应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Empower MX v1.29.4.340
52
安全评分
安全基线评分
52/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
3
高危
19
中危
3
信息
3
安全
隐私风险评估
5
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
3
中危安全漏洞
19
安全提示信息
3
已通过安全项
3
重点安全关注
0
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: Q/AbstractC1776i.java, line(s) 97 Q/AbstractC7001i.java, line(s) 97
高危安全漏洞 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/appsflyer/internal/AFb1tSDK.java, line(s) 444
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个5隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 Activity (finance.empower.android.app.DeepLinkLaunchActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(finance.empower.android.app.loan.repayment.stripe.LoanAddDebitCardInfoView) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.stripe.android.link.LinkRedirectHandlerActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.stripe.android.payments.StripeBrowserProxyReturnActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: f3/C1330g.java, line(s) 50 f3/C4289g.java, line(s) 50
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: C9/C0930c.java, line(s) 196 C9/C0931d.java, line(s) 66 C9/C3315c.java, line(s) 204 C9/C3316d.java, line(s) 72 F9/a.java, line(s) 98 G9/C1631a.java, line(s) 358,453,262,169 G9/C4539a.java, line(s) 185,284,385,485 Ha/C0793w.java, line(s) 167 Ha/C2054w.java, line(s) 244 Ha/InterfaceC0792v.java, line(s) 157,339 Ha/InterfaceC2053v.java, line(s) 361,168 Ha/Y.java, line(s) 423,127 Ib/F.java, line(s) 299 K0/V.java, line(s) 45 K9/c.java, line(s) 43 M8/C2541a.java, line(s) 209,209 M8/C6340a.java, line(s) 227,227 O5/b.java, line(s) 55 P0/C1758z.java, line(s) 45 P0/C6914z.java, line(s) 45 P5/C0731e.java, line(s) 78 P5/C2347e.java, line(s) 82 P5/w.java, line(s) 118 P9/C2840f.java, line(s) 128 P9/C6948f.java, line(s) 136 Q1/C1799h.java, line(s) 46 Q1/C7024h.java, line(s) 50 Q1/W.java, line(s) 83 S0/C1887a1.java, line(s) 435 S0/C1929t0.java, line(s) 25 S0/C7262a1.java, line(s) 435 S0/C7306t0.java, line(s) 25 S7/a.java, line(s) 182 T9/C.java, line(s) 92 T9/C0794a.java, line(s) 65 T9/C0796c.java, line(s) 89 T9/C2520a.java, line(s) 68 T9/C2522c.java, line(s) 95 Y8/ConsumerSession.java, line(s) 667,667 Y8/r.java, line(s) 113,347,236 Y8/t.java, line(s) 59 c6/b.java, line(s) 134 cb/C1116d.java, line(s) 79 cb/C3332d.java, line(s) 85 com/launchdarkly/sdk/LDContext.java, line(s) 15 com/stripe/android/googlepaylauncher/h.java, line(s) 72 com/stripe/android/googlepaylauncher/i.java, line(s) 87 com/stripe/android/model/Source.java, line(s) 1132 com/stripe/android/model/StripeIntent.java, line(s) 893 com/stripe/android/model/b.java, line(s) 360 com/stripe/android/model/c.java, line(s) 201 com/stripe/android/model/f.java, line(s) 45,85 com/stripe/android/model/l.java, line(s) 403 com/stripe/android/model/p.java, line(s) 881 com/stripe/android/model/r.java, line(s) 686 com/stripe/android/model/w.java, line(s) 588 com/stripe/android/model/z.java, line(s) 202 com/stripe/android/payments/bankaccount/ui/a.java, line(s) 82 com/stripe/android/payments/core/authentication/threeds2/c.java, line(s) 164 com/stripe/android/payments/paymentlauncher/b.java, line(s) 149,282,415,282,415 com/stripe/android/paymentsheet/addresselement/a.java, line(s) 