应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Housing v14.7.8
50
安全评分
安全基线评分
50/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
4
高危
36
中危
3
信息
3
安全
隐私风险评估
11
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
4
中危安全漏洞
36
安全提示信息
3
已通过安全项
3
重点安全关注
0
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/locon/reactapp/seller/nativeModules/customWebViewModuleRN/CustomWebViewManager.java, line(s) 57,4 com/reactnativecommunity/webview/RNCWebViewManagerImpl.java, line(s) 873,15
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/razorpay/BaseRazorpay.java, line(s) 1575,1656,14 com/reactnativecommunity/webview/RNCWebViewManagerImpl.java, line(s) 167,15
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/locon/crf/domain/usecases/e0.java, line(s) 45
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个11隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 Service (com.moengage.firebase.MoEFireBaseMessagingService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.locon.housing.customNotifications.IncomingCallReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.locon.housing.customNotifications.ProxyIntentHandlerActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.quickblox.messages.services.fcm.QBFcmPushListenerService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.quickblox.messages.services.fcm.QBFcmPushInstanceIDService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.locon.reactapp.seller.HousingCallReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.gspl.leegalitysdk.MessageReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.gspl.leegalitysdk.Leegality) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.chuckerteam.chucker.internal.ui.MainActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (androidx.compose.ui.tooling.PreviewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.quickblox.reactnative.webrtc.WebRTCCallService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.contentsquare.android.analytics.internal.features.deeplink.DeepLinkActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.otpless.main.OtplessZeroTapReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.moengage.sdk.debugger.MoEDebuggerActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.ringlerr.callplus.NotificationReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.GenericIdpActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.RecaptchaActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.gcm.WorkManagerGcmService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.permission.BIND_NETWORK_TASK_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/agontuk/RNFusedLocation/d.java, line(s) 10 com/newrelic/agent/android/util/Util.java, line(s) 5 com/quickblox/auth/query/QueryCreateSessionUsingSocialProvider.java, line(s) 13 com/quickblox/auth/session/QueryCreateSession.java, line(s) 17 com/quickblox/chat/QBReconnectionManager.java, line(s) 6 com/quickblox/chat/utils/MongoDBObjectId.java, line(s) 7 com/ringlerr/callplus/n.java, line(s) 15 de/measite/minidns/a.java, line(s) 6 f7/nf.java, line(s) 4 oq/a.java, line(s) 3 oq/b.java, line(s) 3 org/jivesoftware/smack/ReconnectionManager.java, line(s) 5 org/jivesoftware/smack/util/StringUtils.java, line(s) 6 pq/a.java, line(s) 3
