: normal [android:exported=true] 检测到 Broadcast Receiver 已导出并受权限保护,但该权限保护级别为 normal。恶意应用可申请此权限并与组件交互。建议将权限保护级别设为 signature,仅允许同证书签名应用访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.ShutdownReceiver) 未受保护。
存在 intent-filter。 检测到 Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.AlarmReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.mdmservice.receiver.ObserverReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.iflytek.mdmservice.service.ExportSilentInstallService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.iflytek.edu.log.bizbase.process.EDULogDataProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.iflytek.edu.apm.base.timer.ExactTimer$TimeTaskReceiver) 未受保护。
存在 intent-filter。 检测到 Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。
中危安全漏洞 Service (com.igexin.sdk.GService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 高优先级 Intent(1000) - {2} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: a/b/a/d/c/f/d/d.java, line(s) 49 com/iflytek/edu/apm/base/constant/EDULogBaseConstant.java, line(s) 5 com/iflytek/edu/apm/base/database/FileDbManagerImpl.java, line(s) 13 com/iflytek/edu/apm/base/encrypt/EDUHttpConstant.java, line(s) 8,6,7,5,9,10 com/iflytek/edu/apm/base/http/constants/EDULogHttpConstants.java, line(s) 12,5 com/iflytek/edu/apm/base/upload/FileUploadHelper.java, line(s) 7 com/iflytek/edu/apm/base/upload/HuaweiConfig.java, line(s) 66 com/iflytek/edu/apm/base/utils/EDULogEncrypter.java, line(s) 10 com/iflytek/edu/apm/base/utils/EDULogOldRSAUtil.java, line(s) 19,20 com/iflytek/edu/log/agent/constant/EDULogConstant.java, line(s) 16 com/iflytek/edu/log/bizbase/EDUBaseConstant.java, line(s) 23 com/iflytek/edu/log/bizbase/process/EDUSyncConstant.java, line(s) 19 com/iflytek/edu/log/cache/helper/EDULogCacheHelper.java, line(s) 22 com/iflytek/edu/log/compress/EDUCompressEncryptProcessor.java, line(s) 28,29,16,19,18,17,20,21,22,25,26,27 com/iflytek/edu/log/compress/sql/FileDbDao.java, line(s) 16 com/iflytek/edu/log/constant/EDULogInterfaceConstant.java, line(s) 6,10,5,9 com/iflytek/edu/log/constant/EDULogStoUpConstant.java, line(s) 8,14,9,10,11,12,13,16 com/iflytek/edu/log/deviceinfo_collector/pack/content/LogContentPackHelper.java, line(s) 35 com/iflytek/edu/log/storage/dao/imp/EDULogSQLImpDao.java, line(s) 22 com/iflytek/edu/log/storage/helper/EDULogStorageHelper.java, line(s) 11 com/iflytek/edu/log/upload/constant/EDUUploadConstant.java, line(s) 24,15,21,23,9,12,11,10,13,22,14,18,19,25,31,20,26 com/iflytek/edu/log/upload/helper/EDULogUploadHelper.java, line(s) 29 com/iflytek/edu/statistics/log/EDUUserLogStatistics.java, line(s) 14 com/iflytek/edu/statistics/log/common/EDULogConfig.java, line(s) 370,370,370 com/iflytek/edu/statistics/log/config/component/EDUComponentConstant.java, line(s) 17,26,13,22 com/iflytek/edu/statistics/pack/utils/OldUniqueIDUtil.java, line(s) 24,22 com/iflytek/fsp/shield/android/sdk/constant/SdkConstant.java, line(s) 7 com/iflytek/fsp/shield/android/sdk/util/RequestUtil.java, line(s) 22 com/iflytek/mdmcommon/RSAUtil.java, line(s) 25,26 com/iflytek/mdmepas/dev/ShieldAsyncAppZhktMdmServiceDev.java, line(s) 28,23 com/iflytek/mdmepas/pre/ShieldAsyncApp_zhkt_mdm_service_pre.java, line(s) 28,23 com/iflytek/mdmepas/prod/ShieldAsyncAppZhktMdmService.java, line(s) 28,23 com/iflytek/mdmepas/test/ShieldAsyncAppZhktMdmServiceTest.java, line(s) 28,23 com/iflytek/mdmlibrary/impl/IFlyTekTye100Mdm.java, line(s) 31,30 com/iflytek/mdmlibrary/impl/l.java, line(s) 35,34 com/iflytek/mdmservice/db/entity/DeviceInfo.java, line(s) 43 com/iflytek/mdmservice/model/ViolationInfoBean.java, line(s) 189 com/iflytek/mdmservice/utils/v.java, line(s) 85 com/iflytek/oauth/activity/behaviorlogin/web/f.java, line(s) 29 com/iflytek/pushclient/notification/a.java, line(s) 