应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
CityMall v1.42.1
46
安全评分
安全基线评分
46/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
5
高危
28
中危
5
信息
2
安全
隐私风险评估
9
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
5
中危安全漏洞
28
安全提示信息
5
已通过安全项
2
重点安全关注
0
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: N0/a.java, line(s) 61
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/reactnativecommunity/webview/k.java, line(s) 555,16
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/clevertap/android/sdk/inapp/AbstractC0786f.java, line(s) 134,12,13 com/clevertap/android/sdk/inapp/AbstractC1082f.java, line(s) 134,12,13 com/clevertap/android/sdk/inapp/AbstractViewOnTouchListenerC0789i.java, line(s) 141,16,17 com/clevertap/android/sdk/inapp/AbstractViewOnTouchListenerC1085i.java, line(s) 141,16,17 com/reactnativecommunity/webview/k.java, line(s) 216,16 in/juspay/hypersdk/core/DynamicUI.java, line(s) 214,423,10 in/juspay/hypersdk/safe/JuspayWebView.java, line(s) 61,9,10
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: in/juspay/hypersdk/core/AndroidInterface.java, line(s) 684 in/juspay/hypersdk/data/KeyValueStore.java, line(s) 14
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个9隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Broadcast Receiver (live.citymall.customer.NotificationDismissBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (live.citymall.customer.FullScreenPushNotificationActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (live.citymall.customer.OverlayFlow.ProductsModalActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (io.invertase.firebase.messaging.ReactNativeFirebaseMessagingReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.clevertap.android.sdk.pushnotification.fcm.CTFirebaseMessagingReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.adster.sdk.mediation.adster.AdSterInterstitialActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (in.juspay.hypersdk.core.CustomtabResult) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 IP地址泄露
IP地址泄露 Files: R3/AbstractC1218a.java, line(s) 81,81 R3/AbstractC6843a.java, line(s) 156,156 com/adster/sdk/mediation/customevent/AdSterMediationCustomEvent.java, line(s) 66 com/clevertap/android/sdk/CleverTapAPI.java, line(s) 788 e6/C0214a.java, line(s) 8,9,10,11,12 e6/C6315a.java, line(s) 9,11,13,15,17
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: M4/AbstractC0080k0.java, line(s) 39 M4/AbstractC0559k0.java, line(s) 40 N0/a.java, line(s) 60 com/RNFetchBlob/h.java, line(s) 58 in/juspay/hypersdk/security/EncryptionHelper.java, line(s) 153,231
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: F5/o.java, line(s) 9 Y6/a.java, line(s) 3 Y6/b.java, line(s) 3 c7/d.java, line(s) 10 c7/g.java, line(s) 7 com/clevertap/android/sdk/pushnotification/c.java, line(s) 11 com/simpl/android/fingerprint/a/a.java, line(s) 3 i0/C1089a.java, line(s) 24 i0/C6431a.java, line(s) 25 i0/g.java, line(s) 15 p7/s.java, line(s) 11 z6/a.java, line(s) 3
