应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
TrebEdit v3.3.16
47
安全评分
安全基线评分
47/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
4
高危
15
中危
2
信息
2
安全
隐私风险评估
8
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
4
中危安全漏洞
15
安全提示信息
2
已通过安全项
2
重点安全关注
4
高危安全漏洞 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
高危安全漏洞 已启用远程WebView调试。
已启用远程WebView调试。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/applovin/impl/adview/d.java, line(s) 154,10,11,19,28,42,53,71,86,86,86,87,88,91,93,93,95,98,154,233,248,255,255,275,275,281,291,306,306,314,320,333,344,349,365,377,383,410 com/ironsource/sdk/controller/x.java, line(s) 141,28,29,64,141,989,998,1210,2371,2629,2630,2630,2632,2633,2633,2633,2684,2690,2697,2783,2788,2797,2803,2814,2846,2868,2916,3045,3465,3474 com/teejay/trebedit/BrowserActivity.java, line(s) 3123,36,140,1291,3123,3144,3305 q8/g.java, line(s) 833,26,62,154,173,192,646,823,833
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/ironsource/mediationsdk/utils/IronSourceAES.java, line(s) 69,136
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个8隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 易受 Janus 漏洞影响的应用程序
应用程序使用 v1 签名方案签名,如果仅使用 v1 签名方案签名,则使其容易受到 Android 5.0-8.0 上的 Janus 漏洞的影响。在使用 v1 和 v2/v3 方案签名的 Android 5.0-7.0 上运行的应用程序也容易受到攻击。
中危安全漏洞 应用程序可以安装在一个有漏洞的安卓版本上
[minSdk=21] 这个应用程序可以安装在一个有多个未修复漏洞的旧版本的安卓上。建议使用安卓系统8.0以上版本, API级别大于26 以获得合理的安全更新。
中危安全漏洞 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件。
应用程序创建临时文件。敏感信息永远不应该被写进临时文件。 Files: e7/c.java, line(s) 46
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等。
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/applovin/impl/mediation/b/a/a.java, line(s) 36 com/applovin/mediation/AppLovinUtils.java, line(s) 24 com/applovin/mediation/ads/MaxAdView.java, line(s) 133,121 com/applovin/mediation/ads/MaxAppOpenAd.java, line(s) 62,50 com/applovin/mediation/ads/MaxInterstitialAd.java, line(s) 74,62 com/applovin/mediation/ads/MaxRewardedAd.java, line(s) 92,80 com/applovin/mediation/ads/MaxRewardedInterstitialAd.java, line(s) 69,57 com/applovin/mediation/nativeAds/MaxNativeAdLoader.java, line(s) 68,62 com/applovin/sdk/AppLovinSdkSettings.java, line(s) 112 com/applovin/sdk/AppLovinWebViewActivity.java, line(s) 24 com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 79,44,43,757,268 com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 85,795 com/ironsource/adapters/supersonicads/SupersonicConfig.java, line(s) 22 com/ironsource/mediationsdk/C1212d.java, line(s) 110,291 com/ironsource/mediationsdk/C1225t.java, line(s) 34 com/ironsource/mediationsdk/G.java, line(s) 39 com/ironsource/mediationsdk/L.java, line(s) 1106,1092 com/ironsource/mediationsdk/utils/IronSourceConstants.java, line(s) 90,101 com/unity3d/ads/metadata/InAppPurchaseMetaData.java, line(s) 12 com/unity3d/services/ads/gmascar/utils/ScarConstants.java, line(s) 3,4,5,7,8 com/unity3d/services/core/configuration/ExperimentObject.java, line(s) 6,7 com/unity3d/services/core/device/reader/DeviceInfoReaderFilterProvider.java, line(s) 9,10 com/unity3d/services/core/device/reader/JsonStorageKeyNames.java, line(s) 3,5,6,8,9,10,7,11,4,12,13,14 com/unity3d/services/core/properties/SdkProperties.java, line(s) 27 d2/q.java, line(s) 87
中危安全漏洞 应用程序使用不安全的随机数生成器。
应用程序使用不安全的随机数生成器。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: c4/pv.java, line(s) 26 com/applovin/exoplayer2/h/z.java, line(s) 4 com/applovin/impl/c/m.java, line(s) 17 com/ironsource/mediationsdk/utils/e.java, line(s) 16 com/ironsource/mediationsdk/utils/g.java, line(s) 6 com/teejay/trebedit/WorkspaceActivity.java, line(s) 68 com/thedeanda/lorem/LoremIpsum.java, line(s) 9 com/unity3d/services/core/request/metrics/SDKMetrics.java, line(s) 9 ea/b.java, line(s) 3 j$/util/concurrent/ThreadLocalRandom.java, line(s) 11 ma/a.java, line(s) 6
