应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
小柿子 v1.3.8
42
安全评分
安全基线评分
42/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
7
高危
21
中危
2
信息
2
安全
隐私风险评估
5
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
7
中危安全漏洞
21
安全提示信息
2
已通过安全项
2
重点安全关注
0
高危安全漏洞 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: sjm/xuitls/x.java, line(s) 40,6,7
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/mbridge/msdk/advanced/signal/NativeAdvancedExpandDialog.java, line(s) 188,16 com/mbridge/msdk/click/p.java, line(s) 178,14,15 com/mbridge/msdk/mbbanner/common/c/d.java, line(s) 444,14 com/mbridge/msdk/mbbanner/common/communication/BannerExpandDialog.java, line(s) 188,16 com/mbridge/msdk/nativex/view/BaseMBMediaView.java, line(s) 580,2328,24,25 com/mbridge/msdk/splash/signal/SplashExpandDialog.java, line(s) 192,16 com/mbridge/msdk/video/bt/module/MBridgeBTWebView.java, line(s) 351,13 com/mbridge/msdk/video/module/MBridgeAlertWebview.java, line(s) 94,6 com/mbridge/msdk/video/module/MBridgeH5EndCardView.java, line(s) 718,17 com/sjm/sjmdsp/SjmDspPageActivity.java, line(s) 64,8
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: a2/a.java, line(s) 101,100 q3/b.java, line(s) 179,178
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: s3/b.java, line(s) 10,16
高危安全漏洞 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: cn/hzjizhun/admin/base/n1.java, line(s) 18,53
高危安全漏洞 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: sjm/xuitls/BuildConfig.java, line(s) 3,5
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个5隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据存在泄露风险
未设置[android:allowBackup]标志 建议将 [android:allowBackup] 显式设置为 false。默认值为 true,允许通过 adb 工具备份应用数据,存在数据泄露风险。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.bytedance.android.openliveplugin.stub.activity.DouyinAuthorizeActivityProxy) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.bytedance.android.openliveplugin.stub.activity.DouyinAuthorizeActivityLiveProcessProxy) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (cn.hzjizhun.admin.h5.AdSdkH5Activity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (cn.hzjizhun.admin.h5.VideoPlayActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.kwad.sdk.api.proxy.VideoWallpaperService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_WALLPAPER [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 高优先级 Intent(1000) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/kwai/video/ksvodplayerkit/Utils/VodPlayerUtils.java, line(s) 129 com/mbridge/msdk/foundation/download/resource/MBResourceManager.java, line(s) 90 com/mbridge/msdk/foundation/tools/ac.java, line(s) 19,32 com/mbridge/msdk/mbdownload/e.java, line(s) 686 h4/b.java, line(s) 10 j2/d.java, line(s) 43 j5/c.java, line(s) 85,93 l7/g.java, line(s) 12 w1/b.java, line(s) 70 y1/a.java, line(s) 63
