应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Pulsar v1.0.0
52
安全评分
安全基线评分
52/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
3
高危
17
中危
3
信息
3
安全
隐私风险评估
1
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
3
中危安全漏洞
17
安全提示信息
3
已通过安全项
3
重点安全关注
0
高危安全漏洞 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/appsflyer/internal/AFa1zSDK.java, line(s) 232 com/datavisorobfus/k0.java, line(s) 30
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/xly/analytics/android/sdk/encrypt/utils/EncryptUtils.java, line(s) 35
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/reactnativecommunity/webview/m.java, line(s) 234,16
中危安全漏洞 Activity (com.engagelab.privates.common.component.MTCommonActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (io.invertase.firebase.messaging.ReactNativeFirebaseMessagingReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 高优先级 Intent(900) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/datavisorobfus/h.java, line(s) 54,53 com/datavisorobfus/l.java, line(s) 253,252 com/xly/analytics/android/webview/impl/UBSWebViewProtocolImpl.java, line(s) 25,24
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/ReactNativeBlobUtil/Utils/c.java, line(s) 41 com/ReactNativeBlobUtil/f.java, line(s) 399,442,457,469,502,440,455,480,481,482,483,484,485,486,486,500 com/datavisor/vangogh/storage/local/a.java, line(s) 105 com/datavisor/vangogh/storage/local/b.java, line(s) 13,15 com/datavisorobfus/i.java, line(s) 1455 com/datavisorobfus/l.java, line(s) 188 com/datavisorobfus/p.java, line(s) 287 com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 481 com/reactnativecommunity/webview/o.java, line(s) 268 com/rnfs/RNFSManager.java, line(s) 588,577,579,582,606 io/invertase/firebase/utils/ReactNativeFirebaseUtilsModule.java, line(s) 113,118,119,120 j6/b.java, line(s) 30,47,66
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/appsflyer/reactnative/RNAppsFlyerConstants.java, line(s) 36,27 com/datavisor/vangogh/face/DVKeyName.java, line(s) 4,5 com/mt/BuildConfig.java, line(s) 7,14,16 com/xly/analytics/android/sdk/advert/utils/ChannelUtils.java, line(s) 31,32,33,34,35 com/xly/analytics/android/sdk/core/mediator/Modules.java, line(s) 63,65,66 com/xly/analytics/android/sdk/data/adapter/DbParams.java, line(s) 57,21,23 com/xly/analytics/android/sdk/debugdata/UBSDebugDataManager.java, line(s) 28,32 com/xly/analytics/android/sdk/debugdata/UBSDebugEventData.java, line(s) 54 com/xly/analytics/android/sdk/encrypt/biz/UBSSecretKeyManager.java, line(s) 104,125,24 com/xly/analytics/android/sdk/encrypt/impl/UBSEncryptAPIImpl.java, line(s) 131 com/xly/analytics/android/sdk/encrypt/utils/EncryptUtils.java, line(s) 25 com/xly/analytics/android/sdk/plugin/encrypt/AbstractStoreManager.java, line(s) 452,471,490,509,528 com/xly/analytics/android/sdk/plugin/encrypt/StoreManager.java, line(s) 12 com/xly/analytics/android/sdk/useridentity/Identities.java, line(s) 25 com/xly/analytics/android/sdk/util/UBSDataHelper.java, line(s) 134,141,126,108
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/xly/analytics/android/sdk/data/OldBDatabaseHelper.java, line(s) 5,6,20 com/xly/analytics/android/sdk/data/UBSDataDBHelper.java, line(s) 5,6,26