41,46 com/iflytek/user/combo/AppInfoBean.java, line(s) 108 com/iflytek/user/combo/ComboBean.java, line(s) 216 com/iflytek/user/combo/ComboFunctionBean.java, line(s) 142,142 com/iflytek/user/combo/ComboManage.java, line(s) 21 com/iflytek/user/stu/EncryptUtil.java, line(s) 6,7,8 com/iflytek/user/tea/TeaInfo.java, line(s) 203 com/obs/services/model/d.java, line(s) 24 com/obs/services/model/e.java, line(s) 27 com/obs/services/model/l.java, line(s) 41 com/obs/services/model/m.java, line(s) 21 com/obs/services/model/u.java, line(s) 27 com/obs/services/model/x.java, line(s) 74 io/sentry/event/interfaces/UserInterface.java, line(s) 63
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/iflytek/loginfosdk/b.java, line(s) 4,5,15 com/iflytek/mdmservice/db/dao/AlarmDao.java, line(s) 4,31,39 com/iflytek/mdmservice/db/dao/AppInfoDao.java, line(s) 4,59,67 com/iflytek/mdmservice/db/dao/AppSiteModelDao.java, line(s) 4,29,37 com/iflytek/mdmservice/db/dao/AuthDataDao.java, line(s) 4,31,39 com/iflytek/mdmservice/db/dao/BlackAppDao.java, line(s) 4,26,34 com/iflytek/mdmservice/db/dao/ComponentDao.java, line(s) 4,26,34 com/iflytek/mdmservice/db/dao/DetectionBeanDao.java, line(s) 4,42,50 com/iflytek/mdmservice/db/dao/DeviceInfoDao.java, line(s) 4,25,33 com/iflytek/mdmservice/db/dao/DownloadTaskDao.java, line(s) 4,31,39 com/iflytek/mdmservice/db/dao/HelperPolicyDao.java, line(s) 4,25,33 com/iflytek/mdmservice/db/dao/MdmAppDao.java, line(s) 4,25,33 com/iflytek/mdmservice/db/dao/MdmInterfaceDao.java, line(s) 4,26,34 com/iflytek/mdmservice/db/dao/OtgDeviceAppDao.java, line(s) 4,30,38 com/iflytek/mdmservice/db/dao/OtgDeviceDao.java, line(s) 4,28,36 com/iflytek/mdmservice/db/dao/PolicyDao.java, line(s) 4,27,35 com/iflytek/mdmservice/db/dao/RemoteAppInfoDao.java, line(s) 4,36,44 com/iflytek/mdmservice/db/dao/SendLostMDMEventDao.java, line(s) 4,41,49 com/iflytek/mdmservice/db/dao/SystemConfigModelDao.java, line(s) 4,28,36 com/iflytek/mdmservice/db/dao/TaskDao.java, line(s) 4,26,34 com/iflytek/mdmservice/db/dao/TeaCtrlAppPolicyDao.java, line(s) 4,28,36 com/iflytek/mdmservice/db/dao/TeaCtrlFunPolicyDao.java, line(s) 4,29,37 com/iflytek/mdmservice/db/dao/TempPolicyDao.java, line(s) 4,25,33 com/iflytek/mdmservice/db/dao/UdpDownloadTaskDao.java, line(s) 4,30,38 com/iflytek/mdmservice/db/dao/UpdateAppInfoDao.java, line(s) 4,32,40 com/iflytek/mdmservice/db/dao/UsageModelDao.java, line(s) 4,24,32 com/iflytek/mdmservice/db/dao/UserInfoDao.java, line(s) 4,35,43 com/iflytek/mdmservice/db/dao/ViolationInfoBeanDao.java, line(s) 4,42,50 com/iflytek/mdmservice/db/dao/ViolstionNoNetworkDao.java, line(s) 4,31,39 com/iflytek/mdmservice/db/dao/WhiteAppDao.java, line(s) 4,27,35 com/iflytek/mdmservice/db/dao/WoBListDao.java, line(s) 4,30,38 com/iflytek/pushclient/d/e/a.java, line(s) 4,5,48,110 com/zx/a/I8b7/a.java, line(s) 4,5,23 com/zx/a/I8b7/p2.java, line(s) 5,53,59 org/greenrobot/greendao/a.java, line(s) 6,7,232 org/greenrobot/greendao/g/g.java, line(s) 5,22
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/iflytek/edu/apm/base/BuildConfig.java, line(s) 8 com/iflytek/edu/apm/base/encrypt/EDUEncryptProcessor.java, line(s) 25,84 com/iflytek/edu/log/BuildConfig.java, line(s) 8 com/iflytek/edu/log/agent/BuildConfig.java, line(s) 8 com/iflytek/edu/log/deviceinfo/BuildConfig.java, line(s) 8 com/iflytek/edu/statistics/BuildConfig.java, line(s) 6,9 com/iflytek/edu/statistics/log/BuildConfig.java, line(s) 8 com/iflytek/edu/statistics/log/config/component/EDUUploadHelper.java, line(s) 62 com/iflytek/edu/statistics/plugin/EDULogStasPluginEntry.java, line(s) 22 com/iflytek/mdmcommon/NetworkUtils.java, line(s) 308 com/iflytek/mdmlibrary/a/a.java, line(s) 10,18,19,20,21,22,23,24,25,29,106 com/iflytek/mdmlibrary/impl/p.java, line(s) 637,633 com/iflytek/mdmservice/utils/DeviceHelper.java, line(s) 356 com/zx/a/I8b7/f1.java, line(s) 102 com/zx/a/I8b7/g1.java, line(s) 123 com/zx/a/I8b7/j1.java, line(s) 28 com/zx/sdk/api/ZXManager.java, line(s) 59,62