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/clevertap/android/sdk/inapp/AbstractC0786f.java, line(s) 74,69 com/clevertap/android/sdk/inapp/AbstractC1082f.java, line(s) 74,69 com/clevertap/android/sdk/inapp/AbstractViewOnTouchListenerC0789i.java, line(s) 120,115 com/clevertap/android/sdk/inapp/AbstractViewOnTouchListenerC1085i.java, line(s) 120,115 in/juspay/hypersdk/core/DynamicUI.java, line(s) 145,168,244,143 in/juspay/hypersdk/safe/Godel.java, line(s) 375,636,630
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: in/juspay/hypersdk/safe/Godel.java, line(s) 643,630
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: C2/a.java, line(s) 84 Q1/g.java, line(s) 84 com/adster/sdk/mediation/Settings.java, line(s) 81 com/adster/sdk/mediation/analytics/AnalyticsConstants.java, line(s) 67 com/heanoria/library/reactnative/locationenabler/AndroidLocationEnablerModule.java, line(s) 51,54 com/sudoplz/rninappupdates/SpReactNativeInAppUpdatesModule.java, line(s) 35,36 live/citymall/customer/BuildConfig.java, line(s) 15,17,14,22
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/reactnativecommunity/webview/m.java, line(s) 292 com/rnmaps/maps/MapModule.java, line(s) 80 com/rnmaps/maps/a.java, line(s) 22 io/sentry/react/m.java, line(s) 735
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: S1/c.java, line(s) 13 io/sentry/util/t.java, line(s) 19
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: H0/AbstractC1082a.java, line(s) 40 H0/AbstractC6409a.java, line(s) 84 P1/a.java, line(s) 52 P3/D3.java, line(s) 19 com/RNFetchBlob/d.java, line(s) 514,540,459,509,521,522,532,533,534,535,536,537,538,539 com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 401 com/reactnativecommunity/webview/m.java, line(s) 292 io/invertase/firebase/utils/ReactNativeFirebaseUtilsModule.java, line(s) 113,122,123,124 io/sentry/android/core/Y.java, line(s) 263,245
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: io/sentry/android/core/internal/util/m.java, line(s) 21,21,21,21,21
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: X/a.java, line(s) 4,5,6,7,58,88 com/reactnativecommunity/asyncstorage/k.java, line(s) 4,5,6,46
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/84670138342/namespaces/firebase:fetch?key=AIzaSyBwdbXDOPT3Ocu2Cu-YiXpNQwJvvbJxs20 ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"ab_cat_nav": "list",
"ab_cat_screen_type": "A",
"ab_cl_signup_test": "true",
"ab_cl_welcome": "yes",
"ab_combined_pdu_see_all": "AB",
"ab_home_pdu": "b",
"ab_onboarding_flow": "default",
"ab_self_order": "yes",
"ab_show_truecaller": "false",
"ab_show_voice_assistant": "true",
"ab_test_remote_config": "test",
"autofill_and_submit": "true",
"autofill_num_otp": "false",
"cx_old_ref": "false",
"new_carousel_obd": "true",
"new_signup_design": "false"
},
"state": "UPDATE",
"templateVersion": "60"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.google.android.geo.API_KEY" : "AIzaSyBwdbXDOPT3Ocu2Cu-YiXpNQwJvvbJxs20" AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-3565148233967310~1197821272" "CLEVERTAP_TOKEN" : "313-024" "CODE_PUSH_DEPLOYMENT_KEY" : "Lvo3UjrK3atCul6lScsZ-D6IBDTA415NuVJpbg" "CODE_PUSH_IOS_DEPLOYMENT_KEY" : "CZ0j_BAD3vHOOdTT262zmK34SlMGEa1DJvaNO" "CodePushDeploymentKey" : "Lvo3UjrK3atCul6lScsZ-D6IBDTA415NuVJpbg" "FINGERPRINT_API_KEY" : "GK70Q8NPPu0Y8626EMpp" "SEGMENT_WRITE_KEY" : "RVWSJPgYiFyskgd6kyGSKRbImaGkDQyh" "facebook_app_id" : "237892067883924" "facebook_client_token" : "3bd51846376b1a8f39fc461839dcf613" "firebase_database_url" : "https://citymall-production.firebaseio.com" "google_api_key" : "AIzaSyBwdbXDOPT3Ocu2Cu-YiXpNQwJvvbJxs20" "google_app_id" : "1:84670138342:android:2432e6ac90e50633007827" "google_crash_reporting_api_key" : "AIzaSyBwdbXDOPT3Ocu2Cu-YiXpNQwJvvbJxs20" "google_maps_key" : "AIzaSyBwdbXDOPT3Ocu2Cu-YiXpNQwJvvbJxs20" "partnerKey" : "kGpkiafa1dfe50dee4c1bbb3fe6f328d7f241" af335d0fed519cc08b0036993d32039f