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库。
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: a7/e.java, line(s) 5,74 b1/a.java, line(s) 5,6,7,8,41 com/applovin/exoplayer2/a/i0.java, line(s) 5,116 com/ironsource/b/a.java, line(s) 6,7,133 com/ironsource/environment/f.java, line(s) 6,7,20 com/teejay/trebedit/EditorActivity.java, line(s) 12,13,14,1376 com/teejay/trebedit/MainActivity.java, line(s) 8,9,173 com/teejay/trebedit/SourceCodeActivity.java, line(s) 9,10,784 com/teejay/trebedit/WorkspaceActivity.java, line(s) 9,10,11,1373 j4/e.java, line(s) 6,7,722 o3/g.java, line(s) 3,27 p3/n.java, line(s) 5,6,108 p3/r.java, line(s) 4,5,130 t3/l.java, line(s) 4,48 u8/h.java, line(s) 8,9,1519 x8/c0.java, line(s) 9,10,11,1611
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希。
SHA-1是已知存在哈希冲突的弱哈希。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/applovin/impl/sdk/utils/StringUtils.java, line(s) 33 com/applovin/impl/sdk/utils/n.java, line(s) 181 com/ironsource/sdk/utils/SDKUtils.java, line(s) 86 com/unity3d/services/core/device/Device.java, line(s) 164 e7/b.java, line(s) 55 f7/c.java, line(s) 282 l6/e.java, line(s) 230
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据。
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: b6/f.java, line(s) 92,115 com/ironsource/environment/h.java, line(s) 423,231 com/ironsource/mediationsdk/utils/h.java, line(s) 203,208 com/ironsource/sdk/utils/SDKUtils.java, line(s) 273 com/teejay/trebedit/SourceCodeActivity.java, line(s) 780 com/teejay/trebedit/WorkspaceActivity.java, line(s) 1989 com/unity3d/services/core/cache/CacheDirectory.java, line(s) 54 u8/h.java, line(s) 1547,1715,1597,2078 x8/c0.java, line(s) 1794 x8/x0.java, line(s) 1129,1130 x8/x1.java, line(s) 51
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希。
MD5是已知存在哈希冲突的弱哈希。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: c4/v3.java, line(s) 20 com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 408 com/ironsource/sdk/utils/SDKUtils.java, line(s) 191 y1/o.java, line(s) 13
中危安全漏洞 IP地址泄露。
IP地址泄露。 Files: com/applovin/mediation/BuildConfig.java, line(s) 3 com/applovin/mediation/adapters/NimbusMediationAdapter.java, line(s) 31
中危安全漏洞 不安全的Web视图实现。在Web视图中执行用户控制的代码是一个关键的安全漏洞。
不安全的Web视图实现。在Web视图中执行用户控制的代码是一个关键的安全漏洞。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: c4/uc.java, line(s) 251,212 com/teejay/trebedit/fragments/DeviceEmulatorFragment.java, line(s) 1281,1271 com/unity3d/services/ads/webplayer/WebPlayerView.java, line(s) 334,318 com/unity3d/services/core/webview/WebView.java, line(s) 84,61
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "com.google.firebase.crashlytics.mapping_file_id" : "ea0f979db45c45f5b7b1503e8ddd8735" "firebase_database_url" : "https://trebedit.firebaseio.com" "google_api_key" : "AIzaSyBAo4HAebZaOudw4diGAAe5WC1axXYJA9g" "google_crash_reporting_api_key" : "AIzaSyBAo4HAebZaOudw4diGAAe5WC1axXYJA9g" "library_HighlightJsAndroid_authorWebsite" : "http://pddstudio.com/"
安全提示信息 应用程序记录日志信息,不得记录敏感信息。