77 com/stripe/android/paymentsheet/j.java, line(s) 52,105 com/stripe/android/paymentsheet/k.java, line(s) 80 com/stripe/android/paymentsheet/n.java, line(s) 117,176 com/stripe/android/paymentsheet/paymentdatacollection/polling/b.java, line(s) 105 com/stripe/android/paymentsheet/paymentdatacollection/polling/c.java, line(s) 250 com/withpersona/sdk2/inquiry/internal/i.java, line(s) 1481 com/withpersona/sdk2/inquiry/network/ErrorResponse.java, line(s) 847 d8/l.java, line(s) 100 e8/j.java, line(s) 275 e9/c.java, line(s) 44 finance/empower/android/data/api/StripeDetails.java, line(s) 43 finance/empower/android/data/model/CriticalActionDetailsDto.java, line(s) 99 finance/empower/android/data/model/User.java, line(s) 310 gg/C1637a0.java, line(s) 59 gg/C4613a0.java, line(s) 64 h8/C1697g.java, line(s) 72 h8/C4687g.java, line(s) 74 ia/AbstractC1587i.java, line(s) 222,127 ia/AbstractC4944i.java, line(s) 131,230 j8/g.java, line(s) 112 k8/r.java, line(s) 123 n2/c.java, line(s) 188 o8/PopupPayload.java, line(s) 1003 x8/C3044f.java, line(s) 294 x8/C7843f.java, line(s) 315 y9/g.java, line(s) 241
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: J4/AbstractC1762m.java, line(s) 7 J4/AbstractC5291m.java, line(s) 7 K5/AbstractC2079o.java, line(s) 10 K5/AbstractC5696o.java, line(s) 10 K5/x.java, line(s) 9 M4/AbstractC2432q.java, line(s) 8 M4/AbstractC6231q.java, line(s) 8 M4/C2392l.java, line(s) 4 M4/C6191l.java, line(s) 4 M4/P.java, line(s) 7 Tf/C7450b.java, line(s) 12 Tf/b.java, line(s) 12 U0/C2009b.java, line(s) 12 U0/C7506b.java, line(s) 11 V6/d.java, line(s) 5 Zg/O.java, line(s) 4 i4/y.java, line(s) 7 k4/AbstractC1871h0.java, line(s) 7 k4/AbstractC5488h0.java, line(s) 7 k4/C1799A.java, line(s) 4 k4/C5416A.java, line(s) 4 k4/G.java, line(s) 8 kf/a.java, line(s) 3 l4/N5.java, line(s) 7 n4/AbstractC2668p.java, line(s) 8 n4/AbstractC6534p.java, line(s) 8 n4/C2628k.java, line(s) 4 n4/C6494k.java, line(s) 4 n4/O.java, line(s) 7 n4/W.java, line(s) 8 n4/Z.java, line(s) 4
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: H6/C1683b.java, line(s) 52 H6/C4673b.java, line(s) 55 io/sentry/util/D.java, line(s) 35
中危安全漏洞 IP地址泄露
IP地址泄露 Files: C7/a.java, line(s) 16,17,18,19,20,16 Ge/C1374c.java, line(s) 22 Ge/C4599c.java, line(s) 24 bc/O0.java, line(s) 8 finance/empower/android/app/profile/ProfileActivity.java, line(s) 191 io/sentry/SpotlightIntegration.java, line(s) 107
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: H6/C1684c.java, line(s) 96 H6/C4674c.java, line(s) 98 a/r.java, line(s) 128
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: finance/empower/android/app/web/b.java, line(s) 594,588 support/ada/embed/widget/AdaEmbedView.java, line(s) 768,779
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: Ca/b.java, line(s) 103 io/sentry/android/core/C1699e0.java, line(s) 287 io/sentry/android/core/C5085e0.java, line(s) 298 support/ada/embed/widget/AdaEmbedView.java, line(s) 569
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: H3/M.java, line(s) 12,13,188,218,230,234,274,392,435,529 H3/W.java, line(s) 4,5,159
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: N7/a.java, line(s) 7,7,7,9,7,9,7,7 Qb/l.java, line(s) 25,25,25,27,25,27,25,25 io/sentry/android/core/internal/util/n.java, line(s) 22,22,22,22,22
