导航菜单
登录 注册

应用安全检测报告

应用安全检测报告,支持文件搜索、内容检索和AI代码分析

移动应用安全检测报告

应用图标

PrestMan MX v1.0.0

Android APK 7dd99af8...
59
安全评分

安全基线评分

59/100

低风险

综合风险等级

风险等级评定
  1. A
  2. B
  3. C
  4. F

应用存在一定安全风险,建议优化

漏洞与安全项分布

1 高危
13 中危
1 信息
3 安全

隐私风险评估

0
第三方跟踪器

隐私安全
未检测到第三方跟踪器


检测结果分布

高危安全漏洞 1
中危安全漏洞 13
安全提示信息 1
已通过安全项 3
重点安全关注 0

高危安全漏洞 该文件是World Readable。任何应用程序都可以读取文件 

该文件是World Readable。任何应用程序都可以读取文件
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2

Files:
com/datavisorobfus/k0.java, line(s) 29

中危安全漏洞 应用数据存在泄露风险 

未设置[android:allowBackup]标志
建议将 [android:allowBackup] 显式设置为 false。默认值为 true,允许通过 adb 工具备份应用数据,存在数据泄露风险。

中危安全漏洞 Broadcast Receiver (com.example.prestman.BatteryReceiver) 未受保护。 

[android:exported=true]
检测到  Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。 

Permission: android.permission.DUMP [android:exported=true]
检测到  Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。

中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希 

SHA-1是已知存在哈希冲突的弱哈希
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/datavisorobfus/e0.java, line(s) 26
com/datavisorobfus/l0.java, line(s) 11,30,47

中危安全漏洞 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
A1/z.java, line(s) 7
L3/a.java, line(s) 3
L3/b.java, line(s) 4
Y3/AbstractC1418b.java, line(s) 8
Y3/x.java, line(s) 8
a3d20241011/n.java, line(s) 38
com/datavisor/vangogh/util/ExceptionUtil.java, line(s) 7
com/datavisorobfus/o.java, line(s) 10
m3/a.java, line(s) 4

中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
J/C0937e.java, line(s) 459,477
U3/AbstractC1329h.java, line(s) 133,155
U3/C1331j.java, line(s) 101
com/datavisor/vangogh/storage/local/a.java, line(s) 104
com/datavisor/vangogh/storage/local/b.java, line(s) 13,15
com/datavisorobfus/i.java, line(s) 1452
com/datavisorobfus/l.java, line(s) 187
com/datavisorobfus/p.java, line(s) 289

中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
com/datavisor/vangogh/face/DVKeyName.java, line(s) 4,5

中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件 

应用程序创建临时文件。敏感信息永远不应该被写进临时文件


Files:
D3/C0679u.java, line(s) 714,1069
p/C0262u.java, line(s) 136
s3/C1286x2.java, line(s) 84
s3/r3.java, line(s) 45

中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞 

不安全的Web视图实现。可能存在WebView任意代码执行漏洞
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5

Files:
com/datavisorobfus/h.java, line(s) 54,53
com/datavisorobfus/l.java, line(s) 252,251

中危安全漏洞 此应用程序可能会请求root(超级用户)权限 

此应用程序可能会请求root(超级用户)权限
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1

Files:
com/datavisorobfus/C0637c.java, line(s) 94

中危安全漏洞 MD5是已知存在哈希冲突的弱哈希 

MD5是已知存在哈希冲突的弱哈希
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
K/AbstractC0952d.java, line(s) 55

中危安全漏洞 IP地址泄露 

IP地址泄露


Files:
com/datavisor/vangogh/util/ExceptionUtil.java, line(s) 63
com/datavisorobfus/g.java, line(s) 19
com/datavisorobfus/o.java, line(s) 100

