应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Mint v5.7.3
39
安全评分
安全基线评分
39/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在较高安全风险,需要重点关注
漏洞与安全项分布
12
高危
28
中危
5
信息
2
安全
隐私风险评估
13
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
12
中危安全漏洞
28
安全提示信息
5
已通过安全项
2
重点安全关注
0
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.htmedia.mint.ui.activity.DeepLinkActivity][android:host=http://m.livemint.com] App Link 资产验证 URL(http://m.livemint.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:301)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.htmedia.mint.ui.activity.DeepLinkActivity][android:host=https://m.livemint.com] App Link 资产验证 URL(https://m.livemint.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:301)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.htmedia.mint.ui.activity.DeepLinkActivity][android:host=https://mint-android.onelink.me] App Link 资产验证 URL(https://mint-android.onelink.me/.well-known/assetlinks.json)未找到或配置不正确。(状态码:404)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.htmedia.mint.ui.activity.DeepLinkActivity][android:host=https://livemint.onelink.me] App Link 资产验证 URL(https://livemint.onelink.me/.well-known/assetlinks.json)未找到或配置不正确。(状态码:404)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.htmedia.mint.ui.activity.DeepLinkActivity][android:host=https://www.htsmartcast.com] App Link 资产验证 URL(https://www.htsmartcast.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:None)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.htmedia.mint.ui.activity.DeepLinkActivity][android:host=http://www.htsmartcast.com] App Link 资产验证 URL(http://www.htsmartcast.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:None)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: f6/l.java, line(s) 45 p000/p001/bi.java, line(s) 37 p000/p001/bl.java, line(s) 37 p000/p001/iab.java, line(s) 34 p000/p001/iaw.java, line(s) 96 p000/p001/wi.java, line(s) 37 p000/p001/wl.java, line(s) 37 p004/p005/bi.java, line(s) 38 p004/p005/bl.java, line(s) 38 p004/p005/iab.java, line(s) 34 p004/p005/iaw.java, line(s) 96 p004/p005/wi.java, line(s) 38 p004/p005/wl.java, line(s) 38
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/htmedia/mint/utils/f0.java, line(s) 4621 in/juspay/hypersdk/core/AndroidInterface.java, line(s) 808 in/juspay/hypersdk/data/KeyValueStore.java, line(s) 14 p000/p001/bi.java, line(s) 36 p000/p001/bl.java, line(s) 36 p000/p001/wi.java, line(s) 36 p000/p001/wl.java, line(s) 36 p004/p005/bi.java, line(s) 37 p004/p005/bl.java, line(s) 37 p004/p005/wi.java, line(s) 37 p004/p005/wl.java, line(s) 37
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/htmedia/mint/storydatailpage/viewholder/c1.java, line(s) 62,8,9 com/htmedia/mint/storydatailpage/viewholder/e2.java, line(s) 162,189,191,193,195,10,11 com/htmedia/mint/storydatailpage/viewholder/u0.java, line(s) 62,8,9 com/htmedia/mint/utils/j.java, line(s) 1363,1504,1506,1508,1510,2926,2929,2931,2933,2942,27,28 com/razorpay/BaseCheckoutActivity.java, line(s) 230,235,17,18 com/razorpay/CheckoutActivity.java, line(s) 52,6 com/razorpay/CheckoutPresenterImpl.java, line(s) 771,22 com/taboola/android/TBLClassicUnit.java, line(s) 1131,30,31 in/juspay/hypersdk/core/DynamicUI.java, line(s) 214,423,10 in/juspay/hypersdk/safe/JuspayWebView.java, line(s) 79,9,10
高危安全漏洞 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
p000/p001/iab.java, line(s) 89
p000/p001/iaw.java, line(s) 35
p004/p005/iab.java, line(s) 89
p004/p005/iaw.java, line(s) 35
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/htmedia/mint/htsubscription/sku/ui/ManageSubscriptionWebViewActivity.java, line(s) 164,312,15,16 com/taboola/android/TBLClassicUnit.java, line(s) 1087,30,31 com/taboola/android/tblweb/TBLWebUnit.java, line(s) 228,229,7
