应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
SpeedCash v6.5.1482
47
安全评分
安全基线评分
47/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
6
高危
33
中危
3
信息
3
安全
隐私风险评估
7
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
6
中危安全漏洞
33
安全提示信息
3
已通过安全项
3
重点安全关注
0
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/bm/sc/bebasbayar/helper/WidgetHelper.java, line(s) 63,112,61,110 com/bm/sc/bebasbayar/ui/activity/FCMPopupActivity.java, line(s) 246,244 com/bm/sc/bebasbayar/ui/activity/PajakKolektifActivity.java, line(s) 56,54 com/bm/sc/bebasbayar/ui/activity/info/AuthWebViewActivity.java, line(s) 36,34 com/bm/sc/bebasbayar/ui/activity/info/HelpActivity.java, line(s) 213,211 com/bm/sc/bebasbayar/ui/activity/info/OpenPaymentWebViewActivity.java, line(s) 38,36 com/bm/sc/bebasbayar/ui/activity/info/OpenWebViewActivity.java, line(s) 38,36 com/bm/sc/bebasbayar/ui/activity/ubp/GameActivity.java, line(s) 458,456 com/bm/sc/bebasbayar/ui/activity/ubp/StreamingActivity.java, line(s) 449,447 com/bm/sc/bebasbayar/ui/fragment/cash/InvoiceHelpFragment.java, line(s) 59,57 com/bm/sc/bebasbayar/ui/fragment/home/IncomeBonusFragment.java, line(s) 95,93
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/bm/sc/bebasbayar/cardnfc/bni/tapcashgo/tapcashgo752a.java, line(s) 28,42 com/bm/sc/bebasbayar/ui/LockActivity.java, line(s) 385 com/bm/sc/bebasbayar/ui/activity/auth/FingerprintActivity.java, line(s) 149 com/bm/sc/bebasbayar/ui/fragment/home/ProfileFragment.java, line(s) 743 com/bm/sc/util/format/CastleCrypt.java, line(s) 33,40 com/bm/sc/util/format/Encrypt.java, line(s) 61
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/bm/sc/bebasbayar/adapter/list/promotion/EmailPromotionAdapter.java, line(s) 91,5 com/bm/sc/bebasbayar/ui/activity/FCMPopupActivity.java, line(s) 158,162,19,20 com/bm/sc/bebasbayar/ui/activity/info/HelpActivity.java, line(s) 394,401,19,20 com/bm/sc/bebasbayar/ui/fragment/cash/InvoiceHelpFragment.java, line(s) 53,14,15 com/bm/sc/bebasbayar/ui/fragment/dialog/ListBeritaFragment.java, line(s) 102,8
高危安全漏洞 使用弱加密算法
使用弱加密算法 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/bm/sc/bebasbayar/cardnfc/bri/ku.java, line(s) 92,154,174,204
高危安全漏洞 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: com/bm/sc/util/format/Encrypt.java, line(s) 77,138
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个7隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (com.bm.sc.bebasbayar.ui.activity.tcico.QRGeneratorViewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.bm.sc.bebasbayar.ui.activity.cash.SourceOfFundActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.bm.sc.bebasbayar.ui.activity.ubp.CekSaldoEmoneyActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.bm.sc.kotlin.ui.ShareActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.bm.sc.bebasbayar.service.BBReferrerReceiver) 受权限保护,但应检查权限保护级别。
Permission: TODO [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.bm.sc.bebasbayar.service.BBPhoneStateReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.bm.sc.bebasbayar.service.BBSmsReceiver) 受权限保护,但应检查权限保护级别。
Permission: TODO [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.bm.sc.bebasbayar.service.BBFourDigitReceiver) 受权限保护,但应检查权限保护级别。
Permission: TODO [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.bm.sc.bebasbayar.service.BBUpdateNotificationReceiver) 受权限保护,但应检查权限保护级别。
