应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Pesohere v1.0.5
63
安全评分
安全基线评分
63/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用安全状况良好,可正常使用
漏洞与安全项分布
0
高危
13
中危
1
信息
3
安全
隐私风险评估
4
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
0
中危安全漏洞
13
安全提示信息
1
已通过安全项
3
重点安全关注
0
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 Activity (com.cow.here.uicowhereanddto.acowherectivity.MoreDataCowHereActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/cow/here/netcowherework/dcowhereto/requestcowhere/MediaCowHereFilesDataDto.java, line(s) 59 com/cow/here/uicowhereanddto/scowhereervice/UploadDownLoadFileCowHereService.java, line(s) 89,97 d/i/f/a.java, line(s) 77 f/c/a/i/g.java, line(s) 14 f/f/a/h/s.java, line(s) 9 f/f/a/h/t.java, line(s) 9
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: d/q/c.java, line(s) 112 f/c/a/i/g.java, line(s) 14 f/e/c/x/r/c.java, line(s) 51 f/f/a/h/n.java, line(s) 18
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/appsflyer/internal/AFa1wSDK.java, line(s) 12 com/appsflyer/internal/AFb1jSDK.java, line(s) 15 i/p/b.java, line(s) 8 i/p/t.java, line(s) 8 k/r.java, line(s) 6
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: f/e/a/c/j/b0/k/r0.java, line(s) 5,6,131,147,201,298,410,460,547,670 f/e/a/c/j/b0/k/t0.java, line(s) 4,5,110
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/appsflyer/internal/AFb1vSDK.java, line(s) 104,116
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/appsflyer/internal/AFb1vSDK.java, line(s) 52,57 f/e/c/x/r/b.java, line(s) 52 f/e/c/z/k0.java, line(s) 54
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: f/b/a/n/h.java, line(s) 76 f/b/a/n/n/d.java, line(s) 36 f/b/a/n/n/p.java, line(s) 94 f/b/a/n/n/x.java, line(s) 82
中危安全漏洞 IP地址泄露
IP地址泄露 Files: f/f/a/h/p.java, line(s) 20
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个4隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 友盟统计的=> "UMENG_CHANNEL" : "googlePlay" "changecowherepwd_btn" : "Confirm" "google_api_key" : "AIzaSyASp0fwIUzBnPPTPsYvDCdcy4XBvy3OaAU" "google_app_id" : "1:804122745191:android:4c21dd798a5617a023f7c2" "google_crash_reporting_api_key" : "AIzaSyASp0fwIUzBnPPTPsYvDCdcy4XBvy3OaAU" GQkbGEUVA1MFCRMTSwEAHAxLJwQBBgYCW0sKBAYpHAAVAEcLDRMXHgQGQg== FwkTKAoDOBYdDRE9Cwg1Gx8JEQ== DA8WGQodFF0fDRcfDB4SGwQLWjEwLC02ITojJCY8KiY7LDw8JCYg DA8WGQodFF0fDRcfDB4SGwQLWjEwLC02ITorKDwuOjg/MC48LD0r BRUGGxZOX1wYHxJcFQgSHQMABhVdDAcIXRUIEh1EFQYZBQ4LAF0MAwcCA0ocFQEK