应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
imToken v3.28.8
47
安全评分
安全基线评分
47/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
5
高危
37
中危
3
信息
2
安全
隐私风险评估
4
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
5
中危安全漏洞
37
安全提示信息
3
已通过安全项
2
重点安全关注
0
高危安全漏洞 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: com/subgraph/orchid/crypto/TorStreamCipher.java, line(s) 75 org/bitcoinj/crypto/BIP38PrivateKey.java, line(s) 100,127
高危安全漏洞 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
cmb/pb/util/g.java, line(s) 9,19
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/nimbusds/jose/crypto/AESCBC.java, line(s) 30 com/nimbusds/jose/jca/JCASupport.java, line(s) 154
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/reactnativecommunity/webview/RNCWebViewManager.java, line(s) 465,30,31
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: org/consenlabs/imtoken/MainApplication.java, line(s) 122,7
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 Activity (com.facebook.react.devsupport.DevSettingsActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.pingplusplus.android.PaymentActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (org.consenlabs.imtoken.WebViewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.pingplusplus.react.PingppActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.alipay.sdk.app.PayResultActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.alipay.sdk.app.AlipayResultActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.helpscout.beacon.ui.BeaconActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.helpscout.beacon.internal.presentation.ui.navigate.CustomNavigateActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.helpscout.beacon.internal.presentation.ui.home.HomeActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.helpscout.beacon.internal.presentation.ui.message.SendMessageActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.helpscout.beacon.internal.presentation.ui.article.ArticleActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.helpscout.beacon.internal.presentation.ui.conversations.ConversationsActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.helpscout.beacon.internal.presentation.ui.conversation.ConversationActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.helpscout.beacon.internal.presentation.ui.reply.ComposeReplyActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.helpscout.beacon.internal.presentation.common.FullScreenImageActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.helpscout.beacon.internal.presentation.ui.chat.ChatActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(cn.jpush.android.service.JNotifyActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(cn.jpush.android.service.DActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (cn.jpush.android.service.DActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.masteratul.exceptionhandler.DefaultErrorScreen) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.biometric.DeviceCredentialHandlerActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.unionpay.uppay.PayActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.unionpay.UPPayWapActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 高优先级 Intent(1000) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: cl/json/RNSharePathUtil.java, line(s) 63 cl/json/ShareFile.java, line(s) 87 cl/json/ShareFiles.java, line(s) 126 com/imagepicker/utils/MediaUtils.java, line(s) 32,38,28,204 com/imagepicker/utils/RealPathUtil.java, line(s) 121,33 com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 355 com/lwansbrough/RCTCamera/RCTCameraModule.java, line(s) 546,550 com/unionpay/utils/j.java, line(s) 30 io/sentry/android/core/DefaultAndroidEventProcessor.java, line(s) 274,524,556
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: coil/request/ImageRequest.java, line(s) 343 coil/request/ImageResult.java, line(s) 93 coil/request/Parameters.java, line(s) 165 com/bitgo/randombytes/RandomBytesModule.java, line(s) 13 com/helpscout/beacon/ui/BeaconActivity.java, line(s) 18,16,17 com/helpscout/beacon/ui/BuildConfig.java, line(s) 12 com/helpscout/common/mvi/DefaultMviViewStateStore.java, line(s) 15 com/meituan/android/walle/ChannelReader.java, line(s) 11 com/microsoft/codepush/react/CodePushConstants.java, line(s) 5,31,7,19,28,20,12,18,26,27,21,22,25,29,23 com/microsoft/codepush/react/CodePushTelemetryManager.java, line(s) 12,17,21,14,16,18,19,20,22 com/pusher/client/example/ExampleApp.java, line(s) 22 com/pusher/client/example/PresenceChannelExampleApp.java, line(s) 28 com/pusher/client/example/PrivateChannelExampleApp.java, line(s) 26 com/pusher/client/example/PrivateEncryptedChannelExampleApp.java, line(s) 26 com/unionpay/tsmservice/data/Constant.java, line(s) 195,197 com/unionpay/tsmservice/data/ResultCode.java, line(s) 75,62 com/unionpay/tsmservice/mi/data/Constant.java, line(s) 142,146 com/unionpay/tsmservice/mi/data/ResultCode.java, line(s) 33,30 im/imkey/imkeylibrary/core/wallet/transaction/ImKeyBitcoinTransaction.java, line(s) 152 im/imkey/imkeylibrary/device/model/AppDownloadRequest.java, line(s) 25 im/imkey/imkeylibrary/device/model/CommonRequest.java, line(s) 53 im/imkey/imkeylibrary/device/model/CommonResponse.java, line(s) 67 im/imkey/imkeylibrary/device/model/SeActivateRequest.java, line(s) 25 im/imkey/imkeylibrary/device/model/SeSecureCheckRequest.java, line(s) 25 org/bitcoinj/crypto/EncryptedData.java, line(s) 31 org/bitcoinj/crypto/TrustStoreLoader.java, line(s) 13 org/bitcoinj/store/LevelDBBlockStore.java, line(s) 21 org/consenlabs/imtoken/BuildConfig.java, line(s) 6 org/consenlabs/imtoken/walletapi/BiometricProtectedData.java, line(s) 33 org/consenlabs/tokencore/wallet/model/Messages.java, line(s) 7,18,30,43,53 org/consenlabs/tokencore/wallet/transaction/BitcoinTransaction.java, line(s) 149 org/java_websocket/drafts/Draft_6455.java, line(s) 56 org/reactnative/facedetector/tasks/FileFaceDetectionAsyncTask.java, line(s) 24,26,27
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/nimbusds/jose/jwk/Curve.java, line(s) 18,19,20,18 com/pingplusplus/android/b.java, line(s) 61 com/subgraph/orchid/dashboard/Dashboard.java, line(s) 34 com/subgraph/orchid/data/exitpolicy/Network.java, line(s) 7 com/subgraph/orchid/directory/TrustedAuthorities.java, line(s) 17,17,17,17,17,17,17,17,17,17 org/bitcoinj/core/PeerAddress.java, line(s) 80 org/bitcoinj/core/PeerGroup.java, line(s) 930
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/helpscout/beacon/internal/presentation/common/a.java, line(s) 89 com/helpscout/beacon/internal/presentation/common/i.java, line(s) 125 com/lambdaworks/jni/JarLibraryLoader.java, line(s) 32 com/lwansbrough/RCTCamera/RCTCameraModule.java, line(s) 576,579 com/sun/jna/Native.java, line(s) 811 fr/greweb/reactnativeviewshot/RNViewShotModule.java, line(s) 137 org/bitcoinj/wallet/Wallet.java, line(s) 1022 org/bitcoinj/wallet/WalletFiles.java, line(s) 90
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: cmb/pb/cmbsafe/a.java, line(s) 6 com/pingplusplus/android/PingppUtil.java, line(s) 21 io/sentry/SentryClient.java, line(s) 21 io/sentry/TracesSampler.java, line(s) 4 org/bitcoinj/core/TransactionBroadcast.java, line(s) 11 org/java_websocket/drafts/Draft_6455.java, line(s) 15