应用程序记录日志信息,不得记录敏感信息。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a0/f.java, line(s) 98,119,127 a0/k.java, line(s) 23 a1/c.java, line(s) 19,23 a2/d.java, line(s) 208,236,205,235 a2/e.java, line(s) 92,122,139,91,121,138 a3/g.java, line(s) 239,245 a6/k1.java, line(s) 1279,1261,1291,1313,1250,1256 b0/c.java, line(s) 204,209 b0/d.java, line(s) 47 b0/e.java, line(s) 51 b0/f.java, line(s) 39 b0/g.java, line(s) 51,249 b0/l.java, line(s) 77 b1/b.java, line(s) 59,243 c/a.java, line(s) 301,300 c0/b.java, line(s) 51,60,79,89 c0/h.java, line(s) 25,60,118 c2/a.java, line(s) 92,135,175,91,134,174 c4/cv.java, line(s) 138 c4/k5.java, line(s) 704,1121,1147,1222 c4/lk.java, line(s) 27,34,43 c4/q4.java, line(s) 54,158,299 c4/r4.java, line(s) 136 c4/t4.java, line(s) 209,212,1066,1077,1082 c4/u6.java, line(s) 149,154,165 c4/x6.java, line(s) 107,113 c4/z5.java, line(s) 48,63,83,93 c5/c.java, line(s) 201 c6/d.java, line(s) 74,357,384,131,134,138,142,164 c7/b.java, line(s) 157,356 com/applovin/exoplayer2/i/n.java, line(s) 244,485,498,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,471,521,243,312,420,484,497,421,248,606 com/applovin/exoplayer2/l/q.java, line(s) 12,30,18,24 com/applovin/exoplayer2/m/p.java, line(s) 212,80,81,109,110,211 com/applovin/impl/adview/activity/b/f.java, line(s) 491 com/applovin/impl/sdk/a/f.java, line(s) 93 com/applovin/impl/sdk/h.java, line(s) 261,263 com/applovin/impl/sdk/y.java, line(s) 34,70,98,30,58,38,74,42,54 com/bumptech/glide/b.java, line(s) 213,220,230,235,245,256,212,219,223,229,234,244,251,330,224,331 com/bumptech/glide/g.java, line(s) 236,237 com/bumptech/glide/h.java, line(s) 94,184,88 com/bumptech/glide/load/data/b.java, line(s) 48,47 com/bumptech/glide/load/data/i.java, line(s) 94,142,91,141,145,151,158,155,161 com/bumptech/glide/load/data/k.java, line(s) 49,48 com/iab/omid/library/applovin/utils/d.java, line(s) 17,10 com/iab/omid/library/ironsrc/utils/d.java, line(s) 17,10 com/ironsource/a/b.java, line(s) 46,71 com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 388,412,455,521,587,599,611,624,636,785,810,165,194,258,261,265,268,303,310,332,342,354,406,437,479,488,498,506,533,541,676,730,757,759,793 com/ironsource/adapters/ironsource/IronSourceInterstitialListener.java, line(s) 27,48,67,86 com/ironsource/adapters/ironsource/IronSourceRewardedVideoListener.java, line(s) 29,51,70,97 com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 120,707,248,249,250,271,273,279,309,333,347,394,406,445,484,597,633,679,747,784,795,797,832,847,877 com/ironsource/b/a.java, line(s) 67,110 com/ironsource/d/a.java, line(s) 47 com/ironsource/d/b.java, line(s) 122 com/ironsource/environment/a.java, line(s) 130,154,242,331,370 com/ironsource/environment/e.java, line(s) 145,222,106,111,112 com/ironsource/environment/k.java, line(s) 73 com/ironsource/lifecycle/a/a.java, line(s) 53 com/ironsource/mediationsdk/A.java, line(s) 68 com/ironsource/mediationsdk/B.java, line(s) 53 com/ironsource/mediationsdk/C1214f.java, line(s) 163,178,330,137,193,196 com/ironsource/mediationsdk/C1216h.java, line(s) 337,369 com/ironsource/mediationsdk/C1220n.java, line(s) 41,88,121,140,158,176,209 com/ironsource/mediationsdk/C1222p.java, line(s) 232,260,274,310,336,354,391,405,484,532,57,63,71,93,102 com/ironsource/mediationsdk/C1226u.java, line(s) 55,104 com/ironsource/mediationsdk/C1227v.java, line(s) 65,81,122,359,377,433,47,62,86,146,187,202,217,225,259,276,282,292,310,313,327,330,339,387,408,447,453,462 com/ironsource/mediationsdk/F.java, line(s) 43,76,123,161,194,213,248 com/ironsource/mediationsdk/IronSource.java, line(s) 85,533 com/ironsource/mediationsdk/L.java, line(s) 1106,1230,2095,256,258,266,268,1043,1066,2092,975,1092,1096,1098,2067,2310,2404,2405,2313,2318 com/ironsource/mediationsdk/P.java, line(s) 34,36,37,39,82,124,128,133 com/ironsource/mediationsdk/Q.java, line(s) 453 com/ironsource/mediationsdk/R.java, line(s) 51,71,300,328,351,415,443,457,477 com/ironsource/mediationsdk/T.java, line(s) 