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个13隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 Activity (com.htmedia.mint.ui.activity.SplashActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.htmedia.mint.DefaultAlias) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.htmedia.mint.PremiumAlias) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.htmedia.mint.utils.CRIFWebView) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.htmedia.mint.ui.activity.DeepLinkActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.appsflyer.SingleInstallBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.firebase.jobdispatcher.GooglePlayReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.permission.BIND_NETWORK_TASK_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity-Alias (com.taboola.android.FSDAliasActivity) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (in.juspay.hypersdk.core.CustomtabResult) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.GenericIdpActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.RecaptchaActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: b0/d.java, line(s) 38 b0/p.java, line(s) 99 b0/x.java, line(s) 85 b1/g.java, line(s) 88 com/appsflyer/AppsFlyerProperties.java, line(s) 16 com/htmedia/mint/dialycapsule/pojo/DailyCapsule.java, line(s) 150 com/htmedia/mint/htsubscription/TokenGenerater.java, line(s) 10 com/htmedia/mint/htsubscription/ZSErrorCodeHandling.java, line(s) 87 com/htmedia/mint/pojo/config/AffiliateCodeItem.java, line(s) 51 com/htmedia/mint/pojo/marketRevamp/CasIncBalItem.java, line(s) 109 com/htmedia/mint/pojo/marketRevamp/InsightItem.java, line(s) 97 com/htmedia/mint/pojo/marketRevamp/ValuationItem.java, line(s) 97 com/htmedia/mint/pojo/marketRevamp/recos/FiltersParentItem.java, line(s) 160 com/htmedia/mint/razorpay/JWTTokenBuilder.java, line(s) 13 com/htmedia/mint/ui/fragments/MarketNewsStockFragment.java, line(s) 717,690,722 com/razorpay/AnalyticsConstants.java, line(s) 132,160,72 com/razorpay/BaseConstants.java, line(s) 27,35 com/razorpay/OtpElfData.java, line(s) 6 com/taboola/android/TBLClassicUnit.java, line(s) 1798 com/taboola/android/global_components/eventsmanager/events/TBLMobileEvent.java, line(s) 33,34 com/taboola/android/global_components/monitor/TBLAuthentication.java, line(s) 9 com/taboola/android/global_components/monitor/TBLSimCodeChange.java, line(s) 9 com/taboola/android/global_components/monitor/b.java, line(s) 15 com/taboola/android/global_components/network/handlers/TBLRecommendationsHandler.java, line(s) 19 com/taboola/android/tblnative/TBLNativeUnitInternal.java, line(s) 45,58 com/taboola/android/tblnative/TBLRecommendationItem.java, line(s) 45 com/taboola/android/tblweb/TBLWebViewManager.java, line(s) 33,35,36,34,45,42,38,52 com/taboola/android/utils/TBLSdkDetailsHelper.java, line(s) 81 com/taboola/lightnetwork/utils/SharedPrefUtil.java, line(s) 15 com/truecaller/android/sdk/PartnerInformation.java, line(s) 18 com/truecaller/android/sdk/TrueException.java, line(s) 18 io/jsonwebtoken/JwsHeader.java, line(s) 8 lb/Request.java, line(s) 134 x2/BitmapMemoryCacheKey.java, line(s) 66 xf/d.java, line(s) 83 y9/NetworkDataSecurityConfig.java, line(s) 53 yf/EventRecord.java, line(s) 144 z/g.java, line(s) 87
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/htmedia/mint/utils/c2.java, line(s) 7 com/taboola/android/global_components/fsd/e.java, line(s) 13 com/taboola/android/tblnative/TBLNativeUnitInternal.java, line(s) 37 jh/a.java, line(s) 3 jh/b.java, line(s) 3 kh/a.java, line(s) 4 p000/p001/up1.java, line(s) 29 p002i/p003i/pk.java, line(s) 34 p004/p005/up1.java, line(s) 32 p006i/p007i/pk.java, line(s) 37 qi/d.java, line(s) 11 qi/h.java, line(s) 6 z0/j.java, line(s) 4