AxQeB0UXER0BBxFSBwhBEQoWAFAHAEgLHQtADwcHCVQECh8NRRMLCRMdAgFaBhoKH0skDAgWNRkKAQA= VjlfKDc7IyBCKSI3KzlMMwUBBh8aC1MkAhU7BAAYDBseXA== Dg4cHwAMBF0bAAAfAEMOEB8EHR4gGxEJkOXLBBMZJhsHOwoaADcBBBUmDh0AXFNfREVCTA== CwgcDzMdFQQtESwWTT9PGw9LFx8dGw0LBiYCFjoOFxFZ DA8WGQodFF0fDRcfDB4SGwQLWiI2Liw6MSojNTMoMSc= E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 CRUdKAo3HwQnDRcXFgJPFQ4RNx8EJw0XFzodBAEEOgECH0dB M0lNSj5EXUoyQ0FbTVJAKQpIDjFeNTVOVkw2UV9SJFkqEkISOAlTQVNCFkE= PhUTHwA3HwQnDRcXMwQEBUsIAQMHTwAEBABNAFIdBBgZF08EBAsKGBUgDhYbBQEMDQ== DA8WGQodFF0GBhEXCxlPEwgRHR8dQTgsMS4= DA8WGQodFF0fDRcfDB4SGwQLWjEwLC02ITouLjM5NjEvPyArJCYsIi8= 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F Dg4fGxcRAwAsBxI6AB8EOwYEExUnACocBgAeLx04BhUcFkcODB4APQAGA0lUSENfQQ== CBMABBdcMQMGLR0RAC4OBSMABhUDGwEKkOXLQ15LRxARBw5IDAFFAxQeB0dYUBkcBwtbTA== NwkTPxIbNR0bARELJgIWOg4XET8dCkAQEQADFRcZKgMFTg== ACIdHC0RAhYLCRUGAB9PBAgmGwc7ChoAJAYoFVNKSwAVCxs= GQkXSxMdFQRPARZSCwIVUhkAEgIWHABFHgQUDgcfWlQGGgofRU9F CBMABBdcMwYcHAofIBUCFx8MGx4wAB8tkOXLABwPCREzHBggAAAAKBkRDhUAGRwBQBFbTA== AxQeB0UXER0BBxFSBwhBEQoWAFAHAEgLHQtADwcHCVQECh8NRRMLCRMdAgFaEQMfRisdEQQHGwgEABkcASUEHAQKBAA= AxQeB0UXER0BBxFSBwhBEQoWAFAHAEgLHQtADwcHCVQECh8NRRMLCRMdAgFaBBYXHEsxCQQREAQEBhQ+DgYEFQAf PhUTHwA3HwQnDRcXMwQEBUsIAQMHTwAEBABNAFIFChpdHRoECVIzBAQFLBcbBQNPHgwXEj0AAA4LAA== QhILGEoQFQUGCwABSh4YAR8AGV8QHx1KERUYUV0IFQEWAQoZSgEGDA0bBQIrEwYdNwMAABw= BA8GDgsAXhcOHARTREMGFx80ARUBFjgEAAQABAYOF1xSAw4PADsBT0hTSg== CgQGOBEGGR0IQDdcFhkTGwUCWgIWCAEWBgAfAh0cDRECFh0NAhsWGQQANBEdBB8KQQ== BxQBH01cFAcARgYdEjIJFxkAKxQSGwk6CwQACFJUX1RSUU8JFlIxREg= DA8WGQodFF0cDREGDAMGAUUkJCA/JiskJiwiLy0vICAxOiM7OiEgOTU7JSIn NwkTJAsRMxwYIAAAAEUbGgomGwc7ChoABioDBCQKCQEVTg== ACIdHC0RAhYLCRUGAB9PAhwBNx8EJw0XFzUaBTcfRFVeBwoQEQ== LxQbBwERAlsbAAwBSU0CGgoLGhUfJgxMkOXLFRcFET0eBwoGEVoVCA8WAgsTOR0bDQsGTA== CwgcDzMdFQQtESwWTT9PGw9LFxEdDA0JMQoaKRcZAF0= BRUGGxZOX1wYHxJcFQgSHQMABhVdDAcIXRUIEh1EFQYfBwALCh4AQggcDRUcXxsKGgA= DA8WGQodFF0fDRcfDB4SGwQLWjMyIi03Mw== DA8WGQodFF0fDRcfDB4SGwQLWiA8PDw6PCo5KDQiJjUkOiAmNg== FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 CgQGOBEGGR0IQDdcFhkTGwUCWgABCgsKBQ0IExcCAREeBwYODBEEGQgdBToAGQcDDUw= GQkbGEUVA1MFCRMTSwEAHAxLJwQBBgYCkOXLCBwMTQcEEh0cLBwBCBleSwAaFDoBDAAKTA== CBMABBdcMQMGLR0RAC4OBSMABhUDGwEKkOXLEhU0HBUdGkEHFzcIHRULQ0xYUBkcBwtbTA== CwgcDzMdFQQtESwWTT9PGw9LEBUVBgYAMQoaKRcZAF0= AxQeB0UXER0BBxFSBwhBEQoWAFAHAEgLHQtADwcHCVQECh8NRRkKGQ0bBUsyHBwOHA== DA8WGQodFF0GBhEXCxlPEwgRHR8dQSwsMyk= CBMABBdcMQMGLR0RAC4OBSMABhUDGwEKkOXLQVBJSVQVXRsHNgYXBA8VQ0xYUBkcBwtbTA== ACIdHC0RAhYLCRUGAB9PAgMKGhUwAB8tFxcINxEuEVVRXRsNHQY= BRUGGxZOX1wYHxJcFQgSHQMABhVdDAcIXQ== AxQeB0UXER0BBxFSBwhBEQoWAFAHAEgLHQtADwcHCVQECh8NRRMLCRMdAgFaHBwMCREbCgNPPgQGFQQaAAYoEwsMBhcZ DA8WGQodFF0fDRcfDB4SGwQLWiI2Liw6Nz05JCAlJDgvIDsnNzMiKA== DA8WGQodFAtBHgwXEh0AFQ4XWgcaCw8ABks7CBccNRUXFh0= CgQGOBEGGR0IQDdcFhkTGwUCWhMbDgYCFwYCFhoOFxEABAs3ERsRAQRb CgQGKhUEHBoMCREbCgNJW0UCEQQwAAYRFwsZMxcYChgGFh1ATA== NwkTPxIbNR0bARELJgIWOg4XESQEAEALFxIOCwUEJhsHFgZV AxQeB0UXER0BBxFSBwhBEQoWAFAHAEgLHQtADwcHCVQECh8NRRMLCRMdAgEMXhAABhYGFwwIHB8JFQkcGhxLBQwJBhcfSzcfHRwcFxMMAxU+ChwbBQdBJAQLChgVIgoXFR0A LxQbBwERAltGYkVSRU1BUktFVFBTT0hFkOXLa1JLRVRQU09IRVJFTUFSS0VaEgYGBAFaTA== CgQGIgsHBBIBCwBaTEMGFx8kBAAAKQQcFxc4KDZDERwZAEZJRA== QhEXGAoyBR1AHRVdAQgXGwgAPBUBCjgNGwsLDl0= CwgcDzMdFQQtESwWTT9PGw9LABkHAw0mHRIlBAAOTA== CA8RBAERJBw8HBcbCwpJGBhLAB8xFhwAMxcfAAtDTFhQMQ4bAERRQzQgJzonMTUqQQ== CgIZXwc8Oz1bABcHEjgjFQk3AR0/OA== AxQeB0UXER0BBxFSBwhBEQoWAFAHAEgLHQtADwcHCVQECh8NRRkKGQ0bBUsXHx8DDQYGDAIPAUUpHQMHUzxFHQNNAh0GSxcfBEEAAAAAQw8XHwYbBxsKGgAFCh8KXDkAAAIcCQERMQkEBBwfSwQfABs6AAMQCBIGTwkVHRELCUhBWw== GQkbGEUVA1MFCRMTSwEAHAxLJwQBBgYCW0sZDj4EEhECMA4bAFpM CgQGPhcdNhwdLgweAEUVGgIWND0cHQ0hkOXLKDZLTlRSXQkBCRc1Hw4EAgERAlFDSAwGTA== DA8WGQodFF0GBhEXCxlPEwgRHR8dQT4sNzI= DA8WGQodFF0fDRcfDB4SGwQLWiI2Liw6Ii0iLzc0NiAxJyo= DA8WGQodFF0CDQEbBEMAER8MGx5dJiUkNSAyIjM7MSEiNg== QhILGEoQFQUGCwABSh4YAR8AGV8QHx1KERUYUV0IFQEWAQoZShEVGAgcDQorHRIXNwMAABw= FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 AxQeB0UXER0BBxFSBwhBEQoWAFAHAEgLHQtADwcHCVQECh8NRRkKGQ0bBUs1AgEOEVkmRQIHUgAKABwaAUYGHQkBBBEfDBseAEEpFwAEFBI5HzorMQEdCRwBLzssOR9LAB8nFhgAFiQfExMSWw== Cw4ABgQAXhUAGggTEUUlEx8AXCMKHBwAH0sOFAAZABoEJwYFAD8MAQ0bGE1dWVo= KBMABBc3HwQnDRcXIRkOWggKAy8bChoALQAfEx0ZOg0RHgZV QhILGEoQFQUGCwABSh4YAR8AGV8QHx1KERUYUV0IFQEWAQoZShEVGAgcDQorHRoBNwMAABw= GQkXSxMdFQRPDAoXFk0PHR9FHBEFCkgVExcIDwZHRQIZFhhIWFI=
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/appsflyer/AFLogger.java, line(s) 34,48,66,64,87,96,41 com/appsflyer/internal/AFa1cSDK.java, line(s) 101,182,27,28,119,120,102,139,183 com/appsflyer/internal/AFa1fSDK.java, line(s) 151 com/appsflyer/internal/AFa1sSDK.java, line(s) 47,117,132,135 com/appsflyer/internal/AFb1nSDK.java, line(s) 226 com/appsflyer/internal/AFb1zSDK.java, line(s) 189,219,1272,1302 com/appsflyer/internal/AFc1eSDK.java, line(s) 18 com/appsflyer/internal/AFc1gSDK.java, line(s) 118,116,163,114,152 com/appsflyer/internal/AFc1vSDK.java, line(s) 283 