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/lambdaworks/crypto/SCryptUtil.java, line(s) 35 com/nimbusds/jose/crypto/RSA_OAEP.java, line(s) 18,30 com/subgraph/orchid/crypto/HybridEncryption.java, line(s) 20 com/subgraph/orchid/crypto/PRNGFixes.java, line(s) 64,68 com/subgraph/orchid/crypto/TorRandom.java, line(s) 13 com/subgraph/orchid/data/RandomSet.java, line(s) 18 com/unionpay/utils/UPUtils.java, line(s) 16 com/unionpay/utils/b.java, line(s) 116 org/java_websocket/drafts/Draft_6455.java, line(s) 539
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/reactnativecommunity/asyncstorage/ReactDatabaseSupplier.java, line(s) 4,5,6,44
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: io/sentry/android/core/util/RootChecker.java, line(s) 22,22,22,22,22
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/unionpay/WebViewJavascriptBridge.java, line(s) 32,29
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个4隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 极光推送的=> "JPUSH_CHANNEL" : "direct" 极光推送的=> "JPUSH_APPKEY" : "0001cdef87e8d060d20de2bd" "CodePushDeploymentKey" : "2i2gy1sFnpXeadGy2FuHdeoxCoZI9d5c5b08-ec09-423f-a28d-7c7f8da6a3ac" 00000000000af0aed4792b1acee3d966af36cf5def14935db8de83d6f9306f2f 60179d81e99d5c5f4fde8b3a8d8f5a3f 92a864886f70d010101050003818d0030818902818100c42e6236d5054ffccaa 48eb9001-f352-5fa0-9b06-8fcaa22602cf c05edc2c23dc10432f9f796c27c7103e e7adfaae647e4438813db82e877ecbd7 F1D0FFF1-DEAA-ECEE-B42F-C9BA7ED623BB 49015F787433103580E3B66A1707A00E60F2D15B 0f9188f13cb7b2c71f2a335e3a4fc328bf5beb436012afca590b1a11466e2206 115792089210356248762697446949407573529996955224135760342422259061068512044369 f6e50617931173015060355040b130e4368696e6120556e696 73518399CB98DCD114D873E06EBF4BCC 3634385a3078310b300906035504061302383631 80550987E1D626E3EBA5E5E75A458DE0626D088C 30820122300D06092A864886F70D01010105000382010F003082010A028201010088BFDFBE85067CD720583FA3F5659BBA629A2335A924F618001DF1B9B89DB769B1C75273493D51CDAD6588441E015226CAAB0D1319BFEAB9E257E6FE6C8227640DA2A5FCCC58963269C908EEEEEB0B7D14E312D15A104E81BC45D1112DCB978C3CA0D483FFB405D6CAC10909733B6B0A8D369B24611E4C284D05077901F36365B407DC3CB29C7B42664A8958063D93E87D405BEE692EDA4068A841D4EE12D7FC57494B24EE72537DAC29DCDCCD721D4AA8C1306D6613B8E04861844DB49DE10A140A7EB8C4D0351CAF5D76D44AADCC5C37E7504A24E31E92F6F3CBC133BF4EFFA889A14D6F1A684A9B471BC5B040F3C04D163158970EED5AE9A011F2A3DDB0810203010001 64c2f89fdffa16729c9779f99562bc189d2ce4722ba0faedb11aa22d0d9db228fda 52b467e9e4b0a3b4e5ec644c ad90bf3beb7b0eb7e5acd74727dc0da96e0a280a258354e7293fb7e211ac03db 525216e7e4b00055e61de9d4 dcc703c0e500b653ca82273b7bfad8045d85a470 14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 D586D18309DED4CD6D57C18FDB97EFA96D330566 54f0a3e8e4b086c0c096a1de 04fc9702847840aaf195de8442ebecedf5b095cdbb9bc716bda9110971b28a49e0ead8564ff0db22209e0374782c093bb899692d524e9d6a6956e7c5ecbcd68284 qpzry9x8gf2tvdw0s3jn54khce6mua7l 27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 D75BB2802E61738A9A03BF014F927D9A 115792089210356248762697446949407573530086143415290314195533631308867097853948 115792089210356248762697446949407573530086143415290314195533631308867097853951 b1fdf62b0f540fca5458b063af9354925a6c3505a18ff164b6b195f6e517eaee1fb783 08eb9b5c67474d027fa03ce35109b11604083ab6bb4df2c46240f879f F1D0FFF2-DEAA-ECEE-B42F-C9BA7ED623BB efdd4707-098b-4e52-9cff-03e44463d855 04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f nkrc4ApV0XYlozFwtIjrGdQuwrKJ3c2h+nNdgZeR/QvSuAFRZvOV0a9dgZGpb0Rm6 8d6754168cf402ac2482448358df257d 30820122300D06092A864886F70D01010105000382010F003082010A0282010100880430F1269DC7388CF1E525A1FB400402D91880CEC25CCAA0F50142C6B45A9845483CCEF6416FE5807F76A128125AE26190C30C5C8BD105E5E25953B41234917CABAAD13DB9ECD94B4B52D76BC2B059BD7A304A6E72573BB46DE642F2F74E2FFA378E3D9FC9C02B8FF1A50823B1342EDE39193E98F00EC0B851BF1F1ADA83FF6BB6DCCC5080124FFC289BB2188ED33C05743C7F7485533C961E20F83357AC7E5C5E3A34557923BA9F5ECDF236714900455E9EA29E966D88F6802227A2CD9305A092D5A9EC4852FE6F07A75FF7A5E6C0ED6B16F6DB5C08ED036D4C07411360CA5DC58079ADB4AA5C2972F05A5C69EC6420267ACA44D89AF4ECFE490939C765770203010001 