应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Free Fire v1.103.1
41
安全评分
安全基线评分
41/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
8
高危
22
中危
3
信息
2
安全
隐私风险评估
6
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
8
中危安全漏洞
22
安全提示信息
3
已通过安全项
2
重点安全关注
4
高危安全漏洞 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危安全漏洞 Activity (com.dts.freefireth.FFMainActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危安全漏洞 Activity (com.garena.unity.webview.UnityWebViewActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危安全漏洞 Activity (com.google.android.play.core.missingsplits.PlayCoreMissingSplitsActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: j7/a.java, line(s) 24,28 w8/b.java, line(s) 62
高危安全漏洞 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: Game/Mod/BuildConfig.java, line(s) 6,7
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/garena/unity/webview/UnityWebViewActivity.java, line(s) 1110,29
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个6隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用程序存在Janus漏洞
应用程序使用了v1签名方案进行签名,如果只使用v1签名方案,那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序,以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。
中危安全漏洞 基本配置配置为信任系统证书。
Scope: *
中危安全漏洞 应用程序可以安装在有漏洞的已更新 Android 版本上
Android 4.1-4.1.2, [minSdk=16] 该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。
中危安全漏洞 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危安全漏洞 Broadcast Receiver (com.appsflyer.MultipleInstallBroadcastReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危安全漏洞 Broadcast Receiver (com.dts.freefireth.FFBroadcastReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危安全漏洞 Content Provider (com.facebook.FacebookContentProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危安全漏洞 Service (com.beetalk.sdk.account.AccountAuthenticatorService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危安全漏洞 Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危安全漏洞 Activity (com.linecorp.linesdk.auth.internal.LineAuthenticationCallbackActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此使其对设备上的任何其他应用程序都可访问。
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: w4/l0.java, line(s) 5,6,88 w4/s0.java, line(s) 4,5,133
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: co/datadome/sdk/c.java, line(s) 26 com/appsflyer/internal/AFa1zSDK.java, line(s) 14 h2/s.java, line(s) 3 i4/d.java, line(s) 12 i7/e.java, line(s) 11 i9/g.java, line(s) 4 k9/g.java, line(s) 9 ka/a.java, line(s) 3 ka/b.java, line(s) 4 la/c.java, line(s) 4 n1/o.java, line(s) 7 x2/t0.java, line(s) 56
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/FF/voiceengine/AppPara.java, line(s) 122 com/dts/freefireth/FFAPI.java, line(s) 496,921,653,656,670,673 com/garena/unity/webview/UnityWebViewProxy.java, line(s) 386 com/voxelbusters/androidlib/ReplayKitHandler.java, line(s) 551 g1/b.java, line(s) 119 i7/e.java, line(s) 116,132,148,153 j1/g.java, line(s) 100 u9/c.java, line(s) 178 x2/t0.java, line(s) 165,1099,1326
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/appsflyer/internal/AFb1sSDK.java, line(s) 136 g3/a.java, line(s) 23 m8/b.java, line(s) 57 n1/h.java, line(s) 146 w8/b.java, line(s) 61
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/appff/haptic/base/Utils.java, line(s) 32,40 com/unity3d/plugin/downloader/UnityDownloaderService.java, line(s) 6 k2/g.java, line(s) 96 s7/d.java, line(s) 82 y8/f.java, line(s) 15
