应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Top浏览器 v4.6.16
47
安全评分
安全基线评分
47/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
5
高危
32
中危
3
信息
2
安全
隐私风险评估
3
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
5
中危安全漏洞
32
安全提示信息
3
已通过安全项
2
重点安全关注
0
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: c/t/c/j/r1/z/u.java, line(s) 290,303,281
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: org/adblockplus/libadblockplus/android/webview/AdblockWebView.java, line(s) 623,18,19
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c/b/a/c/m0/c.java, line(s) 29,78 c/b/a/c/v/a.java, line(s) 53,79 c/m/c/a/a/a/a/a.java, line(s) 215,307 c/t/a/i/d0/h.java, line(s) 405
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: c/b/a/c/i0/a.java, line(s) 69
高危安全漏洞 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: c/t/b/a/m/a.java, line(s) 37,5,6,7,8,9
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity-Alias (com.pocket.topbrowser.home.Launcher_0) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.pocket.topbrowser.home.Launcher_1) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.pocket.topbrowser.home.Launcher_2) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.pocket.topbrowser.home.Launcher_3) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.pocket.topbrowser.home.Launcher_4) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.pocket.topbrowser.home.Launcher_5) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.pocket.topbrowser.home.Launcher_6) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.pocket.topbrowser.home.Launcher_7) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.pocket.topbrowser.home.Launcher_8) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.pocket.topbrowser.home.Launcher_9) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.pocket.topbrowser.home.Launcher_10) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.pocket.topbrowser.home.Launcher_11) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.pocket.topbrowser.home.Launcher_12) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.tencent.tauth.AuthActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.pocket.topbrowser.wxapi.WXEntryActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.fm.ya.pay.activity.WxPayActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.pocket.topbrowser.wxapi.WXPayEntryActivity) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.alipay.sdk.app.PayResultActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.alipay.sdk.app.AlipayResultActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 IP地址泄露
IP地址泄露 Files: c/m/b/d/a/a/g/k/a.java, line(s) 7 c/m/b/d/a/a/h/a.java, line(s) 13 c/m/b/e/h1.java, line(s) 52 c/m/b/e/p1.java, line(s) 11 c/m/b/e/u.java, line(s) 21 c/m/b/g/a/a.java, line(s) 20 c/m/c/a/a/b/g/a.java, line(s) 162 m/e/a/d/u/a.java, line(s) 62,115 m/e/a/d/v/b.java, line(s) 92,154 m/e/a/f/a.java, line(s) 276,386 m/e/a/f/u.java, line(s) 45