中危安全漏洞 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
MJCR3nbjtc8ARKt/AP825zhTxLPuFzw=
MJCR3nbjtc8ARKt9HOAI/AZAzrHiEyhubQ==
KZGR3Uffq88OW6tuEewC9j5V3A==
30820268308201d102044a9c4610300d06092a864886f70d0101040500307a310b3009060355040613025553310b3009060355040813024341311230100603550407130950616c6f20416c746f31183016060355040a130f46616365626f6f6b204d6f62696c653111300f060355040b130846616365626f6f6b311d301b0603550403131446616365626f6f6b20436f72706f726174696f6e3020170d3039303833313231353231365a180f32303530303932353231353231365a307a310b3009060355040613025553310b3009060355040813024341311230100603550407130950616c6f20416c746f31183016060355040a130f46616365626f6f6b204d6f62696c653111300f060355040b130846616365626f6f6b311d301b0603550403131446616365626f6f6b20436f72706f726174696f6e30819f300d06092a864886f70d010101050003818d0030818902818100c207d51df8eb8c97d93ba0c8c1002c928fab00dc1b42fca5e66e99cc3023ed2d214d822bc59e8e35ddcf5f44c7ae8ade50d7e0c434f500e6c131f4a2834f987fc46406115de2018ebbb0d5a3c261bd97581ccfef76afc7135a6d59e8855ecd7eacc8f8737e794c60a761c536b72b11fac8e603f5da1a2d54aa103b8a13c0dbc10203010001300d06092a864886f70d0101040500038181005ee9be8bcbb250648d3b741290a82a1c9dc2e76a0af2f2228f1d9f9c4007529c446a70175c5a900d5141812866db46be6559e2141616483998211f4a673149fb2232a10d247663b26a9031e15f84bc1c74d141ff98a02d76f85b2c8ab2571b6469b232d8e768a7f7ca04f7abe4a775615916c07940656b58717457b42bd928a2
dI2H2mzZqo8OQIQxI/oZ8itF3Lf7XC57dQ==
H6ik7UfoqtAwYIZxE9A68jVW8J/oAjw=
3082024d308201b6a00302010202044f31d2cb300d06092a864886f70d0101050500306a310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d53616e204672616e636973636f31163014060355040a130d496e7374616772616d20496e63311630140603550403130d4b6576696e2053797374726f6d3020170d3132303230383031343133315a180f32313132303131353031343133315a306a310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d53616e204672616e636973636f31163014060355040a130d496e7374616772616d20496e63311630140603550403130d4b6576696e2053797374726f6d30819f300d06092a864886f70d010101050003818d003081890281810089ebcac015660b42a5c080bf694c52e29e9df83a4c94964b022ca38d2ba2157d8e4650955c787906ac344bdb8b7d202a92231403d48e9e2f0df3cb917cfa9b9741314c85052673d42ad00f2c251be4a6b012fb9d5b33131b0e5ca0b9193856dc311dc65dc45f97d2632e72bec2b4964adfd5d30675d5d372fbaf11359a7afb550203010001300d06092a864886f70d0101050500038181002aefd84526b570192967b679a685bcdc12cf40030589594d04d885cfa8a311372fb93f2c1c8ba636f061aeb87207f5a1ad26fe58747c30714f1e9b918ab2e090d5250307655eeab5fede1e6409316c5d29779c037b550f29bcad40fa70c947b616cc05daa5532c0ecc3ece773a71f37287a4ac32f2bd7feede847cbac5671969