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: a/b/a/a/b/a.java, line(s) 25,100,27,102 com/iflytek/edu/log/agent/cache/EDULogMMapCacheManager.java, line(s) 87,92 com/iflytek/edu/log/cache/helper/EDULogCacheHelper.java, line(s) 48,53 com/iflytek/edu/log/deviceinfo/device/imp/EDULogDeviceStrategy.java, line(s) 435 com/iflytek/edu/log/deviceinfo/storage/imp/EDULogStorageStrategy.java, line(s) 20 com/iflytek/edu/statistics/pack/utils/OldUniqueIDUtil.java, line(s) 112 com/iflytek/elpmobile/apm/udid/c/i.java, line(s) 8,16,24 com/iflytek/loginfosdk/DataBaseContext.java, line(s) 19,22 com/iflytek/mdmcommon/CacheCleanUtils.java, line(s) 24 com/iflytek/mdmcommon/FileUtils.java, line(s) 18 com/iflytek/mdmcommon/Utils.java, line(s) 131 com/iflytek/mdmcommon/constant/MDMConstants.java, line(s) 71,72 com/iflytek/mdmcommon/log/LogCacheConfig.java, line(s) 8 com/iflytek/mdmcommon/log/LogCacheManager.java, line(s) 18 com/iflytek/mdmepas/DiskLruCacheHelper.java, line(s) 36 com/iflytek/mdmepas/a.java, line(s) 36 com/iflytek/mdmservice/MDMApp.java, line(s) 655 com/iflytek/mdmservice/policy/service/WorkService.java, line(s) 86 com/iflytek/mdmservice/service/DetectionResultService.java, line(s) 20 com/iflytek/mdmservice/service/FileScanService.java, line(s) 134 com/iflytek/mdmservice/utils/DeviceHelper.java, line(s) 57,66,222 com/iflytek/mdmservice/utils/e.java, line(s) 161 com/iflytek/opensdk/LogUtils.java, line(s) 47 com/iflytek/pushclient/b/m.java, line(s) 37,68 com/iflytek/sunflower/util/m.java, line(s) 32,180,184 com/iflytek/user/combo/ProductGeneralConfigsBean.java, line(s) 29 com/iflytek/user/tea/TeaInfo.java, line(s) 31 io/sentry/android/event/helper/AndroidEventBuilderHelper.java, line(s) 224,247,304
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: a/b/a/a/c/a.java, line(s) 11 com/iflytek/edu/apm/base/utils/EDULogBaseUtils.java, line(s) 59,114 com/iflytek/edu/statistics/pack/utils/OldUniqueIDUtil.java, line(s) 57 com/iflytek/fsp/shield/android/sdk/util/CryptoUtils.java, line(s) 50 com/iflytek/fsp/shield/android/sdk/util/SignUtil.java, line(s) 28 com/iflytek/mdmcommon/MD5.java, line(s) 19 com/iflytek/mdmcommon/Utils.java, line(s) 64 com/iflytek/mdmepas/CacheControlIntercept.java, line(s) 43 com/iflytek/mdmepas/e.java, line(s) 39 com/iflytek/mdmepas/j.java, line(s) 40 com/iflytek/pushclient/b/k.java, line(s) 11 com/iflytek/sunflower/util/d.java, line(s) 175,207 com/iflytek/sunflower/util/m.java, line(s) 197 com/lenovo/csdktest/AppManagerActivity.java, line(s) 81 com/obs/services/internal/utils/j.java, line(s) 277 com/zx/a/I8b7/a0.java, line(s) 168
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/iflytek/edu/log/deviceinfo/device/utils/EDULogRootUtils.java, line(s) 19,19,19,21,19,21,19,19
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/iflytek/mdmcommon/RSA.java, line(s) 90 com/lenovo/csdktest/AppManagerActivity.java, line(s) 82 com/obs/services/internal/utils/j.java, line(s) 47 com/zx/a/I8b7/p0.java, line(s) 391
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/iflytek/pushclient/d/g/a/c.java, line(s) 19 com/obs/services/internal/q/a.java, line(s) 5 io/sentry/connection/l.java, line(s) 4
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/iflytek/oauth/activity/behaviorlogin/EDUBehaviorRiskWebActivity.java, line(s) 51,37
