应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
BAM Crawford v6.14.1
49
安全评分
安全基线评分
49/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
3
高危
25
中危
4
信息
2
安全
隐私风险评估
3
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
3
中危安全漏洞
25
安全提示信息
4
已通过安全项
2
重点安全关注
0
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: qb/a.java, line(s) 74
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: a/a.java, line(s) 193,12,13 com/christopherdro/RNPrint/RNPrintModule.java, line(s) 101,12,13 com/reactnativecommunity/webview/j.java, line(s) 411,16
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/subsplash/thechurchapp/handlers/browser/BrowserFragment.java, line(s) 1187,28,29
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (com.subsplash.thechurchapp.DeepLinkActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.subsplash.thechurchapp.media.MediaActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Service (com.subsplash.thechurchapp.media.TrackMediaProgress) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.subsplash.thechurchapp.api.PushIntentService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.subsplash.thechurchapp.media.MediaPlaybackService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.subsplash.thechurchapp.media.MediaIntentReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (org.birkir.carplay.media.MediaArtworkContentProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: ae/z7.java, line(s) 7 be/l.java, line(s) 4 be/o0.java, line(s) 7 be/q.java, line(s) 8 ce/k.java, line(s) 4 ce/n0.java, line(s) 7 ce/p.java, line(s) 8 ce/r0.java, line(s) 8 ce/u0.java, line(s) 4 jk/a.java, line(s) 3 jk/b.java, line(s) 3 kk/a.java, line(s) 3 lb/q0.java, line(s) 4 lf/d.java, line(s) 6 og/n.java, line(s) 10 rd/c.java, line(s) 4 wj/b.java, line(s) 8 wj/q.java, line(s) 7 wj/v.java, line(s) 8 xc/a.java, line(s) 10 xd/f0.java, line(s) 7 yd/h.java, line(s) 7 zd/a0.java, line(s) 4 zd/e1.java, line(s) 7 zd/g0.java, line(s) 8
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/christopherdro/htmltopdf/RNHTMLtoPDFModule.java, line(s) 69,69 com/lwansbrough/RCTCamera/RCTCameraModule.java, line(s) 355,388 com/reactnative/ivpusic/imagepicker/PickerModule.java, line(s) 383,394,691 com/reactnative/ivpusic/imagepicker/a.java, line(s) 101 com/reactnativecommunity/webview/l.java, line(s) 290 com/rnfs/RNFSManager.java, line(s) 579,568,570,573,597 com/subsplash/thechurchapp/handlers/playlist/PlaylistUtil.java, line(s) 240 com/subsplash/util/u.java, line(s) 82,23 io/sentry/android/core/d1.java, line(s) 259,241 k5/a.java, line(s) 279 u5/a.java, line(s) 52 xi/c.java, line(s) 173,212
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/christopherdro/htmltopdf/RNHTMLtoPDFModule.java, line(s) 42 com/lwansbrough/RCTCamera/RCTCameraModule.java, line(s) 400,403 com/reactnative/ivpusic/imagepicker/PickerModule.java, line(s) 387,398 com/reactnativecommunity/webview/l.java, line(s) 290 dg/c.java, line(s) 79 fi/a.java, line(s) 11 io/sentry/react/n.java, line(s) 835 k5/a.java, line(s) 132 kj/j.java, line(s) 38