48439561293906451759052585252797914202762949526041747995844080717082404635286 3015060355040a130e4368696e6120556e696 0f060355040713085368616e676861693117 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112316 00FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF 39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151 b1ff56cef0e21c87260c63ce3ca868bf5974c14 524db929e4b0c2199a391f39 nNGmpNfSOuJjLq3LLOUw/7J5BY16ulUEHoXrHuMYyHY8XVa05FanSOY2yaKP2Qs7p 48eb9002-f352-5fa0-9b06-8fcaa22602cf 585769C78764D58426B8B52B6651A5A71137189A 000000000933ea01ad0ee984209779baaec3ced90fa3f408719526f8d77f4943 387954142406c3c9cc13 0238746c59d46d5408bf8b1d0af5740fe1a6e1703fcb56b2953f0b965c740d256f e65cc9bdc3ad15a9f6e0931b24fbf3cf 2661740802050217063228768716723360960729859168756973147706671368418802944996427808491545080627771902352094241225065558662157113545570916814161637315895999846 52b5b007e4b0a3b4e5ec64da 48eb9003-f352-5fa0-9b06-8fcaa22602cf E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 d9255940da7b6cd07483f4b4243fd1825b2705 04302390343f91cc401d56d68b123028bf52e5fca1939df127f63c6467cdf9c8e2c14b61104cf817d0b780da337893ecc4aaff1309e536162dabbdb45200ca2b0a 36134250956749795798585127919587881956611106672985015071877198253568414405109 80CB800005DFFE02814700 8cc1d6ed5e1b2cc00489215aec3fc2eac008e767b0215981cb5e 00000000000271a2dc26e7667f8419f2e15416dc6955e5a6c6cdf3f2574dd08e 89504e470d0a1a0a0000000d49484452000000210000003c0806000000e8acd32a000000097048597300000b1300000b1301009a9c1800000a4d6943435050686f746f73686f70204943432070726f66696c65000078da9d53775893f7163edff7650f5642d8f0b1976c81002223ac08c81059a21092006184101240c585880a561415119c4855c482d50a489d88e2a028b867418a885a8b555c38ee1fdca7b57d7aefededfbd7fbbce79ce7fcce79cf0f8011122691e6a26a003952853c3ad81f8f4f48c4c9bd80021548e0042010e6cbc26705c50000f00379787e74b03ffc01af6f00020070d52e2412c7e1ff83ba50265700209100e02212e70b01905200c82e54c81400c81800b053b3640a009400006c797c422200aa0d00ecf4493e0500d8a993dc1700d8a21ca908008d0100992847240240bb00605581522c02c0c200a0ac40222e04c0ae018059b632470280bd0500768e58900f4060008099422ccc0020380200431e13cd03204c03a030d2bfe0a95f7085b8480100c0cb95cd974bd23314b895d01a77f2f0e0e221e2c26cb142611729106609e4229c979b231348e7034cce0c00001af9d1c1fe383f90e7e6e4e1e666e76ceff4c5a2fe6bf06f223e21f1dffebc8c020400104ecfefda5fe5e5d60370c701b075bf6ba95b00da560068dff95d33db09a05a0ad07af98b7938fc401e9ea150c83c1d1c0a0b0bed2562a1bd30e38b3eff33e16fe08b7ef6fc401efedb7af000719a4099adc0a383fd71616e76ae528ee7cb0442316ef7e723fec7857ffd8e29d1e234b15c2c158af15889b850224dc779b952914421c995e212e97f32f11f96fd0993770d00ac864fc04eb607b5cb6cc07eee01028b0e58d27600407ef32d8c1a0b91001067343279f7000093bff98f402b0100cd97a4e30000bce8185ca894174cc608000044a0812ab041070cc114acc00e9cc11dbcc01702610644400c24c03c104206e4801c0aa11896411954c03ad804b5b0031aa0119ae110b4c131380de7e0125c81eb70170660189ec218bc86090441c8081361213a8811628ed822ce0817998e04226148349280a420e988145122c5c872a402a9426a915d4823f22d7214398d5c40fa90dbc820328afc8abc47319481b25103d4027540b9a81f1a8ac6a073d174340f5d8096a26bd11ab41e3d80b6a2a7d14be87574007d8a8e6380d1310e668cd9615c8c87456089581a26c71663e55835568f35631d583776151bc09e61ef0824028b8013ec085e8410c26c82909047584c5843a825ec23b412ba085709838431c2272293a84fb4257a12f9c478623ab1905846ac26ee211e219e255e270e135f9348240ec992e44e0a21259032490b496b48db482da453a43ed210699c4c26eb906dc9dee408b280ac209791b7900f904f92fbc9c3e4b7143ac588e24c09a22452a494124a35653fe504a59f324299a0aa51cda99ed408aa883a9f5a496da076502f5387a91334759a25cd9b1643cba42da3d5d09a696769f7682fe974ba09dd831e4597d097d26be807e9e7e983f4770c0d860d83c7486228