应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
FinLeap Cash v1.0.5
57
安全评分
安全基线评分
57/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
1
高危
9
中危
2
信息
2
安全
隐私风险评估
6
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
1
中危安全漏洞
9
安全提示信息
2
已通过安全项
2
重点安全关注
0
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个6隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Content Provider (com.facebook.FacebookContentProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: mxon/flex/fineapcash/mx/appli/fin_leap_cash/utils/DataUtils.java, line(s) 417,421 mxon/flex/fineapcash/mx/appli/fin_leap_cash/utils/MemoryUtil.java, line(s) 45,62,70
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/tekartik/sqflite/Database.java, line(s) 9,10,11,12,13,475
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/appsflyer/appsflyersdk/AppsFlyerConstants.java, line(s) 7 com/baseflow/permissionhandler/PermissionUtils.java, line(s) 21 com/tekartik/sqflite/Constant.java, line(s) 55
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/appsflyer/internal/AFb1gSDK.java, line(s) 19
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "google_api_key" : "AIzaSyDCARERG-9S3udq7nufpMpLTiSb6NW8bZg" "google_app_id" : "1:401545183647:android:dd5f8e3807398d91f3fdaa" "google_crash_reporting_api_key" : "AIzaSyDCARERG-9S3udq7nufpMpLTiSb6NW8bZg" "key_agreement_image_center" : "liveness_home_agreement" "key_distance_approach_slowly_m4a" : "liveness_approach_slowly" "key_distance_move_back_m4a" : "liveness_move_back" "key_distance_move_forward_m4a" : "liveness_move_forward" "key_eye_close" : "liveness_action_eye_close" "key_eye_open" : "liveness_action_normal" "key_liveness_agreement_close_normal" : "liveness_agreement_close_normal" "key_liveness_agreement_close_pressed" : "liveness_agreement_close_pressed" "key_liveness_agreement_noselected" : "liveness_agreement_noselected" "key_liveness_agreement_selected" : "liveness_agreement_selected" "key_liveness_custom_promptcolor" : "livenessCustomPromptColor" "key_liveness_distance_mirror_light" : "liveness_distance_mirror_light" "key_liveness_distance_move_image1" : "liveness_distance_move_image1" "key_liveness_distance_move_image2" : "liveness_distance_move_image2" "key_liveness_home_back_highlight" : "liveness_home_back_highlight" "key_liveness_home_back_normal" : "liveness_home_back_normal" "key_liveness_home_close" : "liveness_home_close" "key_liveness_home_close_white" : "liveness_home_close_white" "key_liveness_home_device_vertical_long_mode_remind_color" : "livenessV5HomeDeviceVerticalLongModeRemindColor" "key_liveness_home_device_vertical_remind_color" : "livenessV5HomeDeviceVerticalRemindColor" "key