fb68fde12f8d24307fa351f463d75d12 115792089210356248762697446949407573529996955224135760342422259061068512044369 115792089210356248762697446949407573530086143415290314195533631308867097853948 41058363725152142129326129780047268409114441015993725554835256314039467401291 6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 32670510020758816978083085130507043184471273380659243275938904335757337482424 39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 224c3ffff78ae826bfc9dfe18922542e 115792089237316195423570985008687907853269984665640564039457584007908834671663 1093849038073734274511112390766805569936207598951683748994586394495953116150735016013708737573759623248592132296706313309438452531591012912142327488478985984 9b8f518b086098de3d77736f9458a3d2f6f95a37 AIzaSyBShZuY5vUGzpbJBUTPI6Bsbp2pUdoN7sc 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057148 655f28c6b3db8e0011b3c2e6 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc 0123456789ABCDEFGHJKMNPQRSTVWXYZ 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112316 18f745834c88b68ad85d5c7c2fa66684 8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 115792089210356248762697446949407573530086143415290314195533631308867097853951 115792089237316195423570985008687907852837564279074904382605163141518161494337 B3EEABB8EE11C2BE770B684D95219ECB 92e24361a6a4ab3cf83269 df6b721c8b4d3b6eb44c861d4415007e5a35fc95 36134250956749795798585127919587881956611106672985015071877198253568414405109 27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 06fb64cac8eb430969eab1280199347b 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 3757180025770020463545507224491183603594455134769762486694567779615544477440556316691234405012945539562144444537289428522585666729196580810124344277578376784 2661740802050217063228768716723360960729859168756973147706671368418802944996427808491545080627771902352094241225065558662157113545570916814161637315895999846 cc2751449a350f668590264ed76692694a80308a 4009cd7a8ef2b0695ec9c1714e5c9702 48439561293906451759052585252797914202762949526041747995844080717082404635286 55066263022277343669578718895168534326250603453777594175500187360389116729240 c56fb7d591ba6704df047fd98f535372fea00211
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: A1/g.java, line(s) 202 A1/j.java, line(s) 184 A1/k.java, line(s) 143,147,281 C2/C0747d.java, line(s) 15 C2/C1031d.java, line(s) 15 C4/i.java, line(s) 39,68,75,78,91,94,97,100,103 E0/C1035a.java, line(s) 220,230,257,261,280,284 E0/C6300a.java, line(s) 221,231,258,262,281,285 E0/d.java, line(s) 40 F0/C1052h.java, line(s) 40,49 F0/C6361h.java, line(s) 43,52 F0/e.java, line(s) 22 F4/AbstractC6372a.java, line(s) 15,22,29,14,21,28,42,43,49,50 F4/a.java, line(s) 15,22,29,14,21,28,42,43,49,50 F5/f.java, line(s) 41 