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: aai/telemetry/datas/d.java, line(s) 5 ai/advance/common/utils/p.java, line(s) 13 com/datavisor/vangogh/util/ExceptionUtil.java, line(s) 8 com/datavisorobfus/o.java, line(s) 11 s7/a.java, line(s) 3
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/datavisorobfus/e0.java, line(s) 26 com/datavisorobfus/l0.java, line(s) 12,31,48 com/xly/analytics/android/sdk/advert/oaid/impl/OppoImpl.java, line(s) 72
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/datavisorobfus/c.java, line(s) 95 com/xly/af/utils/e.java, line(s) 433,517 com/xly/security/SecurityGuard.java, line(s) 146,177
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/datavisor/vangogh/util/ExceptionUtil.java, line(s) 64 com/datavisorobfus/g.java, line(s) 21 com/datavisorobfus/o.java, line(s) 101
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: ai/advance/event/d.java, line(s) 31 com/ReactNativeBlobUtil/p.java, line(s) 46 com/xly/af/utils/b.java, line(s) 356 com/xly/analytics/android/sdk/visual/ViewSnapshot.java, line(s) 124 u6/b.java, line(s) 16
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/reactnativecommunity/webview/o.java, line(s) 268
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 Engagelab-推送SDK的=> "ENGAGELAB_PRIVATES_CHANNEL" : "developer-default" Engagelab-推送SDK的=> "ENGAGELAB_PRIVATES_APPKEY" : "3970b44d8c27d11d426b4383" "ENGAGELAB_PRIVATES_CHANNEL_high" : "HIGH" "ENGAGELAB_PRIVATES_CHANNEL_low" : "LOW" "ENGAGELAB_PRIVATES_CHANNEL_normal" : "NORMAL" "ENGAGELAB_PRIVATES_CHANNEL_silence" : "SILENCE" "google_api_key" : "AIzaSyDOghRlg5kfbf8mWW-1h9yXLlPTUZYui_M" "google_app_id" : "1:939626467161:android:9ff57f6f11d06617620648" "google_crash_reporting_api_key" : "AIzaSyDOghRlg5kfbf8mWW-1h9yXLlPTUZYui_M" 90ad8a027f84ce68aec33e643a7ef759 H6ik7UfoqtAwYIZxE9A68jVW8J/oAjw= MJCR3nbjtc8ARKt9HOAI/AZAzrHiEyhubQ== MJCR3nbjtc8ARKt/AP825zhTxLPuFzw= 9ff57f6f11d06617620648 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F KZGR3Uffq88OW6tuEewC9j5V3A== FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 e4b001df9a082298dd090bb7455c45d92fbd5dda 3970b44d8c27d11d426b4383 23456789abcdefghjkmnpqrstvwxyz E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 dI2H2mzZqo8OQIQxI/oZ8itF3Lf7XC57dQ==
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: aai/liveness/LivenessIntentModule.java, line(s) 61,89 ai/advance/common/utils/h.java, line(s) 25,49,31,55,37,61,43,67 ai/advance/core/i.java, line(s) 138,572 c1/a.java, line(s) 88,87 com/ammarahmed/mmkv/RNMMKVModule.java, line(s) 59 com/appsflyer/internal/AFg1eSDK.java, line(s) 51,101,66,55,61,59 com/appsflyer/reactnative/RNAppsFlyerModule.java, line(s) 70,98,382,387,392,396,403,408,523,602,607 com/github/barteksc/pdfviewer/PDFView.java, line(s) 636,1135,1164 com/github/barteksc/pdfviewer/i.java, line(s) 118 com/horcrux/svg/FilterView.java, line(s) 49 com/imagepicker/c.java, line(s) 23 com/imagepicker/g.java, line(s) 28 com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 288,348,689,846,1068,1084 com/learnium/RNDeviceInfo/h.java, line(s) 62,97,118,128 com/learnium/RNDeviceInfo/resolver/a.java, line(s) 59,65 com/margelo/rnquicksqlite/SequelModule.java, line(s) 