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/reactnative/ivpusic/imagepicker/PickerModule.java, line(s) 55,58,60 com/subsplash/thechurchapp/MainActivity.java, line(s) 241 com/subsplash/thechurchapp/handlers/common/NavigationHandler.java, line(s) 89 com/subsplash/thechurchapp/handlers/inbox/InboxHandler.java, line(s) 26 com/subsplash/thechurchapp/handlers/playlist/PlaylistLibrary.java, line(s) 37,41 com/subsplash/thechurchapp/handlers/reader/ReaderHandler.java, line(s) 19 com/subsplash/util/AppShortcutManager.java, line(s) 48 m7/h.java, line(s) 82 r2/g.java, line(s) 79 t2/d.java, line(s) 37 t2/p.java, line(s) 95 t2/x.java, line(s) 84
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/subsplash/util/cache/LocalCache.java, line(s) 258 h2/g.java, line(s) 44
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/reactnativecommunity/asyncstorage/k.java, line(s) 4,5,6,89 ea/m0.java, line(s) 5,6,84,103,112,162,273,290,564,610 ea/t0.java, line(s) 4,5,135 wd/p.java, line(s) 4,5,48,71 wd/q.java, line(s) 5,6,7,49 y0/a.java, line(s) 4,5,6,7,81,125
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/subsplash/util/n0.java, line(s) 82 dg/b.java, line(s) 53 io/sentry/util/w.java, line(s) 19 x5/c.java, line(s) 13
中危安全漏洞 IP地址泄露
IP地址泄露 Files: al/a.java, line(s) 6,7,6,7 bl/a.java, line(s) 73 cl/a.java, line(s) 6,7,8,9,10,11,12,13,14,15,16,17 dl/a.java, line(s) 157,175,178,188,193,203,204,205,206,207,208,209,210,240,256,264,301,302,303,322,323,324,325,204,205,206,207,208,209,240,256,264,301,302,322,323,324,325 i8/b.java, line(s) 15 io/sentry/SpotlightIntegration.java, line(s) 121 nl/e.java, line(s) 57,64,71,72,73,74,75,57,64,71,72,73,74,75 x8/a.java, line(s) 36,36 zk/a.java, line(s) 68
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: io/sentry/android/core/internal/util/m.java, line(s) 21,21,21,21,21
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/subsplash/thechurchapp/handlers/browser/BrowserFragment.java, line(s) 1203,1199
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.google.android.geo.API_KEY" : "AIzaSyAIbpdmzkOrNz79Z7TLN_h6BCMZ3CLwqsg" Google_Drive_API_Key: AIzaSyAIbpdmzkOrNz79Z7TLN_h6BCMZ3CLwqsg AIzaSyCt7VX6RL35nrFxgWks2K4Akg9coeVxt7E "firebase_database_url" : "https://native-apps-225319.firebaseio.com" "google_api_key" : "AIzaSyCR7RGPlXaBT8ucv21tLVQnM7FSBcTqvQw" "google_app_id" : "1:608610324:android:d05583746275f260" "google_crash_reporting_api_key" : "AIzaSyCR7RGPlXaBT8ucv21tLVQnM7FSBcTqvQw" 8138e8a0fcf3a4e84a771d40fd305d7f4aa59306d7251de54d98af8fe95729a1f73d893fa424cd2edc8636a6c3285e022b0e3866a565ae8108eed8591cd4fe8d2ce86165a978d719ebf647f362d33fca29cd179fb42401cbaf3df0c614056f9c8f3cfd51e474afb6bc6974f78db8aba8e9e517fded658591ab7502bd41849462f AIzaSyBJnJdMyCm9NZwtStaUtWHB4SVR7bdevi0 19bc7532-7e56-440c-bd2e-171026dd5195 edef8ba9-79d6-4ace-a3c8-27dcd51d21ed