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 百度地图的=> "com.baidu.lbsapi.API_KEY" : "jVqa6oemMUjPpkCwmztw84fIpgGiC16K" 个推–推送服务的=> "PUSH_APPID" : "4LUW1dpBbX5vmpzlsZeSg" 个推–推送服务的=> "GETUI_APPID" : "4LUW1dpBbX5vmpzlsZeSg" 凭证信息=> "IFLYTEK_APPKEY" : "5af009e7" "library_android_database_sqlcipher_authorWebsite" : "https://www.zetetic.net/sqlcipher/" 080c0addaf094b429971806c285e9d38 nKQTHaBxNTrjDrrnLHYoUogIFP9P+LS5Ua9i0onfnRqmJhyyMp+n/yf+ejdU0Ac3biu91U nb2QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Y+iQLMxyq2qaLKaDLijxK n3FgpZL+464f93Zu0re6doKzk6EYGubC3c3YbPaHTpvZ1BF185Gmlb8UHO63UnrfHli1JU e5622ac949234d5c8475572a0e93565a nea0eWqeKM0I2RFbTsSBZDdftkp4g6i2OA9e9Rp3cBq8GNED81sGbVKaq3NQ=jqliO 00ccd806a03c7391ee8f884f5902102d95f6d534d597ac42219dd8a79b1465e186c0162a6771b55e7be7422c4af494ba0112ede4eb00fc751723f2c235ca419876e7103ea904c29522b72d754f66ff1958098396f17c6cd2c9446e8c2bb5f4000a9c1c6577236a57e270bef07e7fe7bbec1f0e8993734c8bd4750e01feb21b6dc9 -361d28321796043df2db3dd115622f302f4b4690cfa9f3d9e79397f4cb044ae9 MIICyDCCAbACCQCDpoADskZ6uTANBgkqhkiG9w0BAQsFADAlMQswCQYDVQQGEwJDUixlK 6defb35b059641d7a16c9b091cf0d326 nusTjjSFCXDl6qOBXfdOQ2bKfreTynIzGUXk2UxB9P9LYFq124Pk93bwjuysSS31sifqYX nMDgyOTA4MDg1OFowJTELMAkGA1UEBhMCQ04xFjAUBgNVBAoMDVVESUQgU0RLIFByij13K wTuef3NyOxdN3r5MWadmXjHse9hzR9EkauispmVxeomdTB2npj29OhNrsUhaHuNhvnorLkhtO4nkfIQpgtwcy0q6m5 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 ndkO2OrPD2LLosGvskAzXKNW2FfihAenUvQboKxgN6Ce638Iypg3QuopWJSsbWoV3LIx41 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 nfXK9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBADauzLvXVQIyF2No4qaDcnod1SaaIxqKy 982a4f1ccf334affaeef1c7d0872a2a8 74b8d5ee25574b7cb5a1ebb718f18d83 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCaRPikR4WTAckHfIm80LCCoSGlCTogpFuC367bI4tYhryQnQgXIzNs8jS2wSHTeucmyjiWLpgFU4CnjfezI23V2AM0XOGeTICFmW86DkDe5PutddX/+bCAox19B8IMaUMBmWFM1qQZY837ppKKbrfTPALaog5xX9IlsjqYw9klCQIDAQAB 4465e786c1634dfcacc2f755b9007ecb 887d26e6de9e48b9a88fce1c61905305 wg4qVke8giFYcZozzgpf0KZVf0AKxicM6c8Q7E55ifATkulb4 82b79ad8551873a592e36abad22eeef5 c82febeb9a8f44fe9d3126a4a0192e81 nTjEWMBQGA1UECgwNVURJRCBTREsgUHJvZDAgFw0yMTA5MjIwODA4NThaGA8yMTIxKliqX ed91c87d391f419fa6705a77a5331734 bCkPFoPcwU5jbPEmdawO3U0UHhNwlITxGeVUKrlbHS4aIo0SIaSxDTE3eFxoOxDTMBjUakDeyFIJQnUaT0eqhEInDGOrJm7s MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJsqfq0gjyIi0Oj8DZfM1fwMfHefsorBtBHQoe2kMY5wpKedkKT8YIELHmFGkMB+jyUSAtoNTgQjE1Fe12icP8sCAwEAAQ== MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjNXq+j1BRuv4PCO5+mp6fTIqqCfXYd50KUV7cTV4qRpUQOcq9nkiwroDVSpXehLSx2L3HICC9NRMH8p8cIOsOXk0V5XSeRbUJtUeGrWGA4ozP4Lmx1VcLgDorbi8komzOhflj3ikz9924O20kg5qxQYl4Qs+XjootjyjqTqfPfwIDAQAB 9f23723f6a9b47cfa71e4243f70d1174 22b86ab5791149969bb4cf339e494a02 2f2add4c4b6c4f6cb12978fff439d7fe
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a/b/a/a/a.java, line(s) 37,61,94,71,73,76,78,82,84,85,91,102,107,112 a/b/a/a/b/a.java, line(s) 46,55,65,82,127,132,141,149 a/b/a/b/b/a.java, line(s) 31,43,55,80 a/b/a/c/c.java, line(s) 63 a/b/a/d/c/d/a.java, line(s) 11,17,23,33 a/b/a/d/d/b.java, line(s) 12 a/b/d/a.java, line(s) 49 a/c/a/a.java, line(s) 382 b/a/e.java, line(s) 52 com/hmct/devicemanager/EmmUtil.java, line(s) 15 com/iflytek/edu/apm/base/bean/NetTimeCorrector.java, line(s) 57,87,85,73,76 com/iflytek/edu/apm/base/database/FileDbHelper.java, line(s) 22 com/iflytek/edu/apm/base/database/FileDbManagerImpl.java, line(s) 61,75,146,152,22 com/iflytek/edu/apm/base/encrypt/EDUEncryptProcessor.java, line(s) 39,91,72,77 com/iflytek/edu/apm/base/exception/UploadManagerProxy.java, line(s) 27 com/iflytek/edu/apm/base/http/EDULogHttpClient.java, line(s) 239,44,81,93,96,210 com/iflytek/edu/apm/base/http/net/LogInterceptor.java, line(s) 45,47,36 com/iflytek/edu/apm/base/http/utils/EDULogHttpUtils.java, line(s) 38,43,92,166 com/iflytek/edu/apm/base/http/utils/EDULogNetUtils.java, line(s) 15 com/iflytek/edu/apm/base/timer/ExactTimer.java, line(s) 32,38,123,126,131 