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: m8/c.java, line(s) 70 n9/b.java, line(s) 67 w0/b.java, line(s) 116
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/FF/voiceengine/mgr/FileMD5.java, line(s) 16 com/appsflyer/internal/AFb1sSDK.java, line(s) 192,198 i2/d.java, line(s) 50 n1/o.java, line(s) 79 p9/c.java, line(s) 140 q2/l.java, line(s) 142
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: co/datadome/sdk/CaptchaActivity.java, line(s) 140,137 com/garena/unity/webview/UnityWebViewActivity.java, line(s) 709,694 com/garena/unity/webview/UnityWebViewProxy.java, line(s) 861,846
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "com.google.firebase.crashlytics.unity_version" : "5.6.3f1" "facebook_client_token" : "1c7cf500e85789e06314a0a6308546e8" "google_api_key" : "AIzaSyCOtWGv23Hfc7fmRBOgO6GVV2xn079_-_4" "firebase_database_url" : "https://free-fire-8cd39.firebaseio.com" "google_crash_reporting_api_key" : "AIzaSyCOtWGv23Hfc7fmRBOgO6GVV2xn079_-_4" 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 308205873082036fa00302010202150085da7daa7fb5c103987bba339a00f89579bb359d300d06092a864886f70d01010b05003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3137303830333033333431325a170d3437303830333033333431325a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820222300d06092a864886f70d01010105000382020f003082020a02820201009a34e999f1a0f4f2148b218cc057b60c9553ea1ca8ebdc2fcba8d781247e74d57455c9ffc32b14b2bc5b0345c003fd67f0aed8c86a497de486a537abbbd80551b3a8604dc3b07cc160a846ea2b4d2a996829d68405418e5756325623d6cde17b1a25a10c8a24acdbb07bd483eaa84718b71cb74894de35464571dcf84da4fe5709245a27763eebbc6580e85f749c46c509b5bd12ebaf9c9595b319778df08c7ff9a4c30b653d736b7b50134a5ee437d1dd3d93fe7c2ecd48318cf865d3c6b9440cea8e55c0ed26427540353c372e5df55a05fc66a4e8451b28f681f3ae90608a779a40336934daee6e0ab19dcdaea947592fb6fc2104fc9ae5a9bb3d1a65a50d5e6e77e4f9ffce6a881bc99dfe4bac6eef228f362b7b5ede79e9d487c31885a08380c1777abb8dd40cb08b2ed96671d12912337ae5ef808af421e402bcba3b8e1a1deb550f2e2c5b9de0b99eb7206385bc2ee1f5b9aa112cc6a92ae6e906d585b7b21a63db32b8417de6ce347dc582b5edfd7d216435b50bc4dafab09d45d0c8d55b4520891e7493880f860301f61b2b1aa40c943ea51784c18ed29256b5f83b4ed727a30e15d0788866de51272740079f437c52b9a52b24e95ce7257133ae2b7d886e89624387fc4f5990585e539ac708e088e2631dafa2432a73c4eb0f0cb5866138e674f1a422d7a6515fcd1d42fcd99dee81dbe092862077f882e32644410203010001a310300e300c0603551d13040530030101ff300d06092a864886f70d01010b050003820201008067799ce549eb1e16e6c0dc53df5c0b9d32db4649701aa57a7f655786bd53e39d6efb711be372a84f1e3a6724d016369ab45dfe73440fc8f758206b362e697a6da6d05b9cd243982dda6fe83c8fdae5f0e6e734867de6698dc172072b0ad8feaab32e33a543c7385ea79e47612242f3ad7d585738a0dee68bbec067f4904552e36c3e47e28fd87eeceb59b9bdc4e3582780c38ea6d3ea5d998076ddb84c054385a41fd18c4fb6242f990f5efd5c21f03aa77444207162276bd77a95510546c2ed653b2d5715f2c467f3808d8525a0ebe02fd9492803b1426bf423696262a493c54d87a069acf8a5917976d9b30dcbd0e60ad797a678a4faec00c34aa58d915efe861e197b832d171c1826e042761df310bf9919126e81e009319a985425539f73beced7a969569b54d0a768fc43cb58c9623e81fb5ba00cd1dc80807d84fa41e824e82ad9b5000b4ca0423b2380b274a7792559edb86d4934ee56a098f224e239a1d1bdcce4149bc0d7eadf977cd0467b777e723bfd14e241bc4adb21a508c2ed492f93959ae5b5695562ea99a4c58b8342f74ff702b4f3ddfecee1f330d44883de94da81d61f819a1541d9020d15510e05b7b9d8affa8266994b4843947ddb961c36336ab75d94cfecb9068f88c911144fd396a56a9d4a2977b6e7e458184b3049acdf975f0ae5ee18b4e7cc7159569bbbd3bc32af36f3fc5f1cb0c9d62c7b 