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: club/cred/access/internal/AccessDialogFragment.java, line(s) 494,492 club/cred/access/internal/AccessFragment.java, line(s) 375,373 com/htmedia/mint/htsubscription/sku/ui/ManageSubscriptionWebViewActivity.java, line(s) 212,148 com/htmedia/mint/storydatailpage/viewholder/c1.java, line(s) 65,60 com/htmedia/mint/storydatailpage/viewholder/u0.java, line(s) 65,60 com/razorpay/BaseUtils.java, line(s) 1017,158 com/razorpay/MagicXActivity.java, line(s) 82,69 in/juspay/hypersdk/core/DynamicUI.java, line(s) 145,168,244,143 in/juspay/hypersdk/safe/Godel.java, line(s) 389,673,667 me/c.java, line(s) 107,104 ug/C0333c.java, line(s) 103,100
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/appsflyer/internal/af.java, line(s) 24 com/comscore/android/id/IdHelperAndroid.java, line(s) 290 com/comscore/util/crashreport/CrashReportDecorator.java, line(s) 203 in/juspay/hypersdk/security/EncryptionHelper.java, line(s) 124,153
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/htmedia/mint/htsubscription/sku/ui/ManageSubscriptionWebViewActivity.java, line(s) 151,148 com/htmedia/mint/storydatailpage/viewholder/e2.java, line(s) 178,174 com/htmedia/mint/ui/activity/EpaperActivity.java, line(s) 164,162 com/htmedia/mint/ui/activity/WebViewActivity.java, line(s) 93,91 com/htmedia/mint/ui/activity/WebViewActivityWithHeader.java, line(s) 305,303 com/htmedia/mint/ui/activity/WebViewActivityWithoutHeader.java, line(s) 74,72 com/htmedia/mint/ui/fragments/StoryDetailViewFragment.java, line(s) 1486,1484 in/juspay/hypersdk/safe/Godel.java, line(s) 680,667 q7/a5.java, line(s) 214,212 q7/a8.java, line(s) 91,89 q7/d4.java, line(s) 180,168
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: a2/a.java, line(s) 44 bin/mt/signature/KillerApplication.java, line(s) 77 com/github/mikephil/charting/charts/Chart.java, line(s) 739,789 com/github/mikephil/charting/utils/FileUtils.java, line(s) 142,170 com/htmedia/mint/service/DownloadEpaper.java, line(s) 92 com/htmedia/mint/utils/h0.java, line(s) 39,39,40 r1/b.java, line(s) 315
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/snowplowanalytics/snowplow/tracker/storage/EventStoreHelper.java, line(s) 4,5,36,42 rb/b.java, line(s) 5,6,661,662,665,666,616,621,628,633,638,643,648,653,658,674,682,692,697,702,707,718,729,741,781,782,812,813,814,827,841,856,867 y4/a.java, line(s) 6,7,107 yf/a.java, line(s) 6,7,113,116
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: r1/b.java, line(s) 126
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/appsflyer/internal/af.java, line(s) 39 com/comscore/util/crashreport/CrashReportDecorator.java, line(s) 223 d2/c.java, line(s) 12
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/72061481469/namespaces/firebase:fetch?key=AIzaSyBRQQTSiOC5FusmF2xx3EWlge4xrmA7VTA ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"CIR_CONSENT_EXP": "{\"CIR_CONSENT_EXP\":false}",
"L1_Bottom_Menu_Cofig": "{\"l1Menu\":[[\"foryou_page_analytics\"],[\"market_news\"],[\"companies\"],[\"lounge\"],[\"Money\"],[\"economist\"],[\"personal_finance\"],[\"wsj\"],[\"barrons\"],[\"ipo\"],[\"technology\"],[\"start_ups\"],[\"market_report\"],[\"opinion\"],[\"politics\"],[\"snapview\"],[\"long_story\"],[\"primer\"],[\"plain_facts\"],[\"industry\"],[\"mark_to_market\"],[\"auto\"],[\"banking\"],[\"manufacturing\"],[\"mutual_funds\"],[\"insurance\"]],\"l1MenuSub\":[[\"foryou_page_analytics\"],[\"market_news\"],[\"companies\"],[\"lounge\"],[\"news_page\"],[\"Money\"],[\"economist\"],[\"personal_finance\"],[\"wsj\"],[\"barrons\"],[\"ipo\"],[\"technology\"],[\"start_ups\"],[\"market_report\"],[\"opinion\"],[\"politics\"],[\"snapview\"],[\"long_story\"],[\"primer\"],[\"plain_facts\"],[\"industry\"],[\"mark_to_market\"],[\"auto\"],[\"banking\"],[\"manufacturing\"],[\"mutual_funds\"],[\"insurance\"]],\"tabBar\":[[\"foryou_page_analytics\"],[\"generic_tab\",\"mint_shorts\",\"news_page\"],[\"premium_section\"],[\"market_page\"],[\"mymint_tab\",\"global_tab\"]],\"tabBarSub\":[[\"foryou_page_analytics\"],[\"generic_tab\",\"mint_shorts\",\"news_page\"],[\"premium_section\"],[\"market_page\"],[\"mymint_tab\",\"global_tab\"]],\"experimentName\":\"A\",\"bottomtab_defaultOption\":{\"enable\":true,\"installAppNS\":\"foryou_page_analytics\",\"installAppSubs\":\"foryou_page_analytics\",\"defaultOptionNS\":\"foryou_page_analytics\",\"defaultOptionSubs\":\"foryou_page_analytics\",\"updateAppNS\":\"foryou_page_analytics\",\"updateAppSubs\":\"foryou_page_analytics\",\"variant\":\"A landing page\"}}",