196b197b19a718b7192f994ca605d39799c85430d7321b9967980f986f55582af62a7c1591ca12953a9556957e95e7aa545573553fd579aa0b54ab550fab5e567da64655b350e3a909d416abd5a91d55bba936aece5277528f50cf515fa3be5ffd82fa630db2868546a08648a35463b7c6198d2116c63265f15842d6725603eb2c6b984d625bb2f9ec4c7605fb1b762f7b4c534373aa66ac6691669de671cd010ec6b1e0f039d99c4ace21ce0dce7b2d032d3f2db1d66aad66ad7ead37da7adabeda62ed72ed16edebdaef75709d409d2c9df53a6d3af77509ba36ba51ba85badb75cfea3ed363eb79e909f5caf50ee9ddd147f56df4a3f517eaefd6efd11f373034083690196c313863f0cc9063e86b9869b8d1f084e1a811cb68ba91c468a3d149a327b826ee8767e33578173e66ac6f1c62ac34de65dc6b3c61626932dba4c4a4c5e4be29cd946b9a66bad1b4d374ccccc82cdcacd8acc9ec8e39d59c6b9e61bed9bcdbfc8d85a5459cc54a8b368bc796da967ccb05964d96f7ac98563e567956f556d7ac49d65ceb2ceb6dd6576c501b579b0c9b3a9bcbb6a8ad9badc4769b6ddf14e2148f29d229f5536eda31ecfcec0aec9aec06ed39f661f625f66df6cf1dcc1c121dd63b743b7c727475cc766c70bceba4e134c3a9c4a9c3e957671b67a1739df33517a64b90cb1297769717536da78aa76e9f7acb95e51aeebad2b5d3f5a39bbb9bdcadd96dd4ddcc3dc57dabfb4d2e9b1bc95dc33def41f4f0f758e271cce39da79ba7c2f390e72f5e765e595efbbd1e4fb39c269ed6306dc8dbc45be0bdcb7b603a3e3d65facee9033ec63e029f7a9f87bea6be22df3dbe237ed67e997e07fc9efb3bfacbfd8ff8bfe179f216f14e056001c101e501bd811a81b3036b031f049904a50735058d05bb062f0c3e15420c090d591f72936fc017f21bf96333dc672c9ad115ca089d155a1bfa30cc264c1ed6118e86cf08df107e6fa6f94ce9ccb60888e0476c88b81f69199917f97d14292a32aa2eea51b453747174f72cd6ace459fb67bd8ef18fa98cb93bdb6ab6727667ac6a6c526c63ec9bb880b8aab8817887f845f1971274132409ed89e4c4d8c43d89e37302e76c9a339ce49a54967463aee5dca2b917e6e9cecb9e773c593559907c3885981297b23fe5832042502f184fe5a76e4d1d13f2849b854f45bea28da251b1b7b84a3c92e69d5695f638dd3b7d43fa68864f4675c633094f522b79911992b923f34d5644d6deaccfd971d92d39949c949ca3520d6996b42bd730b728b74f662b2b930de479e66dca1b9387caf7e423f973f3db156c854cd1a3b452ae500e164c2fa82b785b185b78b848bd485ad433df66feeaf9230b82167cbd90b050b8b0b3d8b87859f1e022bf45bb16238b5317772e315d52ba647869f0d27dcb68cbb296fd50e2585255f26a79dcf28e5283d2a5a5432b82573495a994c9cb6eaef45ab9631561956455ef6a97d55b567f2a17955fac70aca8aef8b046b8e6e2574e5fd57cf5796ddadade4ab7caedeb48eba4eb6eacf759bfaf4abd6a41d5d086f00dad1bf18de51b5f6d4ade74a17a6af58ecdb4cdcacd03356135ed5bccb6acdbf2a136a3f67a9d7f5dcb56fdadabb7bed926dad6bfdd777bf30e831d153bdeef94ecbcb52b78576bbd457df56ed2ee82dd8f1a621bbabfe67eddb847774fc59e8f7ba57b07f645efeb6a746f6cdcafbfbfb2096d52368d1e483a70e59b806fda9bed9a77b5705a2a0ec241e5c127dfa67c7be350e8a1cec3dcc3cddf997fb7f508eb48792bd23abf75ac2da36da03da1bdefe88ca39d1d5e1d47beb7ff7eef31e36375c7358f579ea09d283df1f9e48293e3a764a79e9d4e3f3dd499dc79f74cfc996b5d515dbd6743cf9e3f1774ee4cb75ff7c9f3dee78f5df0bc70f422f762db25b74bad3dae3d477e70fde148af5b6feb65f7cbed573cae74f44deb3bd1efd37ffa6ac0d573d7f8d72e5d9f79bdefc6ec1bb76e26dd1cb825baf5f876f6ed17770aee4cdc5d7a8f78affcbedafdea07fa0fea7fb4feb165c06de0f860c060cfc3590fef0e09879efe94ffd387e1d247cc47d52346238d8f9d1f1f1b0d1abdf264ce93e1a7b2a713cfca7e56ff79eb73abe7dffde2fb4bcf58fcd8f00bf98bcfbfae79a9f372efaba9af3ac723c71fbcce793df1a6fcadcedb7defb8efbadfc7bd1f9928fc40fe50f3d1fa63c7a7d04ff73ee77cfefc2ff784f3fb25d29f33000000206348524d00007a25000080830000f9ff000080e9000075300000ea6000003a980000176f925fc546000002744944415478dabcd9c96b145110c7f1d734b6c9b8ef8a0b2e410cfe77826741100441c48324a006040f8a08828a8a102689c11d238a3b8a0b060feaf7e8e979e9816178f57a7b5587390df47c86ee7e55f52b0738c3cf3ae01af00f580226bdf7ce1af010f0439fbe25622db03802f0c02f2bc41a602100f0c094056215302f00ee0063da881ed01700f78071c069227ac0ac00b85f7eef3411bdf2874280d9618016621cb82b00faa3000dc4caf2610b01e6cb87d469220ae0b60058285f53a78928809b0260b13c299d26a2006e0880475580148802b82e009ed4017445ac28ab6108f014585ff75a6d11397