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: aegon/chrome/base/EarlyTraceEvent.java, line(s) 19 cn/hzjizhun/admin/api/ApiManager.java, line(s) 36 cn/hzjizhun/admin/api/FunctionConfig.java, line(s) 17 cn/hzjizhun/admin/bean/ExtendChannel.java, line(s) 57 cn/hzjizhun/admin/custom_ad/http/CustomApiConstant.java, line(s) 12 com/mbridge/msdk/MBridgeConstans.java, line(s) 16,51 com/mbridge/msdk/click/b/a.java, line(s) 36 com/mbridge/msdk/foundation/db/f.java, line(s) 273,314,332 com/mbridge/msdk/foundation/db/o.java, line(s) 59,27 com/mbridge/msdk/foundation/download/core/DownloadCommon.java, line(s) 21 com/mbridge/msdk/foundation/download/core/DownloaderReporter.java, line(s) 15 com/mbridge/msdk/foundation/entity/CampaignEx.java, line(s) 39 com/mbridge/msdk/foundation/entity/DomainCampaignEx.java, line(s) 42 com/mbridge/msdk/foundation/entity/q.java, line(s) 95,114,142,190,200,220,235,257,275,310,321,506,527,538,586,610,646,752,764,387 com/mbridge/msdk/foundation/same/report/k.java, line(s) 568,763 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSessionManager.java, line(s) 29 com/mbridge/msdk/video/dynview/moffer/MOfferModel.java, line(s) 119 com/sjm/sjmsdk/core/DeviceId/SjmDeviceId.java, line(s) 14 com/windmill/sdk/WMConstants.java, line(s) 25 com/windmill/sdk/base/WMBidUtil.java, line(s) 19 com/windmill/sdk/strategy/a.java, line(s) 525 l7/e.java, line(s) 46
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: a3/c.java, line(s) 31 com/badlogic/gdx/math/a.java, line(s) 3 com/czhj/wire/internal/ImmutableList.java, line(s) 9 com/czhj/wire/internal/MutableOnWriteList.java, line(s) 8 com/mbridge/msdk/dycreator/baseview/rewardpopview/MBAcquireRewardPopView.java, line(s) 25 com/mbridge/msdk/mbdownload/e.java, line(s) 44 com/mbridge/msdk/playercommon/exoplayer2/source/ShuffleOrder.java, line(s) 4 com/mbridge/msdk/playercommon/exoplayer2/trackselection/RandomTrackSelection.java, line(s) 6 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/CachedContentIndex.java, line(s) 21 com/mbridge/msdk/thrid/okhttp/OkHttpClient.java, line(s) 33 com/mbridge/msdk/thrid/okhttp/internal/ws/RealWebSocket.java, line(s) 29 com/mbridge/msdk/thrid/okhttp/internal/ws/WebSocketWriter.java, line(s) 10 com/mbridge/msdk/widget/custom/CustomViewMessageWrap.java, line(s) 21 com/windmill/sdk/utils/MUtil.java, line(s) 6 com/windmill/sdk/widget/InterstitialBaseView.java, line(s) 45 com/windmill/sdk/widget/SplashBaseView.java, line(s) 26 e3/l.java, line(s) 17 e5/a.java, line(s) 3 h2/a.java, line(s) 25 l2/a.java, line(s) 12 p6/b.java, line(s) 11 r5/b.java, line(s) 4 r6/a.java, line(s) 9 s3/h.java, line(s) 3
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/mbridge/msdk/e/b.java, line(s) 4,5,21,33,34,46,47 com/mbridge/msdk/foundation/db/BatchReportDao.java, line(s) 6,93 com/mbridge/msdk/foundation/db/c.java, line(s) 5,48 com/mbridge/msdk/foundation/db/g.java, line(s) 6,195,272,1195 com/mbridge/msdk/foundation/db/j.java, line(s) 4,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98 com/mbridge/msdk/foundation/download/database/DatabaseHelper.java, line(s) 6,90,158,200,312,320 com/mbridge/msdk/mbdownload/d.java, line(s) 5,6,26,67 com/mbridge/msdk/newreward/function/e/c.java, line(s) 3,4,21,28,29 com/ss/android/downloadlib/d/b.java, line(s) 4,5,18,23 com/windmill/sdk/strategy/l.java, line(s) 4,5,47,73 f4/e.java, line(s) 5,85 f4/f.java, line(s) 4,5,23,33 m7/b.java, line(s) 4,5,209,477 t3/i.java, line(s) 9,10,11,12,13,501