"My_Mint_Config": "{\"variant\":\"A\",\"experimentName\":\"my_mint_a\",\"data\":{\"dailyCapsule\":{\"title\":\"Daily Capsule\",\"subTitle\":\"Top stories personalised for you\",\"L1Title\":\"Daily Capsule\",\"maxLimit\":6,\"visiblePercentage\":70},\"myReads\":{\"L1Title\":\"My Reads\"},\"skuCarousel\":{\"title\":\"My Mint\",\"subUrl\":\"https://www.livemint.com/api/cms/search/story?search=id:11616594247080\",\"L1Title\":\"\",\"maxLimit\":5,\"subTitle\":\"\",\"nonSubUrl\":\"https://www.livemint.com/api/cms/search/story?search=id:11616594247080\",\"titleSubs\":\"Mint Lounge\",\"subTitleSubs\":\"\"},\"newsletterOfTheDay\":{\"title\":\"Newsletter Of The Day\",\"subTitle\":\"\",\"L1Title\":\"\",\"maxLimit\":-1,\"visiblePercentage\":70},\"myAuthor\":{\"title\":\"My Authors\",\"subTitle\":\"Get personalised news tailored to your \\npreferred authors\",\"L1Title\":\"My Authors\",\"maxLimit\":4,\"tabMaxLimit\":50,\"visiblePercentage\":30,\"newsUrl\":\"https://personalize.livemint.com/myfeed-lm\"},\"infographics\":{\"title\":\"Infographics\",\"subTitle\":\"Charts and graphs curated for you\",\"L1Title\":\"Infographics\",\"maxLimit\":10,\"visiblePercentage\":70},\"mintSpecial\":{\"title\":\"Mint specials\",\"subTitle\":\"Curated collections showcasing our best work\",\"otherText\":\"Daily 10+ articles\",\"L1Title\":\"Mint specials\",\"maxLimit\":10,\"visiblePercentage\":70},\"myFeed\":{\"L1Title\":\"My Feed\",\"title\":\"My feed\",\"tabMaxLimit\":20,\"subTitle\":\"News personalised to your interests\",\"feedColors\":[\"#7E30E1\",\"#E26EE5\",\"#FFA732\",\"#88AB8E\"],\"maxLimit\":6,\"newsUrl\":\"https://personalize.livemint.com/myfeed-lm\",\"newsfeedLogicPercentage\":[0,1,2,3,4],\"visiblePercentage\":30},\"myWatchlist\":{\"title\":\"My Watchlist\",\"subTitle\":\"\",\"L1Title\":\"My Watchlist\",\"maxLimit\":6,\"visiblePercentage\":70},\"watchlistNews\":{\"title\":\"News from watchlist\",\"subTitle\":\"\",\"L1Title\":\"News from watchlist\",\"maxLimit\":4,\"visiblePercentage\":70},\"continueReading\":{\"title\":\"Pick up where you left off\",\"subTitle\":\"Continue reading\",\"L1Title\":\"Continue reading\",\"maxLimit\":4,\"visiblePercentage\":70},\"bookmarksAndSaved\":{\"title\":\"Bookmarks & saved\",\"subTitle\":\"\",\"L1Title\":\"Bookmarks & saved\",\"maxLimit\":4,\"visiblePercentage\":70},\"overview\":{\"L1Title\":\"Explore\"},\"banner\":{\"nonSubscriber\":{\"image_url\":\"https://images.livemint.com/apps/images/non_subs_banner.jpeg\",\"deeplink\":\"https://www.livemint.com/lm/userplan\"},\"churnedUser\":{\"image_url\":\"https://images.livemint.com/apps/images/churned_user_banner.jpg\",\"deeplink\":\"https://www.livemint.com/lm/userplan\"},\"subscriber\":{\"image_url\":\"https://images.livemint.com/dev/Banner1_3x.png\",\"deeplink\":\"https://www.livemint.com/\"},\"visiblePercentage\":70},\"newsletters\":{\"title\":\"Newsletters\",\"subTitle\":\"\",\"L1Title\":\"Newsletters\",\"maxLimit\":10,\"visiblePercentage\":70},\"offers\":{\"title\":\"Offers\",\"subTitle\":\"Enjoy the wide range of subscription