com/appsflyer/internal/AFd1aSDK.java, line(s) 92 com/appsflyer/internal/AFd1cSDK.java, line(s) 75,42,46,47 com/appsflyer/internal/AFd1dSDK.java, line(s) 47 com/appsflyer/internal/AFd1nSDK.java, line(s) 17 com/appsflyer/internal/AFd1qSDK.java, line(s) 38,48 com/appsflyer/internal/AFd1rSDK.java, line(s) 182 com/appsflyer/internal/AFd1vSDK.java, line(s) 37,45,50,71,147 com/appsflyer/internal/AFd1ySDK.java, line(s) 14 com/appsflyer/internal/AFd1zSDK.java, line(s) 70 com/appsflyer/share/CrossPromotionHelper.java, line(s) 44 com/appsflyer/share/LinkGenerator.java, line(s) 226 com/cow/here/netcowherework/dcowhereto/requestcowhere/StorageCowHereDataDto.java, line(s) 60 com/wang/avi/AVLoadingIndicatorView.java, line(s) 332 d/b/k/f.java, line(s) 1910,948,954,1544,1937,2169 d/b/k/h.java, line(s) 94 d/b/k/i.java, line(s) 47,57,72,82,99,111,123,132,145,159,171 d/b/k/k.java, line(s) 58,73 d/b/l/a/a.java, line(s) 96 d/b/o/g.java, line(s) 149,195,252 d/b/o/j/i.java, line(s) 396 d/b/o/j/j.java, line(s) 273 d/b/p/f0.java, line(s) 366,484,183,188,195,281,574 d/b/p/h0.java, line(s) 109,143 d/b/p/i0.java, line(s) 160,46,58,104,357 d/b/p/m0.java, line(s) 97,135,358,117,170,225,239,292,295,362,365,418 d/b/p/n0.java, line(s) 30 d/b/p/t.java, line(s) 109,147,152,157,870 d/b/p/t0.java, line(s) 348,353 d/b/p/v0.java, line(s) 111 d/b/p/w.java, line(s) 99,113,127,136,272,446 d/b/p/w0.java, line(s) 80 d/b/p/y0.java, line(s) 23,34,52,54,56 d/g/b/d.java, line(s) 461 d/g/b/k/f.java, line(s) 278 d/g/c/a.java, line(s) 190,193,194,199,201 d/g/c/b.java, line(s) 56,81,90 d/g/c/c.java, line(s) 180,94,157 d/g/c/d.java, line(s) 596,1724,1031,611,617,965,1765,1768 d/i/e/c.java, line(s) 85,229 d/i/e/e.java, line(s) 23,32 d/i/e/g.java, line(s) 27 d/i/e/k.java, line(s) 60,74,78 d/i/e/o.java, line(s) 61 d/i/f/a.java, line(s) 40 d/i/f/d/a.java, line(s) 42 d/i/f/d/b.java, line(s) 72 d/i/f/d/f.java, line(s) 196,202,208,82,90 d/i/g/c.java, line(s) 548,553 d/i/g/e.java, line(s) 69 d/i/g/f.java, line(s) 39,70 d/i/g/g.java, line(s) 55,221 d/i/g/j.java, line(s) 83,86 d/i/g/k.java, line(s) 96 d/i/g/l/a.java, line(s) 95,104,162,172 d/i/g/l/e.java, line(s) 40,63 d/i/j/j.java, line(s) 21 d/i/l/b.java, line(s) 36,47,49,60,62,82,85 d/i/m/c.java, line(s) 18 d/i/n/b.java, line(s) 56 d/i/n/c0.java, line(s) 744,903,546,558,565,574,40,62,894 d/i/n/e0/c.java, line(s) 138 d/i/n/f.java, line(s) 19,28 d/i/n/h.java, line(s) 14 d/i/n/t.java, line(s) 716 d/i/n/u.java, line(s) 20,31 d/i/n/w.java, line(s) 