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a/a.java, line(s) 142 a0/f.java, line(s) 136 a3/e.java, line(s) 16,17 a3/g0.java, line(s) 113,118,130,139,146,114,119,131,140,147,148,149,153 a3/j0.java, line(s) 192,189 a3/m.java, line(s) 174,181,272,282,294,306,324,334,337,340,343,346,360,365,173,180,271,281,293,305,323,333,336,339,342,345,359,364 a3/t.java, line(s) 108,126,107,125,190,258,292,191,259,365 a3/u.java, line(s) 44,50,45,51 a3/y.java, line(s) 85,118,124,130,136,142,149,155,163,119,125,131,137,143,150,156,164,86 aa/a.java, line(s) 15,22,29,14,21,28,42,43,49,50 ad/d0.java, line(s) 67,85,89,115,119,50 ad/h.java, line(s) 112,159,166 ad/i0.java, line(s) 49,52,30 ad/m.java, line(s) 31,92,43,80,111,123,133,139,142,144,148 ad/n.java, line(s) 36,110 ad/n0.java, line(s) 48,50,44 ad/q.java, line(s) 22 ad/z.java, line(s) 38 ah/k.java, line(s) 82 ah/m.java, line(s) 94,79 b1/a.java, line(s) 75 b7/d.java, line(s) 33,50,67,84,101,118 bf/d.java, line(s) 146,179 c1/c1.java, line(s) 36 c1/m.java, line(s) 54,66,81 cf/b.java, line(s) 55 ch/c.java, line(s) 83 com/brentvatne/exoplayer/g.java, line(s) 707,781,945,1014,1091,485 com/lwansbrough/RCTCamera/RCTCameraModule.java, line(s) 331,361,369,383,405,408,463,584,683 com/lwansbrough/RCTCamera/a.java, line(s) 67,133 com/reactcommunity/rndatetimepicker/d.java, line(s) 42,126 com/reactnative/ivpusic/imagepicker/PickerModule.java, line(s) 376 com/reactnative/ivpusic/imagepicker/a.java, line(s) 68,71,73,103 com/reactnative/ivpusic/imagepicker/f.java, line(s) 35,43,23,29 com/reactnativecommunity/asyncstorage/h.java, line(s) 127,133,139,141,147,149 com/reactnativecommunity/webview/f.java, line(s) 143,126,145 com/reactnativecommunity/webview/j.java, line(s) 181,194 com/reactnativecommunity/webview/l.java, line(s) 364,369,411,416,252,256,266,484 com/reactnativedocumentpicker/DocumentPickerModule.java, line(s) 69 com/rt2zz/reactnativecontacts/ContactsProvider.java, line(s) 217 com/subsplash/thechurchapp/MainActivity.java, line(s) 448,214,580,634 com/subsplash/thechurchapp/ReactPlatformBridge.java, line(s) 563,543 com/subsplash/thechurchapp/api/PlayTrackingData.java, line(s) 101 com/subsplash/thechurchapp/api/PushIntentService.java, line(s) 43,165,174 com/subsplash/thechurchapp/api/h.java, line(s) 66,67,68,69,70,71,72,86,91,169,219,260 com/subsplash/thechurchapp/auth/c.java, line(s) 84,42,49 com/subsplash/thechurchapp/dataObjects/FieldItemsParser.java, line(s) 64 com/subsplash/thechurchapp/dataObjects/FieldParser.java, line(s) 55 com/subsplash/thechurchapp/dataObjects/OtherFieldsAdapter.java, line(s) 124,147,153,173 com/subsplash/thechurchapp/dataObjects/OtherFieldsParser.java, line(s) 39,70 com/subsplash/thechurchapp/handlers/appDetail/AppDetailFragment.java, line(s) 139 com/subsplash/thechurchapp/handlers/appDetail/b.java, line(s) 124,121 com/subsplash/thechurchapp/handlers/browser/BrowserFragment.java, line(s) 454,421,817,782,1036,1083 com/subsplash/thechurchapp/handlers/common/FragmentCompatNavigationHandler.java, line(s) 24 com/subsplash/thechurchapp/handlers/common/HandlerFragment.java, line(s) 114 com/subsplash/thechurchapp/handlers/common/NavigationHandler.java, line(s) 