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: aegon/chrome/base/PathUtils.java, line(s) 80,116,135 cn/hzjizhun/admin/http/net/EasyHttpUtil.java, line(s) 99 com/czhj/devicehelper/cnoaid/a.java, line(s) 361,362 com/kwai/video/hodor/util/FileUtils.java, line(s) 38,46 com/mbridge/msdk/foundation/same/report/b/d.java, line(s) 143 com/mbridge/msdk/foundation/tools/ai.java, line(s) 49,60,70 com/mbridge/msdk/foundation/tools/k.java, line(s) 10 com/mbridge/msdk/mbdownload/e.java, line(s) 755 com/mbridge/msdk/optimize/SensitiveDataUtil.java, line(s) 283 com/sjm/sjmdsp/core/utils/SjmDspFileProvider.java, line(s) 36 com/ss/android/downloadlib/addownload/h.java, line(s) 226 com/ss/android/downloadlib/addownload/k.java, line(s) 190,192 com/ss/android/downloadlib/g/m.java, line(s) 156,202,275 com/xht/flutter/downloader/flutter_downloader_video/DownloadWorker.java, line(s) 281 j4/i.java, line(s) 186,223 k3/b.java, line(s) 9,18 l7/c.java, line(s) 27,48 s/a.java, line(s) 91,101
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: XI/K0/XI/XI.java, line(s) 77 cn/hzjizhun/admin/cn_oaid/assa/aaa.java, line(s) 74 com/alibaba/fplayer/flutter_aliplayer/FlutterAliplayerPlugin.java, line(s) 115 com/czhj/devicehelper/cnoaid/impl/p.java, line(s) 33 com/mbridge/msdk/optimize/a/a/e.java, line(s) 81 com/mbridge/msdk/optimize/a/a/f.java, line(s) 87 com/sjm/sjmsdk/core/oaidhelper/OppoDeviceIDHelper.java, line(s) 83 s4/a.java, line(s) 76 z6/b.java, line(s) 112
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: a2/a.java, line(s) 51,62,48 com/mbridge/msdk/foundation/webview/BrowserView.java, line(s) 167,164 com/mbridge/msdk/mbsignalcommon/base/BaseWebView.java, line(s) 83,80 q3/b.java, line(s) 97,108,94
中危安全漏洞 IP地址泄露
IP地址泄露 Files: aegon/chrome/base/PiiElider.java, line(s) 23 aegon/chrome/net/AndroidNetworkLibrary.java, line(s) 176,175,180,172,171,179 aegon/chrome/net/X509Util.java, line(s) 45,47,46,44,45,47 com/kwai/video/hodor/BuildConfig.java, line(s) 16 com/kwai/video/player/BuildConfig.java, line(s) 13 com/mbridge/msdk/advanced/view/a.java, line(s) 53 com/ss/android/download/api/constant/BaseConstants.java, line(s) 36 i6/d.java, line(s) 13 i6/i.java, line(s) 11 o5/a.java, line(s) 354,466 o5/w.java, line(s) 40 s3/f.java, line(s) 103
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: cn/hzjizhun/admin/base/q0.java, line(s) 20,20,20,24,20,24,20,20 com/alibaba/fplayer/flutter_aliplayer/Scan.java, line(s) 60
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/mbridge/msdk/playercommon/exoplayer2/util/Util.java, line(s) 170
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "dyStrategy.privateAddress" : "privateAddress" 0000016742C00BDA259000000168CE0F13200000016588840DCE7118A0002FBF1C31C3275D78 6214227cd0a1f50c2d7cde0837359bf496afaf3a DFKwWgtuDkKwLZPwD+z8H+N/xjK+n3eyNVx6ZVPn5jcincKZx5f5ncN= LdxThdi1WBKUL75ULBPBD+QqJk2MWrfXYN== 936dcbdd57fe235fd7cf61c2e93da3c4 DFKwWgtuDkKwLZPwD+z8H+N/xjQZxVfV+T2SZVe6V2xS5c5n DFK/HrQgJ+zQW+xUhoPwJ7JgY7K0DkeAWrfXYN== DFK/HrQgJ+zQW+xUhoPBD+QqJk2MWrfXYN== 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 edef8ba9-79d6-4ace-a3c8-27dcd51d21ed 50e2326ac25aa75936f45493dea50631eb8bd911 