benefits\",\"L1Title\":\"Offers\",\"maxLimit\":10,\"visiblePercentage\":70}},\"nonSubscriber\":{\"L1Menu\":[\"myFeed\",\"myAuthor\",\"overview\",\"myReads\"],\"sections\":[\"dailyCapsule\",\"newsletterOfTheDay\",\"infographics\",\"mintSpecial\",\"myFeed\",\"myAuthor\",\"myWatchlist\",\"watchlistNews\",\"continueReading\",\"bookmarksAndSaved\",\"banner\",\"newsletters\"]},\"sku\":{\"L1Menu\":[\"myFeed\",\"myAuthor\",\"overview\",\"myReads\"],\"sections\":[\"dailyCapsule\",\"skuCarousel\",\"newsletterOfTheDay\",\"mintSpecial\",\"myFeed\",\"myAuthor\",\"myWatchlist\",\"watchlistNews\",\"continueReading\",\"bookmarksAndSaved\",\"newsletters\"]},\"churnedUser\":{\"L1Menu\":[\"myFeed\",\"myAuthor\",\"overview\",\"myReads\"],\"sections\":[\"dailyCapsule\",\"newsletterOfTheDay\",\"infographics\",\"mintSpecial\",\"myFeed\",\"myAuthor\",\"myWatchlist\",\"watchlistNews\",\"continueReading\",\"bookmarksAndSaved\",\"banner\",\"newsletters\"]},\"subscriber\":{\"L1Menu\":[\"myFeed\",\"myAuthor\",\"overview\",\"myReads\"],\"sections\":[\"dailyCapsule\",\"newsletterOfTheDay\",\"infographics\",\"mintSpecial\",\"myFeed\",\"myAuthor\",\"myWatchlist\",\"watchlistNews\",\"continueReading\",\"bookmarksAndSaved\",\"newsletters\"]},\"headerData\":{\"login\":{\"title\":\"LOGIN\",\"subTitle\":\"Login & Say Hello!\"},\"onboarding\":{\"title\":\"ONBOARDING\",\"subTitle\":{\"login\":\"Login to enjoy exclusive features\",\"settingsPreferences\":\"Follow topics of interests\",\"watchlistPreferences\":\"Create Your Stock Watchlist\"}},\"ios_enabled\":true,\"android_enabled\":true,\"renewSubscription\":{\"title\":\"Subscription Expired\",\"subTitle\":\"Renew your subscription & get <b>40% off</b>\"},\"nonSubscriber\":{\"title\":\"SUBSCRIBE NOW\",\"subTitle\":\"Purchase your subscription\",\"deeplink\":\"https://www.livemint.com/lm/userplan\"}}}",
"Story_Detail_AB": "{\"variant\":\"fallback firebase\",\"experimentName\":\"fallback firebase\",\"default\":{\"premiumStory\":[{\"title\":\"More from this Section\",\"template\":\"horizontalCarousel\",\"position\":4,\"showSubsection\":false,\"url\":\"https://www.livemint.com/api/cms/page?url={section}\",\"feedType\":\"blankPaper\",\"max\":5,\"isLast\":true,\"hideViewAll\":false,\"numOfStories\":40}],\"nonPremiumStory\":[{\"title\":\"More from this Section\",\"template\":\"horizontalCarousel\",\"position\":4,\"showSubsection\":false,\"url\":\"https://www.livemint.com/api/cms/page?url={section}\",\"feedType\":\"blankPaper\",\"max\":5,\"isLast\":true,\"hideViewAll\":false,\"numOfStories\":40}]}}",
"Story_Detail_AB_New": "{ \"variant\": \"fallback firebase\", \"experimentName\": \"fallback firebase\", \"default\": { \"premiumStory\": [ { \"title\": \"More from this Section\", \"template\": \"horizontalCarousel\", \"position\": 4, \"showSubsection\": false, \"url\": \"https://www.livemint.com/api/cms/page?url={section}\", \"feedType\": \"blankPaper\", \"max\": 5, \"isLast\": true, \"hideViewAll\": false, \"numOfStories\": 40 } ], \"nonPremiumStory\": [ { \"title\": \"More from this Section\", \"template\": \"horizontalCarousel\", \"position\": 4, \"showSubsection\": false, \"url\": \"https://www.livemint.com/api/cms/page?url={section}\", \"feedType\": \"blankPaper\", \"max\": 5, \"isLast\": true, \"hideViewAll\": false, \"numOfStories\": 40 } ] } }",
"integratedPaywallV1": "{\"integratedPaywallV1\":false}",
"planPageRevampExp": "{\"newPlanPageEnabled\":false}"
},
"state": "UPDATE",
"experimentDescriptions": [
{
"experimentId": "_exp_67",
"variantId": "1",
"experimentStartTime": "2025-05-09T12:11:57.436Z",
"triggerTimeoutMillis": "15552000000",
"timeToLiveMillis": "15552000000"
},
{
"experimentId": "_exp_71",
"variantId": "0",
"experimentStartTime": "2025-05-30T09:12:06.371Z",
"triggerTimeoutMillis": "15552000000",
"timeToLiveMillis": "15552000000"
},
{
"experimentId": "_exp_72",
"variantId": "0",
"experimentStartTime": "2025-07-04T05:11:31.706Z",
"triggerTimeoutMillis": "15552000000",
"timeToLiveMillis": "15552000000"
},
{
"experimentId": "_exp_73",
"variantId": "0",
"experimentStartTime": "2025-07-04T05:13:20.122Z",