com/iflytek/edu/apm/base/timer/NormalTimer.java, line(s) 56,91,96 com/iflytek/edu/apm/base/upload/FileUploadImpl.java, line(s) 200,321,355,125,134,160,171,208,221,313,347,377,400,427,434,449 com/iflytek/edu/apm/base/upload/FileUploaderV2.java, line(s) 90,95,110,115,259,265,289,314,353,357,375,396,403,406,423,427,436,190,273,278,285,298,360,187 com/iflytek/edu/apm/base/utils/ClickBackHelper.java, line(s) 13,18,20,24,30,32 com/iflytek/edu/apm/base/utils/EDULog.java, line(s) 185,151,192,236,181,187 com/iflytek/edu/apm/base/utils/EDULogAESUtil.java, line(s) 59 com/iflytek/edu/apm/base/utils/EDULogFileUtils.java, line(s) 189,282,284 com/iflytek/edu/apm/base/utils/EDULogRSAUtil.java, line(s) 44,53 com/iflytek/edu/apm/base/utils/EDULogSPUtils.java, line(s) 11,19,29,77,84,92,98,159 com/iflytek/edu/apm/base/utils/EDULogTimerClient.java, line(s) 29,26,36,43 com/iflytek/edu/apm/base/utils/NetworkChangeReceiver.java, line(s) 39,42,66,120,75,83,89,91,58,62,112,116 com/iflytek/edu/apm/base/utils/PermissionAdapterUtil.java, line(s) 10 com/iflytek/edu/apm/base/utils/WakeLockManager.java, line(s) 24,31,35,38,47 com/iflytek/edu/apm/base/utils/ZipHelper.java, line(s) 91,54 com/iflytek/edu/log/EDULogStorageUploadManager.java, line(s) 94,109,188,214,223,242,320,231,254,311 com/iflytek/edu/log/agent/EDULogStorageUploadAgentManager.java, line(s) 54,45,56 com/iflytek/edu/log/agent/cache/EDULogCacheTimer.java, line(s) 35,38,48,59,62 com/iflytek/edu/log/agent/cache/EDULogMMapCacheHelper2.java, line(s) 58,64,116,117,130,140,158,163,165,173,178,205,235,254,312,328,353,378,195,240 com/iflytek/edu/log/agent/cache/EDULogMMapCacheManager.java, line(s) 59,78,83,89,94 com/iflytek/edu/log/agent/cache/EDULogServiceCallback.java, line(s) 37,44 com/iflytek/edu/log/agent/client/LogAgent.java, line(s) 43,61,74,112,119,139,165,195,240,254,264,304,312,321,333,351,364,367,374,377,382,389,411,417,126,134,256,266 com/iflytek/edu/log/agent/upload/EDULogStorageUploadAgentHelper.java, line(s) 51,73,69 com/iflytek/edu/log/agent/upload/EDUStorageUploadProxy.java, line(s) 120,123,161,110,114,150 com/iflytek/edu/log/bizbase/process/EDUApmIndexHelper.java, line(s) 33,45,54 com/iflytek/edu/log/bizbase/process/EDUBigDataIndexHelper.java, line(s) 32,44,53 com/iflytek/edu/log/bizbase/process/EDULogSPHelper.java, line(s) 17,63 com/iflytek/edu/log/bizbase/process/EDUProcessSyncManager.java, line(s) 34,66,98,130,162,203,218,233,248,263 com/iflytek/edu/log/cache/EDULogCacheManager.java, line(s) 55,105,130,38,81,136,141 com/iflytek/edu/log/cache/helper/EDULogCacheHelper.java, line(s) 29,34,39,44,50,55,99 com/iflytek/edu/log/compress/CompressConfig.java, line(s) 136 com/iflytek/edu/log/compress/CompressManager.java, line(s) 299,62,67,169,171,318,324,334,340,84,88,94,125,206,215,223,352,356,360,366,373,410,417,429,441,454,461 com/iflytek/edu/log/compress/CompressUploadProxy.java, line(s) 18,23,44,49,55,58,64,75,79 com/iflytek/edu/log/compress/EDUCompressEncryptProcessor.java, line(s) 72 com/iflytek/edu/log/compress/LocalFileDataManager.java, line(s) 61,108,139,151,162,178,74,85,100,105,116,123,189,197 com/iflytek/edu/log/compress/sql/DbHelper.java, line(s) 30 com/iflytek/edu/log/deviceinfo/EDULogBatteryIdentifierUtils.java, line(s) 69 com/iflytek/edu/log/deviceinfo/EDULogDeviceIdentifierUtils.java, line(s) 25,226 com/iflytek/edu/log/deviceinfo/EDULogNetworkIdentifierUtils.java, line(s) 107 com/iflytek/edu/log/deviceinfo/EDULogSimIdentifierUtils.java, line(s) 63 com/iflytek/edu/log/deviceinfo/EDULogStorageIdentifierUtils.java, line(s) 56 com/iflytek/edu/log/deviceinfo/applist/ObtainAppListStrategyImpl.java, line(s) 21,52,18,23,55,57 com/iflytek/edu/log/deviceinfo/base/AbsInfoWrapper.java, line(s) 24 com/iflytek/edu/log/deviceinfo/battery/imp/EDULogBatteryStrategy.java, line(s) 