Permission: TODO [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.gms.analytics.CampaignTrackingService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.bm.sc.bebasbayar.service.BBNotificationService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_NOTIFICATION_LISTENER_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.GenericIdpActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.RecaptchaActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.google.android.gms.appinvite.PreviewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.google.android.gms.tagmanager.TagManagerPreviewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/bm/sc/auth/ui/home/HomeFragment.java, line(s) 809,839 com/bm/sc/auth/ui/home/HomeFragment1.java, line(s) 1173,1203 com/bm/sc/auth/ui/inbox/DetailPromoActivity.java, line(s) 115,145 com/bm/sc/bebasbayar/helper/WidgetHelper.java, line(s) 465,537,452,524 com/bm/sc/bebasbayar/ui/activity/PajakKolektifActivity.java, line(s) 339,331 com/bm/sc/bebasbayar/ui/activity/SurpriseActivity.java, line(s) 125,127 com/bm/sc/bebasbayar/ui/activity/account/DownlineLandingActivity.java, line(s) 147,149 com/bm/sc/bebasbayar/ui/activity/cash/DepositActivity.java, line(s) 575,577 com/bm/sc/bebasbayar/ui/activity/cash/DepositFormRegisterActivity.java, line(s) 160,163 com/bm/sc/bebasbayar/ui/activity/info/AuthWebViewActivity.java, line(s) 99,103 com/bm/sc/bebasbayar/ui/activity/info/HelpActivity.java, line(s) 475,472 com/bm/sc/bebasbayar/ui/activity/info/OpenWebViewActivity.java, line(s) 144,148 com/bm/sc/bebasbayar/ui/fragment/cash/InvoiceHelpFragment.java, line(s) 156,159 com/bm/sc/bebasbayar/ui/fragment/home/IncomeBonusFragment.java, line(s) 402,406 com/bm/sc/bebasbayar/ui/fragment/home/MissionFragment.java, line(s) 86,88
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/bm/sc/auth/ui/base/common/CameraActivity.java, line(s) 107 com/bm/sc/bebasbayar/ui/activity/account/BerbagiActivity.java, line(s) 158 com/bm/sc/bebasbayar/ui/activity/account/DetailDocumentActivity.java, line(s) 258 com/bm/sc/bebasbayar/ui/activity/account/ProfilePictureActivity.java, line(s) 254 com/bm/sc/bebasbayar/ui/fragment/kyc/KycCameraCardFragment.java, line(s) 130 com/bm/sc/bebasbayar/ui/fragment/kyc/KycCameraFaceFragment.java, line(s) 130 com/bm/sc/util/android/Imagery.java, line(s) 442 com/journeyapps/barcodescanner/CaptureManager.java, line(s) 237 com/rajat/pdfviewer/util/FileUtils.java, line(s) 117 com/theartofdev/edmodo/cropper/CropImageActivity.java, line(s) 47 com/theartofdev/edmodo/cropper/b.java, line(s) 92
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/theartofdev/edmodo/cropper/BuildConfig.java, line(s) 9 io/grpc/okhttp/h.java, line(s) 379,387,396,392
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/ekyc/bigvision/LiveActivity.java, line(s) 139,137
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/andrognito/patternlockview/utils/RandomUtils.java, line(s) 4 com/bm/sc/bebasbayar/cardnfc/bni/tapcashgo/card/tapcash/tapcashparseb.java, line(s) 14 com/bm/sc/bebasbayar/ui/activity/account/DownlineAddActivity.java, line(s) 32 com/bm/sc/bebasbayar/ui/activity/auth/RegisterActivity.java, line(s) 51 com/bm/sc/bebasbayar/ui/activity/tcico/QRGeneratorViewActivity.java, line(s) 43 com/bm/sc/util/format/Encrypt.java, line(s) 12 io/grpc/internal/DnsNameResolver.java, line(s) 31 io/grpc/internal/ExponentialBackoffPolicy.java, line(s) 5 io/grpc/internal/o.java, line(s) 26 io/grpc/okhttp/d.java, line(s) 71 io/grpc/util/OutlierDetectionLoadBalancer.java, line(s) 27 nl/dionsegijn/konfetti/core/emitter/PartyEmitter.java, line(s) 9