19,34,55,82,103,124,145 d/i/o/c.java, line(s) 25,34 d/i/o/h.java, line(s) 32,41 d/k/b/c.java, line(s) 622 d/l/d/a.java, line(s) 83,135,144,156 d/l/d/b.java, line(s) 105 d/l/d/d.java, line(s) 277,285,305,413,421 d/l/d/j.java, line(s) 55 d/l/d/l.java, line(s) 367,422,485,1775,293,712,845,848,909,918,928,946,1024,1035,1204,1306,1335,1338,1393,1402,1511,1572,1580,1719,1741 d/l/d/o.java, line(s) 44,70 d/l/d/q.java, line(s) 48,97,119,178,201,216,226,254,291,302,374,382,415 d/l/d/r.java, line(s) 225,240,258 d/n/a/a.java, line(s) 29 d/p/a/b.java, line(s) 35,44,68 d/q/a.java, line(s) 318,357,408,410,193,200,202,208,340,342,351,354,397,106,137,196,204,211,222,231,243,303,321 d/q/c.java, line(s) 56,66,68,113,129,175,177,194,206,210,212,217,222,264,286,106,171,179,202,274,290,305 d/u/i0.java, line(s) 35,80 d/u/y.java, line(s) 34,43,45,82,95 d/v/a/a/i.java, line(s) 258,261 d/x/a/b.java, line(s) 861,1980 f/b/a/c.java, line(s) 235,244,192,234,241,195 f/b/a/l/a.java, line(s) 265 f/b/a/m/d.java, line(s) 91,119,90,118 f/b/a/m/e.java, line(s) 58,82,88,57,81,87 f/b/a/n/m/b.java, line(s) 53,52 f/b/a/n/m/j.java, line(s) 77,103,76,102,106,112,119,116,120 f/b/a/n/m/l.java, line(s) 54,53 f/b/a/n/m/o/c.java, line(s) 100,99 f/b/a/n/m/o/e.java, line(s) 56,55 f/b/a/n/n/a0/j.java, line(s) 133,173,134,174 f/b/a/n/n/a0/k.java, line(s) 102,114,186,221,101,113,144,151,167,185,195,210,220,145,152,173,196,211 f/b/a/n/n/b0/e.java, line(s) 35,41,69,79,36,70,42,82 f/b/a/n/n/b0/i.java, line(s) 117,101 f/b/a/n/n/c0/a.java, line(s) 78,75 f/b/a/n/n/c0/b.java, line(s) 38,37 f/b/a/n/n/h.java, line(s) 503,302,341,502,450 f/b/a/n/n/i.java, line(s) 55,56 f/b/a/n/n/k.java, line(s) 14,147 f/b/a/n/n/q.java, line(s) 101 f/b/a/n/n/z.java, line(s) 103,104 f/b/a/n/o/c.java, line(s) 16,15 f/b/a/n/o/d.java, line(s) 43,42 f/b/a/n/o/f.java, line(s) 98,97 f/b/a/n/o/s.java, line(s) 85,88 f/b/a/n/o/t.java, line(s) 36,35 f/b/a/n/p/c/c.java, line(s) 55,54,72,73 f/b/a/n/p/c/f.java, line(s) 175,193,203,206,209,212,215,246,253,328,338,350,362,367,174,192,202,205,208,211,214,245,252,327,337,349,361,366 f/b/a/n/p/c/h.java, line(s) 96,195,333,95,169,194,332,392,408,170,270,393 f/b/a/n/p/c/i.java, line(s) 41,47,42,48 f/b/a/n/p/c/l.java, line(s) 40,41 f/b/a/n/p/c/s.java, line(s) 121,118 f/b/a/n/p/g/a.java, line(s) 59,79,84,89,60,80,85,90 f/b/a/n/p/g/d.java, line(s) 21,22 f/b/a/n/p/g/j.java, line(s) 37,40 f/b/a/o/e.java, line(s) 34,33,55,71,56,72 f/b/a/o/f.java, line(s) 12,11 