308203523082023aa00302010202044fd0006b300d06092a864886f70d0101050500306b310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f3110300e060355040a130754776974746572310f300d060355040b13064d6f62696c65311430120603550403130b4a6f6e617468616e204c65301e170d3132303630373031313431395a170d3339313032343031313431395a306b310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f3110300e060355040a130754776974746572310f300d060355040b13064d6f62696c65311430120603550403130b4a6f6e617468616e204c6530820122300d06092a864886f70d01010105000382010f003082010a028201010089e6cbdfed4288a9c0a215d33d4fa978a5bdd20be426ef4b497d358a9fd1c6efec9684f059f6955e60e5fda1b5910bb2d097e7421a78f9c81e95cd8ef3bf50add7f8d9f073c0478736a6c7fd38c5871559783a76420d37f3f874f2114ec02532e85587791d24037485b1b95ec8cbc75b52042867988b51c7c3589d5b5972fd20a2e8a7c9ced986873f5008a418b2921daa7cfb78afc174eecdb8a79dc0961bea9740d09c4656ac9b8c86263a788e35af1d4a3f86ce053a1aefb5369def91614a390219f896f378712376baa05934a341798950e229f4f735b86004952b259f23cc9fc3b8c1bc8171984884dc92940e91f2e9a78a84a78f0c2946b7e37bbf3b9b0203010001300d06092a864886f70d010105050003820101001cf15250365e66cc87bb5054de1661266cf87907841016b20dfa1f9f59842020cbc33f9b4d41717db0428d11696a0bade6a4950a48cc4fa8ae56c850647379a5c2d977436b644162c453dd36b7745ccb9ff0b5fc070125024de73dab6dcda5c69372e978a49865f569927199ed0f61d7cbee1839079a7da2e83f8c90f7421a8c81b3f17f1cc05d52aedac9acd6e092ffd9ad572960e779a5b91a78e1aeb2b3c7b24464bd223c745e40abd74fc586310809520d183443fcca3c6ade3be458afedbd3325df9c0e552636e35bb55b240eb8c0ba3973c4fb81213f22363be2d70e85014650c2f4fc679747a7ec31ea7b08da7dd9b9ba279a7fbbc1bd440fbe831bf4 FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 470fa2b4ae81cd56ecbcda9735803434cec591fa cc2751449a350f668590264ed76692694a80308a 3082030b308201f3a00302010202047a0636e6300d06092a864886f70d01010b05003036311e301c060355040b1315476172656e61204f6e6c696e6520507464204c7464311430120603550403130b476172656e6120506c7573301e170d3134303831393130323431345a170d3135303831393130323431345a3036311e301c060355040b1315476172656e61204f6e6c696e6520507464204c7464311430120603550403130b476172656e6120506c757330820122300d06092a864886f70d01010105000382010f003082010a028201010084f9e11b108453d15322f95c388cb9f10deded1953a1b2343835345e2bdd2509f390014167000b4e73f1cf302b4d4d173f37eefa986fe7c235741adac823ec50d98f980d5f80c8f2d9e54e0d9113afbd6530b1272299f8b32966405af143041050bc8ce9010ca59ddab081bdc080f95818f7511a2e0f9d754bcfd9b4b9cd54cb08c41a9e42e27ee73689c35262267765379651e0837bec77fdeb8f69fc4ff71ac140d41f620fe0943e5cb1466fd764d3d6822ef8663ed9521b279ba55ed897c9b067dcd15799fd1e1e6783aeeafe3de47e6e004cebcc41cc7472e2d78d52095bea62f5db81e0653db2c08227248d0abfe2c243d49521b645549e1d9b40d2830d0203010001a321301f301d0603551d0e0416041431118e3818aaad6f0025d4724af957f6d9a82e11300d06092a864886f70d01010b050003820101007689d7b46da6e227ffc6fc29f2d8f78d1b79b8fc265745efb461c985eb160a248ddb54601b203b70817838743061f4d20dc0ec68fdd2e7d2e2f268a4626f643cd91126e6c5956bddaefdf6186c9e89a3d300ea9d55065161969acd92e061c2993d8cac35e6517c49942944d54083ddd4f4503018f88d1f5028725a10f1f188a020ee62d72a523c29dae1f93eb657bfe04855d29f83c8964942958b4fea9a5c82a9a4fe5820df5a606e5b950ee809178d167f3e651c474bc5507efa6d935f02dc37dee116f5ed2657b1b53d3087c0f291e333c6726557e9977d64626b7e49f1de3b8fcf8df1d81c09768658300d5b8f06a81ed56a819fe7a34beafcac50f39f5a 