93,144,183,453,598,665,791,803,838,893,74,79,108,123,157,168,170,186,255,362,440,486,562,603,615,632,657,674,767,773,801,878,902,369,497,813,890,908 com/ironsource/mediationsdk/V.java, line(s) 142,186,245,389,63,71,135,139,145,153,225,275,321,346,387,419,424,446,76,338,349 com/ironsource/mediationsdk/a/b.java, line(s) 325 com/ironsource/mediationsdk/ac.java, line(s) 41 com/ironsource/mediationsdk/adunit/a/a.java, line(s) 26,125,137 com/ironsource/mediationsdk/adunit/adapter/utility/AdInfo.java, line(s) 94 com/ironsource/mediationsdk/adunit/c/d.java, line(s) 38,57,67,142,146,152,174,217,241,253,45,82,94,234,247,259,275 com/ironsource/mediationsdk/adunit/c/e.java, line(s) 506,157,268,281,334,356,376,468,489,497,499,593,597,645,654,681,684,693,725,782,811,366 com/ironsource/mediationsdk/adunit/c/f.java, line(s) 22,29 com/ironsource/mediationsdk/adunit/c/g.java, line(s) 33 com/ironsource/mediationsdk/adunit/c/h.java, line(s) 31 com/ironsource/mediationsdk/adunit/d/a/a.java, line(s) 31,147,43 com/ironsource/mediationsdk/adunit/d/a/b.java, line(s) 36 com/ironsource/mediationsdk/adunit/d/a/c.java, line(s) 130,142,112,159,222,302,361,391,404 com/ironsource/mediationsdk/adunit/e/a.java, line(s) 38,40,41,43,71,129 com/ironsource/mediationsdk/ae.java, line(s) 35,70,103,136,176,246,284 com/ironsource/mediationsdk/ag.java, line(s) 158 com/ironsource/mediationsdk/bidding/a.java, line(s) 51 com/ironsource/mediationsdk/bidding/b.java, line(s) 31,89 com/ironsource/mediationsdk/c/b.java, line(s) 82 com/ironsource/mediationsdk/c0.java, line(s) 232 com/ironsource/mediationsdk/e0.java, line(s) 250 com/ironsource/mediationsdk/f0.java, line(s) 315,253 com/ironsource/mediationsdk/h0.java, line(s) 16 com/ironsource/mediationsdk/impressionData/ImpressionData.java, line(s) 106 com/ironsource/mediationsdk/impressionData/a.java, line(s) 64 com/ironsource/mediationsdk/integration/IntegrationHelper.java, line(s) 103,36,47,62,67,125,139,143,157,162,187,192,202,226,309,319,39,45,58,65,91,116,122,135,153,160,181,182,185,190,221,229,233,323,328,335,341,348,353,360,367,374,379,386,34,235 com/ironsource/mediationsdk/logger/a.java, line(s) 29,24,22,26 com/ironsource/mediationsdk/m.java, line(s) 99 com/ironsource/mediationsdk/s.java, line(s) 66 com/ironsource/mediationsdk/utils/IronSourceAES.java, line(s) 74 com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 140,567 com/ironsource/sdk/a/d.java, line(s) 37 com/ironsource/sdk/b/b.java, line(s) 40,83 com/ironsource/sdk/c/c.java, line(s) 51,181 com/ironsource/sdk/controller/x.java, line(s) 224,235,256,275,381,402,418,434,557,664,685,755,767,1709,2067,2474,3082,3087,3097,3104,3114,3121,3130,3133,2817 com/ironsource/sdk/service/Connectivity/a.java, line(s) 54 com/ironsource/sdk/service/Connectivity/e.java, line(s) 91,106 com/ironsource/sdk/service/d.java, line(s) 107 com/ironsource/sdk/utils/Logger.java, line(s) 11,17,23,29,39,47,52,58,64,70 com/pddstudio/highlightjs/HighlightJsView.java, line(s) 97,148 com/teejay/trebedit/BrowserActivity.java, line(s) 518 com/teejay/trebedit/MainActivity.java, line(s) 322 com/teejay/trebedit/WorkspaceActivity.java, line(s) 1856 com/teejay/trebedit/a.java, line(s) 251 com/teejay/trebedit/editor/editor_toolbar/EditorToolbar.java, line(s) 541 com/teejay/trebedit/ui/custom_views/TextViewHighlighter.java, line(s) 46 com/unity3d/ads/UnityAdsBaseOptions.java, line(s) 19 com/unity3d/ads/metadata/InAppPurchaseMetaData.java, line(s) 34,49,55 com/unity3d/ads/metadata/MetaData.java, line(s) 43,54 com/unity3d/services/UnityServices.java, line(s) 53,93,101,112,117,146,162,166,130,140,150,70 com/unity3d/services/ads/UnityAdsImplementation.java, line(s) 