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: c/b/a/c/i0/a.java, line(s) 7 c/b/a/c/j0/m.java, line(s) 42 c/b/a/c/v/d.java, line(s) 5 c/b/a/c/w/b.java, line(s) 13 c/b/a/c/z/d.java, line(s) 9 c/x/c/d.java, line(s) 46 h/e0/a.java, line(s) 3 h/e0/b.java, line(s) 4 h/e0/d/a.java, line(s) 4 m/e/a/f/z/b.java, line(s) 4 org/adblockplus/libadblockplus/android/settings/Utils.java, line(s) 13 org/adblockplus/libadblockplus/android/webview/AdblockWebView.java, line(s) 27 org/jsoup/helper/DataUtil.java, line(s) 15
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: c/b/a/c/b/b.java, line(s) 354,355,519,520 c/b/a/c/d/c.java, line(s) 12,24,28 c/t/a/k/a.java, line(s) 87 c/t/a/w/l0.java, line(s) 15 c/t/a/w/m0.java, line(s) 60 c/t/a/w/s.java, line(s) 10 c/t/c/j/q1/n.java, line(s) 12 c/t/c/o/x/i.java, line(s) 36 c/x/c/d.java, line(s) 513,905 c/x/c/f/a.java, line(s) 21 c/x/c/f/f.java, line(s) 20,26 c/x/c/g/k.java, line(s) 414 c/z/a/e/d/c.java, line(s) 49 com/pocket/topbrowser/browser/imageExtract/BrowseImageAdapter.java, line(s) 125,127,129
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: c/t/c/j/h1/d/c.java, line(s) 6,7,8,86,327,328,329,330,331,332,333,341,342 c/x/c/d.java, line(s) 6,7,758,763 m/f/a/a.java, line(s) 6,7,239 m/f/a/i/g.java, line(s) 4,20
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c/t/a/w/c0.java, line(s) 15 c/x/c/g/i.java, line(s) 150 c/x/c/g/k.java, line(s) 393 m/e/a/a/n/c.java, line(s) 85,93
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: c/d/a/n/i.java, line(s) 81 c/d/a/n/p/d.java, line(s) 38 c/d/a/n/p/p.java, line(s) 94 c/d/a/n/p/x.java, line(s) 78 com/pocket/common/db/read/Cache.java, line(s) 97 org/adblockplus/libadblockplus/HttpClient.java, line(s) 21 org/adblockplus/libadblockplus/android/settings/SharedPrefsStorage.java, line(s) 11,12,13,15,14,16,19,17,20,21 org/jsoup/helper/W3CDom.java, line(s) 47 org/jsoup/nodes/DocumentType.java, line(s) 10,11,13 org/jsoup/parser/TokeniserState.java, line(s) 1217,1220 org/seimicrawler/xpath/core/Constants.java, line(s) 5
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c/b/a/c/a/c.java, line(s) 115 c/b/a/c/m0/b.java, line(s) 11 c/b/a/c/m0/c.java, line(s) 28,77 c/b/a/c/n0/a.java, line(s) 72 c/b/a/c/z/d.java, line(s) 59 c/m/b/e/p.java, line(s) 60 c/m/c/a/a/a/b/a.java, line(s) 15 c/m/c/a/a/a/e/b.java, line(s) 31,53 m/d/a/l/a/d/l.java, line(s) 88 m/j/a/a/a/a.java, line(s) 164
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: c/h/b/f/a.java, line(s) 40 c/t/c/j/q1/n.java, line(s) 12 c/y/a/a/c.java, line(s) 96 com/theartofdev/edmodo/cropper/CropImageActivity.java, line(s) 217 m/e/a/h/o.java, line(s) 134
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: org/adblockplus/libadblockplus/android/webview/AdblockWebView.java, line(s) 353,356