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc 3082025d308201c6a00302010202044bd76cce300d06092a864886f70d01010505003073310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f31163014060355040a130d547769747465722c20496e632e310f300d060355040b13064d6f62696c65311630140603550403130d4c656c616e6420526563686973301e170d3130303432373233303133345a170d3438303832353233303133345a3073310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f31163014060355040a130d547769747465722c20496e632e310f300d060355040b13064d6f62696c65311630140603550403130d4c656c616e642052656368697330819f300d06092a864886f70d010101050003818d003081890281810086233c2e51c62232d49cc932e470713d63a6a1106b38f9e442e01bc79ca4f95c72b2cb3f1369ef7dea6036bff7c4b2828cb3787e7657ad83986751ced5b131fcc6f413efb7334e32ed9787f9e9a249ae108fa66009ac7a7932c25d37e1e07d4f9f66aa494c270dbac87d261c9668d321c2fba4ef2800e46671a597ff2eac5d7f0203010001300d06092a864886f70d0101050500038181003e1f01cb6ea8be8d2cecef5cd2a64c97ba8728aa5f08f8275d00508d64d139b6a72c5716b40a040df0eeeda04de9361107e123ee8d3dc05e70c8a355f46dbadf1235443b0b214c57211afd4edd147451c443d49498d2a7ff27e45a99c39b9e47429a1dae843ba233bf8ca81296dbe1dc5c5434514d995b0279246809392a219b 308203b53082029da00302010202041c5ce5b9300d06092a864886f70d01010b050030818a310b3009060355040613023635311230100603550408130953696e6761706f7265311230100603550407130953696e6761706f7265311e301c060355040a1315476172656e61204f6e6c696e6520507465204c7464311d301b060355040b1314536f66747761726520456e67696e656572696e67311430120603550403130b476172656e6120506c7573301e170d3134303831393130333330345a170d3339303831333130333330345a30818a310b3009060355040613023635311230100603550408130953696e6761706f7265311230100603550407130953696e6761706f7265311e301c060355040a1315476172656e61204f6e6c696e6520507465204c7464311d301b060355040b1314536f66747761726520456e67696e656572696e67311430120603550403130b476172656e6120506c757330820122300d06092a864886f70d01010105000382010f003082010a02820101008f7cec7d1529db09e6d8bb56b00ca4d2a9ca0ba1d3d17fe249ebcc39472cf1a5733cd9972f48bfc6e56c47d123d5d451ae15bff099d96ca22d9a3d9775e0d59b74a1b23cc7cc745fd29d5060a74d3a48246a82ddaac587a6cfffe0f264e16241b7a91bebd8db4589776e61b9916e20e0c749e205715930e9c54b5a5b5d7d14f3b27693eba1a3264eb0c0818ae11809b85bbe9e6099e641fb24940b534336fcc519e284e4d944a385732ae1a792025eadd49486a10a01b6d09c52bac1798d0d74c9e1ea07ae3b7ac20e0aee6ba9e23c402ae0cc047a8e11b96a47d4ebd4674d1e3c565bb5ca3ef8af9037df8f9d2e3b34b389cfe1fd4854b331f2735b6a8c01250203010001a321301f301d0603551d0e0416041466f6c0a324150c5c5b770186ba3e0d8efbec0e5f300d06092a864886f70d01010b0500038201010083e3ae177a46cf6a51b8f747f546d91a287db288c57553d36cbef7b7271e024cfba3f5b65b9b2fff74c25304da082bee95740ce61acf9bbbcc3004f976ca801244a1a62bcac998107b80f37c3b5b8361305817fa7ef2ba1c52d443228696bbd5d1220da5d5729dd034a01c2e702226d292e1eb00d3e554217934cb392623c06a15c9f0579f8e234f4ddf66077ee787953dc4a206dcef4799d9017b20df91b3098fa6ed640c51f2c215663f27a8dce98b6cf12d014522ad9be495a645cfffc66dac9bf984342161a4a60e06601622020ed9e49a3d886a408b89ae69e85bb903f0a38eb169ed7177a0848401862e96e6a8b6561d567311af414dc203686ea41ecf MSq6lgpixfLOS6aFtEkGMCHKuUVl c56fb7d591ba6704df047fd98f535372fea00211 2tck8AFFWw4uM59CwH1XuNrh6v9QX df6b721c8b4d3b6eb44c861d4415007e5a35fc95 E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 Y29tLmFuZHJvaWQudmVuZGluZy5saWNlbnNpbmcuSUxpY2Vuc2luZ1NlcnZpY2U= 9b8f518b086098de3d77736f9458a3d2f6f95a37 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 48761EEF50EE53AFC4CC9C5F10E6BDE7F8F5B82F Pdag6w9cfHdta8enBOVS1orf6hvXk