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: coil/decode/s.java, line(s) 18,21,24 coil/memory/d.java, line(s) 27 com/cashfree/pg/ui/hidden/utils/f.java, line(s) 10 com/locon/core/data/bulk/gf.java, line(s) 452 com/locon/core/data/hp/BuyingProduct.java, line(s) 188 com/locon/core/data/local/datastore/FilterAttrBoolean.java, line(s) 158 com/locon/core/data/local/datastore/FilterAttrMinMax.java, line(s) 170,171 com/locon/core/data/local/datastore/NestedSlider.java, line(s) 197 com/locon/core/data/local/datastore/SortProperties.java, line(s) 136 com/locon/core/data/local/datastore/m.java, line(s) 24,34 com/locon/core/data/local/datastore/y2.java, line(s) 22 com/locon/core/data/remote/projectDetails/dtos/ProjectDetailsDataDto.java, line(s) 1930 com/locon/core/data/rnreducers/RecentSearchFilters.java, line(s) 794 com/locon/core/data/sharedDtos/searchResult/FilterAggregations.java, line(s) 76 com/locon/core/data/sharedDtos/searchResult/FilterAggregationsDto.java, line(s) 272,93 com/locon/core/data/sharedmodels/PropertyTypeFilterModel.java, line(s) 75 com/locon/core/domain/a.java, line(s) 59 com/locon/core/domain/login/model/RatingsViewModel.java, line(s) 258 com/locon/core/mmkv/b.java, line(s) 41,40 com/locon/core/mmkv/j.java, line(s) 64,63 com/locon/core/mmkv/l.java, line(s) 41,42 com/locon/core/mmkv/p.java, line(s) 47,48 com/locon/crf/data/network/b.java, line(s) 58 com/locon/crf/domain/requests/LeadCreateRequest.java, line(s) 612 com/locon/crf/presentation/entity/CrfInitDetails.java, line(s) 873 com/locon/crf/presentation/ui/components/PendingPropertyModel.java, line(s) 150 com/locon/data/network/b.java, line(s) 192 com/locon/data/network/filters/dto/Collection.java, line(s) 62 com/locon/data/network/g.java, line(s) 149,203 com/locon/domain/models/ProjectListingItems.java, line(s) 102 com/locon/domain/models/UsedFilterModel.java, line(s) 45 com/locon/domain/usecases/filters/FilterViewModel.java, line(s) 698 com/locon/exclusive/data/repository/a.java, line(s) 68 com/locon/home/data/dto/FeaturedCollectionsDto.java, line(s) 190 com/locon/home/data/network/a.java, line(s) 119 com/locon/home/domain/model/BhkFilterModel.java, line(s) 71 com/locon/home/domain/model/BudgetFilterModel.java, line(s) 71 com/locon/home/domain/model/RecentlyAddedFilterModel.java, line(s) 82 com/locon/housing/BuildConfig.java, line(s) 15,8,17 com/locon/housing/customNotifications/f.java, line(s) 20 com/locon/housing/housingAppService/a.java, line(s) 28 com/locon/housing/presentation/MainActivityPageEvent.java, line(s) 63 com/locon/hp/data/dtos/Benefits.java, line(s) 103 com/locon/hp/data/dtos/WebBenefit.java, line(s) 64 com/locon/hp/domain/models/BenefitKeys.java, line(s) 68 com/locon/hp/domain/models/Benefits.java, line(s) 64 com/locon/hp/domain/models/WebBenefit.java, line(s) 52 com/locon/login_data/model/UpdateProfileResponseDto.java, line(s) 633 com/locon/login_domain/model/requests/LoginRequest.java, line(s) 113 com/locon/login_domain/model/requests/LoginViaEmailRequest.java, line(s) 56 com/locon/login_presentation/ui/components/PasswordUiState.java, line(s) 98 com/locon/pdp_data/remote/pg/dtos/PgDetailsDTO.java, line(s) 3465 com/locon/pdp_domain/model/ProjectFilterRequest.java, line(s) 100 com/locon/pdp_presentation/data/SellerData.java, line(s) 65 com/locon/presentation/screens/filters/FilterViewModel.java, line(s) 677,1349,1344 com/locon/presentation/ui/viewmodels/gf.java, line(s) 469 com/locon/profile/data/dto/CollectionCommentsDto.java, line(s) 238 com/locon/profile/data/dto/UpdateProfileResponseDto.java, line(s) 911 com/locon/profile/demand/model/BasicUserDetails.java, line(s) 