274,317,616 com/subsplash/thechurchapp/handlers/common/a.java, line(s) 428,168 com/subsplash/thechurchapp/handlers/detail/MediaDetailFragment.java, line(s) 203 com/subsplash/thechurchapp/handlers/detail/a.java, line(s) 569 com/subsplash/thechurchapp/handlers/location/Location.java, line(s) 108 com/subsplash/thechurchapp/handlers/location/c.java, line(s) 147,142 com/subsplash/thechurchapp/handlers/location/e.java, line(s) 91 com/subsplash/thechurchapp/handlers/location/f.java, line(s) 39 com/subsplash/thechurchapp/handlers/more/a.java, line(s) 474 com/subsplash/thechurchapp/handlers/notification/NotificationHandler.java, line(s) 85,104 com/subsplash/thechurchapp/handlers/pdf/PDFFragment.java, line(s) 42 com/subsplash/thechurchapp/handlers/pdf/PDFHandler.java, line(s) 29,48,50,53,61,63,79 com/subsplash/thechurchapp/handlers/playlist/PlaylistLibrary.java, line(s) 383,407,421,181 com/subsplash/thechurchapp/handlers/playlist/PlaylistParser.java, line(s) 125,132 com/subsplash/thechurchapp/handlers/playlist/PlaylistUtil.java, line(s) 66,202,211,296,306 com/subsplash/thechurchapp/handlers/reader/b.java, line(s) 92 com/subsplash/thechurchapp/handlers/rss/RssFragment.java, line(s) 68 com/subsplash/thechurchapp/handlers/rss/a.java, line(s) 179,118 com/subsplash/thechurchapp/handlers/rss/c.java, line(s) 307,330 com/subsplash/thechurchapp/handlers/subtabs/a.java, line(s) 99 com/subsplash/thechurchapp/handlers/table/TableRow.java, line(s) 70 com/subsplash/thechurchapp/handlers/table/a.java, line(s) 87,83 com/subsplash/thechurchapp/handlers/table/b.java, line(s) 90 com/subsplash/thechurchapp/handlers/table/c.java, line(s) 587,585 com/subsplash/thechurchapp/media/MediaDownloadsFragment.java, line(s) 157 com/subsplash/thechurchapp/media/MediaPlaybackService.java, line(s) 245 com/subsplash/thechurchapp/media/j.java, line(s) 362,627,628,744,962,979,1061,1064,1434,1644,1682,1723,2064,1291,1669,1385 com/subsplash/util/AppShortcutManager.java, line(s) 41 com/subsplash/util/ApplicationInstance.java, line(s) 480 com/subsplash/util/CacheManager.java, line(s) 47,166,205,248,137,170,207 com/subsplash/util/PushUtil.java, line(s) 79,105,114,130,87,111,136,142 com/subsplash/util/TCABackupAgent.java, line(s) 17 com/subsplash/util/e.java, line(s) 157,257 com/subsplash/util/e0.java, line(s) 23,135,89 com/subsplash/util/f0.java, line(s) 91 com/subsplash/util/glide/b.java, line(s) 91 com/subsplash/util/h0.java, line(s) 76,88,100,142 com/subsplash/util/i.java, line(s) 96,109,112,126,257,274,322,339 com/subsplash/util/j.java, line(s) 51 com/subsplash/util/m0.java, line(s) 64 com/subsplash/util/o.java, line(s) 15 com/subsplash/util/r.java, line(s) 43,64 com/subsplash/util/u.java, line(s) 59,72,166,45,51 com/subsplash/util/v.java, line(s) 343,242 com/subsplash/util/x.java, line(s) 69 com/subsplash/util/y.java, line(s) 38 com/subsplash/util/z.java, line(s) 64,231,244,250,253 com/subsplash/widgets/tcaMapView/a.java, line(s) 36 com/subsplash/widgets/tcaMapView/b.java, line(s) 