80,137 com/unity3d/services/ads/adunit/AdUnitActivity.java, line(s) 374,376,47,130,187,223,267,301,323,392,230 com/unity3d/services/ads/adunit/AdUnitViewHandlerFactory.java, line(s) 21 com/unity3d/services/ads/adunit/VideoPlayerHandler.java, line(s) 16,34 com/unity3d/services/ads/api/AdUnit.java, line(s) 202,208,255,259,264,268,490,493,496,499,522,116,132,161,168,350,444,513,526,531,536 com/unity3d/services/ads/api/VideoPlayer.java, line(s) 58,76,99,148,159,177 com/unity3d/services/ads/api/WebPlayer.java, line(s) 48 com/unity3d/services/ads/configuration/AdsModuleConfiguration.java, line(s) 63,76,84 com/unity3d/services/ads/gmascar/adapters/ScarAdapterFactory.java, line(s) 44 com/unity3d/services/ads/gmascar/bridges/AdapterStatusBridge.java, line(s) 20,36 com/unity3d/services/ads/gmascar/bridges/InitializeListenerBridge.java, line(s) 21,40 com/unity3d/services/ads/gmascar/bridges/mobileads/MobileAdsBridge.java, line(s) 20 com/unity3d/services/ads/gmascar/bridges/mobileads/MobileAdsBridgeLegacy.java, line(s) 22 com/unity3d/services/ads/gmascar/finder/GMAInitializer.java, line(s) 52 com/unity3d/services/ads/gmascar/finder/ScarVersionFinder.java, line(s) 43,55 com/unity3d/services/ads/token/AsyncTokenStorage.java, line(s) 161,194 com/unity3d/services/ads/token/NativeTokenGenerator.java, line(s) 34 com/unity3d/services/ads/video/VideoPlayerView.java, line(s) 42,45,70,113,118,140,183,195,227 com/unity3d/services/ads/webplayer/WebPlayerView.java, line(s) 66,70,311,353,412,427,442,455,693,713 com/unity3d/services/banners/BannerView.java, line(s) 125 com/unity3d/services/banners/UnityBanners.java, line(s) 325 com/unity3d/services/core/api/Cache.java, line(s) 165,179,53,131,184,275,292,319 com/unity3d/services/core/api/DeviceInfo.java, line(s) 141,157,180,324,342,357,413 com/unity3d/services/core/api/Intent.java, line(s) 48,62,210,233,247 com/unity3d/services/core/api/Request.java, line(s) 32,44,95,107,130,142 com/unity3d/services/core/api/Sdk.java, line(s) 16,37,53,83,89,95,101 com/unity3d/services/core/broadcast/BroadcastEventReceiver.java, line(s) 43 com/unity3d/services/core/cache/CacheDirectory.java, line(s) 24,26,65,69,75,101,104,109,117,29,58,78 com/unity3d/services/core/cache/CacheThread.java, line(s) 74 com/unity3d/services/core/cache/CacheThreadHandler.java, line(s) 85,87,91,580,590,594,615,131,143,164,188,209,233,254,278,299,323,344,368,389,488 com/unity3d/services/core/configuration/ConfigurationReader.java, line(s) 24 com/unity3d/services/core/configuration/ConfigurationRequestFactory.java, line(s) 36 com/unity3d/services/core/configuration/EnvironmentCheck.java, line(s) 32,44,35,47,50,53,58 com/unity3d/services/core/configuration/ExperimentObject.java, line(s) 21 com/unity3d/services/core/configuration/ExperimentsReader.java, line(s) 23 com/unity3d/services/core/configuration/InitializationNotificationCenter.java, line(s) 42 com/unity3d/services/core/configuration/InitializeEventsMetricSender.java, line(s) 57,64,71,86,181,193 com/unity3d/services/core/configuration/InitializeThread.java, line(s) 293,334,475,492,536,544,646,658,685,742,126,306,309,345,348,393,417,592,632,746,896,905,199,374,482,570 com/unity3d/services/core/configuration/PrivacyConfigurationLoader.java, line(s) 56 com/unity3d/services/core/connectivity/ConnectivityMonitor.java, line(s) 54,84,94,76,122 com/unity3d/services/core/device/AdvertisingId.java, line(s) 145,163,173 com/unity3d/services/core/device/Device.java, line(s) 166,264,270,283,293,414,427,442,615,678,691,357 com/unity3d/services/core/device/OpenAdvertisingId.java, line(s) 147,171,177 