79,94,112,131,148,165,188,205 com/iflytek/edu/log/deviceinfo/device/imp/EDULogDeviceStrategy.java, line(s) 124,136,140,181,228,276,316,334,359,401,420,440,481,484,494,528,540,557,102,373,376,508,511 com/iflytek/edu/log/deviceinfo/device/imp/MacWrapper.java, line(s) 26,42 com/iflytek/edu/log/deviceinfo/device/utils/EDULogRootUtils.java, line(s) 132,149 com/iflytek/edu/log/deviceinfo/network/imp/EDULogNetworkStrategy.java, line(s) 84,131,198,234,297,338,385,425,451,470,493,515 com/iflytek/edu/log/deviceinfo/network/utils/EDULogDevNetDealUtils.java, line(s) 61,80 com/iflytek/edu/log/deviceinfo/sim/imp/EDULogSimStrategy.java, line(s) 223 com/iflytek/edu/log/deviceinfo/sim/utils/EDULogSimInfoHelper.java, line(s) 21,30,39,48,57 com/iflytek/edu/log/deviceinfo_collector/EDULogDeviceInfoCollector.java, line(s) 46,71,159,163,170,172,180,204,216,222,229,232,247,250,259,291,305,312,92,206,208,55,112,87 com/iflytek/edu/log/deviceinfo_collector/beans/pack/DevicePackStrategyImpl.java, line(s) 86 com/iflytek/edu/log/deviceinfo_collector/pack/content/LogContentPackHelper.java, line(s) 184,188 com/iflytek/edu/log/helper/EDULogStorageUploadHelper.java, line(s) 99,253,359,81,129,135,211,215,219,278,296,317,321,38,43,48,69,75,92,199,262,267,363,368,380,385,426 com/iflytek/edu/log/storage/EDULogStorageManager.java, line(s) 108,136,343,347,476,81,113,120,133,146,239,292,305,307,309,448,467,469,471,194 com/iflytek/edu/log/storage/dao/helper/EDULogSQLImpDaoHelper.java, line(s) 27,53,104 com/iflytek/edu/log/storage/dao/imp/EDULogSQLImpDao.java, line(s) 112,99,121,162,186,249,386,438,441,469,549 com/iflytek/edu/log/storage/helper/EDULogDBThreadHelper.java, line(s) 57 com/iflytek/edu/log/storage/helper/EDULogStorageHelper.java, line(s) 37,41,54,49,58 com/iflytek/edu/log/storage/sql/EDUSQLiteOpenHelper.java, line(s) 28,22,25,44 com/iflytek/edu/log/upload/EDULogUploadManager.java, line(s) 58,61,78,46 com/iflytek/edu/log/upload/Interceptor/EDULogInterceptor.java, line(s) 37 com/iflytek/edu/log/upload/client/EDULogUploadClient.java, line(s) 86,220,121,136,146,165,195,47,51,56,94,100,105,111,126,141,153,170,186,197,204,240,244,250,84 com/iflytek/edu/log/upload/helper/EDULogUploadClientHelper.java, line(s) 21,23,25,29,33,44 com/iflytek/edu/log/upload/helper/EDULogUploadHelper.java, line(s) 49,52,56,62,65,76,84,134,138,160,171,143,164,177 com/iflytek/edu/statistics/EDULogStasDataCollector.java, line(s) 277 com/iflytek/edu/statistics/log/EDUAPMLogStatistics.java, line(s) 18,22,26,32,38,50 com/iflytek/edu/statistics/log/EDULogStatistics.java, line(s) 24,32,40,50,52,60,77,89,97 com/iflytek/edu/statistics/log/EDUUserLogStatistics.java, line(s) 19,23,25,33,37,39,47,49,57,59,67,71,75,79,81 com/iflytek/edu/statistics/log/apm/exception/EDUExceptionCollector.java, line(s) 86,89,104,110,112,120,145,148,158,160,170 com/iflytek/edu/statistics/log/apm/pack/LogContentPackHelper.java, line(s) 59,65 com/iflytek/edu/statistics/log/apm/track/EDUApmTrackCollector.java, line(s) 172,175,189,201,217,242,256,262,264,272,297,300,311,313,332,156,229 com/iflytek/edu/statistics/log/common/EDULogAppLifecycleCallback.java, line(s) 22,68,79,83 com/iflytek/edu/statistics/log/common/EDULogNetworkChangeReceiver.java, line(s) 51,56,60,62 com/iflytek/edu/statistics/log/config/EDULogConfigManager.java, line(s) 134,228,253,260,302,357,386,438,439,440,494,132,305,346,350,354,428,458,465,487 com/iflytek/edu/statistics/log/config/component/EDUCollectorHelper.java, line(s) 74,77,190,210,218,223,226,241,359 com/iflytek/edu/statistics/log/config/component/EDUUploadHelper.java, line(s) 157,170,172,149,193,230 com/iflytek/edu/statistics/log/config/http/EDUApmStrategyHelper.java, line(s) 22,48,62 