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: support/ada/embed/widget/AdaEmbedView.java, line(s) 784,779
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/294954864360/namespaces/firebase:fetch?key=AIzaSyABmJ5cxtOwqeg5pQ4jLJxUyBD9fijwVWI ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"address_validation_prompt_enabled": "true",
"app_review_prompt_enabled": "true",
"bank_statement_experiment_enabled": "false",
"bank_statement_inferred_end_date": "true",
"bank_statement_instruction_banks": "{}",
"bank_statement_instructions_enabled": "false",
"bank_statement_on_home_feed": "true",
"bank_statement_oom_fix": "false",
"bank_statement_password_support": "false",
"bank_statement_password_support_v2": "true",
"bank_statement_skip_flow_enabled": "false",
"belvo_access_route_disabled": "false",
"change_phone_number_on_landing_enabled": "false",
"connected_accounts_enabled": "true",
"curp_already_existing_user_screen": "true",
"curp_confirmation_modal_enabled": "true",
"debit_card_show_justification": "false",
"duv_2_enabled": "true",
"enable_state_restoration_for_statements_upload": "false",
"fix_anr_encryption_enabled": "true",
"home_feed_feature_radar_enabled": "true",
"home_feed_modal_frequency_prompt": "{ \"fix_penny_auth\": 86400000, \"fix_delivery_account\": 86400000, \"fix_bank_statement\": 86400000, \"credit_report\": 86400000, \"address_validation\": 86400000, \"fix_debit_card\": 86400000 }",
"improve_referral_code_capture": "true",
"landing_screen_show_new": "true",
"launch_darkly_extra_logs_enabled": "true",
"loan_due_date_on_calendar_enabled": "false",
"loan_experiment_fixed_percent_fee": "true",
"loan_experiment_high_amount_modal_enabled": "true",
"loan_experiment_preselect_middle_enabled": "true",
"loan_experiment_variable_percent_fee": "false",
"loan_interest_every_day_enabled": "false",
"loan_max_amount": "5000",
"loan_multi_offers_enabled": "false",
"loan_multi_offers_fix_enabled": "true",
"loan_multi_repay_date_enabled": "true",
"loan_repayment_show_oxxo": "false",
"loan_tile_show_fees": "true",
"messaging_communication_channel": "1",
"number_of_bank_statements_required": "3",
"onboarding_address_enabled": "false",
"onboarding_address_validation_details": "{ \"enabled\": false, \"neighbourhood_required\": false, \"municipality_required\": false }",
"onboarding_cic_critical_action_enabled": "false",
"onboarding_cic_enabled": "true",
"onboarding_curp_validation_enabled": "true",
"onboarding_free_form_kyc_enabled": "true",
"onboarding_id_verification_info_view_enabled": "false",
"onboarding_id_verification_show_customer_support": "true",
"onboarding_name_as_password_input_enabled": "true",
"onboarding_references_details": "{ \"enabled\": true, \"mandatory_references_required\": 2, \"mandatory_disclosure\": false }",
"onboarding_reset_phone_number_enabled": "true",
"onboarding_show_welcome_call_screen": "false",
"onboarding_submit_appsflyer_details_enabled": "true",
"optimized_sms_parser_enabled": "true",
"penny_auth_belvo_retries": "{ \"belvo_retries\": { \"bancoazteca_mx_retail\": 0, \"bancoppel_mx_retail\": 0, \"banorte_mx_retail\": 0, \"banregio_mx_retail\": 7, \"bancomer_mx_retail\": 0, \"banamex_mx_retail\": 7, \"hey_mx_retail\": 7, \"hsbc_mx_retail\": 7, \"inbursa_mx_retail\": 7, \"liverpool_mx_retail\": 7, \"santander_mx_retail\": 0, \"scotiabank_mx_retail\": 7 } }",