72 com/locon/ratings/presentation/ui/viewmodels/RatingsViewModel.java, line(s) 242 com/locon/reactapp/BuildConfig.java, line(s) 5,11,14,12,26,4,15 com/locon/reactapp/common/a.java, line(s) 14,169,171,172,17,175,79,183,178,177,126,179,136,180,182,184,19,206 com/locon/splash/data/model/WebBenefit.java, line(s) 59 com/moengage/core/internal/CoreConstants.java, line(s) 308 com/moengage/core/internal/data/reports/BatchHelperKt.java, line(s) 14,11 com/moengage/core/internal/rest/RestConstantsKt.java, line(s) 16 com/moengage/core/internal/rest/interceptor/EncryptionInterceptorKt.java, line(s) 10 com/moengage/core/internal/storage/database/contract/KeyValueStoreContractKt.java, line(s) 16 com/moengage/core/internal/storage/preference/SharedPrefKeysKt.java, line(s) 91 com/moengage/core/internal/utils/RestUtilKt.java, line(s) 76,79 com/moengage/inapp/internal/repository/remote/ApiManagerKt.java, line(s) 22 com/moengage/inapp/internal/repository/remote/ResponseParserKt.java, line(s) 176,95,107,179,182,185,188 com/moengage/richnotification/internal/RichPushConstantsKt.java, line(s) 86,89,92 com/moengage/trigger/evaluator/internal/repository/local/MapperKt.java, line(s) 15,18 com/newrelic/agent/android/SavedState.java, line(s) 51,43 com/newrelic/agent/android/distributedtracing/TracePayload.java, line(s) 11,12,14,15,19,22,20,18,23 com/newrelic/agent/android/harvest/AgentHealth.java, line(s) 12 com/newrelic/agent/android/harvest/HarvestConfiguration.java, line(s) 22 com/newrelic/agent/android/util/PersistentUUID.java, line(s) 30 com/otpless/main/OtplessViewImpl.java, line(s) 64 com/otpless/tesseract/SecureAnalysisShdRequest.java, line(s) 58 com/otpless/tesseract/sim/OtplessSimStateReceiverKt.java, line(s) 29 com/quickblox/auth/Consts.java, line(s) 6,20,9 com/quickblox/auth/session/QBSessionParametersSaver.java, line(s) 4 com/quickblox/auth/session/QBSessionSaver.java, line(s) 4 com/quickblox/chat/Consts.java, line(s) 15 com/quickblox/chat/model/QBAttachment.java, line(s) 8,10,11,12,15,19,20,21,23 com/quickblox/core/account/Consts.java, line(s) 4 com/quickblox/users/Consts.java, line(s) 28,45,46,25 com/razorpay/AnalyticsConstants.java, line(s) 132,161,72 com/razorpay/AutoOtpConstants.java, line(s) 6 com/razorpay/BaseConstants.java, line(s) 27,35 com/razorpay/Config.java, line(s) 13 com/razorpay/ConfigDroid.java, line(s) 9 com/razorpay/OtpElfData.java, line(s) 6 com/ringlerr/callplus/CallBackDialogActivity.java, line(s) 44 com/ringlerr/callplus/DialogActivity.java, line(s) 58 com/ringlerr/callplus/NewDialogActivity.java, line(s) 47 com/truecaller/android/sdk/PartnerInformation.java, line(s) 18 com/truecaller/android/sdk/common/TrueException.java, line(s) 19 f7/b4.java, line(s) 136,139 gl/e.java, line(s) 18 go/e.java, line(s) 32 io/branch/referral/f.java, line(s) 44 io/branch/referral/f0.java, line(s) 30 io/branch/referral/h0.java, line(s) 24,25 io/branch/referral/o0.java, line(s) 23 io/branch/referral/p.java, line(s) 12,11 io/branch/referral/validators/f.java, line(s) 21,18,24,23 io/branch/referral/z0.java, line(s) 16,15,18 io/sentry/d.java, line(s) 44 ko/b.java, line(s) 11,12,13 p2/f.java, line(s) 18 sc/l.java, line(s) 11 sf/c.java, line(s) 83 t2/d.java, line(s) 21 t5/g.java, line(s) 44,73 v1/d.java, line(s) 23 v1/q.java, line(s) 17 z3/b.java, line(s) 29,26 z3/c.java, line(s) 30 za/a.java, line(s) 234,237