f/b/a/o/k.java, line(s) 155,156,167 f/b/a/o/m.java, line(s) 87,88 f/b/a/o/n.java, line(s) 97,98 f/b/a/p/e.java, line(s) 52,59,70,75,51,58,63,69,74,64 f/b/a/r/h.java, line(s) 143,17,496,104 f/b/a/t/l/a.java, line(s) 61,62 f/c/a/i/j.java, line(s) 24 f/e/a/c/j/w/k.java, line(s) 33,40,43,51,77,80,83,86,89 f/e/a/c/j/z/a.java, line(s) 15,22,29,14,21,28,42,43,49,50 f/e/a/e/b0/b.java, line(s) 652 f/e/a/e/f0/d.java, line(s) 154,186 f/e/a/e/g0/b.java, line(s) 27 f/e/a/e/i0/g.java, line(s) 517 f/e/a/e/l/h.java, line(s) 49 f/e/a/e/q/a.java, line(s) 198 f/e/c/i.java, line(s) 308,272,276,188 f/e/c/o/p.java, line(s) 27,34,37,46,84 f/e/c/o/s.java, line(s) 151 f/e/c/x/g.java, line(s) 32,48,56,79 f/e/c/x/r/b.java, line(s) 56,77 f/e/c/x/s/c.java, line(s) 100,281,284,108,109,314,316 f/e/c/z/a1.java, line(s) 35 f/e/c/z/c1.java, line(s) 131,136,139,147,150,77,77 f/e/c/z/d0.java, line(s) 234,302,305,154,171,179,200,220,224,229,261,268 f/e/c/z/d1.java, line(s) 41,53,90,141,89,106,106,135,156,169,185 f/e/c/z/f0.java, line(s) 69,68,94,98,100 f/e/c/z/f1.java, line(s) 27,26 f/e/c/z/g0.java, line(s) 87,86 f/e/c/z/g1.java, line(s) 85,89,96,105,119,140,155,127,132,148,84,88,95,104,115,139,154,67 f/e/c/z/h0.java, line(s) 31,30 f/e/c/z/j0.java, line(s) 27 f/e/c/z/k0.java, line(s) 110,83,105 f/e/c/z/l0.java, line(s) 52,43,44,51,68,69,37 f/e/c/z/m0.java, line(s) 323,342,349,253,332,52,322,341,348,157,166,182,188,213,271,307,315,329,352 f/e/c/z/n0.java, line(s) 74,93,106 f/e/c/z/o0.java, line(s) 65,78,98,101,141,151,164,181,193,227,240 f/e/c/z/q0.java, line(s) 31 f/e/c/z/u0.java, line(s) 25,30,24,29 f/e/c/z/w0.java, line(s) 40,49,74,84,113,54,57,60,104,107,39,73,83,112 f/e/c/z/x0.java, line(s) 50 f/e/c/z/y0.java, line(s) 83,79,82,39,55 f/e/c/z/z0.java, line(s) 38,48,92,86,120,69,69,89,99,102,105 j/k0/b.java, line(s) 369 j/k0/j/i/c.java, line(s) 44,84,84
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: j/k0/j/c.java, line(s) 108,106,105 j/k0/j/d.java, line(s) 121,110,119,129,118,118,120 j/k0/j/g.java, line(s) 108,106,105,105 j/k0/j/h.java, line(s) 230,217,228,227,227
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/cow/here/netcowherework/dcowhereto/requestcowhere/OtherCowHereDataDto.java, line(s) 178,181
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/804122745191/namespaces/firebase:fetch?key=AIzaSyASp0fwIUzBnPPTPsYvDCdcy4XBvy3OaAU ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
综合安全基线评分总结
Pesohere v1.0.5
Android APK
63
综合安全评分
低风险