"triggerTimeoutMillis": "15552000000",
"timeToLiveMillis": "15552000000"
}
],
"templateVersion": "35"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-9783515403541006~9907915426" 凭证信息=> "com.truecaller.android.sdk.PartnerKey" : "@7F1303FC" "api_key" : "47b060f222c23d2fd4ca0bba2e1f39c6271baf678bdca0bc63cc4e91c6bba73657edc90d7e4ec388750115cbda9e9ba0" "com.google.firebase.crashlytics.mapping_file_id" : "d64a69debaf744b4b62cbe809667137b" "google_api_key" : "AIzaSyBRQQTSiOC5FusmF2xx3EWlge4xrmA7VTA" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" "google_crash_reporting_api_key" : "AIzaSyBRQQTSiOC5FusmF2xx3EWlge4xrmA7VTA" "firebase_database_url" : "https://driven-slice-778.firebaseio.com" "mi_app_key" : "5281764337623" "mi_app_id" : "2882303761517643623" "true_caller_key" : "NqXbDaae8db4c543b40acae620776370585fa" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password" "facebook_client_token" : "9eeedef0cea1b5e2383913e2578be560" "google_app_id" : "1:72061481469:android:3a3bc833ad296bba" "facebook_app_id" : "1222624051527471" 52a74ae3a18de3335d4dd38c5e3d492ef5e90f99d6a18b308a55dc49c65b2da4 3d9ab0dd2e243c00f37ee0441fd1cb9846dcf74a9c896d37582107c8fe4e4a03 BHoKAJ0BAR2DLOvQkDvRcNLeeqgqHLCqKMR1JfyXapo= 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 5aeab8eefc36f218b0e0866b b8c5df6a3342d5f87d7db08263f9549c276b74ad01d70dbf12ff8a5da20d2eb8 80e8316f0af99bb5d5466022fcc3467ac1faf6760a22f5192b956c095f702859 nODU0WjBrMQswCQYDVQQGEwI5MTESMBAGA1UECBMJTmV3IERlbGhpMRIwEAYDVQQHEwlOZXcgRGVs 9bfbb83ee80ccdee95e73bc93dacd62f nY6UmBLvx5mNmxd0aJ53Ca+pdw4iBxhM= c4171614448e750850bd4daca2c7e8d1 d52915a2594ff3f5e41445278ebdafa0683df56fb41cdfaab9644ecba67210ef 7608fa0fa18cdf9a3fc377c32849d300f060b8c31acdf78a6bbd1c4cc77628fa a9d5eaa6f5b73f27bb4b1f623a149293e9b10a132cea57f3d23021160e86ebb3 376c21021b2800b444ae9214a5b251460c04490611dadf1585987e12ce0b6c21 57c00a2ccaf48e2831750343 0337a08271785f216907d68a5b6da8d8bcb39bd10cec37dd9f84db85cc80509f 0ac1169ae6cead75264c725febd8e8d941f25e31 bbb39450acad7c6f9972cac101043a8d6ce599b9fe77832310c4e4486c3db62b FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 c1958009c7d582dd3c95d7827787e463bc33ffb9e605b3a44b7a53d1e28df198 bKxCJRf2+J6gvv7C0fr4tYEBkjGR5dmbwzKykxOB8Fo= 9b8f518b086098de3d77736f9458a3d2f6f95a37 c56fb7d591ba6704df047fd98f535372fea00211 7197a39376918d849008c03c3e5fa205c5399d749f160d2c2c537c229c852cd1 nYjd17CFOZhlmQwuqSpl2fMTnYbzUDOeMSFSAEVP9iRd94seEoTXSyLmy9+xxdw0voYE4FoQFxM6o 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 nCBMJTmV3IERlbGhpMRIwEAYDVQQHEwlOZXcgRGVsaGkxFjAUBgNVBAoTDUhUIE1lZGlhIEx0ZC4x 6B6DF74108FB4A1CA3FEC6CBEC663878 df6b721c8b4d3b6eb44c861d4415007e5a35fc95 dR5Vx2mOx4GqCE6I6Mx84jGeMEe5c38m7jWIajevG8I= 4957751df3ad5a6954cfd868ed8f1e3a13bf2fcd15601b55c807134644e94574 MIICTTCCAbagAwIBAgIEUfon/jANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwI5MTESMBAGA1UE naGkxFjAUBgNVBAoTDUhUIE1lZGlhIEx0ZC4xDTALBgNVBAsTBE1pbnQxDTALBgNVBAMTBE1pbnQw ngZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAI6SggD/eGxb2vr41f68vbdJO9d51JTd1BsFxI9A 1ff00acf4d101b7d3a85ccbbbb832bf4a412e63b48c8877b1ee88c9f6840548b 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 a9aa41c77f240f438384e281dd01fdb3d9aa7fb2881d4810fa4ba20713fcfd49 e1ff492228196aa72f4892db1e05624e e214573905d30571c95cc1c6c2f687070e8e600898c9427a49df44b71618cc81 baa0d06e00b28b527c5f84f73213da12d420f3d9b858101da6ac49a614b71190 cc2751449a350f668590264ed76692694a80308a a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc 0f8b6eedac0128b2ed3b5709662b496665f4b94994ea722011bcb05854dba1a1 0656ab3f363fc9ff34b6d5253151e7afae74ffceed7c01763d6ef09bdfc6c7e6 6ce1d5a5c8c86c76fba8e2f91d51e9bc64d236058a1bc5dbeafbffb73bcbd6e0 df2b722f53e22476ad77d0517b24f14af2489d0ec359b323a4ffc43058403e01 E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 