DkPtYdQTLkfAW+xUhoPwJ7JgY7K0DkeAWrfXYN== 0cdcc6158160790658d1f033d3db873603250124- DFKwWgtuDkKwLZPwD+z8H+N/xj26Vjcdx5KyVj5GxVN= MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALjMT+wA6DuUbhfoa6y048s5MXW+8F6nq6LsoaZ1cCuRt08KSFhgy0bjwujKVLKymgQRQQaFRHEjavi3Wwo/PocCAwEAAQ== DFKwWgtuDkKwLZPwD+z8H+N/xj26Vjcdx5KanjKnxVN= YkRXhr5AWBPfNgzuH7JQ+2Ha h7KsLkfPW+xUhoPBD+QqJk2MWrfXYN== LdxThdi1WBKUL75ULBPwJ7JgY7K0DkeAWrfXYN== DFeuWkH0W+xUhoPwJ7JgY7K0DkeAWrfXYN== h7KsLkfPW+xUhoPwJ7JgY7K0DkeAWrfXYN== Y7c14Z2TDbv/Y+xgHFeXDrcshBPUYFT=
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: aegon/chrome/base/EventLog.java, line(s) 10 aegon/chrome/base/FileUtils.java, line(s) 102,161,65,114,122,131,137 aegon/chrome/base/Log.java, line(s) 95,135,137 aegon/chrome/base/PathUtils.java, line(s) 63 aegon/chrome/base/task/AsyncTask.java, line(s) 42 aegon/chrome/net/AndroidKeyStore.java, line(s) 25,29,47,60,74,78 aegon/chrome/net/CronetEngine.java, line(s) 60 aegon/chrome/net/CronetProvider.java, line(s) 86 aegon/chrome/net/impl/CronetBidirectionalStream.java, line(s) 244,274,299,313,469,205 aegon/chrome/net/impl/CronetLibraryLoader.java, line(s) 94 aegon/chrome/net/impl/CronetUploadDataStream.java, line(s) 115,164 aegon/chrome/net/impl/CronetUrlRequest.java, line(s) 202,222,253,268,317,322,417,428,521 aegon/chrome/net/impl/CronetUrlRequestContext.java, line(s) 297,187,190 b/a.java, line(s) 54,133,99 c/b.java, line(s) 31,38,62 c/c.java, line(s) 22,30 cn/hzjizhun/admin/UnifiedADContainer.java, line(s) 28,34,40,46,52,61 cn/hzjizhun/admin/ad/BaseAd.java, line(s) 289,48,114,193,196,216 cn/hzjizhun/admin/ad/adapter/AdapterAdLoaderImp.java, line(s) 237,242,274,280,286,76,82,266,299 cn/hzjizhun/admin/ad/adapter/AdapterCustomAdLoader.java, line(s) 268,187,309,325 cn/hzjizhun/admin/ad/report/BaseReport.java, line(s) 43,48,76,29 cn/hzjizhun/admin/ad/utils/AdUtil.java, line(s) 45,186,191 cn/hzjizhun/admin/ad/utils/InterstitialAdUtils.java, line(s) 20 cn/hzjizhun/admin/api/ApiManager.java, line(s) 67,73,196,226,260,503,365,373,441,481,505,203 cn/hzjizhun/admin/api/FunctionConfig.java, line(s) 43,83,180 cn/hzjizhun/admin/channel/ChannelThirdSdkInit.java, line(s) 23 cn/hzjizhun/admin/csj/CsjBannerAdLoader.java, line(s) 188 cn/hzjizhun/admin/csj/CsjInterstitialAdLoader.java, line(s) 130,176,196 cn/hzjizhun/admin/csj/CsjNativeAdLoader.java, line(s) 78 cn/hzjizhun/admin/csj/CsjSplashAdLoader.java, line(s) 149 cn/hzjizhun/admin/csj/CsjThirdSdkInit.java, line(s) 31,32 cn/hzjizhun/admin/csj/CsjUnifiedAdLoader.java, line(s) 163 cn/hzjizhun/admin/custom_ad/AdapterCustomBannerAdLoader.java, line(s) 28 cn/hzjizhun/admin/custom_ad/AdapterCustomInterstitialAdLoader.java, line(s) 223 cn/hzjizhun/admin/custom_ad/AdapterCustomNativeAdLoader.java, line(s) 150,202,230 cn/hzjizhun/admin/custom_ad/AdapterCustomSplashAdLoader.java, line(s) 106,112,211 cn/hzjizhun/admin/custom_ad/CustomReport.java, line(s) 68,85,102,119,136,168,176,183,194,203,212,217,222,227,232,237,242,247,74,91,108,125,142 cn/hzjizhun/admin/custom_ad/http/CustomAdPosInfoManger.java, line(s) 115,116,194,195,56,135 cn/hzjizhun/admin/custom_ad/http/CustomRequestCallback.java, line(s) 