28,37 com/mt/MTMainActivity.java, line(s) 96 com/mt/MTMainApplication.java, line(s) 120 com/mt/rn_module/MTIntentData.java, line(s) 57,62,71,74 com/pairip/licensecheck/LicenseActivity.java, line(s) 93,71 com/pairip/licensecheck/LicenseClient.java, line(s) 77,90,121,138,168,196,187,112 com/reactnativecommunity/webview/i.java, line(s) 148,130,150 com/reactnativecommunity/webview/m.java, line(s) 199,212 com/reactnativecommunity/webview/o.java, line(s) 293,298,340,345,244,423,457 com/shockwave/pdfium/PdfiumCore.java, line(s) 43,35,344,348,374,378 com/swmansion/reanimated/NativeMethodsHelper.java, line(s) 93 com/swmansion/reanimated/ReanimatedModule.java, line(s) 91 com/swmansion/reanimated/ReanimatedUIManagerFactory.java, line(s) 20 com/swmansion/reanimated/keyboard/WindowsInsetsManager.java, line(s) 50,59,103,122 com/swmansion/reanimated/layoutReanimation/AnimationsManager.java, line(s) 409,423 com/swmansion/reanimated/layoutReanimation/ReanimatedNativeHierarchyManager.java, line(s) 41 com/swmansion/reanimated/layoutReanimation/ScreensHelper.java, line(s) 17 com/swmansion/reanimated/layoutReanimation/SharedTransitionManager.java, line(s) 457 com/swmansion/reanimated/layoutReanimation/TabNavigatorObserver.java, line(s) 37,105 com/swmansion/reanimated/nativeProxy/NativeProxyCommon.java, line(s) 157 com/swmansion/reanimated/sensor/ReanimatedSensorContainer.java, line(s) 32 com/swmansion/rnscreens/ScreenStackHeaderConfigViewManager.java, line(s) 30 com/swmansion/rnscreens/ScreensModule.java, line(s) 44,55,47 com/swmansion/rnscreens/SearchBarManager.java, line(s) 28 com/th3rdwave/safeareacontext/SafeAreaView.java, line(s) 129 com/xly/af/utils/log/a.java, line(s) 64 com/xly/analytics/RNUBSAnalyticsModule.java, line(s) 45,55,65,75,90,100,113,129,147,161,182,196,213,224,282,296,310,324,335,345,355,365,379,389,399,409,419,429,439,449,459,469,479,489,504,514,524,534,544,554,564,574,584,594,267,269 com/xly/analytics/android/autotrack/core/UBSAutoTrackContextHelper.java, line(s) 51,52 com/xly/analytics/android/autotrack/core/autotrack/ActivityLifecycleCallbacks.java, line(s) 105,153,232,380 com/xly/analytics/android/autotrack/core/autotrack/FragmentViewScreenCallbacks.java, line(s) 57,99,104,164,169 com/xly/analytics/android/autotrack/core/impl/UBSAutoTrackProtocolIml.java, line(s) 246 com/xly/analytics/android/sdk/AbstractUBSDataAPI.java, line(s) 70,81,138,309,310,318,196,271,275 com/xly/analytics/android/sdk/AnalyticsMessages.java, line(s) 314,420,424,82,90,106,121,143,150,157,164,223,227,235,272,364,367,368,373,477 com/xly/analytics/android/sdk/UBSDataAPI.java, line(s) 1185,1189,1192,121,149,157,158,1163,1228,1273,1296,1461,1653,1664,135,156,420 com/xly/analytics/android/sdk/UBSLog.java, line(s) 13,78,30,37,53 com/xly/analytics/android/sdk/advert/deeplink/UBSChannelDeepLink.java, line(s) 38 com/xly/analytics/android/sdk/advert/deeplink/UBSDeepLinkManager.java, line(s) 121,82 com/xly/analytics/android/sdk/advert/impl/UBSAdvertProtocolImpl.java, line(s) 107,178 com/xly/analytics/android/sdk/advert/oaid/OAIDRom.java, line(s) 113 com/xly/analytics/android/sdk/advert/oaid/UBSOaidHelper.java, line(s) 49,84,103,118,125,133,164,167,170,196,208 