"penny_auth_enabled": "true",
"permission_read_calendar_enabled": "true",
"permission_read_phone_state_enabled": "true",
"permission_read_sms_early_ask": "false",
"permission_read_sms_enabled": "true",
"permissions_details": "{ \"access_fine_location\": { \"title\": { \"us\": \"Get your location\", \"mx\": \"Conocer tu ubicación\" }, \"description\": { \"us\": \"We use the location permission for fraud prevention and enhanced security.\", \"mx\": \"Usamos tu ubicación para prevenir intentos de fraude y reforzar la seguridad de la app.\" }, \"enabled\": true, \"mandatory\": false }, \"get_accounts\": { \"enabled\": false, \"mandatory\": false }, \"read_contacts\": { \"title\": { \"us\": \"Contacts\", \"mx\": \"Tu lista de contactos\" }, \"description\": { \"us\": \"We use this information exclusively as input for our credit model, we do not share this information and we will never contact anyone on your contact list. \", \"mx\": \"Utilizamos esta información exclusivamente para nuestros modelos de crédito, no compartimos esta información con nadie más y nunca nos pondremos en contacto con ninguno de tus contactos.\" }, \"enabled\": false, \"mandatory\": false }, \"read_sms\": { \"title\": { \"us\": \"SMS\", \"mx\": \"Mensajes de texto\" }, \"description\": { \"us\": \"We use this information exclusively as input for our credit model and this also helps our models validate your identity, we will never share the content of your messages. \", \"mx\": \"Utilizamos esta información exclusivamente para nuestros modelos de crédito y también nos ayuda a validar tu identidad, nunca compartiremos el contenido de tus mensajes con nadie.\" }, \"enabled\": true, \"mandatory\": false }, \"read_calendar\": { \"title\": { \"us\": \"Calendar\", \"mx\": \"Calendario\" }, \"description\": { \"us\": \"We use this information exclusively as input for our credit model, we do not share this information.\", \"mx\": \"Solamente utilizamos esta información como un parámetro en nuestro modelo de crédito, nadie más tendrá acceso a esta información.\" }, \"enabled\": true, \"mandatory\": false }, \"read_phone_state\": { \"title\": { \"us\": \"Phone state\", \"mx\": \"Estado del teléfono\" }, \"description\": { \"us\": \"This ensures that the cell phone number is active, and that it is linked to the device you are using to open the account.\", \"mx\": \"Esto nos ayuda a validar que el número de celular esté activo y que esté vinculado al dispositivo que se está utilizando para abrir la cuenta.\" }, \"enabled\": true, \"mandatory\": false } }",
"permissions_enabled": "true",
"permissions_home_feed_prompt_enabled": "true",
"permissions_home_feed_prompt_frequency_days": "1",
"permissions_minimal_word_count": "5",
"permissions_network_details_as_json": "false",
"permissions_to_server": "true",
"permissions_underwriting_list_apps": "true",
"persona_template_new_sex_enabled": "true",
"prompt_active_loan_users": "false",
"prompt_to_play_store": "false",
"reference_accepts_sms": "true",
"referral_amount": "100",
"referral_code_fix": "true",
"referral_from_loan_enroll_enabled": "true",
"referral_landing_screen_cheer_lady_enabled": "false",
"referral_landing_screen_full_text_enabled": "true",
"referrals_enabled": "false",