安全提示信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
B2/e.java, line(s) 98,486,513,614
C0/C0617d.java, line(s) 143
C0/e.java, line(s) 140
D3/C0679u.java, line(s) 125,134,141,186,192,198,205,449,451,464,492,498,608,634,650,731,734,877,945,976,985,990,1029,1092,1094
D3/C0684z.java, line(s) 87,98,112,122
D3/M0.java, line(s) 122,135,158,83,271
F1/C0724e.java, line(s) 86,117,60,51
F1/l.java, line(s) 210,465,630,635,270,428,105,289,654,683
I/AbstractC0770f.java, line(s) 26,32,38,44
I0/b.java, line(s) 339,931,1055,1100,1105,1111,1198,1367,1389,1557,1560,1569,1575,1653,1748,1935,1971,2050,2111,2192,2277,2322,2373,2394,2407,2439,2517,2574,2632,1647,144,1068,1072,1076,1443,2015,2029,2508,2532,2746,2798,2815
J/C0937e.java, line(s) 434,470
K0/AbstractComponentCallbacksC0208p.java, line(s) 385,695,1261,1081
K0/C0193a.java, line(s) 31,82,91,103
K0/C0194b.java, line(s) 119
K0/C0198f.java, line(s) 879,1243,69,82,101,135,208,244,259,277,288,467,507,548,557,558,564,566,572,694,695,700,706,707,712,731,756,807,852,873,1078,1093,1103,1207,1209,1211,1213,1349
K0/DialogInterfaceOnCancelListenerC0206n.java, line(s) 102,201,358,396,412
K0/I.java, line(s) 206,217,244,978,984,1106,1112,1143,1144,955,956,967,505,225,384,1164,1604,1623,1691,1701,1711,1733,1766,1775,1801,1827,1925,2007,2015,194,330,340,352,362
K0/L.java, line(s) 75,98,116,83,91,160,166
K0/O.java, line(s) 77,99,185,206,243,285,335,354,367,376,425,430,478,544,589,686,694,178,273,410,604,665,728
K0/P.java, line(s) 238,248,296,316,335
K0/T.java, line(s) 156,165
K0/W.java, line(s) 18
K0/Z.java, line(s) 681,127,140,262,271,276,287,291,381,442,450,459,691,699,707,715,726,735,741,755,821
M1/AbstractC1002C.java, line(s) 23
M1/AbstractC1016n.java, line(s) 47,90,96,105,108
M1/C1012j.java, line(s) 123,170,177
M1/C1017o.java, line(s) 38
M1/r.java, line(s) 24
M1/y.java, line(s) 47
N/Y.java, line(s) 13,20,27,34,41,54,72,79
O1/c.java, line(s) 91
O1/w.java, line(s) 52
P1/AbstractBinderC1083a.java, line(s) 18
P1/AbstractC1085c.java, line(s) 204,222,413,419,423,429
P1/AbstractC1105x.java, line(s) 98,101,127,130,133,165,173
P1/AbstractDialogInterfaceOnClickListenerC1077A.java, line(s) 28
P1/N.java, line(s) 35
P1/Q.java, line(s) 103
P1/S.java, line(s) 29
P1/T.java, line(s) 20
P1/V.java, line(s) 46
P1/b0.java, line(s) 49,54
P1/f0.java, line(s) 54
Q0/a.java, line(s) 77
Q0/d.java, line(s) 206
Q2/b.java, line(s) 7,11,19,23
R0/f.java, line(s) 343
S1/C1157b.java, line(s) 58,69
T/AbstractC1299e.java, line(s) 188,192
U3/C1331j.java, line(s) 145
V0/a.java, line(s) 16
V0/e.java, line(s) 27,35
V3/C1356j.java, line(s) 19,28,45
W/e.java, line(s) 1442,929,935,1787,2026
W/l.java, line(s) 193
W/n.java, line(s) 50,59,80,92,104,113,127,141,152
W/p.java, line(s) 63,109
X1/l.java, line(s) 60,66,78,99,106
Y0/f.java, line(s) 50
Y0/p.java, line(s) 62,198
a/g.java, line(s) 160,193,269
a0/y.java, line(s) 289,526
b/c.java, line(s) 271
com/example/prestman/MainActivity.java, line(s) 46
com/pairip/licensecheck/LicenseActivity.java, line(s) 93,71
com/pairip/licensecheck/LicenseClient.java, line(s) 77,90,121,138,168,196,187,112
e1/AbstractC0713a.java, line(s) 7,13,8,14
e1/a.java, line(s) 92,96
i1/AbstractC0775a.java, line(s) 23,37,46,56
l0/c.java, line(s) 112,133,127
p/T.java, line(s) 136,138,142,146,151
s3/C2.java, line(s) 67
s3/M2.java, line(s) 59
w0/e.java, line(s) 56,87

已通过安全项 此应用程序可能具有Root检测功能 

此应用程序可能具有Root检测功能
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1

Files:
F1/l.java, line(s) 608,608,611,612
F2/n.java, line(s) 190,193,193,193,193,193,193
J/C0937e.java, line(s) 204,204,207,207

已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 

此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4

Files:
a4/c.java, line(s) 138,137,136,136

已通过安全项 此应用程序没有隐私跟踪程序 

此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。

综合安全基线评分总结

应用图标

PrestMan MX v1.0.0

Android APK
59
综合安全评分
中风险