F5/n.java, line(s) 46,54,91 G4/k.java, line(s) 56,62,74,95,102 G5/c.java, line(s) 145,178 H5/AbstractC3999b.java, line(s) 54 H5/AbstractC6424b.java, line(s) 66 H6/g.java, line(s) 33 H6/m.java, line(s) 76,235 I2/f.java, line(s) 124 I2/l.java, line(s) 92 I6/j.java, line(s) 33 I6/n.java, line(s) 70,184 L/a.java, line(s) 31 M4/AbstractC0086n0.java, line(s) 45 M4/AbstractC0565n0.java, line(s) 45 M4/C0081l.java, line(s) 46,50,62,69 M4/C0085n.java, line(s) 45,49,58 M4/C0560l.java, line(s) 49,53,65,72 M4/C0564n.java, line(s) 49,53,62 M4/K.java, line(s) 37,55 M4/O0.java, line(s) 31,42,47,58,60 M4/P.java, line(s) 31 M4/Q0.java, line(s) 16,18 M4/T0.java, line(s) 88 M4/Y.java, line(s) 46,50,55,191 M4/g1.java, line(s) 297 N3/a.java, line(s) 29,32,48 N3/b.java, line(s) 42,49 O/a.java, line(s) 178,183,190,194,210,220 P0/C1182b.java, line(s) 540 P0/C6793b.java, line(s) 540 Q0/C1190a.java, line(s) 85,84 Q0/C6808a.java, line(s) 86,85 Q0/b.java, line(s) 39 R/C6825f.java, line(s) 455 R/n.java, line(s) 34 R1/h.java, line(s) 149,159,167,252,301,312,333,355 S1/C1228e.java, line(s) 52 S1/C1229f.java, line(s) 111,135 S1/C6858e.java, line(s) 52 S1/C6859f.java, line(s) 151,175 S4/C4046e.java, line(s) 34 S4/C6868e.java, line(s) 37 S4/v.java, line(s) 23,56,32 V3/d.java, line(s) 163 W4/a.java, line(s) 106,176,188,258,201,273 Y4/C4102a.java, line(s) 41,46,33 Y4/C7017a.java, line(s) 45,50,37 Y4/h.java, line(s) 49 Z/C1308a.java, line(s) 110 Z/C7024a.java, line(s) 110 Z4/b.java, line(s) 55,66 a0/AbstractC0571a.java, line(s) 75 a0/AbstractC0832a.java, line(s) 75 a0/b.java, line(s) 20 a4/f.java, line(s) 16 a4/p.java, line(s) 18,15 a4/q.java, line(s) 58,66,95,39,48,111 com/adster/sdk/mediation/customevent/AdSterMediationCustomEvent.java, line(s) 103,124,140 com/adster/sdk/mediation/liftoff/LiftoffNetworkKt.java, line(s) 40 com/adsterreactnative/BannerAdManager.java, line(s) 45 com/adsterreactnative/InterstitialAdModule.java, line(s) 143,154 com/adsterreactnative/RewardedAdModule.java, line(s) 162,173 com/adsterreactnative/p.java, line(s) 156,179,271 com/agontuk/RNFusedLocation/RNFusedLocationModule.java, line(s) 48 com/brentvatne/exoplayer/f.java, line(s) 798,837,847,921,1247,526 com/cardreader/card_reader_lib/CardTask.java, line(s) 93,121,123,165,167,169,174,178,182,185,199,293,296,203,220 com/clevertap/android/pushtemplates/a.java, line(s) 9,19,25 com/clevertap/android/pushtemplates/d.java, line(s) 357 com/clevertap/android/sdk/t.java, line(s) 16,22,28,34,111,118,121,128,48,54,60,134,140,66,72,78,84,91,98,105,147,150 com/clevertap/react/CleverTapModule.java, line(s) 1459,131,255,303,309,312,492,593,599,610,619,622,647,661,706,719,844,854,1329,1349,1359,1451,1506,1647,1657,1667,1677,1687,1697,1723,1730,1757,1949,249,576,784,794,804,814,824,865,875,1422,1764,1879,1981 com/clevertap/react/a.java, line(s) 169 com/dylanvann/fastimage/FastImageUrlUtils.java, line(s) 19 com/dylanvann/fastimage/c.java, line(s) 31 com/dylanvann/fastimage/e.java, line(s) 111 com/faizal/OtpVerify/OtpVerifyModule.java, line(s) 124,145,49,58,71,85,105,110 com/heanoria/library/reactnative/locationenabler/AndroidLocationEnablerModule.java, line(s) 166,117,120,138,194 com/horcrux/svg/C0186v.java, line(s) 49 com/horcrux/svg/C6255v.java, line(s) 