13,23 cn/hzjizhun/admin/exception/AdError.java, line(s) 40 cn/hzjizhun/admin/gdt/GdtBannerAdLoader.java, line(s) 126 cn/hzjizhun/admin/gdt/GdtInterstitialAdLoader.java, line(s) 75,96,109,129,139,143,172,189 cn/hzjizhun/admin/gdt/GdtNativeAdLoader.java, line(s) 104,128,171,92 cn/hzjizhun/admin/gdt/GdtSplashAdLoader.java, line(s) 89,156,198 cn/hzjizhun/admin/gdt/GdtThirdSdkInit.java, line(s) 40,41 cn/hzjizhun/admin/gdt/GdtUnifiedAdLoader.java, line(s) 43,139,254,230 cn/hzjizhun/admin/h5/AdSdkH5Activity.java, line(s) 521,128,144,173,346 cn/hzjizhun/admin/h5/AdSdkH5Helper.java, line(s) 113,128 cn/hzjizhun/admin/h5/VideoPlayActivity.java, line(s) 134,104,112,144,291,295,391 cn/hzjizhun/admin/util/ClassUtil.java, line(s) 8 cn/hzjizhun/admin/util/OAIDUtil.java, line(s) 18,23 cn/hzjizhun/admin/view/NativeAdPopHelper.java, line(s) 144,304,379 cn/hzjizhun/admin/zhike/ZhiKeThirdSdkInit.java, line(s) 23 com/czhj/devicehelper/DeviceHelper.java, line(s) 57,87,144 com/czhj/devicehelper/cnoaid/impl/g.java, line(s) 100 com/czhj/devicehelper/cnoaid/impl/h.java, line(s) 48,72,85,112,127,150,153,184 com/czhj/devicehelper/msaoaId/a.java, line(s) 66,97,103,132,138,158,187 com/czhj/volley/CacheDispatcher.java, line(s) 45,57,76,186,68,97,174 com/czhj/volley/NetworkDispatcher.java, line(s) 62 com/czhj/volley/Request.java, line(s) 149,154 com/czhj/volley/RequestQueue.java, line(s) 101 com/czhj/volley/VolleyLog.java, line(s) 65,68,55,123,127 com/czhj/volley/VolleyThreadFactory.java, line(s) 8 com/czhj/volley/toolbox/BasicNetwork.java, line(s) 93,141,136,147,156,178 com/czhj/volley/toolbox/FileDownloadNetwork.java, line(s) 94,116,126,157 com/czhj/volley/toolbox/FileDownloadRequest.java, line(s) 59 com/czhj/volley/toolbox/HttpHeaderParser.java, line(s) 167 com/czhj/volley/toolbox/ImageRequest.java, line(s) 140 com/kwai/video/hodor/util/Timber.java, line(s) 208,226 com/kwai/video/player/KsMediaPlayer.java, line(s) 1069,455,1411,1429 com/kwai/video/player/kwai_player/KwaiMediaPlayer.java, line(s) 1060,354,1354,1373 com/mbridge/msdk/dycreator/a/a.java, line(s) 84,85,86,91,97,99,193,207,262 com/mbridge/msdk/foundation/tools/ac.java, line(s) 21 com/sigmob/windad/Splash/WindSplashAD.java, line(s) 49,214 com/sigmob/windad/WindAds.java, line(s) 75,135,158,379,305,341,374,325 com/sigmob/windad/natives/WindNativeUnifiedAd.java, line(s) 105,120,147 com/sjm/bumptech/glide/load/engine/EngineRunnable.java, line(s) 42,89 com/sjm/bumptech/glide/load/engine/a.java, line(s) 64,106,111,132,145,150,161,180,230,236,248 com/sjm/bumptech/glide/load/engine/b.java, line(s) 195,203,211,221 com/sjm/bumptech/glide/load/engine/bitmap_recycle/f.java, line(s) 85,93,110,136,147,161,172 com/sjm/bumptech/glide/load/engine/cache/MemorySizeCalculator.java, line(s) 60 com/sjm/bumptech/glide/load/engine/executor/FifoPriorityThreadPoolExecutor.java, line(s) 24 com/sjm/bumptech/glide/load/resource/bitmap/ImageHeaderParser.java, line(s) 145,158,168,182 com/sjm/bumptech/glide/load/resource/bitmap/RecyclableBufferedInputStream.java, line(s) 47 com/sjm/bumptech/glide/request/GenericRequest.java, line(s) 134,160,170,185,191,360 