ab439837c2e5d357fc8704c8650499f1e45892880a72e20cf9d5e1bd67887e36 5b0307b74e96de861cd3fe6fb734d5ca914740e9308eaadad505ce654e2c73ad 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F 2605f3ee718aef90f2569a596b000f7ae64572697bc99a440437ab0d9fb890ba FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 nDTALBgNVBAsTBE1pbnQxDTALBgNVBAMTBE1pbnQwHhcNMTMwODAxMDkxODU0WhcNMzgwNzI2MDkx 8a03e08e354a73ac49509c8b708fbe15aee2fb2a eb25709fe1f996997985d8335012b85238395bde49e0e74d8b2f4fab38312c8e 778555daab4a5e0ead751cf45366200c93662d2f4bb7ecf5fe2d774906acc1a5 85026e0729d8bbf1bccc6269f9cf7ab9772b90ad5753ac29b6fa6ea96c9f977a nhIyJYUFk0A1u5YR/Vf8ojXJZJOQu2UZQSarHZMd+MmUSZ6UBQF0aYDvXAgMBAAEwDQYJKoZIhvcN ecbab80833a2f822e1262ced36ca7e7d84e033586d75f5e2f8091f2e8dc81a75 bfdc237e067ce80b93351469888bc2d2c8e255d5dc53a5d4505ce086fe01aa7b C+CgTFGA66yt4jXPEIIrxijxRU684sjgn/WncvVJPbMrHBQ+f0eE2YJbl2lFh+z1GoVPWhNcQbF212Tdup4AeRX70kGPQJyuxeFb6WtJzqs= f718d6a586d365ff5c55842ddcb9e11e c18e6c7f9ce9dedba8a8cbb9e8b245ca0912945611282c140c549f55406a91db
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a0/c.java, line(s) 118,117 a0/e.java, line(s) 73,72 b0/h.java, line(s) 612,301,316,611,406 b0/i.java, line(s) 56,57 b0/k.java, line(s) 19,224 b0/q.java, line(s) 169 b0/z.java, line(s) 78,115,68,77,114,69 b5/b.java, line(s) 184 b7/f.java, line(s) 214 bc/c.java, line(s) 111,116 bin/mt/signature/KillerApplication.java, line(s) 116,126,161 c0/i.java, line(s) 111,152,112,153 c0/j.java, line(s) 118,159,170,182,86,117,127,148,158,169,181,202,209,92,128,203,210,149 c1/l.java, line(s) 150,160,168,253,302,313,334,356 c6/d.java, line(s) 176,246 c8/s.java, line(s) 123 c8/s0.java, line(s) 50,61,84 c8/u0.java, line(s) 85 c8/v0.java, line(s) 329,425 c8/w.java, line(s) 197 c9/c.java, line(s) 18,11 club/cred/access/internal/a.java, line(s) 18,32 com/appsflyer/AFLogger.java, line(s) 64,103,134,101,75,53,123 com/cardreader/card_reader_lib/CardTask.java, line(s) 93,121,123,165,167,169,174,178,182,185,199,293,296,203,220 com/comscore/android/util/log/AndroidLogger.java, line(s) 11,16,21,26,31,36,41,46,51,56 com/firebase/jobdispatcher/GooglePlayReceiver.java, line(s) 90,148,163,225,119,155,120,193 com/firebase/jobdispatcher/b.java, line(s) 164 com/firebase/jobdispatcher/c.java, line(s) 90,26 com/firebase/jobdispatcher/d.java, line(s) 128,31,35,45,49,73,88 com/firebase/jobdispatcher/h.java, line(s) 28,40,59,62,27,39 com/firebase/jobdispatcher/m.java, line(s) 82,156,79 com/firebase/jobdispatcher/o.java, line(s) 38,83,122,61,77,99,111 com/github/mikephil/charting/charts/BarChart.java, line(s) 96 com/github/mikephil/charting/charts/BarLineChartBase.java, line(s) 323,327,638,644,761,802 com/github/mikephil/charting/charts/Chart.java, line(s) 422,563,613,702,706,817,710 com/github/mikephil/charting/charts/CombinedChart.java, line(s) 119 com/github/mikephil/charting/charts/HorizontalBarChart.java, line(s) 226,182,186 com/github/mikephil/charting/components/AxisBase.java, line(s) 56 com/github/mikephil/charting/data/ChartData.java, line(s) 79 com/github/mikephil/charting/data/CombinedData.java, line(s) 178,194,201 com/github/mikephil/charting/data/LineDataSet.java, line(s) 207,215 com/github/mikephil/charting/data/PieData.java, line(s) 47 com/github/mikephil/charting/data/PieEntry.java, line(s) 63,75 com/github/mikephil/charting/listener/BarLineChartTouchListener.java, line(s) 217 com/github/mikephil/charting/renderer/CombinedChartRenderer.java, line(s) 126 com/github/mikephil/charting/renderer/ScatterChartRenderer.java, line(s) 51 com/github/mikephil/charting/utils/FileUtils.java, line(s) 34,53,66,93,119,133,164,175,186 com/github/mikephil/charting/utils/Utils.java, line(s) 74,89,359 com/htmedia/mint/AppController.java, line(s) 151,154,156,160,181,191 com/htmedia/mint/appiconchange/service/AppIconChangeWorker.java, line(s) 