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: coil/decode/r.java, line(s) 53 com/reactnativecommunity/webview/RNCWebViewModuleImpl.java, line(s) 242 com/rnmaps/maps/MapModule.java, line(s) 78 com/rnmaps/maps/a.java, line(s) 31 fr/greweb/reactnativeviewshot/RNViewShotModule.java, line(s) 85,85 io/sentry/react/d.java, line(s) 566 kk/d.java, line(s) 30
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/locon/profile/data/network/a.java, line(s) 171 juicylab/juicyscore/h0.java, line(s) 41 juicylab/juicyscore/n0.java, line(s) 25 org/jivesoftware/smack/util/MD5.java, line(s) 11
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/moengage/core/internal/storage/database/BaseDao.java, line(s) 6,7,73,75 com/moengage/core/internal/storage/database/DatabaseHelper.java, line(s) 6,7,243 com/newrelic/agent/android/instrumentation/SQLiteInstrumentation.java, line(s) 7,73,75,147,149 io/heap/core/data/a.java, line(s) 6,189,191 io/heap/core/data/b.java, line(s) 4,5,27,29,31,33,43 io/heap/core/data/model/e.java, line(s) 5,85,117,202,215 t2/c.java, line(s) 6,7,35 t2/d.java, line(s) 7,56
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/devialab/exif/Exif.java, line(s) 65,37 com/gspl/leegalitysdk/j.java, line(s) 41 com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 480 com/newrelic/agent/android/AndroidAgentImpl.java, line(s) 338 com/quickblox/core/helper/FileHelper.java, line(s) 13 com/quickblox/videochat/webrtc/PeerFactoryManager.java, line(s) 141 com/reactnativecommunity/webview/RNCWebViewModuleImpl.java, line(s) 242 com/rnfs/RNFSManager.java, line(s) 655,644,646,649,673 f7/k3.java, line(s) 43 o1/a.java, line(s) 189 yp/c.java, line(s) 39,40,41,42
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/quickblox/core/helper/SignHelper.java, line(s) 14 com/truecaller/android/sdk/legacy/c.java, line(s) 38 com/truecaller/android/sdk/oAuth/clients/c.java, line(s) 105 com/truecaller/android/sdk/oAuth/e.java, line(s) 39 de/measite/minidns/a.java, line(s) 38,57 io/sentry/util/o.java, line(s) 28 org/jivesoftware/smack/util/MAC.java, line(s) 14 org/jivesoftware/smack/util/SHA1.java, line(s) 11 t5/b.java, line(s) 74
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: io/sentry/android/core/internal/util/k.java, line(s) 41,41,41,41,41 juicylab/juicyscore/e1.java, line(s) 9,9,9,9,9,9
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/cashfree/pg/core/api/ui/BaseCFWebView.java, line(s) 44,39 com/gspl/leegalitysdk/Leegality.java, line(s) 107,104 com/locon/profile/presentation/ui/screens/v.java, line(s) 79,77 com/otpless/web/OtplessWebView.java, line(s) 69,47 com/pierfrancescosoffritti/androidyoutubeplayer/core/player/views/WebViewYouTubePlayer.java, line(s) 63,60 com/razorpay/BaseUtils.java, line(s) 939,176 juicylab/juicyscore/b.java, line(s) 522,523
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: juicylab/juicyscore/b.java, line(s) 527,523
中危安全漏洞 IP地址泄露
IP地址泄露 Files: juicylab/juicyscore/o0.java, line(s) 11,13,13,11,13 org/jivesoftware/smack/util/PacketParserUtils.java, line(s) 476