54 com/ibits/react_native_in_app_review/AppReviewModule.java, line(s) 100,105,110,115,121,126,131,134,137,149,153 com/imagepicker/b.java, line(s) 24 com/imagepicker/g.java, line(s) 26 com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 209,269,579,639,767,947,963 com/learnium/RNDeviceInfo/e.java, line(s) 24,30,36,41,85 com/lugg/ReactNativeConfig/ReactNativeConfigModule.java, line(s) 30,34 com/microsoft/codepush/react/k.java, line(s) 248,252 com/react/rnspinkit/b.java, line(s) 68 com/reactnativecommunity/asyncstorage/h.java, line(s) 127,133,139,141,147,149 com/reactnativecommunity/checkbox/ReactCheckBoxManager.java, line(s) 37 com/reactnativecommunity/webview/h.java, line(s) 147,133,149 com/reactnativecommunity/webview/k.java, line(s) 170,183 com/reactnativecommunity/webview/m.java, line(s) 369,374,416,421,254,258,268,492 com/reactnativemmkv/MmkvModule.java, line(s) 42,31,37,39 com/rnmaps/maps/MapModule.java, line(s) 309 com/rnmaps/maps/MapTileWorker.java, line(s) 44 com/rnmaps/maps/h.java, line(s) 153 com/rnmaps/maps/o.java, line(s) 98,102,106,110,142,169,171,188,192,194,201,204 com/rnmaps/maps/p.java, line(s) 211,222 com/simpl/android/fingerprint/SimplFingerprint.java, line(s) 22 com/simpl/android/fingerprint/a/d.java, line(s) 21,31,45 com/simpl/android/fingerprint/a/l.java, line(s) 167,222 com/simpl/android/fingerprint/commons/exception/SimplAirbrakeNotifier.java, line(s) 122,134,138 com/simpl/android/fingerprint/commons/utils/VersionUtil.java, line(s) 17 com/sparkfabrikreactnativeidfaaaid/ReactNativeIdfaAaidModule.java, line(s) 35 com/sudoplz/rninappupdates/SpReactNativeInAppUpdatesModule.java, line(s) 60,213 com/swmansion/gesturehandler/react/RNGestureHandlerModule.java, line(s) 749 com/swmansion/gesturehandler/react/i.java, line(s) 103,170 com/swmansion/gesturehandler/react/j.java, line(s) 74 com/swmansion/reanimated/NativeMethodsHelper.java, line(s) 89 com/swmansion/reanimated/ReanimatedModule.java, line(s) 132 com/swmansion/reanimated/ReanimatedUIManagerFactory.java, line(s) 20 com/swmansion/reanimated/keyboard/WindowsInsetsManager.java, line(s) 53,62,107,126 com/swmansion/reanimated/layoutReanimation/AnimationsManager.java, line(s) 401,415 com/swmansion/reanimated/layoutReanimation/ReanimatedNativeHierarchyManager.java, line(s) 40 com/swmansion/reanimated/layoutReanimation/ScreensHelper.java, line(s) 22 com/swmansion/reanimated/layoutReanimation/SharedTransitionManager.java, line(s) 456 com/swmansion/reanimated/layoutReanimation/TabNavigatorObserver.java, line(s) 37,105 com/swmansion/reanimated/nativeProxy/NativeProxyCommon.java, line(s) 155 com/swmansion/reanimated/sensor/ReanimatedSensorContainer.java, line(s) 32 com/swmansion/rnscreens/C0199i.java, line(s) 65 com/swmansion/rnscreens/C6268i.java, line(s) 72 com/swmansion/rnscreens/ScreenStackHeaderConfigViewManager.java, line(s) 46 com/swmansion/rnscreens/ScreensModule.java, line(s) 61,72,64 com/swmansion/rnscreens/SearchBarManager.java, line(s) 40 com/swmansion/rnscreens/utils/ScreenDummyLayoutHelper.java, line(s) 181,302 com/th3rdwave/safeareacontext/k.java, line(s) 116 d1/a.java, line(s) 89 i0/C1089a.java, line(s) 102 i0/C1092d.java, line(s) 158 i0/C6431a.java, line(s) 108 i0/C6434d.java, line(s) 