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 华为HMS Core 应用ID的=> "com.huawei.hms.client.appid" : "appid=104869663" "fragment_adblock_settings_enabled_key" : "adblock_enabled" "fragment_adblock_settings_aa_enabled_key" : "adblock_aa_enabled" "fragment_adblock_settings_filter_lists_key" : "adblock_filter_lists" "fragment_adblock_settings_allowed_connection_type_key" : "adblock_allowed_connection_type" "library_roundedimageview_authorWebsite" : "https://github.com/vinc3m1" "fragment_adblock_settings_al_key" : "adblock_al_domains" c3d1ebc56392ad9a451f22d51c9bb259 173cf86fe9894a0f70dadd09d4fd88c380836099d4939f8c3754361bdc16a32b 07ff9b7aeeff969173c45b285fe0fecdbaae244576ff7a2796a36f1c0c11adb4 E49D5C2C0E11B3B1B96CA56C6DE2A14EC7DAB5CCC3B5F300D03E5B4DBA44F539 92974c6802419e4d18b5ec536cbfa167b8e8eff09ec4c8510a5b95750b1e0c82 33761B2D-78BB-4A43-8B0B-4F5BEE8AACF3 d8391a394d4a179e6fe7bdb8a301258b 89efa9e6224c1f4f1a7bcf23f310964e db53fcdc9ab71e9bdd4eab257fe1aba7989ad2b24fbe3a85dfef72ea1dd6bae2 1d8e66e896002a522dbb7547ab39e6e0 d80f18e8081b624cc64985f87f70118f1702985d2e10dbc985ee7be334fd3c7d AADB8D7E-AEEF-4415-AD2B-8204D6CF042E 58c4b2bd530170b56b7bc3b006fa4355 f6040d0e807aaec325ecf44823765544e92905158169f694b282bf17388632cf95a83bae7d2d235c1f039b0df1dcca5fda619b6f7f459f2ff8d70ddb7b601592fe29fcae58c028f319b3b12495e67aa5390942a997a8cb572c8030b2df5c2b622608bea02b0c3e5d4dff3f72c9e3204049a45c0760cd3604af8d57f0e0c693cc 3081a0adab3018d57165e6dd24074bdbac640f6dbe21a9e24d3474a87ebf38b8 59627784-3BE5-417A-B9EB-8131A7286089 61405f54314602341a126d96 1DA0C57D-6C06-438A-9B27-10BCB3CE0F61 e6b1bdcb890370f2f2419fe06d0fdf7628ad0083d52da1ecfe991164711bbf9297e75353de96f1740695d07610567b1240549af9cbd87d06919ac31c859ad37ab6907c311b4756e1e208775989a4f691bff4bbbc58174d2a96b1d0d970a05114d7ee57dfc33b1bafaf6e0d820e838427018b6435f903df04ba7fd34d73f843df9434b164e0220baabb10c8978c3f4c6b7da79d8220a968356d15090dea07df9606f665cbec14d218dd3d691cce2866a58840971b6a57b76af88b1a65fdffd2c080281a6ab20be5879e0330eb7ff70871ce684e7174ada5dc3159c461375a0796b17ce7beca83cf34f65976d237aee993db48d34a4e344f4d8b7e99119168bdd7 bb49f2794c2f018b547cac59074e7abd 4bdecdf772491e35c4e8b48f88aee22bae1311984f2e1da4dfad0b78ee7f5163 b368b110e3b565fe97c91f786e11bc48754cc8e4e6f21d8a94a68ac6ad67aaaf 4230baa077b401374d0fc012375047e79ea0790d58d095ef18d97d95470c738d db48223fd9e143f7e133c57f5d08a4e38549ce3ebd921fe3b4003c26e5e35bed e2f856b9f9a4fd4cb2795aeaf83268e4bff189aaec05d691ffde76e075b82648 f8d927750a0952ffb5bd87dfb83d781ae65f7bed043a7886d1d3cdcfc94bb77a 16a09e667f3bcc908b2fb1366ea957d3e3adec17512775099da2f590b0667322a B92825C2BD5D6D6D1E7F39EECD17843B7D9016F611136B75441BC6F4D3F00F05 e9702f1e92e97fce49cdf81a5fa730a4e913554d09b3fe41e1d8a7fba00a8459 QrMgt8GGYI6T52ZY5AnhtxkLzb8egpFn3j5JELI8H6wtACbUnZ5cc3aYTsTRbmkAkRJeYbtx92LPBWm7nBO9UIl7y5i5MQNmUZNf5QENurR5tGyo7yJ2G0MBjWvy6iAtlAbacKP0SwOUeUWx5dsBdyhxa7Id1APtybSdDgicBDuNjI0mlZFUzZSS9dmN8lBD0WTVOMz0pRZbR3cysomRXOO1ghqjJdTcyDIxzpNAEszN8RMGjrzyU7Hjbmwi6YNK 