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/bm/sc/auth/helper/DataStoreHelper.java, line(s) 35 com/bm/sc/auth/other/StartConfig.java, line(s) 194 com/bm/sc/bebasbayar/BuildConfig.java, line(s) 15 com/bm/sc/bebasbayar/handler/MessageComposer.java, line(s) 10 com/bm/sc/bebasbayar/message/mp/DimoMessage.java, line(s) 109 com/bm/sc/bebasbayar/message/mp/LoginMessage.java, line(s) 28 com/bm/sc/bebasbayar/setting/ApiConfig.java, line(s) 32 com/bm/sc/bebasbayar/setting/session/AppSession.java, line(s) 24 com/bm/sc/bebasbayar/setting/session/ConfigSession.java, line(s) 85,82 com/bm/sc/bebasbayar/setting/session/DataSession.java, line(s) 29 com/bm/sc/bebasbayar/setting/session/DimoSession.java, line(s) 6 com/bm/sc/bebasbayar/ui/activity/account/DetailAccountActivity.java, line(s) 48,46,40,41,42,43,44,45 com/bm/sc/bebasbayar/ui/activity/account/DetailBankActivity.java, line(s) 30 com/bm/sc/bebasbayar/ui/fragment/home/ProfileFragment.java, line(s) 118,117,121,119,120 com/bm/sc/ecommerce/data/remote/form/TokenForm.java, line(s) 163 com/bm/sc/ecommerce/data/remote/response/DataResponse.java, line(s) 1960 com/bm/sc/ecommerce/data/remote/response/ProductDetailItem.java, line(s) 121 com/rabbitmq/client/ConnectionFactory.java, line(s) 51 com/rabbitmq/client/ConnectionFactoryConfigurator.java, line(s) 34,38 com/rabbitmq/client/Envelope.java, line(s) 33 com/rabbitmq/client/impl/recovery/RecordedExchangeBinding.java, line(s) 16 com/rabbitmq/client/impl/recovery/RecordedQueueBinding.java, line(s) 16 io/grpc/internal/TransportFrameUtil.java, line(s) 82
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/bm/sc/bebasbayar/service/BBDownloadManager.java, line(s) 129,136 com/bm/sc/bebasbayar/ui/activity/account/BerbagiActivity.java, line(s) 158 com/bm/sc/bebasbayar/ui/activity/account/ProfilePictureActivity.java, line(s) 197,372 com/bm/sc/bebasbayar/ui/activity/tcico/QRGeneratorViewActivity.java, line(s) 185,210 com/bm/sc/util/android/Imagery.java, line(s) 326,514,643,645,764,772,776,828,855 com/bm/sc/util/android/JavaScriptInterface.java, line(s) 35 com/github/mikephil/charting/charts/Chart.java, line(s) 570,617 com/github/mikephil/charting/utils/FileUtils.java, line(s) 121,149 com/rajat/pdfviewer/PdfViewerActivity.java, line(s) 814 com/rajat/pdfviewer/util/FileUtils.java, line(s) 92
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/andrognito/patternlockview/utils/PatternLockUtils.java, line(s) 141 com/bm/sc/util/format/Encrypt.java, line(s) 157
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/andrognito/patternlockview/utils/PatternLockUtils.java, line(s) 152 com/bm/sc/util/format/Encrypt.java, line(s) 148
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/bm/sc/bebasbayar/cardnfc/bni/tapcashgo/provider/tapcashgo784a.java, line(s) 5,6,24,34,36,37