_liveness_home_finish_contour_line_color" : "livenessV5HomeFinishContourLineColor" "key_liveness_home_progressbar_color" : "livenessV5HomeProcessBarColor" "key_liveness_home_vertical_remind" : "liveness_home_vertical_remind" "key_liveness_loading_icon" : "liveness_loading_icon" "key_liveness_logo_icon" : "liveness_logo_icon" "key_meglive_eye_blink_m4a" : "liveness_blink" "key_meglive_mouth_open_m4a" : "liveness_mouth_open" "key_meglive_pitch_down_m4a" : "liveness_nod" "key_meglive_well_done_m4a" : "liveness_well_done" "key_meglive_yaw_m4a" : "liveness_shakehead" "key_mouth_close" : "liveness_action_mouth_close" "key_mouth_open" : "liveness_action_mouth_open" "key_nod_down" : "liveness_action_down" "key_nod_up" : "liveness_action_normal" "key_shakehead_left" : "liveness_action_left" "key_shakehead_right" : "liveness_action_right" nK8glwgT90Y5NIBtxdeZqu6xj4n8STDaUPkfUXN3XDvuqTdLFk76WEK4jMf0/qZ2S9UMEBKVU3L4+ nzfqCGRmx4cWVWKArALkaBnzfivi4u2fLouK1uAxuAmucopjr+iMZ9XL+d6pyCGsKWcn2w9O4B4YS nZVsbIXgdAgM8TsQnDrevJ0Jk9DDBpftxR14Y0p20hPYr1HHenjIPPWFWBNH+MfLSs0JSL61btmMv FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 ylUdkOBgdDjcrqhoE6R7TMmNgP91cssN36XJaP9T33C1RwDHMeofFaqQjn/xZvrUtl0XBVDQD4gb nwkot+arkI5m9h7DLKeZiwE08J4ZgsQUHKgsBvOvoP2fI2hSGDflo2MkPMGZvQX24ImlILgqOXyaX a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc nS8ciyyeb5Y8AI+AI553P38EUiI/yDEdgovd1QhhevLO71IWyDoMgD3zoq3KMRkXLJG09ahCogMDi nSnIG3GcbMVzHrfcuGpmYR/Jp6r2gseKOBZUuvJ1u+cbceIzaJ+tM4BJJpSWTK+4IelZsUrwXYuBV nMRDwoWLH0ZQi0t+g08O86Ic11sY53HYP1s0wspgGbYOFrapJy+9oHE3zIyd5E1bUdVpEGIds4Kuj aea37e8046484d755b443d17041be068dea5af15 nc5qtsO3F0A2IgbQ7+hL4VN09OWmSIpgmNxkfLmnOTT8AwT1cdbI0l91GFoer3l7HKU6uJysEHPnx nDs7qVKu4siD3xAIFulArUPevhblLdzFZK6hLrvndDaVGJHKTQ3BEC+FfUSxcBru9Zs+q68v+vr3Q nKfBIIrr5nOIZ7QqjFyqxP5Aqb48PhENq+SpL5YCaK9fZ5wkR7XBbUeXzLPmOtlGLUiM8KCACtcSh df6b721c8b4d3b6eb44c861d4415007e5a35fc95 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 nPdofq+4WqNj8fK1SDryJ5lOtnsk9636MIof9BMbcTrOVZZcCnwDWqqMNadhblvI+u2Fn/bbkk8ZR nofRJgdsm3i+I3X07dVWQA9kPUUWAuLrp7NYI0WM8G8CYbVIM7PiFOqnVonN8DLHf2KLr3FrI10Cq 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 nCoTT3rAM75hg67WOPat1KUXYG3fGFF9TZA1kd8DOKauM1IOMT2ftRg/yMfzKpAeaMfy9xInCoLN3 nzEiJLtZ8RTQxeRKd78hN7A6SE0XkWQlVkdd0PtDfkSgN4PYP5u3VHl9iaXI3Ggk/5pc8JxXpBn2d nh4zAYTzXMhXSYkNWnLgbzqSgf4JDo2IX0osR2WjUjbV8Flhl5jFJvevWzMXJeC75QwTrChdTqhqs n9yaGyHzmC4QWCGD+KyoDyy+M6nr+A7kE7gwLs8WA2qhIXLAXWeD90DlltyuC5sVH2l2zTxiYvlCe nRAFxxUus7iU+7HDDbF5nfGkxWo+gUNEX9ekV4nx1fn2h7BBR56noiSDtc+uIYRMSlXavQrFuNu85 n3BTWNU8Do/6D7zNf1JpQZgfp28dYMv8+wFf0vweJHyM9QWSVtTfJnxyiVA5GNqK+1+OeFm0MuUDZ FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 