055003c073636b95e1b440e5c11002f804d4dff5453440e5c16004bc09636b7b60922072e0980576d014d10393023005e035bbbbce6751019704100bc01b6753decaa1019705e00bc0576a438f263880c981200ef819da90a9f84c8807302e003b02b65f90f2132e0ac00f804ec4edd0485106704c067608f462b388a382d00be007bb51ae261c42901f015d8a739160c104705c037e080f6703440fc0900be03131623e200f137342302872d114784dbb10c4c5a211c704c80fc040e59211c705c80fc000e5a211c704280a83da852ed3869f9cac6aa68ecf0da6f85303bc6eb7456ea05ad6e7ba75adaeb36bab126e763d726a749cb9f01d31aed5ed3e127d6f8be6bdbf8b6190333e0626404d86e81483e0c758906928d855d4392d880fcb22e24455c5415156cb640740e4d524688b1f8e819b0c102d13a48d388956391e2e310442b602f805b75c355cd55432c667e50aea3d4110e18ab08dc575b20aa560f7340cf6a11175bc24c5bae24a575d4b2f57236b4989bb3460c569433c0ef1234e1bd77ff070038285c304da61b3c0000000049454e44ae426082 niapJQQ53GmboEA5Dyxr2zGELWe5OuyNv84xirXsdEd+9TgVNGeM0k5GjH16JynIS 525552b4e4b0fc33a10a7ca1 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmJ6bwSFsz3cHKfgYsZO 000000000000034a7dedef4a161fa058a2d67a173a90155f3a2fe6fc132e0ebf 4A2B655485ABBAB54BD30298BB0A5B55 f6e5061793111300f06035504031308556e696f6e50617930819f300d060 41058363725152142129326129780047268409114441015993725554835256314039467401291 ny+n4Ls1a1k6+3d5mYB3CuJHi/t33La9if6j6FvfGQNtmG+Fdy0J02VdtmNvrIMJT 6e696f6e5061793111300f06035504031308556e696f6e5061 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 0000000023456789abcdef12123456786789abcd 8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 1001a3e74c601e3beb1b7ae4f9ab2872a0aaf1dbc2cba89c7528cd 536C79B93ACFBEA950AE365D8CE1AEF91FEA9535 6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449 ED03BB616EB2F60BEC80151114BB25CEF515B226 9C0C30889CBCC5E01AB5B2BB88715799 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 11300f060355040813085368616e67686169311130 00000007199508e34a9ff81e6ec0c477a4cccff2a4767a8eee39c11db367b008 861693111300f060355040713085368616e67686169311730 e94ddc285669ec06b8a405dd4341eac4ea7030203010001300d06092a864886f70d010105050003818 04ffff001d0104455468652054696d65732030332f4a616e2f32303039204368616e63656c6c6f72206f6e206272696e6b206f66207365636f6e64206261696c6f757420666f722062616e6b73 15060355040a130e4368696e6120556e696f6e50617931173015060355040b130e4 00000000000743f190a18c5577a3c2d2a1f610ae9601ac046a38084ccb7cd721 EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 f11c3940bd4ed0ab3a85807232305749 B888D25EC8C12BD5043777B1AC49F872 aca376f206b8fc25a6ed44dbdc66547c36c6c33e3a119ffbeaef943642f0e906 80CABF2106A6048302151800 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057148 eyJzdWIiOiIyNlFwdGZNTVM4dHVrNnVPRTBocnpjZnRoYmNJRWpPODNBdTBnUFp0RzdDbHJJeE41eGFvZjFKdllnMjJSV2tldzRTcE1qSFJRRzkyV0JJQ2xGcEFwS2JSeTYvamsxcUNBMFVOelI5UnU2N2N1Lzk2QThlWllna2xHbTl3VjVHejRUcUFXUFZlWUM5cUdZY3VtNEJuUkZGNnFvQUZHRXlwOUJDMXVjV3FoZHhNT0tEZ3AzS0RKRUkzQXpKUmlreENEdzhQZHZDK0ZyK055UzRhK0VYSVBaM1NtRURtY3BReUY4bjBPRHZ3N1Vhekl5UGdmU2srNVRuSUJPNVFwYUZSOUMwN3JEakFiNmE2VXg5RERPS0tYTXdVSXlLdGhkRXpCUUZicEFiUE1kNVJ3MUhqWmxSc0VFRkx3NXdzckJTMlVaK2pNeWxSSzRGNGVxaEN5UHJRYXI3RzdkYTM0RmREeFdNVkJjQ1gxZ09razNIYm15NUpGR3hmS3h0ZVVndjNYK1NrZ3ZLR1ZFY2pKejJVKzNJdEtwODM4eXpjU09aQUZJQnY0a25jekxOM3JwazlOL0dHMktsTmlWT016RjJod0F0QkRMNndNVEQzcXlvUm9hT3NNeHpJUFlzOGw0MFZTOVp5U29PYzBJVEhzd0F1ZVN2TjFBQVk3NmkyNUd1ckNQZzJINjE1UDJyc2hFT2I0NmphaDdSTWF4eWNldlNmVy9ObHB4VmwyemlReXBWeVdId1hQSXpxdG1NZjl4SUptMkpVVzhJdUZvYUVJVVAyc3RTTEpGUFA5S0hzVGxobWI4dlFCV1FGcU1wcnBPSE5FUytNSUVzNlhHc3U5MHZhamozdU02L3l2dG9sUit1Nkx1LzJraWRQV2VEckR5bDQzMkVWZkVnUkpFNFFweDI0VjFycU44ZWR0YUVKK2hVTXhUMzlQZVkzMERGSU1RdXU0Kytjd3p1eTZuZXl4WGRFdVZWay8wQTBqalBCUW5lVlNnRks6Vm9KbE1RL3Rla0Jna1dOYyIsImlzcyI6ImJlYWNvbi1hcGkiLCJleHAiOjE1NTY3MTgxMDAsImlhdCI6MTU1NjcxNDUwMCwianRpIjoiOWU0MzczNmUtNjliNi00MWNkLWJiYTctN2U2MWUwZDcyMDc2In0 