"referrals_enabled_dynamic_link": "true",
"sentry_cut_launch_darkly_logs_enabled": "true",
"sentry_disable_span_traces": "true",
"sentry_enable_user_interaction": "false",
"show_other_banks_tile_enabled": "true",
"skip_belvo_link_account_enabled": "true",
"spei_instruction_banks": "{ \"banks\": [ \"bancomer_mx_retail\", \"bancoazteca_mx_retail\" ] }",
"stripe_continue_on_intent_answered": "false",
"stripe_continue_on_intent_launched": "true",
"stripe_intents_enabled": "true",
"support_communication_channel": "{ \"option\": 2, \"whatsapp_url\": \"https://wa.me/525539718338\", \"zendesk_number\": \"+525539718338\" }",
"support_custom_modal_details": "{ \"title_en\": \"Important\", \"details_en\": \"We are currently experiencing intermittent issues with the SPEI network, so we are unable to send or receive transfers. If you’re having trouble accepting or paying your loan, please try again in a few hours. Thank you for your patience and understanding.\", \"title_es\": \"Aviso Importante\", \"details_es\": \"En este momento estamos experimentando retrasos con el envío y recepción de pagos. No es necesario que lo reportes.\" }",
"support_custom_modal_enabled": "false",
"survey_questions_enabled": "true",
"tech_retrofit_calls_config": "{ \"live_config\": { \"fetch_live_config\": false }, \"bank_statements\": { \"submit_bank_statement\": false, \"submit_most_recent\": false, \"dates_required\": false, \"fetch_bank_statement\": false }, \"user\": { \"fetch_user\": false, \"delete_user\": false, \"email_add\": false, \"email_verify\": false, \"call_initiate\": false, \"user_details\": false, \"user_meta\": false, \"user_references\": false, \"questionnaire_data\": false, \"user_attribution\": false }, \"penny\": { \"submit_clabe\": false }, \"loan_agreement\": { \"fetch_existing_loan_agreements\": false, \"fetch_existing_loan_agreement_document\": false, \"fetch_existing_loan_agreement_document_with_new_repay_date\": false, \"fetch_loan_offer_agreement_document\": false, \"accept_loan_offer_agreement\": false } }",
"upload_statements_enabled": "true",
"version_management": "{\"android\":{\"min_required_version\":167,\"min_recommended_version\":167}}",
"whatsapp_copy_to_prefill_enabled": "false",
"whatsapp_prefill_on_button_tapped_enabled": "false"
},
"state": "UPDATE",
"templateVersion": "395"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "com.google.firebase.crashlytics.mapping_file_id" : "e934273bf8144dfaa773c11004c4072a" "debit_card_auth_start" : "Comenzar" "google_api_key" : "AIzaSyABmJ5cxtOwqeg5pQ4jLJxUyBD9fijwVWI" "google_app_id" : "1:294954864360:android:cc0a228385a0c01e98435d" "google_crash_reporting_api_key" : "AIzaSyABmJ5cxtOwqeg5pQ4jLJxUyBD9fijwVWI" "onboarding_cic_authorize" : "Autorizar" Vn3kj4pUblROi2S+QfRRL9nhsaO2uoHQg6+dpEtxdTE= b6abbffd-e952-4eea-8d7e-06346c7f55f9 115792089210356248762697446949407573530086143415290314195533631308867097853951 b9ce7bac-72ca-432f-9039-a556ea907149 cc2affa3-4e7c-4e62-b414-e2969c2d31b0 EC0786B4-3970-4D38-9633-0D413860F903 78fe4ac1-a1fd-490c-a252-ceee31b540d4 55066263022277343669578718895168534326250603453777594175500187360389116729240 645ff40a-27e4-4e18-84c9-bc6444a25187 8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 2dcbc461-579e-4b70-9a82-4ef8be212734 