com/unity3d/services/core/device/Storage.java, line(s) 46,50,61 com/unity3d/services/core/device/reader/DeviceInfoReaderCompressor.java, line(s) 29,33 com/unity3d/services/core/device/reader/DeviceInfoReaderExtended.java, line(s) 44 com/unity3d/services/core/domain/task/InitializeStateConfig$doWork$2.java, line(s) 57 com/unity3d/services/core/domain/task/InitializeStateCreate$doWork$2.java, line(s) 44,59,63 com/unity3d/services/core/domain/task/InitializeStateCreateWithRemote$doWork$2.java, line(s) 44,58,62 com/unity3d/services/core/domain/task/InitializeStateError$doWork$2.java, line(s) 43 com/unity3d/services/core/domain/task/InitializeStateLoadCache$doWork$2.java, line(s) 48,55 com/unity3d/services/core/domain/task/InitializeStateLoadCache.java, line(s) 79 com/unity3d/services/core/domain/task/InitializeStateLoadConfigFile$doWork$2.java, line(s) 49,57 com/unity3d/services/core/domain/task/InitializeStateLoadWeb$doWork$2.java, line(s) 158,134 com/unity3d/services/core/domain/task/InitializeStateNetworkError$doWork$2.java, line(s) 55 com/unity3d/services/core/domain/task/InitializeStateNetworkError.java, line(s) 105,121 com/unity3d/services/core/domain/task/InitializeStateReset$doWork$2.java, line(s) 66 com/unity3d/services/core/extensions/TaskExtensionsKt.java, line(s) 159 com/unity3d/services/core/log/DeviceLog.java, line(s) 71,229,236 com/unity3d/services/core/misc/JsonFlattener.java, line(s) 45 com/unity3d/services/core/misc/JsonStorage.java, line(s) 170,25,31,50,71,86,98,164,173 com/unity3d/services/core/misc/JsonStorageAggregator.java, line(s) 33 com/unity3d/services/core/misc/Utilities.java, line(s) 170,139,145,150,162,184,214 com/unity3d/services/core/misc/ViewUtilities.java, line(s) 22,31 com/unity3d/services/core/preferences/AndroidPreferences.java, line(s) 16,30,44,58,72 com/unity3d/services/core/properties/ClientProperties.java, line(s) 44,79,91,93 com/unity3d/services/core/properties/SdkProperties.java, line(s) 240,242,95 com/unity3d/services/core/reflection/GenericBridge.java, line(s) 31,46,55,61,69,75,83,90 com/unity3d/services/core/request/WebRequest.java, line(s) 74,170,173,181 com/unity3d/services/core/request/WebRequestRunnable.java, line(s) 95,76,99 com/unity3d/services/core/request/WebRequestThread.java, line(s) 63,115,130 com/unity3d/services/core/request/metrics/MetricCommonTags.java, line(s) 73 com/unity3d/services/core/request/metrics/MetricSender.java, line(s) 63,66,84,86,93,100,114 com/unity3d/services/core/request/metrics/MetricSenderWithBatch.java, line(s) 71 com/unity3d/services/core/request/metrics/SDKMetrics.java, line(s) 36,41,51,88,98 com/unity3d/services/core/sensorinfo/SensorInfoListener.java, line(s) 25 com/unity3d/services/core/timer/BaseTimer.java, line(s) 76 com/unity3d/services/core/webview/WebView.java, line(s) 93,31,35,48 com/unity3d/services/core/webview/WebViewApp.java, line(s) 53,107,186,240,282,332,64,68,70,88,147,274,304,345,376,392 com/unity3d/services/core/webview/WebViewUrlBuilder.java, line(s) 31 com/unity3d/services/core/webview/bridge/Invocation.java, line(s) 63 com/unity3d/services/core/webview/bridge/NativeCallback.java, line(s) 38 com/unity3d/services/core/webview/bridge/WebViewBridge.java, line(s) 70 com/unity3d/services/core/webview/bridge/WebViewBridgeInterface.java, line(s) 22,37 com/unity3d/services/core/webview/bridge/WebViewCallback.java, line(s) 71 com/unity3d/services/store/core/StoreLifecycleListener.java, line(s) 45 com/unity3d/services/store/gpbl/bridges/CommonJsonResponseBridge.java, line(s) 32 com/unity3d/services/store/gpbl/bridges/PurchaseBridge.java, line(s) 36 d/f.java, line(s) 