24fbae40bcd50b759b26e3ba0f46aa25e932fa7da05f226d75ec507bcf53bce5 b6cbad6cbd5ed0d209afc69ad3b7a617efaae9b3c47eabe0be42d924936fa78c8001b1fd74b079e5ff9690061dacfa4768e981a526b9ca77156ca36251cf2f906d105481374998a7e6e6e18f75ca98b8ed2eaf86ff402c874cca0a263053f22237858206867d210020daa38c48b20cc9dfd82b44a51aeb5db459b22794e2d649 5fed96c85bd58c58aadbd465c172a4c9a794d8eb2f86cbc7bcee6caf4c7a2c5f 403f14ad2f0e5eb3c4f3a0bcd5c1592cc4492662ad53191c92905255d4990656
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: c/a/a/a/f/a.java, line(s) 80,145,152,57,148 c/a/a/a/f/b.java, line(s) 58,98,69,85,119 c/b/a/c/c0/b.java, line(s) 137,41,148,160 c/b/a/c/c0/c.java, line(s) 26 c/b/a/c/g/a.java, line(s) 55 c/b/a/c/g0/a.java, line(s) 64,88 c/b/a/c/p/b.java, line(s) 20 c/b/a/c/p/e.java, line(s) 80 c/b/a/c/r/a.java, line(s) 27,43 c/d/a/c.java, line(s) 222,231,178,221,228,179 c/d/a/l/a.java, line(s) 280 c/d/a/m/d.java, line(s) 102,132,101,131 c/d/a/m/e.java, line(s) 61,82,100,60,81,99 c/d/a/n/o/b.java, line(s) 47,46 c/d/a/n/o/j.java, line(s) 78,99,77,98,102,108,115,112,116 c/d/a/n/o/l.java, line(s) 48,47 c/d/a/n/o/p/c.java, line(s) 101,100 c/d/a/n/o/p/e.java, line(s) 53,52 c/d/a/n/p/a0/j.java, line(s) 133,174,134,175 c/d/a/n/p/a0/k.java, line(s) 102,114,189,224,101,113,134,141,169,188,198,213,223,135,142,175,199,214 c/d/a/n/p/b0/e.java, line(s) 34,40,68,78,35,69,41,81 c/d/a/n/p/b0/i.java, line(s) 114,98 c/d/a/n/p/c0/a.java, line(s) 129,126 c/d/a/n/p/c0/b.java, line(s) 38,37 c/d/a/n/p/h.java, line(s) 504,326,340,503,451 c/d/a/n/p/i.java, line(s) 57,58 c/d/a/n/p/k.java, line(s) 17,144 c/d/a/n/p/q.java, line(s) 102 c/d/a/n/p/z.java, line(s) 107,108 c/d/a/n/q/c.java, line(s) 17,16 c/d/a/n/q/d.java, line(s) 40,39 c/d/a/n/q/f.java, line(s) 96,95 c/d/a/n/q/s.java, line(s) 93,96 c/d/a/n/q/t.java, line(s) 37,36 c/d/a/n/r/a.java, line(s) 78,79 c/d/a/n/r/d/a0.java, line(s) 130,135,147,156,163,131,136,148,157,164,165,166,170 c/d/a/n/r/d/c0.java, line(s) 168,165 c/d/a/n/r/d/d.java, line(s) 16,17 c/d/a/n/r/d/k.java, line(s) 181,199,209,212,215,218,221,250,257,345,355,367,379,384,180,198,208,211,214,217,220,249,256,344,354,366,378,383 c/d/a/n/r/d/m.java, line(s) 93,312,92,175,311,395,419,176,243,396 c/d/a/n/r/d/n.java, line(s) 43,49,44,50 c/d/a/n/r/d/r.java, line(s) 83,84 c/d/a/n/r/h/a.java, line(s) 62,83,88,93,63,84,89,94 c/d/a/n/r/h/c.java, line(s) 25,26 c/d/a/n/r/h/i.java, line(s) 42,45 c/d/a/o/e.java, line(s) 34,33,62,78,63,79 c/d/a/o/f.java, line(s) 15,14 c/d/a/o/k.java, line(s) 158,159 c/d/a/o/l.java, line(s) 191,192,203 c/d/a/o/n.java, line(s) 93,94 c/d/a/p/e.java, line(s) 49,56,67,72,48,55,60,66,71,61 c/d/a/r/h.java, line(s) 562,19,493,519 c/d/a/r/j/j.java, line(s) 60,140,141,61 c/d/a/s/b.java, line(s) 22 c/d/a/t/k/a.java, line(s) 