com/windmill/adscope/AdScopeAdapterProxy.java, line(s) 38 com/windmill/adscope/AdScopeInterstitialAdapter.java, line(s) 34,44 com/windmill/adscope/AdScopeNativeAdAdapter.java, line(s) 53,62,79,85 com/windmill/adscope/AdScopeSplashAdAdapter.java, line(s) 36,74,95,100,105,110,120 com/windmill/adscope/b.java, line(s) 64,77 com/windmill/adscope/e.java, line(s) 48,164 com/windmill/baidu/BdAdapterProxy.java, line(s) 43 com/windmill/baidu/BdInterstitialAdapter.java, line(s) 71,128,131,141,148,83,102,106,112,114 com/windmill/baidu/BdNBAdapter.java, line(s) 88,111,124,128,137,188,197,201,211,215,221,223 com/windmill/baidu/BdNIAdapter.java, line(s) 75,80,93,97,106,124,133,137,147,151,157,159,175 com/windmill/baidu/BdNSAdapter.java, line(s) 78,97,110,114,123,141,150,154,164,168,174,176,192 com/windmill/baidu/BdNativeAdAdapter.java, line(s) 63,93,97,103,105,121,127 com/windmill/baidu/BdRewardAdapter.java, line(s) 79,188,223,233,240,270,88,92,97,105,115,122,127,132,137,142,152,157,174,183,195,199,205,207 com/windmill/baidu/BdSplashAdAdapter.java, line(s) 63,69,89,93,99,101,114,118,124,133,138,143,148,153,157,162 com/windmill/baidu/c.java, line(s) 90,111,128,176 com/windmill/baidu/d.java, line(s) 97,130,138,155 com/windmill/baidu/k.java, line(s) 38,43 com/windmill/baidu/l.java, line(s) 58 com/windmill/baidu/m.java, line(s) 38,43 com/windmill/gdt/GDTAdapterProxy.java, line(s) 35,84,110,116,149,155,161,164 com/windmill/gdt/GDTBannerAdapter.java, line(s) 69,81,89 com/windmill/gdt/GDTInterstitialAdapter.java, line(s) 101,297,300,310,317,118,122,128,137,143,148,157,169,170,186,200,210,282,373 com/windmill/gdt/GDTNBAdapter.java, line(s) 98,120,172 com/windmill/gdt/GDTNIAdapter.java, line(s) 82,86,103,158 com/windmill/gdt/GDTNSAdapter.java, line(s) 85,103,120,174 com/windmill/gdt/GDTNativeAdAdapter.java, line(s) 75,97,104,124,130 com/windmill/gdt/GDTRewardVideoAdapter.java, line(s) 96,115,125,132 com/windmill/gdt/GDTSplashAdAdapter.java, line(s) 98,122,128,134,140,155,164,183 com/windmill/gdt/GdtNotifyBiddingResult.java, line(s) 20,24,30,66,85 com/windmill/gdt/a.java, line(s) 58,225,125 com/windmill/gdt/f.java, line(s) 49,289 com/windmill/gdt/g.java, line(s) 60,64,93,138 com/windmill/gromore/GroAdapterProxy.java, line(s) 105,190,195,201,211,217,231 com/windmill/gromore/GroBannerAdapter.java, line(s) 120,124,130,132 com/windmill/gromore/GroInterstitialAdapter.java, line(s) 127,138,145,84,99,103,109,111 com/windmill/gromore/GroNBAdapter.java, line(s) 83,104,109,181,185,191,193 com/windmill/gromore/GroNIAdapter.java, line(s) 64,67,72,111,115,121,123 com/windmill/gromore/GroNSAdapter.java, line(s) 72,89,94,133,137,143,145 com/windmill/gromore/GroNativeAdAdapter.java, line(s) 76,95,99,105,107,121,127 com/windmill/gromore/GroRewardAdAdapter.java, line(s) 270,281,288,91,94,99,126,154,210,221,242,246,252,254 com/windmill/gromore/GroSplashAdAdapter.java, line(s) 49,117,155,159,165,167,201,206,214 com/windmill/gromore/h.java, line(s) 63 com/windmill/gromore/i.java, line(s) 57 com/windmill/klevin/YkyAdapterProxy.java, line(s) 39,70,75 com/windmill/klevin/YkyInterstitialAdapter.java, line(s) 32,57,41,46,51,71,76,81,85,90 com/windmill/klevin/YkyRewardAdapter.java, line(s) 