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "google_sign_in_key" : "1059595317196-hvv73176575ru3ep3ne1183j2bc44vjp.apps.googleusercontent.com" 凭证信息=> "com.google.android.geo.API_KEY" : "AIzaSyD6SNqZWyMWm7tYG1dI51BwFVaPzkulRnw" 凭证信息=> "io.branch.sdk.BranchKey" : "key_live_fdJ7dmS2RIehpBYh1RavlnfmBsoN9MOB" "com.google.firebase.crashlytics.mapping_file_id" : "27b824927fff45729effc0e87d1daeb3" "firebase_database_url" : "https://river-oxygen-792.firebaseio.com" "google_crash_reporting_api_key" : "AIzaSyCganBmIOqIteOqfQLvS850sNoWBHQQUvY" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" "contentsquare_settings_log_visualizer_category_key" : "lv_category_key" "contentsquare_developer_session_replay_force_fps_title" : "FPS" "posession_date" : "Possession:" "contentsquare_developer_session_replay_logs_title" : "Logs" "contentsquare_developer_session_replay_metrics_title" : "Metrics" "contentsquare_developer_session_replay_profiler_title" : "Profiler" "contentsquare_settings_session_replay_category_key" : "sr_category_key" "google_api_key" : "AIzaSyCganBmIOqIteOqfQLvS850sNoWBHQQUvY" "google_app_id" : "1:1059595317196:android:ea920779a5ee2ebe" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password" baccb97ba2d92d71e26eb9886da5f1e0 41acbd06dbc9316d28c0db48b144aaf8 53ad207c8331f3770f3c39fc16eabf90 ad008522917b9e167c3b 3bd354ed3b0721e21053 063c14fc631205f45d8dfa4982d08b568d78db4bcaeba0c55db087f2d29b6615 rXivzfmbrrHuLfekAYbIxoQ/smobDcE0 aXNccyhcZHs2LDh9KXwoXGR7Niw4fSlcc2lzfGlzXHMoXGR7NH0p 596106e5834c414a64a1 825eabd521ea6703231831f72ef5a576 4624741feed5b32ebf1051c88351e0a4 9c4c780d99677720c82b eec306948307d1a640ac 98e0046150b35da6b54a 212c935bd75c1dd741d279b0e44f2192 a8443061-b24d-40b5-bcb8-f3fbb89bef0d 526acdc6c33455e9e4e9 df6b721c8b4d3b6eb44c861d4415007e5a35fc95 AA60fcec3f099487c1c8f9608a5c75606dd8f2d3db eyJsYXQiOjI4LjQ5NDUzNCwibG5nIjo3Ny40MzUyMDQsInR5cGUiOlsiYnVzX3N0YXRpb24iLCJhaXJwb3J0IiwidHJhaW5fc3RhdGlvbiIsImJhbmtfYXRtIiwiaG9zcGl0YWwiLCJncm9jZXJ5IiwicGhhcm1hY3kiLCJyZXN0YXVyYW50cyIsImJhcl9uaWdodF9jbHViIiwibW92aWVfdGhlYXRlciIsInBhcmsiLCJzaG9wcGluZ19tYWxsIl0sInJhZGl1cyI6MzAwMCwibWF4X2NvdW50Ijo1LCJncm91cF9ieSI6ImVzdGFibGlzaG1lbnRfdHlwZSJ9 11e12081aa78a3375087 9d762fa16edc05a3c1f2 b979faa093058ea41897894dc2cfbb42 00516b25b63e75d952404f706ae6a42d 389C9738-A761-44DE-8A66-1668CFD67DA1 c56fb7d591ba6704df047fd98f535372fea00211 e0d06082745ce684f01a 521fe7ea6978753fc0345ce2543569be c335cab3-8a6c-484c-99fd-c2ce8319d8bd 08cefb705e77264e3d329022e612559e dacf8be919a342da6b9726a3c3e6ab27 73bd5c38b94efedeae82 94194ed7fe3a7423e9e5 deb05e14bd1124d0644e c4171614448e750850bd4daca2c7e8d1 3c69d8421a77f8f8b611 8a03e08e354a73ac49509c8b708fbe15aee2fb2a d67afc830dab717fd163bfcb0b8b88423e9a1a3b e78bf690821dd6648b00 cc2751449a350f668590264ed76692694a80308a 00b1283b-7937-4e6c-9349-a30c60d15f68 c06c8400-8e06-11e0-9cb6-0002a5d5c51b ac72c06b37efb89e6417a7707016d4f5 9b970b014a2b47e6bdd6 20743b6a80d6f42a660c a0fd32816f73961748cf 5a2fd085f8909bd1dca79a7cf1ffda37 83b4708e0186bbea83a90fae0a92399e fdJ7dmS2RIehpBYh1RavlnfmBsoN9MOB 0db7e16e692dd960d6a5 9034f57360cfc17846093bfbb15f84d3 2363f695-34cf-4bdf-9fbf-3f21ec45feab 9b8f518b086098de3d77736f9458a3d2f6f95a37 U2FsdGVkX1/XKkDtSZFXx4y5WDpbLJj7dvBGVkij8UXDahgYYGs9+KGwosQkr7q3 9012656d290ec65ef174 6c586c50cc908b1cb1f817075b390867 bb392ec0-8d4d-11e0-a896-0002a5d5c51b 0c744be4-aa46-4cbd-a740-91462c3a0a71 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 38e2c21bd8f0fac0f4a6a32eb38ed5b6 5958396e13286eb9b1662609b2df242d 9666149ab6c9c75ff1de825247523fc148661fd07bcd04d7b4f2434e44587ce3 6c70a438bfb5e0363c4ecf2aec86a558 e32b5c036afa5864ba9e1c0a19aa7761 103d6135ee749da8a725 fd695feec70db4dfc8e3a8d712766f6b a1a521fb5347ca015fe7 e17a202b-ee1d-4c7b-94d6-16711f09fb6e 52ba629a6f777a4f1f6df0ed71f255a8 cad77174ab6cab778e3462723f4f37ac d55c4a3c1fc25547674bc2387b576286 16c914dc4232379c5b436798b3013bd7 241b6641fe4343119982 