com/xly/analytics/android/sdk/advert/oaid/impl/AsusImpl.java, line(s) 42,65,75 com/xly/analytics/android/sdk/advert/oaid/impl/CoolpadImpl.java, line(s) 43,66,76 com/xly/analytics/android/sdk/advert/oaid/impl/HuaweiImpl.java, line(s) 46,62,66,70,81,102 com/xly/analytics/android/sdk/advert/oaid/impl/LenovoImpl.java, line(s) 41,65,75 com/xly/analytics/android/sdk/advert/oaid/impl/MeizuImpl.java, line(s) 26,30,40 com/xly/analytics/android/sdk/advert/oaid/impl/NubiaImpl.java, line(s) 23,29,38,42 com/xly/analytics/android/sdk/advert/oaid/impl/OAIDFactory.java, line(s) 28 com/xly/analytics/android/sdk/advert/oaid/impl/OppoImpl.java, line(s) 50,81,99,109 com/xly/analytics/android/sdk/advert/oaid/impl/SamsungImpl.java, line(s) 41,64,74 com/xly/analytics/android/sdk/advert/oaid/impl/VivoImpl.java, line(s) 37,44 com/xly/analytics/android/sdk/advert/oaid/impl/XiaomiImpl.java, line(s) 23,39 com/xly/analytics/android/sdk/advert/oaid/impl/ZTEImpl.java, line(s) 46,67,76,91,105,127 com/xly/analytics/android/sdk/advert/scan/ChannelDebugScanHelper.java, line(s) 96,105,113 com/xly/analytics/android/sdk/aop/push/UBSPushAutoTrackHelper.java, line(s) 33,42,73,102,115,131,140,160,182,212,225,234,241,250,264,276,284,291,306,312,340 com/xly/analytics/android/sdk/core/UBSContextManager.java, line(s) 150 com/xly/analytics/android/sdk/core/business/UBSPluginVersion.java, line(s) 35 com/xly/analytics/android/sdk/core/event/imp/BaseEventAssemble.java, line(s) 38,83 com/xly/analytics/android/sdk/core/event/imp/H5TrackAssemble.java, line(s) 161,162 com/xly/analytics/android/sdk/core/event/imp/ItemEventAssemble.java, line(s) 83,84 com/xly/analytics/android/sdk/core/event/imp/StoreDataImpl.java, line(s) 21,24 com/xly/analytics/android/sdk/core/event/imp/TrackEventAssemble.java, line(s) 249,65,241,242 com/xly/analytics/android/sdk/core/mediator/UBSModuleManager.java, line(s) 54,56 com/xly/analytics/android/sdk/data/UBSDataDBHelper.java, line(s) 71,81 com/xly/analytics/android/sdk/data/UBSProviderHelper.java, line(s) 250,275 com/xly/analytics/android/sdk/data/adapter/DataOperation.java, line(s) 60,72,149 com/xly/analytics/android/sdk/data/adapter/EncryptDataOperation.java, line(s) 69,55 com/xly/analytics/android/sdk/data/adapter/EventDataOperation.java, line(s) 74,84,87 com/xly/analytics/android/sdk/data/adapter/TransportEncryption.java, line(s) 60 com/xly/analytics/android/sdk/data/persistent/PersistentSuperProperties.java, line(s) 22 com/xly/analytics/android/sdk/debugdata/UBSDebugDataManager.java, line(s) 151,165,167,188,200,203,249,268,273,278,283,291,295,298 com/xly/analytics/android/sdk/dialog/SchemeActivity.java, line(s) 27,54,64 com/xly/analytics/android/sdk/dialog/UBSDataDialogUtils.java, line(s) 91,104,119,148,202,280,298,306,434 com/xly/analytics/android/sdk/encrypt/AESSecretManager.java, line(s) 41,66,83 com/xly/analytics/android/sdk/encrypt/biz/UBSSecretKeyManager.java, line(s) 104,125,131 com/xly/analytics/android/sdk/encrypt/encryptor/ECEncrypt.java, line(s) 19 com/xly/analytics/android/sdk/encrypt/impl/UBSEncryptAPIImpl.java, line(s) 131 com/xly/analytics/android/sdk/encrypt/utils/EncryptUtils.java, line(s) 84,93 