153 d/i.java, line(s) 378,395,871,873,875,2367,2201,2210,2220,2229,2244,2253,2266,2275,433,1607,1616,1662,1814,1826,2046,2049,740 d/j.java, line(s) 57 d/q.java, line(s) 21,35,47 d2/a0.java, line(s) 40,41 d2/j.java, line(s) 620,98,240,619,435 d2/k.java, line(s) 139,140 d2/m.java, line(s) 17,145 d2/r.java, line(s) 81 d8/y.java, line(s) 91 e/a.java, line(s) 80,129 e0/g.java, line(s) 21 e2/i.java, line(s) 162,196,166,201 e2/j.java, line(s) 45,60,166,215,44,59,91,94,101,161,178,185,202,214,217,92,102,143,183,203 e7/b.java, line(s) 48,59 e8/a.java, line(s) 56,58 f1/b.java, line(s) 223,234 f1/f.java, line(s) 653 f2/d.java, line(s) 44,81,94,112,45,95,82,113 f2/i.java, line(s) 96,76 f4/h.java, line(s) 36 f4/i.java, line(s) 132,142,153,236 f4/l.java, line(s) 87 f5/d.java, line(s) 118 f7/c.java, line(s) 275,297,88,98,262,264 g2/a.java, line(s) 42,41 g3/b.java, line(s) 222,223 g4/l0.java, line(s) 173,178,182,77 g4/m.java, line(s) 70 g4/m0.java, line(s) 21 g4/n0.java, line(s) 25 g4/o0.java, line(s) 21 g5/a.java, line(s) 28 g6/i.java, line(s) 59 g8/e.java, line(s) 56,132 h/f.java, line(s) 112,153,167,175,360 h0/b.java, line(s) 13 h2/c.java, line(s) 42,41 h2/e.java, line(s) 95,94 h2/s.java, line(s) 83,84 h6/b.java, line(s) 15,16 h6/c.java, line(s) 10 h8/a.java, line(s) 517,1950 h8/b.java, line(s) 33 i0/a.java, line(s) 305 i0/b.java, line(s) 43 i0/g.java, line(s) 25,38,82,147,192,212,235 i0/p.java, line(s) 375,113 i0/q.java, line(s) 17,28 i0/x.java, line(s) 119,141,530,542,549,558,43,108 i5/g.java, line(s) 298 i6/b.java, line(s) 53,54 i6/c.java, line(s) 25,44,26,45 j1/c.java, line(s) 97 j3/j.java, line(s) 37,40,44,48,80,83,86,89,92 j4/g2.java, line(s) 53 j6/c.java, line(s) 34 j6/d.java, line(s) 32,26,43 k0/f.java, line(s) 25,34 k1/h.java, line(s) 18,20,29,31,40,42,51,53 k2/b.java, line(s) 60,59,76,77 k2/g.java, line(s) 19,25,20,26 k2/h.java, line(s) 198,208,223,238,267,308,316,321,330,333,338,345,378,384,197,207,220,237,266,307,311,320,329,332,337,344,377,383 k2/j.java, line(s) 104,464,734,103,419,463,488,532,638,659,671,689,710,722,733,755,767,444,501,557 k2/k.java, line(s) 27,31,28,32 k2/o.java, line(s) 114,115 k2/u.java, line(s) 79,88,102,80,89,103,104,105,109 k2/x.java, line(s) 102,101 k6/c.java, line(s) 14,8 l0/b.java, line(s) 37 l1/a.java, line(s) 46,58,45,69,137,70,164,170,176 l6/a0.java, line(s) 39,61,78,25,28,68,35,55,64,69,74 l6/b0.java, line(s) 104,40,100 l6/d0.java, line(s) 32,43,53,26,37,49 l6/e.java, line(s) 60,91,182,234,179 l6/f0.java, line(s) 46,59,66,77,107,47,60,67,78,108,73,103 l6/h0.java, line(s) 200,266,53,136,199,265,54,137,151,231 l6/j.java, line(s) 20,32,34,19 l6/k.java, line(s) 23 l6/l.java, line(s) 53,62,63,124 l6/n.java, line(s) 20 l6/o.java, line(s) 37,22,36,23 l6/p.java, line(s) 106,230,256,299,396,580,552,105,130,229,255,298,325,346,352,356,361,395,406,417,542,547,570,579,131,326,347,353,357,362,407,418,543,548,571,295,307,365,462,466,509,539 l6/w.java, line(s) 89,113,46,99,118,120,122,71,88,112,72,42,94 l6/x.java, line(s) 37,38 l6/y.java, line(s) 166 l8/f.java, line(s) 176 m3/a.java, line(s) 10,17,9,16 m4/g.java, line(s) 43 m6/b.java, line(s) 46 m6/d.java, line(s) 117,144,46,116,143,72,123 m6/f.java, line(s) 60,113,125 n0/c.java, line(s) 351 o/d.java, line(s) 396 o0/b.java, line(s) 53,69,92 o0/c.java, line(s) 26,64 o0/e.java, line(s) 141 o2/a.java, line(s) 58,165,174,181,66,168,177,184 o2/i.java, line(s) 40,41 o3/c.java, line(s) 90,89 p/d.java, line(s) 74,73 p3/n.java, line(s) 253,252 p6/a.java, line(s) 76,77 q0/a.java, line(s) 950,1303,1526,248,256,290,302,314,326,338,350,362,374,386,393,404,416,399,616,628,894,1064,1080,1096,1138,1167,1170,1179,1205,1238,1241,1285,1288,1367,1378 