173 com/swmansion/gesturehandler/react/n.java, line(s) 69,120 com/swmansion/gesturehandler/react/p.java, line(s) 40 com/swmansion/reanimated/nodes/i.java, line(s) 19 com/swmansion/rnscreens/ScreenStackHeaderConfigViewManager.java, line(s) 30 com/th3rdwave/safeareacontext/k.java, line(s) 114 com/vonovak/AddCalendarEventModule.java, line(s) 53,189,136,230 com/yalantis/ucrop/UCropActivity.java, line(s) 550 com/yalantis/ucrop/task/BitmapCropTask.java, line(s) 65 com/yalantis/ucrop/view/b.java, line(s) 144,51,221 com/zmxv/RNSound/RNSoundModule.java, line(s) 50,75,163,174,185,194,205,354,371,169,200 d0/c.java, line(s) 148 dg/b.java, line(s) 57,74 e3/a.java, line(s) 79,84,89,98,80,85,90,99 e3/d.java, line(s) 21,22 e3/j.java, line(s) 39,42 ed/a.java, line(s) 18 ed/c.java, line(s) 156,174,365,369,373,379 ed/c1.java, line(s) 100 ed/d0.java, line(s) 94,97,100,103,106,109,117,120,123,126,158,166 ed/d1.java, line(s) 25 ed/e1.java, line(s) 34 ed/g0.java, line(s) 26 ed/g1.java, line(s) 37,55 ed/j.java, line(s) 24,30,36,19,42,48 ed/n1.java, line(s) 47,52 ed/r1.java, line(s) 49 ed/z0.java, line(s) 29 ef/g.java, line(s) 251 eg/c.java, line(s) 91,94,116,124,125,145,147 eh/a.java, line(s) 135 eh/j.java, line(s) 166,132,141 f4/g.java, line(s) 58 g3/d.java, line(s) 28,35,46,51,27,34,39,45,50,40 gh/b.java, line(s) 77 gh/c.java, line(s) 57,75 h1/j.java, line(s) 24,26,35,37,46,48,57,59,68,70 hc/p.java, line(s) 23,29,46,62 hd/a.java, line(s) 42,47,34 hj/e.java, line(s) 116,166,68,119 hj/o.java, line(s) 33 hm/j.java, line(s) 62 i3/d.java, line(s) 53,94,95,54 i3/k.java, line(s) 55,96,97,56 i6/f.java, line(s) 13 id/b.java, line(s) 52,63 ie/a.java, line(s) 51,70,69,28,45 ii/a.java, line(s) 134,152,162,328,378,458 ii/d.java, line(s) 203,320,388,275 ij/h.java, line(s) 22 ij/j.java, line(s) 60 ij/l.java, line(s) 68 io/sentry/android/core/u.java, line(s) 77,75,67,71,79 io/sentry/android/replay/w.java, line(s) 45,109 io/sentry/android/replay/z.java, line(s) 26,50 io/sentry/u6.java, line(s) 18,27,33 jd/f.java, line(s) 15 jd/p.java, line(s) 16,15 jd/q.java, line(s) 56,64,37,46 k0/a.java, line(s) 30 k2/e.java, line(s) 15,41,30 k3/a.java, line(s) 20 kc/a.java, line(s) 110,146 kc/d.java, line(s) 23,41,50,60 ke/a.java, line(s) 72,76 kj/j.java, line(s) 43 lc/i.java, line(s) 132 lc/k.java, line(s) 27,22 le/a.java, line(s) 102,168,174,243,190,257 lj/a.java, line(s) 78,250 lj/b.java, line(s) 214,265,345,356,653,663,775,1005,257,262,897,480,603,610,709,744,747,872,942,957 lj/f.java, line(s) 33 lj/j.java, line(s) 88,97,114,138,150 m3/a.java, line(s) 72,73 md/d.java, line(s) 34,98 n/b.java, line(s) 280,513,546,78,279,512,545,79 nf/e.java, line(s) 260,199,203,215 o0/c.java, line(s) 85 o2/b.java, line(s) 401 oe/f.java, line(s) 49 og/m.java, line(s) 42,50,85 org/birkir/carplay/CarPlayModule.java, line(s) 189,278,388,406 org/birkir/carplay/CarPlaySession.java, line(s) 25,30 org/birkir/carplay/screens/CarScreen.java, line(s) 44,58 org/wonday/orientation/a.java, line(s) 33,39,48,53,57,63,68,74 