33,65,120,42,49,54,59,79,84,89,93,98,103,108,113 com/windmill/klevin/YkySplashAdAdapter.java, line(s) 45,50,55,62,81,86,91,95,100,109 com/windmill/kuaishou/KuaiShouAdapterProxy.java, line(s) 104,111,206,211 com/windmill/kuaishou/KuaiShouInterstitialAdapter.java, line(s) 64,91,78,98,103,109,111 com/windmill/kuaishou/KuaiShouNBAdapter.java, line(s) 79,107,112,167,171,177,179,187 com/windmill/kuaishou/KuaiShouNIAdapter.java, line(s) 68,78,83,105,109,115,117,128,137 com/windmill/kuaishou/KuaiShouNSAdapter.java, line(s) 70,94,99,121,125,131,133,144,153 com/windmill/kuaishou/KuaiShouNativeAdAdapter.java, line(s) 86,65,93,98,104,106 com/windmill/kuaishou/KuaiShouRewardVideoAdapter.java, line(s) 64,121,253,76,83,95,100,110,128,133,139,141,146,155,173,178,182,188,192,197,201,206,211,216 com/windmill/kuaishou/KuaiShouSplashAdAdapter.java, line(s) 61,74,79,85,87,92,101,110,115,120,125,130,134,138,142,147,151,156 com/windmill/kuaishou/c.java, line(s) 90,129,47,54,70,112 com/windmill/kuaishou/d.java, line(s) 90,49,56,82,104 com/windmill/kuaishou/i.java, line(s) 37,103 com/windmill/kuaishou/j.java, line(s) 43,129 com/windmill/kuaishou/k.java, line(s) 83,37,102 com/windmill/mtg/MintegralAdapterProxy.java, line(s) 36,72 com/windmill/mtg/MintegralBannerAdapter.java, line(s) 32,81,96,119 com/windmill/mtg/MintegralInterstitialAdapter.java, line(s) 65,76 com/windmill/mtg/MintegralNBAdapter.java, line(s) 97,133 com/windmill/mtg/MintegralNIAdapter.java, line(s) 91,113,129 com/windmill/mtg/MintegralNSAdapter.java, line(s) 94,130,146 com/windmill/mtg/MintegralNativeAdAdapter.java, line(s) 78 com/windmill/mtg/MintegralRewardVideoAdapter.java, line(s) 73 com/windmill/mtg/MintegralSplashAdAdapter.java, line(s) 62,95,105,111,118,128,134 com/windmill/mtg/a.java, line(s) 29,35 com/windmill/mtg/b.java, line(s) 24,30,40,46,54 com/windmill/mtg/d0.java, line(s) 31,37 com/windmill/mtg/f.java, line(s) 26,32 com/windmill/mtg/j0.java, line(s) 70 com/windmill/mtg/k.java, line(s) 29,35 com/windmill/mtg/m.java, line(s) 28,38,43,49,64 com/windmill/mtg/m0.java, line(s) 62 com/windmill/mtg/o.java, line(s) 29,35 com/windmill/mtg/p.java, line(s) 27,37,42,48,64 com/windmill/mtg/t.java, line(s) 29,35 com/windmill/mtg/u.java, line(s) 27,37,42,48,64 com/windmill/mtg/u0.java, line(s) 26,32 com/windmill/mtg/v0.java, line(s) 21,28,34,39,44,50,56,61,67 com/windmill/mtg/x0.java, line(s) 26,32 com/windmill/sdk/WindMillAd.java, line(s) 530,179,495 com/windmill/sdk/a/i.java, line(s) 1040 com/windmill/sdk/base/WMBidUtil.java, line(s) 210,223,207,220,346,366,384 com/windmill/sdk/custom/WMAdBaseAdapter.java, line(s) 231,292,392 com/windmill/sdk/custom/WMCustomBannerAdapter.java, line(s) 25,33,41,53,61,80,90,109 com/windmill/sdk/custom/WMCustomInterstitialAdapter.java, line(s) 36,55,68,83,96,112,120,128,136,149,177,188 com/windmill/sdk/custom/WMCustomNativeAdapter.java, line(s) 34,53,66,100,108,116,124,181 com/windmill/sdk/custom/WMCustomRewardAdapter.java, line(s) 21,40,53,68,76,88,96,104,111,122,135,145,155 com/windmill/sdk/custom/WMCustomSplashAdapter.java, line(s) 58,67,77,90,105,121,131,148,160,188,199 