com/xly/analytics/android/sdk/exposure/AppPageChange.java, line(s) 20,26,32,38 com/xly/analytics/android/sdk/exposure/ExposedPage.java, line(s) 44,60,89 com/xly/analytics/android/sdk/exposure/ExposedTransform.java, line(s) 79,104,121,143,154 com/xly/analytics/android/sdk/exposure/ExposureVisible.java, line(s) 46 com/xly/analytics/android/sdk/exposure/StayDurationRunnable.java, line(s) 62,85,92 com/xly/analytics/android/sdk/exposure/UBSExposedProcess.java, line(s) 66,182,187,216,237,241,249 com/xly/analytics/android/sdk/jsbridge/AppWebViewInterface.java, line(s) 56,86,96,111 com/xly/analytics/android/sdk/jsbridge/JSHookAop.java, line(s) 20,28,36,44,69 com/xly/analytics/android/sdk/network/HttpConfig.java, line(s) 23,32 com/xly/analytics/android/sdk/network/RealRequest.java, line(s) 29,65,92,110 com/xly/analytics/android/sdk/plugin/encrypt/AbstractStoreManager.java, line(s) 170,210,250,291,337,352,378,390,438,452,471,490,509,528,562 com/xly/analytics/android/sdk/plugin/property/PropertyPluginManager.java, line(s) 79,82,98,104 com/xly/analytics/android/sdk/push/core/UBSPushProcess.java, line(s) 120,161,182,205,210,231,285,295,319,329,335,357 com/xly/analytics/android/sdk/realtimedata/UBSRealTimeDataManager.java, line(s) 95,100 com/xly/analytics/android/sdk/remote/BaseUBSDataSDKRemoteManager.java, line(s) 60,61,75,80,90,112,123,140 com/xly/analytics/android/sdk/remote/UBSDataRemoteManager.java, line(s) 52,100,111,115,148,149,154,159,185,193,199,246,249 com/xly/analytics/android/sdk/remote/UBSDataRemoteManagerDebug.java, line(s) 52,78,87,100,118,119,124,126,127,133,134,140,158,163,168,184 com/xly/analytics/android/sdk/useridentity/Identities.java, line(s) 200,210,219,255 com/xly/analytics/android/sdk/useridentity/LoginIDAndKey.java, line(s) 19,29,32,44 com/xly/analytics/android/sdk/useridentity/UserIdentityAPI.java, line(s) 99,176,194,210,217 com/xly/analytics/android/sdk/util/AppInfoUtils.java, line(s) 44 com/xly/analytics/android/sdk/util/AppStateTools.java, line(s) 195 com/xly/analytics/android/sdk/util/DeviceUtils.java, line(s) 41,46,52,57,64,151,165 com/xly/analytics/android/sdk/util/NetworkUtils.java, line(s) 40,55,62,69,205,239 com/xly/analytics/android/sdk/util/Pathfinder.java, line(s) 122,174 com/xly/analytics/android/sdk/util/PermissionUtils.java, line(s) 44 com/xly/analytics/android/sdk/util/ThreadUtils.java, line(s) 86,112 com/xly/analytics/android/sdk/util/ToastUtil.java, line(s) 60,71 com/xly/analytics/android/sdk/util/UBSDataHelper.java, line(s) 134,141,48,61,66,71,75,88,93,106,113,126,151,155 com/xly/analytics/android/sdk/util/UBSDataUtils.java, line(s) 113,143,198,239 com/xly/analytics/android/sdk/util/UBSSchemeHelper.java, line(s) 86,100 com/xly/analytics/android/sdk/util/UBSSpUtils.java, line(s) 21 com/xly/analytics/android/sdk/util/UBSViewUtils.java, line(s) 67,68,81,276,453 com/xly/analytics/android/sdk/util/WebUtils.java, line(s) 11 com/xly/analytics/android/sdk/visual/AbstractNodesManager.java, line(s) 227 com/xly/analytics/android/sdk/visual/ViewSnapshot.java, line(s) 292,126 com/xly/analytics/android/sdk/visual/VisualDebugHelper.java, line(s) 58,75,130 com/xly/analytics/android/sdk/visual/VisualizedAutoTrackService.java, line(s) 