1093849038073734274511112390766805569936207598951683748994586394495953116150735016013708737573759623248592132296706313309438452531591012912142327488478985984 23D15D965BC35114467363C165C4F724B64B4F66 000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f niEETO5JGpB9A0HZ7rkTqsu9FPQCP+we42f380hiCSH7MTakzyX5JQkKto84CxaBR 00000000000a4d0a398161ffc163c503763b1f4360639393e0e4c8e300e0caec 54aa526e7a37d8ba2311a1d3d2ab79b3fbeaf3ebb9e7da9e7cdd9be1ae5a53595f47 3757180025770020463545507224491183603594455134769762486694567779615544477440556316691234405012945539562144444537289428522585666729196580810124344277578376784
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a/a/a/a/a/b.java, line(s) 17,30 a/a/a/a/a/c.java, line(s) 26,61 cl/json/RNShareModule.java, line(s) 181,182,185,186,193,204,205,209,210,223,238,239 cl/json/social/SingleShareIntent.java, line(s) 25,28,32 cmb/pb/ui/PBKeyboardActivity.java, line(s) 219 cmb/pb/util/CMBKeyboardFunc.java, line(s) 80 cmb/pb/util/f.java, line(s) 186 cmb/pb/util/i.java, line(s) 14 com/brentvatne/react/ReactVideoView.java, line(s) 435,439 com/drew/imaging/ImageMetadataReader.java, line(s) 273,209,210,224,235,243,244,245,246,247,248,249,250,251,252,253,254,265,267,269 com/drew/lang/CompoundException.java, line(s) 63 com/drew/tools/ExtractJpegSegmentTool.java, line(s) 21,29,36,47,52,60,61,62,65,68 com/drew/tools/ProcessAllImagesInFolderUtility.java, line(s) 77,90,97,98,99 com/drew/tools/ProcessUrlUtility.java, line(s) 16,29,34,51,53,22,47 com/fingerprints/service/FingerprintManager.java, line(s) 374,413,419,213,426,471,473,509,535,596,608,620 com/ftsafe/bluetooth/sdk/utils/a.java, line(s) 13,20,27,63,49,56 com/github/yamill/orientation/OrientationModule.java, line(s) 43,126,140 com/horcrux/svg/Brush.java, line(s) 141,151 com/horcrux/svg/ClipPathView.java, line(s) 35 com/horcrux/svg/ImageView.java, line(s) 140 com/horcrux/svg/LinearGradientView.java, line(s) 78 com/horcrux/svg/MaskView.java, line(s) 83 com/horcrux/svg/PatternView.java, line(s) 90 com/horcrux/svg/RadialGradientView.java, line(s) 92 com/horcrux/svg/UseView.java, line(s) 59,90,105 com/horcrux/svg/VirtualView.java, line(s) 371,302,336,340 com/imagepicker/utils/MediaUtils.java, line(s) 155 com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 201,281,503,538,631,814,892 com/learnium/RNDeviceInfo/RNInstallReferrerClient.java, line(s) 73,79,84,97,27,43,91 com/learnium/RNDeviceInfo/resolver/DeviceIdResolver.java, line(s) 20,23,24,28 com/lwansbrough/RCTCamera/MutableImage.java, line(s) 167,189,212 com/lwansbrough/RCTCamera/RCTCamera.java, line(s) 38,185,229,333,359,377 com/lwansbrough/RCTCamera/RCTCameraModule.java, line(s) 269,296,396,532,543,556,565,581,584 com/lwansbrough/RCTCamera/RCTCameraViewFinder.java, line(s) 178,444,466,279 com/masteratul/exceptionhandler/DefaultErrorScreen.java, line(s) 30,87 com/microsoft/codepush/react/CodePushUtils.java, line(s) 243,247 com/pingplusplus/android/PaymentActivity.java, line(s) 145,146,148,222,230,413,433,493,653,708,790,884,939,1057,1075,1091,1143,1156,1195,1206,1251,697 com/pingplusplus/android/Pingpp.java, line(s) 71,106,116,127,246,256,87,111,122,131,151 com/pingplusplus/android/PingppLog.java, line(s) 27,42 com/pingplusplus/android/PingppUtil.java, line(s) 53 com/pingplusplus/android/PingppWebView.java, line(s) 365,193 com/pingplusplus/android/b.java, line(s) 56,69 com/pingplusplus/android/e.java, line(s) 29 com/pingplusplus/android/f.java, line(s) 129 com/pingplusplus/android/k.java, line(s) 31,40,51,83 com/pingplusplus/android/l.java, line(s) 112 com/pingplusplus/android/wap/JDPayWebView.java, line(s) 107,135 com/pusher/client/example/ExampleApp.java, line(s) 37,42,48,53,73,78,84,89 com/pusher/client/example/PresenceChannelExampleApp.java, line(s) 