6cd2d33a-193d-4209-9c74-f96c161f284e b35c289d-ace7-456d-9998-d7bb56f37f86 4b47af9b-9408-4271-94f7-01928d482d36 0d0c46c9-0e0c-4f51-ba94-1737f085e126 0bf30166-75b8-46eb-9962-6ab03c2ac6c8 4170fdef-d2dc-4ffd-8335-e6ed593e394d fe14e61b-7df7-4eb5-b4e1-0e6d11435595 d8eafb1d-bee7-4af7-82d3-d80787550827 3f1f26d7-8a09-41ea-a598-b5674cf87a8e 6a647b09-c74d-488c-998d-16617fbe4fe7 9e8e61f1-b13a-45fe-8571-a6a15bb04323 e15a6438-a14e-4b55-9675-4c162bc96464 50599905-613f-4141-a805-e31d7a0f147f a3652498-9140-4d30-8d0b-b530fe433ccd 2661740802050217063228768716723360960729859168756973147706671368418802944996427808491545080627771902352094241225065558662157113545570916814161637315895999846 0e8b47f2-2acf-4407-a224-a9d84d46b373 e2bbdf63-bdb0-469a-b7b6-51c7e6058357 19ed5791-f48a-43f6-ac19-e1dc04904230 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 c345a9be-64ed-4a12-9c22-ca78c6af136e 19af9ecd-92df-4d07-81f2-f1d009f19ed8 6520a466-560a-482d-9caa-91b1f3cdac9c 36134250956749795798585127919587881956611106672985015071877198253568414405109 c77159b9-11de-4b13-a583-46fb2e322889 09fe9d10-31f5-4737-896b-2431f1609d9d 66bd202c-073e-4a6d-9ba9-1d12d011b876 d54c6760-1f55-4c60-ab0d-9413837c03bf 911d008f-96d1-4351-a1eb-40f627fa3f68 39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 838e86ad-06b3-4cfb-a8b1-656f0a7c0170 93f5b2fb-87e6-44cd-be1c-f174fdce7355 769ff0d6-1608-4203-b374-d3f5949d6946 b6abbffd-e629-431b-a1bb-3d53f9ec020a 5d73069e-e1a0-4746-b784-9fb7c22a544d 702e86c7-065e-4d46-9e5a-62090a16b3a9 4a2b33f2-bd34-432b-a05b-278131cb5b3c 12E4C725-4902-4898-8DA5-0880800587ED 152d5a3d-3e7e-4f8b-838a-089c404d7652 308b90b5-4b71-4208-ae6c-8355813c34d5 cb6871e5-f201-43fd-a6d9-e39424d4d135 32670510020758816978083085130507043184471273380659243275938904335757337482424 df62bab8-2710-4a7e-8f96-72dc431d9968 030f0e10-946e-40de-ac83-e27a9ef21513 ed1179cc-7710-411e-b387-ea802287e24e a68e7c9f-ef16-4884-8efd-8a06ba57e59a 35b4ec40-ec93-4bbb-a910-89d75020657e 115792089210356248762697446949407573529996955224135760342422259061068512044369 7B5E452C-7EDD-41A2-93D8-DA92DFFA019D E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 ca4802c4-55b2-4ec0-9e92-48d2df02adcd 9E1231C3-FB82-4DF2-A452-90A7E760B4F3 115792089237316195423570985008687907852837564279074904382605163141518161494337 d0b6c5a1-c86f-44bd-b101-22d9619e26f2 3D26B985-3A79-40A4-A148-A50D24297091 0e0b293e-8e04-4d46-a0b1-21d124fbb458 fe867f36-6e64-4801-92bf-1d4534a616be 49c21ada-72be-4003-8b75-6bfd7e5f424b lajXe5K+w8s2lyhXbTG5ttXrQasrnijKUcYb/8ttF2s= 8YyN590KODDFDRwzv9J1yICU3aVqPp6p 188cfdbb-9fbf-42f6-ae08-8ee9c21b2a10 09C11E13-F327-43E1-BC95-B372805D642C c1a3dbe2-a0e8-4e6d-8fa6-1b3036f0f34d e6266a4f-672c-4a44-87e7-151bd7d2d830 48439561293906451759052585252797914202762949526041747995844080717082404635286 1093849038073734274511112390766805569936207598951683748994586394495953116150735016013708737573759623248592132296706313309438452531591012912142327488478985984 491216D9-EB15-41AD-961D-57B7EDA23B73 6616b23f-f4bb-4ae3-958c-3d7eb7c397b0 6436909b-a4c0-4219-ac9b-60c7e4d26f58 27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 f94f255b-7e66-4cb5-9650-ba6d88cbbdcc 74a5d153-38d7-4363-bb1e-6e38f55486ba 6520f1ba-bd48-492b-8fa1-663bb77fb24b b-c0196d28-2f00-4226-a080-b4cb787ec888 001cd5b2-aa61-462b-b61a-cd3b75a60a2b 0cc05d1c-f673-4ca9-8182-8cee1d445ee1 