55,56 c/e/a/a.java, line(s) 566 c/e/a/d.java, line(s) 439,533 c/e/a/g.java, line(s) 2516 c/h/b/a/b/e/a/a.java, line(s) 124 c/h/b/f/b.java, line(s) 62,71 c/h/b/m/d.java, line(s) 18,40,61 c/h/b/m/f.java, line(s) 50,190,299 c/i/a/c0/a.java, line(s) 20 c/k/a/a/g.java, line(s) 107 c/k/a/a/i/a.java, line(s) 39 c/m/b/a/c/a.java, line(s) 17,13 c/m/b/a/f/a.java, line(s) 27,29,22 c/m/b/a/f/b.java, line(s) 51,66,33 c/m/b/b/b.java, line(s) 56,198,313,63,103,123,135,153,167,173,196,206,221,230,286,288,293,303,305,309,331,348,363 c/m/b/c/a/f.java, line(s) 36,103,118,190 c/m/b/e/p1.java, line(s) 38,46,31,44,42 c/m/b/f/b.java, line(s) 89,32,119,133,142,153,163,100 c/m/b/f/c.java, line(s) 135,65,85,102,119,145,158,171,184,203,220,236,252,78,95,112,151,164,177,213,229,245,313,315,317,319,321,323 c/m/b/f/d.java, line(s) 18,21 c/m/b/f/f.java, line(s) 29,36,38,44,52 c/m/b/f/g.java, line(s) 29,53,62,71,80 c/m/b/f/i.java, line(s) 34 c/m/b/f/j.java, line(s) 29,41,50,66 c/m/b/f/k.java, line(s) 33,45,133,143,179,114,126,135,137,171,183,50,41 c/m/b/f/l.java, line(s) 121 c/m/b/f/m.java, line(s) 25,18,33 c/m/b/f/o.java, line(s) 22,25 c/m/b/f/p.java, line(s) 51,57,103,107,113,93,122 c/m/c/a/a/a/e/f.java, line(s) 14,18 c/m/c/a/a/b/g/a.java, line(s) 117,126,128,197 c/m/c/a/a/b/g/f.java, line(s) 14,18,22,26 c/m/c/a/a/c/a.java, line(s) 43,46,48 c/m/c/a/a/c/b.java, line(s) 16,33 c/m/c/a/a/c/c.java, line(s) 60,67,74 c/m/c/a/a/d/b.java, line(s) 69,95,122 c/o/a/d/a.java, line(s) 20,39,10,29,18,37,22,41,14,33 c/p/a/r/a.java, line(s) 14,21,45,52 c/r/a/a.java, line(s) 151 c/t/a/i/d0/h.java, line(s) 70,76,131,215,366,369,378,380,387,398,452 c/t/a/i/y.java, line(s) 497,521,47,65,83,101,121,138,177,194,229,247,265,291 c/t/a/i/z.java, line(s) 104,112,153,168 c/t/a/s/g.java, line(s) 37,76 c/t/a/s/k.java, line(s) 78 c/t/a/s/l/b.java, line(s) 40,45,232,233 c/t/a/s/l/c.java, line(s) 16,31 c/t/a/w/m.java, line(s) 28,35,46 c/t/a/w/o.java, line(s) 13 c/t/c/j/h1/c/b.java, line(s) 62,51 c/t/c/j/h1/c/c.java, line(s) 29,36,50,60,70,77,96,107,117,55,99 c/t/c/j/h1/c/d.java, line(s) 98,156,175,178,182,221,284 c/t/c/j/h1/c/e.java, line(s) 87 c/t/c/j/h1/d/c.java, line(s) 100,240,247,253,260,267,273,338 c/t/c/j/h1/d/d/b.java, line(s) 59,87 c/t/c/j/h1/e/b.java, line(s) 16,34,35 c/t/c/j/q1/g.java, line(s) 76 c/t/c/j/q1/o.java, line(s) 69,73,83,86 c/t/c/j/r1/z/u.java, line(s) 200,221,325,328,332 c/t/c/m/n.java, line(s) 121 c/x/c/f/a.java, line(s) 114 c/x/c/f/g.java, line(s) 16,26,31,20,12,24 c/y/a/a/c.java, line(s) 105,455 c/z/a/e/d/d.java, line(s) 134,174 com/caverock/androidsvg/SVGImageView.java, line(s) 77,87,116,118,120,131,106 com/fm/ui/file_path/SelectFilePathActivity.java, line(s) 154 com/github/barteksc/pdfviewer/PDFView.java, line(s) 357,422 com/library/flowlayout/FlowLayoutManager.java, line(s) 139,166,210,215 com/makeramen/roundedimageview/RoundedImageView.java, line(s) 