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: Game/Mod/BuildConfig.java, line(s) 45 Game/Mod/ESPView.java, line(s) 718,95 Game/Mod/LauncherActivity.java, line(s) 112,296,421,543,664,767,1003,1314,1368,1667,1982,2070,2395,2467,3383,3589,3645,3748,3990,4415 Game/Mod/MainActivity.java, line(s) 44 Game/Mod/R.java, line(s) 41,64,115,173,212,256,297,342 Game/Mod/Sounds.java, line(s) 21 Game/Mod/StaticActivity.java, line(s) 273,1146,93,170,215,324,389,476,565,648,772,868,922,1134 a/b.java, line(s) 13,21,25,29,33,37,41,45,49 a0/j.java, line(s) 406,411 a0/k0.java, line(s) 94,97 a0/l0.java, line(s) 96 a0/r.java, line(s) 88 a0/s.java, line(s) 40,73 a0/x.java, line(s) 55,114 adrt/ADRTLogCatReader.java, line(s) 30 adrt/ADRTSender.java, line(s) 44,225 b0/e0.java, line(s) 36,70 b0/n.java, line(s) 71,80,142,152 b3/c.java, line(s) 110 b4/b.java, line(s) 20,26,35 b5/a.java, line(s) 246,279 b5/b.java, line(s) 40,54,64,74 b5/c.java, line(s) 17,30,43,53 bitter/jnibridge/JNIBridge.java, line(s) 76 c7/d0.java, line(s) 17 c7/f.java, line(s) 40,67,28,29,66 co/datadome/sdk/DataDomeSDK.java, line(s) 47 co/datadome/sdk/c.java, line(s) 110,303,326,359,425,463,539,543,93,155,247,275,369,428,433,438,501,522 co/datadome/sdk/f.java, line(s) 12 com/FF/voiceengine/AudioMgr.java, line(s) 65,192,215,328,381,386,432,489,502,49,63,67,96,99,114,116,121,125,136,146,155,186,199,204,243,257,266,269,278,294,302,307,342,344,407,409,412,416,437,442,454,457,458,463,466,467,486,529,446 com/FF/voiceengine/AudioPlayer.java, line(s) 92,113,115,193,264,286,48,72,76,86,189,208,214,220,246,255,117,122,183 com/FF/voiceengine/AudioRecorder.java, line(s) 122,149,180,202,266,292,323,341,382,406,53,64,87,101,118,151,162,260,269,278,348,365,374,375,243,303 com/FF/voiceengine/mgr/FFVoiceManager.java, line(s) 74,99,111,143,72,85,87,90,96,109,120,123,129,132,140,158,167,205,215,222,224,231,234,241,126 com/appff/haptic/FFHapticUtils.java, line(s) 61,99,174,207,226,230,252,271,390,561,654,683,696,708,715,723,728,742,751,773,90,123,238,288,317,324,335,349,356,380,387,411,450,456,495,517,539,550,569,589,631,649,691,736,48,54,105,140,152,328,360,755 com/appff/haptic/a/a.java, line(s) 215,378,382,405,462,565,591,721,751,849,64,116,121,144,148,184,207,258,288,307,312,317,346,351,398,427,529,554,602,610,616,637,649,658,669,710,779,856,874,40,46,558,632,654,714 com/appff/haptic/base/c.java, line(s) 39,44,64,100,113,166,176,191,204,210,218 com/appff/haptic/f.java, line(s) 56,61,93,115,67,119 com/appff/haptic/l.java, line(s) 19,44,57,69,82,91,96,111,116,136,141,166,186,206,221,234,246,259,125,150,182 com/appsflyer/AFLogger.java, line(s) 45,67,74,43,97,106,117 com/appsflyer/internal/AFa1aSDK.java, line(s) 2584 com/appsflyer/internal/AFa1bSDK.java, line(s) 159,162,183 com/appsflyer/internal/AFa1tSDK.java, line(s) 73 com/appsflyer/internal/AFc1cSDK.java, line(s) 30 com/appsflyer/internal/AFc1fSDK.java, line(s) 45 com/appsflyer/internal/AFc1hSDK.java, line(s) 67 com/appsflyer/internal/AFc1lSDK.java, line(s) 