1cdd81323d5286e9fa47 72e03bed5d6fa8c19353551e276b1b7a a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc 38d5e4c09a926d65b6559d4ba9459204 a2748a77689c25a494efd14e98b2518b 9bdf76ed3642aff943fab8a876e5fa2f c0d03d4bc583e2225dc8 ce7dfea3a6afdc3552b612998333bfae cfd49c20e16ab8f21a81 071e4a8ab3936fb06a74f9db59b49a6c 0ac1169ae6cead75264c725febd8e8d941f25e31 34a95114fe87494aa17030c337077dd9 a70b1841a05694f746087779f5a5c887 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 e6725f7e7fbab8ac24612f03d3373a78 d94a0854185332e78d1b 272b73a7322a8a9075bc0b694fb7db5a e1ff492228196aa72f4892db1e05624e d1cd941e9361399f0433d63e6f7d7c76
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a4/d.java, line(s) 58,62 b4/a.java, line(s) 90 cl/json/d.java, line(s) 34 cl/json/social/o.java, line(s) 28,32,41 com/contentsquare/rn/utils/a.java, line(s) 37,43,47,49 com/henninghall/date_picker/pickers/AndroidNative.java, line(s) 148,150,152 com/horcrux/svg/ClipPathView.java, line(s) 17 com/horcrux/svg/LinearGradientView.java, line(s) 43 com/horcrux/svg/PatternView.java, line(s) 66 com/horcrux/svg/RadialGradientView.java, line(s) 65 com/horcrux/svg/SvgViewManager.java, line(s) 237 com/horcrux/svg/UseView.java, line(s) 46,90,117 com/horcrux/svg/VirtualView.java, line(s) 313,557,561,579 com/horcrux/svg/a.java, line(s) 166,193 com/horcrux/svg/m.java, line(s) 25 com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 291,351,688,843,877,883,1059,1075 com/learnium/RNDeviceInfo/d.java, line(s) 53 com/learnium/RNDeviceInfo/f.java, line(s) 63,86 com/locon/chat/data/remote/b.java, line(s) 225 com/locon/chat/presentation/ui/viewmodels/k2.java, line(s) 299 com/locon/chat/presentation/ui/viewmodels/s0.java, line(s) 154,281 com/locon/chat/presentation/ui/viewmodels/y1.java, line(s) 56 com/locon/chat/presentation/ui/viewmodels/z1.java, line(s) 50 com/locon/core/data/C0508m.java, line(s) 1426 com/locon/core/data/bulk/aa.java, line(s) 778 com/locon/core/data/bulk/gf.java, line(s) 676,677 com/locon/domain/usecases/filters/FilterViewModel.java, line(s) 743,744 com/locon/home/presentation/ui/components/sections/r0.java, line(s) 40 com/locon/home/presentation/ui/handler/j0.java, line(s) 37 com/locon/map/presentation/ui/viewModels/i.java, line(s) 97 com/locon/presentation/screens/filters/FilterViewModel.java, line(s) 724,725 com/locon/presentation/ui/m.java, line(s) 1504 com/locon/presentation/ui/viewmodels/aa.java, line(s) 1034 com/locon/presentation/ui/viewmodels/gf.java, line(s) 806,807 com/moengage/core/internal/d.java, line(s) 52 com/moengage/datatype/MOEDatetime.java, line(s) 75,80 com/newrelic/agent/android/AndroidAgentImpl.java, line(s) 639,449,458,450,643,646 com/newrelic/agent/android/NewRelic.java, line(s) 395,384 com/newrelic/agent/android/SavedState.java, line(s) 569,561,565 com/newrelic/agent/android/aei/AEITraceReporter.java, line(s) 70,71,113,111 com/newrelic/agent/android/aei/ApplicationExitMonitor.java, line(s) 218 com/newrelic/agent/android/agentdata/AgentDataController.java, line(s) 133 com/newrelic/agent/android/analytics/AnalyticsControllerImpl.java, line(s) 405,234,244,252,629,660,673,703,735,175,120,167,215,219,621 com/newrelic/agent/android/analytics/EventManagerImpl.java, line(s) 72,70 com/newrelic/agent/android/crash/UncaughtExceptionHandler.java, line(s) 85,86 com/newrelic/agent/android/harvest/Harvest.java, line(s) 64,315,318 com/newrelic/agent/android/harvest/HarvestTimer.java, line(s) 53 