com/windmill/sdk/strategy/i.java, line(s) 50 com/windmill/sdk/utils/a.java, line(s) 41,47,53,59,68,73,79,36,148 com/windmill/sdk/utils/e.java, line(s) 39,42,55,59,62,45,65,130 com/windmill/sdk/widget/SpecialActivity.java, line(s) 70,75,81,91 com/windmill/sigmob/SigAdapterProxy.java, line(s) 44,61,168 com/windmill/sigmob/SigInterstitialAdapter.java, line(s) 19,49,64,68,74,76,90,96,102,108,114,119,125 com/windmill/sigmob/SigNBAdapter.java, line(s) 74,105,111,185,189,195,197 com/windmill/sigmob/SigNIAdapter.java, line(s) 64,77,83,124,128,134,136,152 com/windmill/sigmob/SigNSAdapter.java, line(s) 68,95,101,142,146,152,154,170 com/windmill/sigmob/SigNativeAdAdapter.java, line(s) 59,140,144,150,152,173,179 com/windmill/sigmob/SigRewardAdAdapter.java, line(s) 46,83,87,93,95,119,125,150 com/windmill/sigmob/SigSplashAdAdapter.java, line(s) 46,82,86,92,94,118,124 com/windmill/toutiao/TouTiaoAdapterProxy.java, line(s) 87,98,125,201,206,212,217,222,228,245 com/windmill/toutiao/TouTiaoBannerAdapter.java, line(s) 100,104,110,112 com/windmill/toutiao/TouTiaoInterstitialAdapter.java, line(s) 118,129,136,75,90,94,100,102 com/windmill/toutiao/TouTiaoNBAdapter.java, line(s) 85,113,118,172,177,234,238,244,246 com/windmill/toutiao/TouTiaoNIAdapter.java, line(s) 63,67,73,75 com/windmill/toutiao/TouTiaoNSAdapter.java, line(s) 73,98,104,124,130,153,157,163,165 com/windmill/toutiao/TouTiaoNativeAdAdapter.java, line(s) 67,99,103,109,111,125,131 com/windmill/toutiao/TouTiaoRewardVideoAdapter.java, line(s) 292,303,310,78,81,87,91,99,104,109,136,140,145,150,156,160,165,170,174,183,188,193,229,240,264,268,274,276 com/windmill/toutiao/TouTiaoSplashAdAdapter.java, line(s) 46,107,149,153,159,161,186,191,200 com/windmill/toutiao/i.java, line(s) 52 com/windmill/toutiao/j.java, line(s) 54 d1/k.java, line(s) 39 f1/a.java, line(s) 23 g/a.java, line(s) 37,47 g/e.java, line(s) 92,43,87,96,119,123 g6/c.java, line(s) 40 h2/a.java, line(s) 365 i0/e.java, line(s) 111 i1/b.java, line(s) 11 j0/a.java, line(s) 237 k0/a.java, line(s) 118,153,162 k0/d.java, line(s) 95,124 l/b.java, line(s) 20 l/c.java, line(s) 58,67,97,108 l/e.java, line(s) 89 l/f.java, line(s) 41,73 l/g.java, line(s) 34 l0/a.java, line(s) 199 m/a.java, line(s) 58,67,97,108 m/b.java, line(s) 79 n0/a.java, line(s) 27 n0/f.java, line(s) 65 n0/g.java, line(s) 28 o0/e.java, line(s) 42,70,90 o5/w.java, line(s) 33,58,102,140,149,157,189,203,44,48 q0/k.java, line(s) 27 q0/l.java, line(s) 22 t0/b.java, line(s) 26 t0/d.java, line(s) 75,99,103,171,174,179,187,209,213,237 t0/h.java, line(s) 27 t0/k.java, line(s) 46,53,62 t5/d.java, line(s) 34,78 w0/i.java, line(s) 80,108 w1/f.java, line(s) 129,138,145 z0/j.java, line(s) 128
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: l2/a.java, line(s) 4,94
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: aegon/chrome/net/X509Util.java, line(s) 144,143,120,142,142 com/mbridge/msdk/thrid/okhttp/internal/Util.java, line(s) 402,401,400,400 w5/b.java, line(s) 180,200,151,179,199,319,358,99,99,178,198
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: cn/hzjizhun/admin/base/q0.java, line(s) 18,18,18,18,18,18
综合安全基线评分总结
小柿子 v1.3.8
Android APK
42
综合安全评分
中风险