26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 76DAAD29-F63D-4241-ABAC-04047BEF3C8A 3f0020cc-3358-4962-ad3f-4d57c3d11139 3b677a0f-0fe9-4226-a4f1-4f34d3edd43c A4A6F880-5323-4747-844C-F7F29E03F42A 115792089210356248762697446949407573530086143415290314195533631308867097853948 6B2A3AA8-8EC6-4F96-A87B-B450A8275487 17d8bb0e-6d9f-4551-a632-baa72c5df975 542f288a-86e0-4bcc-83de-5459f10a3fa6 5D081812-99CD-41A6-AEF3-75269AFCE91C a1330fa2-bc8f-4b31-95d1-3bb14f87acb3 fd4817e2-3c73-4531-93f7-ac76b2262456 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112316 470fa2b4ae81cd56ecbcda9735803434cec591fa ade2a4c3-53ed-417a-a1e4-3df3a63b1614 51Ky39eAt23msroUcKaMQt8S9N2qCwsnroL7PwrEaa6EWacbDrUg8sYHQpxl1HqSfuSFqANBAHmJUc5FTYrq1PVzF00Z2f9s7DT 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057148 115792089237316195423570985008687907853269984665640564039457584007908834671663 5acd74ab-48ee-42bc-a159-770ad39d9b0d 6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449 a259f727-7c52-424d-abdf-706f352ab129 7c9f1bae-1d10-4deb-bd30-200e13a3a58d 09393388-40ee-4486-ac87-11b6b16c55f7 0484477d-cff9-47d7-adf4-ec2e119f6390 890d22c9-7ef6-47eb-ae79-2f456b1373f1 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F 70654039-6d78-4b23-851b-0ba8042515c7 32f83308-896b-47cd-a04c-88a5ac3e7486 96740bec-9117-42d2-b6e2-1e45850543b1 2ec0805e-0e79-4a5e-96a6-f36abb0b54ba 3757180025770020463545507224491183603594455134769762486694567779615544477440556316691234405012945539562144444537289428522585666729196580810124344277578376784 474f5612-9624-46a9-9240-5d1dfa4ba12b 58f17278-e6ab-4e96-86ba-a585954ba004 7c998a04-9942-4219-b1bc-0927ca17d5a5 c5137200-9b05-4850-891f-1d72eb47d6de FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 0f73a834-d44b-492c-a8bd-a097a91ab753 cbef559f-8da6-48f4-9328-110a701f79fe bec0bd72-4e0a-412c-9d67-b488d3d867ac 0d0f5aab-8b2a-4380-96d5-66fbb364b32f 31ed9f15-ee09-419e-ae2b-31c48d566a59 4550f139-501d-498a-8012-c9d101779e81 4f93dee7-01d7-4365-b16c-d87a738ea010 dfc68ba4-3736-4545-9bba-774901638328 E7EE317C-6201-49F2-AC72-43BAAB82F1F4 FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151 2858292b-eb51-491b-9366-21d22b8edd9e 7537c499-a06d-45ec-af87-72e637961f61 e59c5cb4-2926-4aa4-8bc8-bac474dbb408 089115F1-1C50-4364-AB4D-F1497E4D6C3B 8703bf81-f361-4507-a0f0-0095c4bae6d0 9ae49e5e-246c-4ca5-9c1b-b5483b95223d e0b25bdc-39af-40fc-9168-1d9df9195665 12278850-bc66-4a07-a609-96d26e25060e e0e6389b-34fd-4c5b-bb4b-b7a81f1bf086 8d6f3355-6a7a-4cb2-a9ae-681d1daeea89 0a6f9dee-85d9-49e0-b7ed-96447a9f277c 851fc4e4-243f-4131-a219-fbf02b891664 1ea9b0a0-3d47-4f34-8bdf-773bd53424c2 B9497879-F3A4-403B-B211-8295BA8A8900 6D94E9D4-E50F-41A5-9045-969959225D63 f512a125-dbbb-46cc-88bb-a75493e08cd2 cbf92f5f-6589-49b9-baf9-4741c43dadef 56A58F10-C629-4DDE-A110-461FFB8C4698 dcb428fea25c40e7b99f81ae5981ee6a 30f20ae7-e357-45a1-a265-7067db9c7e83 5de5e29f-ab38-4c06-b859-1d8600372341