43,48,54,59,64,69,75,81,102,107,113,118,123,128,134,140,158 com/pusher/client/example/PrivateChannelExampleApp.java, line(s) 41,46,52,57,62,82,87,93,98,103 com/pusher/client/example/PrivateEncryptedChannelExampleApp.java, line(s) 41,46,52,57,62,67,87,92,98,103,108,113 com/pusher/client/example/SimpleWebSocket.java, line(s) 15,20,24,28,32 com/reactnativecommunity/art/ARTShapeShadowNode.java, line(s) 175,202 com/reactnativecommunity/art/ARTSurfaceViewShadowNode.java, line(s) 89 com/reactnativecommunity/asyncstorage/AsyncStorageModule.java, line(s) 143,182,196,210,228,233,238,273,278,298,326,340,354,368,379,384,400,418,448 com/reactnativecommunity/asyncstorage/ReactDatabaseSupplier.java, line(s) 91,94 com/reactnativecommunity/webview/RNCWebViewManager.java, line(s) 773,836,762,778,795,838,168 com/reactnativecommunity/webview/RNCWebViewModule.java, line(s) 292,297,321,326,213,237 com/samsung/android/sdk/pass/Spass.java, line(s) 53 com/samsung/android/sdk/pass/SpassFingerprint.java, line(s) 128,131,214,339,344,203,208,228,312,347,617,144,179,357,368,558,639 com/samsung/android/sdk/pass/d.java, line(s) 15 com/samsung/android/sdk/pass/support/SdkSupporter.java, line(s) 27 com/samsung/android/sdk/pass/support/v1/FingerprintManagerProxyFactory.java, line(s) 73 com/subgraph/orchid/TorClient.java, line(s) 197,202 com/subgraph/orchid/directory/router/RouterDescriptorImpl.java, line(s) 279,287,296,299 com/sun/jna/Native.java, line(s) 1331,1334,1335 com/swmansion/gesturehandler/react/RNGestureHandlerRootHelper.java, line(s) 37,51 com/swmansion/gesturehandler/react/RNGestureHandlerRootView.java, line(s) 36 com/swmansion/reanimated/nodes/DebugNode.java, line(s) 21 com/th3rdwave/safeareacontext/SafeAreaView.java, line(s) 74 com/unionpay/b/d.java, line(s) 25 com/unionpay/b/g.java, line(s) 25 com/unionpay/utils/j.java, line(s) 19,25,21,17,23 fr/greweb/reactnativeviewshot/DebugViews.java, line(s) 24 fr/greweb/reactnativeviewshot/RNViewShotModule.java, line(s) 121,80 fr/greweb/reactnativeviewshot/ViewShot.java, line(s) 103,124 im/imkey/imkeylibrary/bluetooth/Ble.java, line(s) 161 im/shimo/react/prompt/RNPromptModule.java, line(s) 67,75 io/sentry/SystemOutLogger.java, line(s) 14,22,31 io/sentry/android/core/AndroidLogger.java, line(s) 73,69,61,65,71 io/sentry/transport/StdoutTransport.java, line(s) 35 org/bitcoinj/store/DatabaseFullPrunedBlockStore.java, line(s) 1012,1022,1040,1053 org/bitcoinj/store/LevelDBFullPrunedBlockStore.java, line(s) 894,304 org/consenlabs/imtoken/dappbrowser/DAppBrowser.java, line(s) 147 org/consenlabs/imtoken/dappbrowser/JsInjectorClient.java, line(s) 40,57 org/consenlabs/tokencore/wallet/WalletManager.java, line(s) 523 org/koin/android/logger/AndroidLogger.java, line(s) 52,58,60,56 org/koin/core/time/MeasureKt.java, line(s) 19,27 org/reactnative/facedetector/tasks/FileFaceDetectionAsyncTask.java, line(s) 84 timber/log/Timber.java, line(s) 509,527
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/helpscout/common/extensions/ContextExtensionsKt.java, line(s) 4,109 com/reactnativecommunity/clipboard/ClipboardModule.java, line(s) 4,46
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/helpscout/beacon/a/b/c/a.java, line(s) 21,21
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/helpscout/beacon/internal/data/remote/BeaconUiApiService.java, line(s) 53,53 com/helpscout/beacon/internal/data/remote/chat/ChatApiService.java, line(s) 41,41 com/unionpay/a/b.java, line(s) 29,28,27,27
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/unionpay/UPPayAssistEx.java, line(s) 198 io/sentry/android/core/DefaultAndroidEventProcessor.java, line(s) 94 io/sentry/android/core/util/RootChecker.java, line(s) 40,22,22,22,22,22,22,34
综合安全基线评分总结
imToken v3.28.8
Android APK
47
综合安全评分
中风险