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.google.android.geo.API_KEY" : "AIzaSyDTjfk1pzyrArFbvX_AlsJ8E-p74SNBLY0" "com.google.firebase.crashlytics.mapping_file_id" : "09936a89a1bf427288367cb7579085fb" "facebook_app_id" : "661682198317856" "facebook_client_token" : "121eb359927c529698ca809640af6415" "firebase_database_url" : "https://api-project-292053615616.firebaseio.com" "google_api_key" : "AIzaSyCd20eBv32ADeePkTdScV-bG21XYAyIzBc" "google_app_id" : "1:292053615616:android:b09974080e3c1421" "google_crash_reporting_api_key" : "AIzaSyCd20eBv32ADeePkTdScV-bG21XYAyIzBc" "library_appintro_authorWebsite" : "http://paolorotolo.github.io/" "tiktok_app_id" : "7496554969823379473" "transition_auth_icon" : "trans:auth:icon" "transition_auth_title" : "trans:auth:title" 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 c56fb7d591ba6704df047fd98f535372fea00211 cc2751449a350f668590264ed76692694a80308a 76258302-46d7-451e-bcb5-3876f1194e2d 9b8f518b086098de3d77736f9458a3d2f6f95a37 8DC0DC40FE1DC582CF7099E2AACFBC10 3C37029CA595FE4E7E62FCB2F7909B2C C152153D5807784C721A433B5B59636D PSCIQGfoZidjEuWtJAdn1JGYzKDonk9YblI0uv96O8s= df6b721c8b4d3b6eb44c861d4415007e5a35fc95 a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/bm/sc/bebasbayar/cardnfc/MyClipboardManager.java, line(s) 5,84 com/bm/sc/bebasbayar/helper/Affinity.java, line(s) 7,2335,2346,2357,2368 com/bm/sc/util/android/JSInterface.java, line(s) 5,23
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a/f.java, line(s) 9 com/bm/sc/bebasbayar/cardnfc/lib/bca/SClassLoader.java, line(s) 17,20 com/bm/sc/bebasbayar/ui/activity/cash/QRPay2Activity.java, line(s) 833 com/bm/sc/bebasbayar/ui/activity/cash/QRPayActivity.java, line(s) 888 com/bm/sc/util/format/Encrypt.java, line(s) 81 com/wdullaer/materialdatetimepicker/date/DayPickerView.java, line(s) 67,207,223 eu/davidea/fastscroller/FastScroller.java, line(s) 357 eu/davidea/flexibleadapter/SelectableAdapter.java, line(s) 74 eu/davidea/flexibleadapter/common/FlexibleItemAnimator.java, line(s) 713,721 eu/davidea/flexibleadapter/helpers/ActionModeHelper.java, line(s) 117,126 eu/davidea/flexibleadapter/helpers/StickyHeaderHelper.java, line(s) 99,133,266,338,216,219,62 eu/davidea/flexibleadapter/helpers/UndoHelper.java, line(s) 117,123,130,152,49,94,144 eu/davidea/flexibleadapter/utils/Log.java, line(s) 123,143 eu/davidea/flexibleadapter/utils/Logger.java, line(s) 12,18,24,30,36,42,48,54,60,43,61 eu/davidea/viewholders/FlexibleViewHolder.java, line(s) 68,81,100,114,117,150,163,160 io/grpc/internal/l.java, line(s) 1674 io/grpc/okhttp/internal/Platform.java, line(s) 447 org/greenrobot/eventbus/Logger.java, line(s) 35,40 org/simalliance/openmobileapi/service/SmartcardError.java, line(s) 82
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://api-project-292053615616.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/bm/sc/auth/ui/ShareActivity.java, line(s) 627 com/bm/sc/auth/ui/SplashActivity.java, line(s) 372 com/bm/sc/util/android/Device.java, line(s) 139,123,127,87,127,127,127,127,127,326
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/bm/sc/bebasbayar/cardnfc/bni/tapcashgo/tapcashgo775i.java, line(s) 30,29,30,28,28 com/bm/sc/bebasbayar/service/BBDonwloadPdfService.java, line(s) 165,165 com/bm/sc/ecommerce/data/remote/RetrofitInstance.java, line(s) 54,87 de/timroes/axmlrpc/XMLRPCClient.java, line(s) 125,118 io/grpc/okhttp/OkHttpChannelBuilder.java, line(s) 356,423,424,329,355,437,352,354,354 io/grpc/okhttp/OkHttpServerBuilder.java, line(s) 238,239,252 io/grpc/util/AdvancedTlsX509TrustManager.java, line(s) 118,117,219,116,116,135
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/292053615616/namespaces/firebase:fetch?key=AIzaSyCd20eBv32ADeePkTdScV-bG21XYAyIzBc ) 已禁用。响应内容如下所示: 响应码是 403
综合安全基线评分总结
SpeedCash v6.5.1482
Android APK
47
综合安全评分
中风险