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: A7/f.java, line(s) 74 B1/d.java, line(s) 209 D6/B.java, line(s) 92 D6/C0663g.java, line(s) 30 D6/C1953g.java, line(s) 36 D6/D.java, line(s) 82,95,168,184,196,205,255,258,279 D6/G.java, line(s) 50,64 D6/k.java, line(s) 62 F/c.java, line(s) 20 F1/o.java, line(s) 81 G0/y.java, line(s) 24 G5/C1605i.java, line(s) 27,34,41,42,48 G5/C4513i.java, line(s) 28,35,42,43,49 H2/C1452b.java, line(s) 112,133 H2/C4664b.java, line(s) 112,133 I3/f.java, line(s) 17,43 J5/g.java, line(s) 29,16,49,59 J7/C1789a.java, line(s) 509 J7/C5318a.java, line(s) 538 Q/C6996d.java, line(s) 374 Q3/c.java, line(s) 83,98,209,260,273,294,82,97,208,259,272,293 Q3/k.java, line(s) 15,12 S2/C1949b.java, line(s) 22 S2/C7326b.java, line(s) 22 T3/C0777i.java, line(s) 28,23,46 T3/C2503i.java, line(s) 30,25,48 T4/d.java, line(s) 145,173 T9/E.java, line(s) 58 Wg/C0091e.java, line(s) 48,48,63 Wg/C7777e.java, line(s) 51,51,66 Yc/C8019r.java, line(s) 1909,1911 Z/AbstractC2120M.java, line(s) 14,21,42,51 Z/AbstractC8048M.java, line(s) 14,21,42,51 Z2/AbstractC2167b.java, line(s) 30 Z2/AbstractC8095b.java, line(s) 30 a/L.java, line(s) 95,97,101,105,110 c5/p.java, line(s) 30,37,44,45,51 com/appsflyer/internal/AFh1tSDK.java, line(s) 51,101,55,61 com/caverock/androidsvg/i.java, line(s) 778,827,851 com/launchdarkly/sdk/android/N.java, line(s) 66,59,70 com/pairip/SignatureCheck.java, line(s) 33 com/pairip/VMRunner.java, line(s) 49,56,91,158,185,190,195 com/pairip/licensecheck/LicenseActivity.java, line(s) 93,71 com/pairip/licensecheck/LicenseClient.java, line(s) 77,90,121,138,168,196,187,112 com/stripe/hcaptcha/webview/HCaptchaWebView.java, line(s) 37 d3/a.java, line(s) 16,23,15,22,29,43,44,50 e6/a.java, line(s) 107,111,135,141 finance/empower/android/app/onboarding/questionnaire/v2/e.java, line(s) 1201,1265,1348 io/sentry/android/core/C1714u.java, line(s) 76,74,66,70,78 io/sentry/android/core/C5100u.java, line(s) 78,76,68,72,80 io/sentry/android/core/z0.java, line(s) 33,38,43,48,53,58,63,68 io/sentry/android/replay/w.java, line(s) 50,109 io/sentry/android/replay/z.java, line(s) 30,54 io/sentry/t3.java, line(s) 18,27,33 m3/a.java, line(s) 65,74,214,216,82,116,136 m3/e.java, line(s) 40 n6/e.java, line(s) 34 o7/a.java, line(s) 40 p7/b.java, line(s) 45 q2/AbstractC1832m.java, line(s) 241,843,875,1388 q2/AbstractC7059m.java, line(s) 256,926,958,1460,1615 q6/c.java, line(s) 28,36 r8/InterfaceC2880d.java, line(s) 53,65 r8/InterfaceC7189d.java, line(s) 57,69 u6/o.java, line(s) 84 v7/a.java, line(s) 9 y6/n.java, line(s) 117 z8/C3158e.java, line(s) 83 z8/C8146e.java, line(s) 96
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: de/a.java, line(s) 5,35,38
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: p7/c.java, line(s) 88,91,88,91
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: G5/AbstractC1618v.java, line(s) 29 G5/AbstractC4526v.java, line(s) 30 M5/AbstractC0710i.java, line(s) 294,294,295 M5/AbstractC2226i.java, line(s) 296,296,297 N7/b.java, line(s) 224 c5/c.java, line(s) 24 io/sentry/android/core/internal/util/n.java, line(s) 63,22,22,22,22,22,22
已通过安全项 此应用程序具有防止窃听攻击的功能
此应用程序具有防止窃听攻击的功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-for-overlay-attacks-mstg-platform-9 Files: Wd/c.java, line(s) 14
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: M7/o.java, line(s) 122,121,120,120 Vg/c.java, line(s) 82,81,80 Vg/d.java, line(s) 115,105,114,122,113,113 Vg/i.java, line(s) 82,81,80,80 Vg/j.java, line(s) 233,221,232,231,231 bc/C1045l0.java, line(s) 67,67 bc/C3186l0.java, line(s) 68,68 com/withpersona/sdk2/inquiry/network/NetworkModule.java, line(s) 183,183
综合安全基线评分总结
Empower MX v1.29.4.340
Android APK
52
综合安全评分
中风险