q2/d.java, line(s) 34,31,65,84,66,85 q2/i.java, line(s) 53,54 q2/j.java, line(s) 211,212,225 q2/m.java, line(s) 107,116,108,117 q6/b.java, line(s) 119 q6/c.java, line(s) 62,75,80,61,74 r6/b.java, line(s) 58,113,57,112 s/a.java, line(s) 65,67 s/b.java, line(s) 107,109 s/c.java, line(s) 148,150 s6/c.java, line(s) 42,63,51,52 s6/d.java, line(s) 40,83,76,80,39,63,69,82,64,70 s6/e.java, line(s) 17 s7/d.java, line(s) 38 s7/e.java, line(s) 28 s7/h.java, line(s) 22 s8/a.java, line(s) 20 t/e.java, line(s) 373 t/f.java, line(s) 398,87,226,586 t/g.java, line(s) 26,67 t/h.java, line(s) 124,129 t/j.java, line(s) 157 t/k.java, line(s) 132,415,418,419,424,428,450,463 t/l.java, line(s) 226,233 t/o.java, line(s) 526,1981,1986,2192,1960,2059 t/q.java, line(s) 328,346,514,651,775,827,184 t/w.java, line(s) 242,246,540,1902 t2/g.java, line(s) 542,20,380,393 t3/a.java, line(s) 41 t3/e.java, line(s) 46 t3/i.java, line(s) 103,107 u/a.java, line(s) 135,138,139,144,148 u/b.java, line(s) 229,96,282 u/f.java, line(s) 81 u2/h.java, line(s) 39,93,94,40 u3/f.java, line(s) 41 u3/g.java, line(s) 63 u3/j.java, line(s) 75 u9/a.java, line(s) 84 v3/f.java, line(s) 24 v7/a.java, line(s) 24,34 w0/f.java, line(s) 66,72,221,300 w0/g.java, line(s) 69 w5/a.java, line(s) 52,65,139,149,158 w5/b.java, line(s) 30,44 w5/c.java, line(s) 85 w8/e.java, line(s) 51 w8/h.java, line(s) 55,26,45 x7/a.java, line(s) 23 y/d.java, line(s) 92 y/e.java, line(s) 28 y/g.java, line(s) 30 y/h.java, line(s) 39,52,65 y/l.java, line(s) 127,158,189 y1/r.java, line(s) 55,71,79,104 y1/s.java, line(s) 61,70 y2/a.java, line(s) 44,47
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它。
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/teejay/trebedit/BrowserActivity.java, line(s) 5,1371,1448,1573,1653,1778,1858,1983,2111,2191,2316,2503,2631,2761,2841,2966,3089 com/teejay/trebedit/SourceCodeActivity.java, line(s) 4,836,931,1026 com/teejay/trebedit/editor/EditorMoreMenu.java, line(s) 4,572,923,1274,1407,1758,2109,2249 d8/d3.java, line(s) 4,27 d8/e3.java, line(s) 4,29 d8/p.java, line(s) 4,37,62 e8/g.java, line(s) 4,52 q8/g.java, line(s) 5,382 v8/b.java, line(s) 4,54 x8/u1.java, line(s) 4,117
已通过安全项 isDebuggerConnected检测应用程序是否可调试。
isDebuggerConnected检测应用程序是否可调试。 Files: com/ironsource/environment/a.java, line(s) 361,7,8,8,9,9,10 l6/e.java, line(s) 122,4,5,5,6
已通过安全项 此应用程序可能具有Root检测功能。
此应用程序可能具有Root检测功能。 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: l6/e.java, line(s) 217,217,220
重点安全关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (pagead2.googlesyndication.com) 通信。
{'ip': '180.163.150.166', 'country_short': 'CN', 'country_long': 'China', 'region': 'Shanghai', 'city': 'Shanghai', 'latitude': '31.224333', 'longitude': '121.469139'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (firebase-settings.crashlytics.com) 通信。
{'ip': '180.163.150.34', 'country_short': 'CN', 'country_long': 'China', 'region': 'Shanghai', 'city': 'Shanghai', 'latitude': '31.224333', 'longitude': '121.469139'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (app-measurement.com) 通信。
{'ip': '180.163.150.161', 'country_short': 'CN', 'country_long': 'China', 'region': 'Shanghai', 'city': 'Shanghai', 'latitude': '31.224333', 'longitude': '121.469139'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (China) 的服务器 (googleads.g.doubleclick.net) 通信。
{'ip': '180.163.150.38', 'country_short': 'CN', 'country_long': 'China', 'region': 'Shanghai', 'city': 'Shanghai', 'latitude': '31.224333', 'longitude': '121.469139'}
综合安全基线评分总结
TrebEdit v3.3.16
Android APK
47
综合安全评分
中风险