41,54,72 com/xly/analytics/android/sdk/visual/WebViewVisualInterface.java, line(s) 30,39 com/xly/analytics/android/sdk/visual/impl/UBSVisualProtocolImpl.java, line(s) 74,83 com/xly/analytics/android/sdk/visual/property/UBSVisualConfigRequestHelper.java, line(s) 45,51,65,76,126 com/xly/analytics/android/sdk/visual/property/UBSVisualPropertiesCache.java, line(s) 80,143 com/xly/analytics/android/sdk/visual/property/UBSVisualPropertiesManager.java, line(s) 141,161,208,210,214,228,257,272,277,285,304,320 com/xly/analytics/android/sdk/visual/snap/Caller.java, line(s) 80,89,98 com/xly/analytics/android/sdk/visual/snap/ResourceReader.java, line(s) 76,97,98 com/xly/analytics/android/sdk/visual/utils/AlertMessageUtils.java, line(s) 119,131 com/xly/analytics/android/sdk/visual/view/PairingCodeRequestHelper.java, line(s) 31,59,69 com/xly/analytics/android/sdk/visual/view/UBSPairingCodeEditDialog.java, line(s) 32,77,94,100,131,134 com/xly/analytics/data/UBSViewProperties.java, line(s) 31,52 com/xly/module/jpush/JPushReceiver.java, line(s) 27,28,65 com/xly/module/push/CustomeFirebaseMessagingService.java, line(s) 329,332,335,299,308,320,347 com/xly/module/push/f.java, line(s) 94,106 com/xly/module/push/utils/a.java, line(s) 12,28,36,44,52,63 com/xly/module/push/utils/b.java, line(s) 111,116,426,451,502,777,310,462 com/xly/security/SecurityGuard.java, line(s) 151,157,184 d4/a.java, line(s) 30 g0/d.java, line(s) 194,228,222 g3/e.java, line(s) 36,57,74,91,108,125,142,159 i0/a.java, line(s) 34 io/invertase/firebase/app/ReactNativeFirebaseAppModule.java, line(s) 31 io/invertase/firebase/app/a.java, line(s) 20 io/invertase/firebase/common/a.java, line(s) 78 io/invertase/firebase/common/g.java, line(s) 35 io/invertase/firebase/common/o.java, line(s) 86,261,315,112 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingModule.java, line(s) 188 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingReceiver.java, line(s) 17,38 io/invertase/firebase/utils/ReactNativeFirebaseUtilsModule.java, line(s) 99 j6/a.java, line(s) 43 j6/b.java, line(s) 25,33,39,68,74 k4/a.java, line(s) 30,58,65,72,37,29,36,43,44,50,57,64,71,51 org/wonday/pdf/PdfView.java, line(s) 112 t1/a.java, line(s) 38,43,47,72 timber/log/c.java, line(s) 200,218 v1/h.java, line(s) 33,35,36,39 v6/b.java, line(s) 11,28,17,23,34,40 y7/b.java, line(s) 77 z0/e.java, line(s) 49,121,129,143,148
安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/reactnativecommunity/clipboard/ClipboardModule.java, line(s) 30,33,4
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/reactnativecommunity/clipboard/ClipboardModule.java, line(s) 4,249
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: g1/s.java, line(s) 61,60,240,59,59
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: ai/advance/core/i.java, line(s) 823,823,826,826 com/xly/af/utils/e.java, line(s) 564,549,573,549,549,549,549,549 com/xly/security/SecurityGuard.java, line(s) 109,87,91,91,91,91,91,91,33,198
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/939626467161/namespaces/firebase:fetch?key=AIzaSyDOghRlg5kfbf8mWW-1h9yXLlPTUZYui_M ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
综合安全基线评分总结
Pulsar v1.0.0
Android APK
52
综合安全评分
中风险