p0/a.java, line(s) 165,170,177,181,197,207 p2/d.java, line(s) 76,103,75,102 p2/e.java, line(s) 524,545,563,523,544,562 pi/e.java, line(s) 170 pi/g1.java, line(s) 101 pi/u.java, line(s) 20 q0/a.java, line(s) 24 q2/a.java, line(s) 86,85 qc/g.java, line(s) 32 qf/f.java, line(s) 26,33,36,45,83 qf/n.java, line(s) 96 rm/a.java, line(s) 64 s2/c.java, line(s) 112,111 s2/e.java, line(s) 63,62 t2/h.java, line(s) 593,305,320,592,412 t2/i.java, line(s) 51,52 t2/k.java, line(s) 14,199 t2/q.java, line(s) 107 t2/z.java, line(s) 61,62 t9/b.java, line(s) 182,187,193,205,210,329,344,388,542,628,639,645,759,901,931,949,964,987,1030,1069,1086,1097,1105,1124,1155,1161,1183,1330,1441,1456,746,810,880,1297 t9/c.java, line(s) 114,142,162,164,182,286,294,430,449,457,464,477,491,564,579,748,792,799,811,1043,1164,1184,1214,559 tj/a.java, line(s) 54,98,148,154,163,170,197,200 u/f.java, line(s) 121 u2/i.java, line(s) 110,150,111,151 u2/k.java, line(s) 117,157,167,179,82,116,126,146,156,166,178,205,212,88,127,206,213,147 ui/c.java, line(s) 156,280 uj/a.java, line(s) 49,97,107 uj/c.java, line(s) 40 uj/f.java, line(s) 124,159,169,181,195,211,221,224,227,230,233,247,252,265,270,158,168,180,194,210,220,223,226,229,232,246,251,264,269 uk/f.java, line(s) 258,260,296 v2/e.java, line(s) 44,54,68,74,105,45,69,57,75,106 v2/i.java, line(s) 122,106 vk/p.java, line(s) 281 w2/a.java, line(s) 139,136 w7/f.java, line(s) 102 w7/l.java, line(s) 73 wd/e.java, line(s) 53,60,69 wd/m1.java, line(s) 27,45,55,68,42,54,67 wd/v0.java, line(s) 28 x0/c.java, line(s) 41,29,33 x2/c.java, line(s) 16,15 x2/d.java, line(s) 44,43 x2/f.java, line(s) 108,107 x2/r.java, line(s) 98,101 x2/s.java, line(s) 35,34 x9/k.java, line(s) 36,65,72,75,88,91,94,97,100 xc/b.java, line(s) 20,26,31,35,39,68,43,47 xd/q.java, line(s) 99,115 xi/a.java, line(s) 131,392,400 xi/c.java, line(s) 139,148,271,281,158 xk/a.java, line(s) 82,41 y1/j.java, line(s) 559 z2/m.java, line(s) 80,81 zc/b.java, line(s) 62,75,51 zc/c.java, line(s) 73,86,111,163,178,273,71,85,110,158,177,268,107,123,135,185,206,247 zc/g.java, line(s) 14,11 zc/q.java, line(s) 35,73,139,31,71,86,134,184,212,241,274,87,185,213,242,275,43,174 zc/r.java, line(s) 23 zc/t.java, line(s) 31,45,23,37 zc/w.java, line(s) 46,41 zc/x.java, line(s) 47,30,67
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/reactnativecommunity/clipboard/ClipboardModule.java, line(s) 4,262 com/subsplash/thechurchapp/ClipboardActivity.java, line(s) 4,15
安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/reactnativecommunity/clipboard/ClipboardModule.java, line(s) 30,33,4
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://native-apps-225319.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: io/sentry/android/core/internal/util/m.java, line(s) 64,21,21,21,21,21,21
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/608610324/namespaces/firebase:fetch?key=AIzaSyCR7RGPlXaBT8ucv21tLVQnM7FSBcTqvQw ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
综合安全基线评分总结
BAM Crawford v6.14.1
Android APK
49
综合安全评分
中风险