com/iflytek/edu/statistics/log/config/http/EDUBigDataStrategyHelper.java, line(s) 26,62 com/iflytek/edu/statistics/plugin/EDULogStasPluginEntry.java, line(s) 80 com/iflytek/edu/statistics/utils/EDULogBig.java, line(s) 175,142,182,213,171,177 com/iflytek/elpmobile/apm/udid/c/h.java, line(s) 12,22,32,38 com/iflytek/fsp/shield/android/sdk/http/ApiClient.java, line(s) 85 com/iflytek/libzxing/activity/CaptureActivity.java, line(s) 58 com/iflytek/libzxing/b/a.java, line(s) 22 com/iflytek/libzxing/b/c.java, line(s) 92,176,179,192,197,190,57,74,119,130 com/iflytek/libzxing/b/e.java, line(s) 19,21,56,59,62,73,84 com/iflytek/libzxing/b/g.java, line(s) 34 com/iflytek/libzxing/decoding/CaptureActivityHandler.java, line(s) 72,77,89,93 com/iflytek/libzxing/decoding/b.java, line(s) 54 com/iflytek/loginfosdk/DataBaseContext.java, line(s) 23,31 com/iflytek/loginfosdk/a.java, line(s) 53 com/iflytek/mdmcommon/AESUtils.java, line(s) 29 com/iflytek/mdmcommon/AppSignatureUtil.java, line(s) 44 com/iflytek/mdmcommon/ComboUtil.java, line(s) 33 com/iflytek/mdmcommon/FileLog.java, line(s) 57,116,86,121,42 com/iflytek/mdmcommon/KeyboardUtils.java, line(s) 75,87 com/iflytek/mdmcommon/LogUtil.java, line(s) 27 com/iflytek/mdmcommon/NetworkUtils.java, line(s) 70,80,123,139,300 com/iflytek/mdmcommon/PermissionUtil.java, line(s) 30,36 com/iflytek/mdmcommon/RSA.java, line(s) 71,72,73,75,77,78,80,82 com/iflytek/mdmcommon/RSAUtil.java, line(s) 140,141 com/iflytek/mdmcommon/Utils.java, line(s) 80 com/iflytek/mdmcommon/log/LogCacheAppender.java, line(s) 50,53,81,90,106 com/iflytek/mdmcommon/log/LogCacheManager.java, line(s) 22 com/iflytek/mdmcommon/permissiontool/PermissionUtil.java, line(s) 339 com/iflytek/mdmepas/DiskLruCacheHelper.java, line(s) 59,44,48,62,75,80,100,123,127,139,150 com/iflytek/mdmepas/a.java, line(s) 52,60 com/iflytek/mdmepas/e.java, line(s) 22 com/iflytek/mdmservice/MDMApp.java, line(s) 165,655 com/iflytek/mdmservice/db/dao/DaoMaster.java, line(s) 21,38 com/iflytek/mdmservice/db/impl/HelperPolicyDaoImpl.java, line(s) 33,42 com/iflytek/mdmservice/db/impl/TempPolicyDaoImpl.java, line(s) 33,42 com/iflytek/mdmservice/k/d0.java, line(s) 455,1425,2259,2260 com/iflytek/mdmservice/l/a.java, line(s) 70 com/iflytek/mdmservice/receiver/InstallSourceControlReceiver.java, line(s) 19 com/iflytek/mdmservice/receiver/NetChangedReceiver.java, line(s) 74 com/iflytek/mdmservice/utils/v.java, line(s) 63,64,140 com/iflytek/oauth/activity/SingleAtLoginActivity.java, line(s) 70,86,65,106,111,114,152,155,191,195 com/iflytek/oauth/activity/behaviorlogin/EDUBehaviorRiskWebActivity.java, line(s) 111,123,59,63,66,72,102 com/iflytek/oauth/activity/behaviorlogin/web/EDUBehaviorOriginalWebViewEx.java, line(s) 267 com/iflytek/oauth/activity/behaviorlogin/web/e.java, line(s) 45,59,69,75 com/iflytek/oauth/activity/behaviorlogin/web/g.java, line(s) 82,88,94,108 com/iflytek/oauth/activity/c.java, line(s) 52,54,109,114 com/iflytek/oauth/c/a.java, line(s) 9,15 com/iflytek/oauth/c/b.java, line(s) 13 com/iflytek/oauth/d/a.java, line(s) 45,134,82,146 com/iflytek/oauth/d/c.java, line(s) 124 com/iflytek/oauth/d/d/a.java, line(s) 40 com/iflytek/oauth/e/b.java, line(s) 47 com/iflytek/oauth/f/c.java, line(s) 17 com/iflytek/oauth/login/customDialog/BaseCustomDialog.java, line(s) 127,138 com/iflytek/oauth/login/customDialog/LoginDialog.java, line(s) 70 com/iflytek/oauth/receiver/H5LoginReceiver.java, line(s) 33 com/iflytek/opensdk/LogUtils.java, line(s) 87,93,89,85,91 com/iflytek/opensdk/zhkt/a/c.java, line(s) 11 com/iflytek/opensdk/zhkt/a/d.java, line(s) 12 com/iflytek/opensdk/zhkt/a/e.java, line(s) 182,204,179,201 com/iflytek/opensdk/zhkt/a/g.java, line(s) 18 com/iflytek/pushclient/a/j/b.java, line(s) 174 com/iflytek/pushclient/a/j/c.java, line(s) 92 com/iflytek/pushclient/b/n.java, line(s) 