134,152 com/pocket/common/dialog/AppUpdatingDialog.java, line(s) 79,85,90,95,103,108,210,212 com/pocket/common/download/DownloadDialog.java, line(s) 201 com/pocket/topbrowser/browser/av/DLNACastActivity.java, line(s) 181,186,197,201,210,214,223,227,236,243,302,441,446,464,469,474,479,484,489,494,499 com/pocket/topbrowser/browser/av/VideoActivity.java, line(s) 1445 com/pocket/topbrowser/browser/offlinepage/OfflinePageActivity.java, line(s) 42 com/pocket/topbrowser/home/main/MainActivity.java, line(s) 200,272,293 com/pocket/topbrowser/home/navigation/ScanCodeActivity.java, line(s) 146,154 com/pocket/topbrowser/home/personal/PerfectInfoActivity.java, line(s) 154 com/pocket/topbrowser/home/personal/PersonalFragment.java, line(s) 509 com/pocket/topbrowser/home/subscribe/SubscribeFragment.java, line(s) 197 com/pocket/topbrowser/home/view/NavGestureView.java, line(s) 141,237 com/pocket/topbrowser/login/LoginActivity.java, line(s) 98,161 com/pocket/topbrowser/reader/ReadBookFragment.java, line(s) 932 com/pocket/topbrowser/reader/activity/BookChapter2ViewModel.java, line(s) 146 com/shockwave/pdfium/PdfiumCore.java, line(s) 44,36,198,202 com/tbruyelle/rxpermissions3/RxPermissionsFragment.java, line(s) 46,56 com/theartofdev/edmodo/cropper/CropImageActivity.java, line(s) 141,256 com/theartofdev/edmodo/cropper/CropOverlayView.java, line(s) 217 f/a/g.java, line(s) 129,132,137 k/i0/b.java, line(s) 350 k/i0/j/i/c.java, line(s) 46,84,84 m/a/a/a/e0.java, line(s) 8,11 m/a/a/a/n.java, line(s) 8 m/a/a/a/o.java, line(s) 147 m/a/a/a/x.java, line(s) 34,39,48,161,163,164 m/e/a/f/u.java, line(s) 38,63,107,145,154,162,194,208,49,53 m/e/a/h/a0/d.java, line(s) 45,89 m/f/a/e.java, line(s) 7,11,15,19,23,27 m/g/b/w0.java, line(s) 542 m/g/b/y2.java, line(s) 653 m/j/b/b/a/a.java, line(s) 26,42 m/j/b/c/a/b.java, line(s) 128,47,139,151 m/j/b/c/a/c.java, line(s) 25 m/l/f/h.java, line(s) 50,54,55 org/adblockplus/libadblockplus/JniExceptionHandler.java, line(s) 33 r/a/a/a.java, line(s) 72,86,114,122,126 r/a/a/e.java, line(s) 186,185 xyz/doikki/videoplayer/util/L.java, line(s) 15,21,27,37
安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: c/t/a/w/p.java, line(s) 11,15,4
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: c/t/a/w/p.java, line(s) 4,8
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: c/b/a/c/h0/b.java, line(s) 19,19,19,19,19,19
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: c/m/c/a/a/b/e.java, line(s) 38,79,157,37,78,156,36,75,153 c/t/a/s/l/b.java, line(s) 268,158,240 c/x/c/b/c.java, line(s) 47,23,46,45,45 k/i0/j/c.java, line(s) 107,105,104 k/i0/j/d.java, line(s) 121,110,119,127,118,118,120 k/i0/j/g.java, line(s) 106,104,103,103 k/i0/j/h.java, line(s) 231,218,229,228,228 m/e/a/h/d0/b.java, line(s) 255,275,160,190,229,254,274,108,108,253,273
综合安全基线评分总结
Top浏览器 v4.6.16
Android APK
47
综合安全评分
中风险