139,139,103,136,137,182,135,135,171 com/appsflyer/internal/AFc1nSDK.java, line(s) 49,90,26 com/appsflyer/internal/AFc1ySDK.java, line(s) 76,168 com/appsflyer/internal/AFd1hSDK.java, line(s) 20,36 com/appsflyer/internal/AFd1sSDK.java, line(s) 17 com/appsflyer/internal/AFd1uSDK.java, line(s) 82,98,115,137,152,171,189,219 com/appsflyer/internal/AFd1wSDK.java, line(s) 34,36,42 com/appsflyer/internal/AFd1xSDK.java, line(s) 95 com/beetalk/sdk/n.java, line(s) 33,49 com/dts/freefireth/FFAPI.java, line(s) 850,574,583,1027,1045,1122 com/dts/freefireth/FFMainActivity.java, line(s) 412,421,77,85,211,252,259 com/dts/freefireth/FFTraceRoute.java, line(s) 196 com/dts/freefireth/network/FFDataConnectionStateManager.java, line(s) 40,50,80,90 com/dts/freefireth/network/FFNetworkAPI.java, line(s) 197,227,212 com/dts/freefireth/network/FFNetworkConnectionManager.java, line(s) 242,253,261,499,507,515,523,531,549,558 com/garena/pay/android/GGBillingDataSource.java, line(s) 139,187,525,602,612,623,284,511,520,537,547,631,641,380,559,567,582,591,215,239,359 com/garena/pay/android/GGPayActivity.java, line(s) 92,117,134 com/garena/pay/android/NewGoogleIabPayRequestHandler.java, line(s) 213,217,260,291,393,401,417,503,509,512,515,576,192,336,327,411,492 com/garena/sdkunity/Login.java, line(s) 266,269 com/garena/sdkunity/SdkUnity.java, line(s) 30,24 com/garena/unity/webview/UnityWebViewActivity.java, line(s) 541,544,548,609,831,836,929,1054,1084,1085,1100,1150,1173,1182,1192,1214,1237 com/garena/unity/webview/UnityWebViewActivityProxy.java, line(s) 137,147,283,287,295,299,315,362,392,530,665,787 com/garena/unity/webview/WebViewManager.java, line(s) 358 com/unity3d/player/g.java, line(s) 14,17 com/unity3d/player/p.java, line(s) 170 com/unity3d/plugin/downloader/UnityDownloaderActivity.java, line(s) 111,116,122,269 com/voxelbusters/androidlib/ReplayKitHandler.java, line(s) 134,189,236,302,308,388,453,495,588,596,625,674,700,725,768,807,824,833,842,851,868,876,886,897,980,995,1017,1082,1107,183,229,964,1042,1068 com/voxelbusters/androidlib/internal/ScreenRecordingService.java, line(s) 155,170,206,224,232,261,269,309,325,116,129 com/voxelbusters/androidlib/internal/a.java, line(s) 50,62,74,79,86,91,95,124 e0/n.java, line(s) 35 g1/b.java, line(s) 132,261,278,315,318 g2/a.java, line(s) 54,85,89,41 g3/c.java, line(s) 106 g5/g.java, line(s) 35 h2/c1.java, line(s) 209,301,304,309 h2/g.java, line(s) 283,288,293 h2/o0.java, line(s) 53,203 h2/s0.java, line(s) 69,59 h3/d0.java, line(s) 350 h3/e0.java, line(s) 238 h3/y.java, line(s) 153 i2/c.java, line(s) 24 i2/f.java, line(s) 84,94,102,117,140,166 i2/i0.java, line(s) 119,140 i2/m.java, line(s) 166 i5/b.java, line(s) 28,45,70 i5/d.java, line(s) 69,119,132,157,227,242,64,117,131,156,222,241,153,169,181,186,197 i5/e.java, line(s) 28,25,25 i5/i.java, line(s) 43,38 i5/j.java, line(s) 111,151,197,106,149,172,193,227,277,296,339,173,228,278,297,340,140,205 i5/s.java, line(s) 25 i5/u.java, line(s) 34,48,26,40 i5/v.java, line(s) 47,35,66 j0/e.java, line(s) 76 j5/i.java, line(s) 20 j7/b.java, line(s) 61,77,95,108 j7/h.java, line(s) 35 k5/e0.java, line(s) 50 l2/l.java, line(s) 143,153,161,195,226,237,251,266 m0/e.java, line(s) 40 m0/i.java, line(s) 87 m2/e.java, line(s) 53 m2/f.java, line(s) 128,144 m5/a.java, line(s) 18 m5/a1.java, line(s) 28 m5/b0.java, line(s) 