com/newrelic/agent/android/hybrid/data/DataController.java, line(s) 107 com/newrelic/agent/android/instrumentation/LogInstrumentation.java, line(s) 21,66,30,75,39,84,48,91,57,100 com/newrelic/agent/android/instrumentation/TransactionState.java, line(s) 279 com/newrelic/agent/android/instrumentation/io/CountingInputStream.java, line(s) 302 com/newrelic/agent/android/logging/AndroidAgentLog.java, line(s) 12,19,26,67,38,53,60 com/newrelic/agent/android/logging/ConsoleAgentLog.java, line(s) 9 com/newrelic/agent/android/logging/LogForwarder.java, line(s) 66,69 com/newrelic/agent/android/logging/LogReporter.java, line(s) 170,173,175 com/newrelic/agent/android/logging/LogReporting.java, line(s) 145,130,138,140,134 com/newrelic/agent/android/logging/Logger.java, line(s) 61,46,54,56,50 com/newrelic/agent/android/measurement/BaseMeasurement.java, line(s) 120 com/newrelic/agent/android/rum/AppApplicationLifeCycle.java, line(s) 96,109 com/newrelic/agent/android/sample/Sampler.java, line(s) 104,105,243,250 com/newrelic/agent/android/stores/SharedPrefsAnalyticsAttributeStore.java, line(s) 57 com/newrelic/agent/android/tracing/ActivityTrace.java, line(s) 207,234 com/newrelic/agent/android/tracing/TraceMachine.java, line(s) 507,508 com/newrelic/agent/android/util/AgentBuildOptionsReporter.java, line(s) 7,8 com/newrelic/agent/android/util/ExceptionHelper.java, line(s) 68 com/razorpay/BaseUtils.java, line(s) 889 com/reactnativecommunity/webview/RNCWebView.java, line(s) 113 com/reactnativecommunity/webview/RNCWebViewClient.java, line(s) 213,180,199 com/reactnativedocumentpicker/e.java, line(s) 98,48 com/rnmaps/maps/a.java, line(s) 79 dr/d.java, line(s) 41,63 g2/b.java, line(s) 136,155 hr/b.java, line(s) 73 i1/a.java, line(s) 58 io/sentry/android/core/l.java, line(s) 71 io/sentry/android/replay/a0.java, line(s) 64,115 io/sentry/c5.java, line(s) 33 l2/a.java, line(s) 31 m3/b.java, line(s) 164,572,649 m3/h.java, line(s) 68,98,110 na/a.java, line(s) 47,53 net/time4j/i18n/i.java, line(s) 47 o3/a.java, line(s) 369 o8/a.java, line(s) 14,21,28 org/jivesoftware/smack/debugger/ConsoleDebugger.java, line(s) 23 org/jivesoftware/smack/roster/rosterstore/DirectoryRosterStore.java, line(s) 71 q2/a.java, line(s) 82,39 q3/a.java, line(s) 271,334,337 r3/a.java, line(s) 163,167 r4/a.java, line(s) 10,16 s1/f.java, line(s) 38,42,46,68,72,76 s1/l.java, line(s) 30 t2/c.java, line(s) 37 t3/c.java, line(s) 48 u2/k.java, line(s) 166 u2/l.java, line(s) 325 x2/h.java, line(s) 257,400 y3/a.java, line(s) 42
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/chuckerteam/chucker/internal/ui/transaction/r.java, line(s) 4,380,381 com/locon/housing/presentation/MainActivity.java, line(s) 6,604,605 com/moengage/core/internal/utils/CoreUtils.java, line(s) 8,263 com/razorpay/RzpAssist.java, line(s) 5,152
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://river-oxygen-792.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/cashfree/pg/network/n.java, line(s) 48,47,45,45 org/jivesoftware/smack/util/TLSUtils.java, line(s) 50,56 tp/a.java, line(s) 49,29,48,47,47
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: io/sentry/android/core/internal/util/k.java, line(s) 40,40,40,40,40,40 v4/d.java, line(s) 31,24,25,25,25,25,25,25
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/1059595317196/namespaces/firebase:fetch?key=AIzaSyCganBmIOqIteOqfQLvS850sNoWBHQQUvY ) 已禁用。响应内容如下所示: 响应码是 403
综合安全基线评分总结
Housing v14.7.8
Android APK
50
综合安全评分
中风险