28,49,53,13,20,35,42 com/iflytek/pushclient/d/g/a/c.java, line(s) 125,131,156,161,168,176 com/iflytek/sunflower/util/j.java, line(s) 45,67,28,39,50,17,33,55,23,61 com/iflytek/user/JsonUtils.java, line(s) 35 com/iflytek/user/combo/ComboManage.java, line(s) 84,126,130 com/iflytek/user/stu/StuLogin.java, line(s) 72 com/iflytek/user/stu/StuToken.java, line(s) 28,58 com/iflytek/user/tea/TeaLogin.java, line(s) 58,93,131 com/ixue/api/b.java, line(s) 17,21 com/ixue/api/c.java, line(s) 27,36,73,85,97,109,123,137,149,162,175,188,201,213,225,243,257,268,280,292,304,325,337,349,361,377,389,401,413,425,437,449,461,473,485,497,509,521,533,545,557,569,581,593,605,617,629,641,653,665,677,316,369 com/lenovo/csdktest/AppManagerActivity.java, line(s) 87,295 com/lenovo/csdktest/CustomUIActivity.java, line(s) 39,43,46 com/lenovo/csdktest/DeviceManagementActivity.java, line(s) 216,224 com/lenovo/csdktest/FireWallActivity.java, line(s) 122,138,142 com/lenovo/csdktest/MainActivity.java, line(s) 59 com/lenovo/csdktest/SettingsActivity.java, line(s) 290 com/zx/a/I8b7/g1.java, line(s) 200,206 com/zx/a/I8b7/h0.java, line(s) 13,24,17,9,19 com/zx/a/I8b7/k.java, line(s) 14,30 de/mindpipe/android/logging/log4j/LogCatAppender.java, line(s) 31,34,58,61,40,43,22,25,49,52,69,71 de/mindpipe/android/logging/log4j/LogConfigurator.java, line(s) 60 io/sentry/android/AndroidSentryClientFactory.java, line(s) 20,53,73,38,51,56 io/sentry/android/event/helper/AndroidEventBuilderHelper.java, line(s) 211,60,78,140,149,165,181,190,213,227,237,250,260,278,298,317 net/sqlcipher/AbstractCursor.java, line(s) 143 net/sqlcipher/BulkCursorToCursorAdaptor.java, line(s) 44,62,102,113,156,183,208,36,78,194 net/sqlcipher/DatabaseUtils.java, line(s) 116,153,593,604 net/sqlcipher/DefaultDatabaseErrorHandler.java, line(s) 14,24,26,30,18 net/sqlcipher/database/SQLiteCompiledSql.java, line(s) 52,63,82,90,73 net/sqlcipher/database/SQLiteContentHelper.java, line(s) 25 net/sqlcipher/database/SQLiteCursor.java, line(s) 159,229,269,291,123,432 net/sqlcipher/database/SQLiteDatabase.java, line(s) 185,187,791,144,385,435,448,463,820,991,1051,1150,1236,1416,179,1052,1408,617,635,834,846,1053,1206,1217,1409,1483,1491,630 net/sqlcipher/database/SQLiteDebug.java, line(s) 7,8,9,10,11,12 net/sqlcipher/database/SQLiteOpenHelper.java, line(s) 97,118 net/sqlcipher/database/SQLiteProgram.java, line(s) 43,49 net/sqlcipher/database/SQLiteQuery.java, line(s) 116 net/sqlcipher/database/SQLiteQueryBuilder.java, line(s) 223,222 net/sqlcipher/database/SqliteWrapper.java, line(s) 29,39,53,63,73 org/greenrobot/eventbus/f.java, line(s) 62,67 org/greenrobot/greendao/d.java, line(s) 7,11,15,19,23,27
安全提示信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密
此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 Files: com/iflytek/edu/apm/base/upload/FileUploaderV2.java, line(s) 186,42 com/iflytek/edu/log/storage/EDULogStorageManager.java, line(s) 132,33
安全提示信息 此应用程序使用SQL Cipher,确保密钥没有硬编码在代码中
此应用程序使用SQL Cipher,确保密钥没有硬编码在代码中 Files: com/iflytek/edu/log/compress/sql/FileDbDao.java, line(s) 39 com/iflytek/edu/log/storage/dao/imp/EDULogSQLImpDao.java, line(s) 67,480,482
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/iflytek/edu/log/deviceinfo/device/utils/EDULogRootUtils.java, line(s) 18,18,18,18,18,18 com/iflytek/mdmservice/o/d/d.java, line(s) 9,9,9,9,9 com/iflytek/mdmservice/utils/DeviceHelper.java, line(s) 520,521 io/sentry/android/event/helper/AndroidEventBuilderHelper.java, line(s) 309,313,313,313,313,313,313
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/iflytek/edu/apm/base/http/utils/EDULogHttpUtils.java, line(s) 180,103 com/obs/services/internal/utils/h.java, line(s) 311,315,252,271,313,312,312
综合安全基线评分总结
管控平台 v5.2.3.0.
Android APK
45
综合安全评分
中风险