98,101,105,109,113,117,126,130,133,136,168,176 m5/b1.java, line(s) 20 m5/c.java, line(s) 215,233,469,473,477,483 m5/d1.java, line(s) 46 m5/f0.java, line(s) 117,132,143,152 m5/i.java, line(s) 37,43,49,55,32,61,67,73 m5/k1.java, line(s) 53,58 m5/o1.java, line(s) 50 m5/w0.java, line(s) 35 m5/z0.java, line(s) 102 m8/b.java, line(s) 61,78 n1/d.java, line(s) 26,56,63,70,99,106,123,164,185 n3/a.java, line(s) 87,44,49,118,123,145,150 n3/b.java, line(s) 37,29,59,64,46 n3/d.java, line(s) 21 n7/f.java, line(s) 34,41,44,53,87 n8/c.java, line(s) 99,102,124,132,133 o/g.java, line(s) 154,187,264 o2/a.java, line(s) 179 o4/k.java, line(s) 36,65,72,75,92,97,102,107,112 o6/z.java, line(s) 17 o7/e.java, line(s) 31,41,18,51,61,71 org/fmod/FMODAudioDevice.java, line(s) 80 org/fmod/a.java, line(s) 86 p/c.java, line(s) 276 p5/a.java, line(s) 45,50,37 p9/c.java, line(s) 37,49 q2/f.java, line(s) 185 q2/i.java, line(s) 102,119 q2/l.java, line(s) 84,118 q6/k.java, line(s) 201,217,223,203,209,218,224 q9/b.java, line(s) 20,26 r0/a.java, line(s) 31 r5/b.java, line(s) 57,68 r9/a.java, line(s) 14,28,31 r9/b.java, line(s) 42,67,69,79,96 s4/a.java, line(s) 7,11,15,23,27 s5/g.java, line(s) 16 s5/p.java, line(s) 17,16 s5/q.java, line(s) 175,66,73,148,157,192,224 t2/a.java, line(s) 79 t9/a.java, line(s) 104,130,155,174,194,219,235 u0/c.java, line(s) 85 u9/b.java, line(s) 30,33,38,46 u9/c.java, line(s) 106 u9/j.java, line(s) 60,123 v0/a.java, line(s) 165,170,177,181,197,207 v6/a.java, line(s) 79,95,99,109 v9/a.java, line(s) 69 v9/b.java, line(s) 81,98,122,132,147,157,204,214,220,238,249,261,280,292,298,314,340 w0/a.java, line(s) 290,327,382,167,174,176,182,313,320,331,366,109,140,170,178,185,198,207,218,279,293 w0/b.java, line(s) 57,68,70,97,99,117,138,178,220,242,291,301,304,308,93,101,110,230,246,261,299 w5/b.java, line(s) 36,100 w6/a.java, line(s) 128,164,103 x2/a0.java, line(s) 162 x2/i0.java, line(s) 136 x2/k.java, line(s) 174,113 x2/k0.java, line(s) 527,536,543,549,90 x2/t0.java, line(s) 888,899,910 x2/u0.java, line(s) 118,139 y0/b.java, line(s) 36 z/c.java, line(s) 58 z/d.java, line(s) 66 z/l.java, line(s) 320,331,342,142,151,258
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: h2/b.java, line(s) 36,36 h2/c1.java, line(s) 151,151 h2/j.java, line(s) 24,24 h2/q0.java, line(s) 84,84 h2/t0.java, line(s) 24,24 h3/d0.java, line(s) 171,171 o2/j.java, line(s) 79,79 u2/b.java, line(s) 72,72
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/dts/freefireth/FFAPI.java, line(s) 8,211 com/unity3d/player/UnityPlayer.java, line(s) 8,1180
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/unity3d/player/UnityWebRequest.java, line(s) 238,141 com/unity3d/player/b.java, line(s) 125,74,123,123 ra/c.java, line(s) 144,143,142,142
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: c7/t.java, line(s) 30
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app-measurement.com) 通信。
{'ip': '180.163.151.33', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pagead2.googlesyndication.com) 通信。
{'ip': '180.163.151.166', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (update.crashlytics.com) 通信。
{'ip': '180.163.151.34', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (firebase-settings.crashlytics.com) 通信。
{'ip': '180.163.150.162', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
综合安全基线评分总结
Free Fire v1.103.1
Android APK
41
综合安全评分
中风险