nXJ3DW0ud5nknrwBgSjne37PJKAhOsHPvSqW+fglbaFgfZ4U2DWGbkccGL9vDtmaV+7Tv8aaorOyF nv2kx6dFO4aToIvql2oA1KahBMmnUJgveRnejMmVeWKa+3FPEWP+1bU9cSrwIZUNVnpBp1u69nVeb nkTKRKTtpu7ytZnAUcDczZCaCLPp4FsiHYhPHSil9awnq/0Hgimt22aS3HhHDwxERYpV9j9MCcLcs nzCgfQ8Tf8PdF58OPhZ8jMr4s5nF4EiKE1JNKIbxjxV3R1JwENR5GL2EwWd6iSEzFBvj3ftdUlYWG nBH1KGiqwyuqPjE++pzr4Q0DQhUyxCHkApwrjzCb2IB3RdV0EG0MInJtSAiAPqP557BcmhFnJOgwj nF8R1YkDyRrYtynn4aDDmEveoEiJkzK2d1srth/kMlT19HZ8wBcshB7wqGaK4iqTcYc2TAtrHIFrb n8yHJFhtgC4NUBoV34LoP8UiQqw7LbhPTpOgbn3Iq9HI2v9yZsq5WKfkfawEP32rf7QlGiAv+5xbK nu89yuP692amL1LusZKYKw637/F0mfW5aA9xvSBWrYnFpKST688P7axNNXzaCS+2dcfyqJ4XDH87I nUmraN8AyTUCQAd+fPkb6452kpy/MrMf32mN2pMYbcBwbM48JTlbkegKxenHqbnD0d2Rw7sxpv3hb n0AV3cDvL1WiRqMpdP5gP9cdfr3w5CwtCu1m7jlgS1lhWmEtsPl1jCHc4kJGh5NXvSwVunr+GuLEn nNVFHf33/Iaco5BGLeHzaAbXqE50UPur6qDm8X3SffJzg7OfCPROsn7rDLrerh3MEAMAwBHKO8OWP nSjOINr593UMS6K9AYRfY9UFiursk/8m3w+5AQxmvxzg7elUCrbYVXhAlJFj4AhSFJREpiPupsoxH nERhW5vy/l5HSkT2kUE25JQP8Nl1Xqpq5l+karPIbn8Gzm5Uhh+QK20h2YSRKGPZBnBnVEDAVMKou nYWQnX451p1ReBko0/AWVmiC1T4NXI+hwmEqToGKO4otS7aHeUJDLW2OFXm6S5f1yPw2LCPqiFNFF nJyjniKIjtput42zIYaB5V1FiiF+PtVpsHGz68ufnpL0Efgu8qomYWR7ZMxpkoPE0/bTyrhpnYNeO nD0fs+Aw+bnRf0mV5RcxfcSwq8XR8EkP3GyFBbYULjMU3I5s925n7MXFOvdA7A7BuQJS/kcOwnV2W ny8nJ3uUZk+DGiwDuSrtOf4gsvdRx0VeajqNrZ2JfCeyygg0XDPgLtz6Fr/ldXYin9Ypf84zBqoTJ nnMQvGa1BHPc2yo/uX8GLsxKY4V91wxZX3YUKYEcGknnZn1QTBBZU9RDZrWqJvPhP4zjVsGMjUVPT cc2751449a350f668590264ed76692694a80308a nA435RdPTRCKcAu7N2mFYqJqSynw9PkYZiHvyerdGH/SIIEk2klRgacFR6RMX7WmkzlqNA9CJiUJJ ngC4jJDZ8NNgV5AW08ZTikX1hry9T51ed8ml5SwN2LITtnLE0NqioPnLWcerNGNKmVjL/u4+cltmg nkOiba0MltrD2a6FN3L56mAaC9sdE9GgddswyMxPslJKf4vYiUrEJM9ak2iIGStQNARgz5GZbgqHi nypgbIlfPSZADZ/3ohVei8JF4V+OtPCz42ZPwE7kl3EJcLhhYUeoPnU20RPdlmtYblrLyct8MveJy nHfM6MURsn4rBI950ItUEcYBvFh7KGnQA6qlamxjImWkKa4d8Z8EVoJXegj7ROUJDLO5Ss/fRRP6U nqzT3Ay0VQ1h8y1WvPplfPckuVJXqhWlIk1PhRSz9t4QRWglBpEwvtT1W0UTkyKHmbalgOiDZv2fE nKvDvw+I6jmPSrghVuCfISNXuTTgkIOuXzM7+LSXvePREoxGdNRbUchxzd+dzCwvTUI3Z9mn7fwe6 nz8qOOy4Z7KhVe3vY03v2vlRKXqKyw4z/S609Tw4bbFvcdFb03MR4uC8xtMCHUpvFiSeFtdrumPbj nBvYWzGSre9mB2N8JgVupxZgebcwqjBtEyjyrxh3icjusg/k2AbESdy+3QS+4YEkk7sMBRhVmplrS negJhybklZfVgJ27pSIN0W7t0IWKujXNFOcUbBb2/x+cA7ip0DnRajd3Um8O3MJ5AZ+9nagLo1LDa nztKxBehXNVip51QIvG4Nd+W9DMLisN3TZ+RiNhGD+8UT0YiBj6wyi2zly7VjvZZfCcj1ppTMlhr0 nDDU9Zqn2QPZOtPhGSomnRTPmvBxvW6uobes8Zg4biUXSSpCx6fFAhP46k6Ft9maWSTBtTGtaWhv7 nnkD+EsY0qK1gRHQB3MBdEat+4h6niMV5tOTKnXYWQaE5NCHTqWN/fYYzdUVWTCmJ1XjSIS8EqKlm n+S2vw19/WLaFSQLYWIvFBt5Fkd8u8p1g56Syb5rQcQ1HLEl1RIRz2Q== n51UwiRfUU6EBObyHl94CchudmuHF9SMfmEKFUYE4YddRcOJvKfpe2g42zhtRwx1gk23867EBsmAe n/9Drg3zMU+Ci8gAvd7xwN5jkJvsWnijGvq+iQFGruW1Nz5TYJBQBzvYNM68Sy7VkQX2w7paV6bgl 