159 in/juspay/hyper/core/JuspayLogger.java, line(s) 13,19,56,25,50 in/juspay/hypersdk/core/AndroidInterface.java, line(s) 452,729,789 io/invertase/firebase/app/ReactNativeFirebaseAppModule.java, line(s) 32 io/invertase/firebase/app/a.java, line(s) 14 io/invertase/firebase/crashlytics/ReactNativeFirebaseCrashlyticsInitProvider.java, line(s) 18,21,24,26,37,40,43,45,56,59,62,64,76,73 io/invertase/firebase/crashlytics/ReactNativeFirebaseCrashlyticsModule.java, line(s) 88,80,91,135,144 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingModule.java, line(s) 214 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingReceiver.java, line(s) 16,21,41 io/invertase/firebase/utils/ReactNativeFirebaseUtilsModule.java, line(s) 99 io/sentry/android/core/C0355t.java, line(s) 77,75,67,71,79 io/sentry/android/core/C6551t.java, line(s) 79,77,69,73,81 io/sentry/android/replay/r.java, line(s) 48,106 io/sentry/android/replay/u.java, line(s) 29,54 io/sentry/g2.java, line(s) 18,27,33 live/citymall/customer/OverlayFlow/ProductsModalActivity.java, line(s) 83,103,208 m0/AbstractC1152a.java, line(s) 7,13,8,14 m0/AbstractC6733a.java, line(s) 7,13,8,14 m6/C0485c.java, line(s) 49,173 m6/C6751c.java, line(s) 59,185 n5/p.java, line(s) 30,21,37,44,29,36,43,50,51,57,58 org/greenrobot/eventbus/Logger.java, line(s) 68 q5/g.java, line(s) 30,21,37,44,29,36,43,50,51,57,58 q7/c.java, line(s) 415 s0/l.java, line(s) 79,80 s2/c.java, line(s) 102 u/a.java, line(s) 103 v1/c.java, line(s) 65,79,135,148,245,275,288 v4/x.java, line(s) 45 w1/C.java, line(s) 45,59,118,122,246,258,306 w2/b.java, line(s) 105 y0/c.java, line(s) 128,26,256,289 z0/AbstractC1312d.java, line(s) 57,98,99,58 z0/AbstractC7028d.java, line(s) 57,98,99,58 z0/i.java, line(s) 58,99,100,59 z7/e.java, line(s) 46,46,61
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: e1/b.java, line(s) 88,88
安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/reactnativecommunity/clipboard/ClipboardModule.java, line(s) 31,34,4
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/clevertap/android/sdk/inbox/g.java, line(s) 4,44 com/reactnativecommunity/clipboard/ClipboardModule.java, line(s) 4,263 in/juspay/hypersdk/core/JBridge.java, line(s) 7,436
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://citymall-production.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/adster/sdk/mediation/adster/AdSterRestAdapterImpl.java, line(s) 43,43 com/adster/sdk/mediation/analytics/AnalyticsRestAdapterImpl.java, line(s) 112,112 com/adster/sdk/mediation/liftoff/LiftoffApiService.java, line(s) 45,45 d1/c.java, line(s) 117,115,117,114,108,108 in/juspay/hypersdk/security/HyperSSLSocketFactory.java, line(s) 66,65,67,64,64 live/citymall/customer/OverlayFlow/api/ApiClient.java, line(s) 16,16 y7/c.java, line(s) 82,80,79 y7/d.java, line(s) 121,110,119,129,118,118,120 y7/i.java, line(s) 82,80,79,79 y7/j.java, line(s) 236,223,234,233,233
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: in/juspay/hypersdk/data/SessionInfo.java, line(s) 143,147 io/sentry/android/core/internal/util/m.java, line(s) 64,21,21,21,21,21,21 n5/AbstractC4027c.java, line(s) 24 n5/AbstractC6773c.java, line(s) 25 q5/t.java, line(s) 24
综合安全基线评分总结
CityMall v1.42.1
Android APK
46
综合安全评分
中风险