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F ncx9t/vdYH+LzCJSw9RNjl7tBn3Je7+IEtbta9z+ChJHCun4AhShe7ijW2W4BHGW3zusPjk4gpIKS nIoxRGVCl+vsBuCpiGIntc9eXcy+DYsYpuWExHgT+ZDPN8nZDsX8YYw15JzI4PGWIabmD+9in9Pz7 n0LFt6J3U49jy9v64ox0E5WIzGLQla1jH0E71LGsitpxRme3YVRVmS1kMmc4GKYJqGCuyVBEx5mmg 9b8f518b086098de3d77736f9458a3d2f6f95a37 nTCebSuMJwUc4clpgoUiFXCOfwfIna7ltowHrXmjZuGvusC2HUl5dqzhXNLSaRWKYGdP37B7qdAIL E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 nY3mOEEgmiYhibTTRkESNqL8m3ieck6WL2NHx8EDL403NxDXeIwSy424puoEPtQ9MEhSFnKU4xngI nJIoyOGGELhGmpGFVY22VA9tEM/aE3BqlDJojqTijEErn9Ubjlt+JmGb2YBtFpZLItFX6a9MIk6Vl c56fb7d591ba6704df047fd98f535372fea00211 nvJ9u1BSHtntYzSwPFTwVnuwNovtv2IDSKnASzoDjdsgrcuwhDT0NTmmxnHmVKHoYRJZe7EZFD19F nTqPmWoY9Rw28x5d3tc33Ll8uBOf8DTlJhsmooSp0EDCGzrVDdAhikRdg1MEcvdxnGTo/QQUziicu
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/appsflyer/appsflyersdk/AppsflyerSdkPlugin.java, line(s) 169,330,335,505,525,530,650,370,389,870,879 com/appsflyer/internal/AFh1ySDK.java, line(s) 63,71,86,75,81,79 com/baseflow/permissionhandler/AppSettingsManager.java, line(s) 20 com/baseflow/permissionhandler/PermissionManager.java, line(s) 191,267,271,339,345,348,370,382,385,122 com/baseflow/permissionhandler/PermissionUtils.java, line(s) 330,334,339 com/baseflow/permissionhandler/ServiceManager.java, line(s) 32 com/github/barteksc/pdfviewer/PDFView.java, line(s) 288,559,713 com/github/barteksc/pdfviewer/RenderingHandler.java, line(s) 74 com/github/barteksc/pdfviewer/link/DefaultLinkHandler.java, line(s) 35 com/shockwave/pdfium/PdfiumCore.java, line(s) 110,85,230,234,264,268 com/tekartik/sqflite/Database.java, line(s) 99,115,212,292,360,388,481,132,506 com/tekartik/sqflite/SqflitePlugin.java, line(s) 276,282,286,306,311,349,365,391,399,415,440,449,419,444 com/tekartik/sqflite/Utils.java, line(s) 24 com/tekartik/sqflite/dev/Debug.java, line(s) 12 dev/britannio/in_app_review/InAppReviewPlugin.java, line(s) 229,235,242,249,47,88,100,101,106,112,117,128,138,152,163,172,193,202,209,218,227,240,103,132,166,214
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: mxon/flex/fineapcash/mx/appli/fin_leap_cash/utils/SPUtils.java, line(s) 72,72
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: mxon/flex/fineapcash/mx/appli/fin_leap_cash/DataHelper.java, line(s) 132 mxon/flex/fineapcash/mx/appli/fin_leap_cash/utils/RootUtil.java, line(s) 45,33,33,33,33,33,33,22
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/401545183647/namespaces/firebase:fetch?key=AIzaSyDCARERG-9S3udq7nufpMpLTiSb6NW8bZg ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
综合安全基线评分总结
FinLeap Cash v1.0.5
Android APK
57
综合安全评分
中风险