37 com/htmedia/mint/appiconchange/service/InitialAppIconAliasService.java, line(s) 35,39,43,45,47 com/htmedia/mint/htsubscription/ConvertFreeTrialIntoDays.java, line(s) 52,64 com/htmedia/mint/htsubscription/GetViewByStoryType.java, line(s) 368 com/htmedia/mint/htsubscription/ParseSubscriptionDetail.java, line(s) 36,92 com/htmedia/mint/htsubscription/SnowplowSubscriptionAnalytices.java, line(s) 32 com/htmedia/mint/htsubscription/WebEngageAnalytices.java, line(s) 158,159,160,161,162,163,164 com/htmedia/mint/htsubscription/deviceidtracking/DeviceIdTracking.java, line(s) 155 com/htmedia/mint/htsubscription/deviceidtracking/DeviceIdTrackingParallel.java, line(s) 261,166,175 com/htmedia/mint/htsubscription/deviceidtracking/OfferBannerHandler.java, line(s) 346 com/htmedia/mint/htsubscription/planpagerewamp/adapters/PlansListAdapterRevamp2025.java, line(s) 405,406,407 com/htmedia/mint/htsubscription/planpagerewamp/ui/activities/PlanPageActivityRevamp2025.java, line(s) 448 com/htmedia/mint/htsubscription/planpagerewamp/ui/customviews/CustomPagerIndicator.java, line(s) 82,99,103 com/htmedia/mint/htsubscription/planpagerewamp/ui/dialogs/PlanPageRevampDialogs.java, line(s) 82 com/htmedia/mint/htsubscription/sku/ui/ManageSubscriptionWebViewActivity.java, line(s) 186,198,219 com/htmedia/mint/htsubscription/subsutils/SubscriptionUtils.java, line(s) 32,36 com/htmedia/mint/marketRevamp/marketUtils/StockDetailsScrollListener.java, line(s) 167 com/htmedia/mint/marketRevamp/networkRequest/RecosLivePriceHelper$fetchAndCombineWithCache$1.java, line(s) 79 com/htmedia/mint/marketRevamp/networkRequest/RecosLivePriceHelper.java, line(s) 176,181,186 com/htmedia/mint/marketRevamp/networkRequest/RecosLivePriceManager$fetchLivePrices$1.java, line(s) 54 com/htmedia/mint/marketRevamp/networkRequest/RecosLivePriceManager$fetchLivePrices$2.java, line(s) 37 com/htmedia/mint/marketRevamp/ui/fragments/CorporateActionTabFragment.java, line(s) 488 com/htmedia/mint/marketRevamp/ui/fragments/MarketRevampNewsFragment.java, line(s) 111 com/htmedia/mint/marketRevamp/ui/fragments/MutualFundViewAllFragment.java, line(s) 270,180 com/htmedia/mint/marketRevamp/ui/fragments/StockRecosFragment$fetchLivePricesForVisibleItems$2.java, line(s) 27 com/htmedia/mint/marketRevamp/ui/fragments/StockRecosFragment$handleLivePriceSuccessForVisibleItems$2.java, line(s) 87,42 com/htmedia/mint/marketRevamp/ui/fragments/StockRecosFragment.java, line(s) 122,127,162,224,231,237,249,273,301,305,319,324,351,404,425,456,499,502,508,531,547,569,572,600,650,875,1039,1119,1145,1158,1457,1511,1514,1522,1658,1669,1683,2098,2193,2196,226,267,337,412,698,1105,1161,1163,2069 com/htmedia/mint/marketRevamp/viewholders/TechnicalTrendsViewHolder$onSuccess$1.java, line(s) 56 com/htmedia/mint/marketRevamp/widgets/ForecastWidgetStockDetail.java, line(s) 698 com/htmedia/mint/marketRevamp/widgets/ForecastWidgetTest.java, line(s) 100,397,551 com/htmedia/mint/marketwidget/GainerLoserWidget.java, line(s) 75 com/htmedia/mint/marketwidget/MarketAdWidget.java, line(s) 89 com/htmedia/mint/onboarding/fragments/OnboardingFirstPartyActivity.java, line(s) 93 com/htmedia/mint/piano/PianoCallbacks.java, line(s) 268,358,364,368,381,387,393,556,560,643,837,838,453,832,833,834 com/htmedia/mint/receiver/AppUpgradeReceiver.java, line(s) 12,16 com/htmedia/mint/storydatailpage/viewholder/PremiumStoryViewHolder.java, line(s) 69,86 com/htmedia/mint/storydatailpage/viewholder/TopItemLiveblogViewHolder.java, line(s) 421,444,458,226,232,238,244,423,446,460 com/htmedia/mint/storydatailpage/viewholder/a.java, line(s) 38,43,48,56,68,74,81,112 com/htmedia/mint/storydatailpage/viewholder/b.java, line(s) 55,73 com/htmedia/mint/storydatailpage/viewholder/f0.java, line(s) 549 com/htmedia/mint/storydatailpage/viewholder/s.java, line(s) 114 com/htmedia/mint/ttsplayer/TtsPlayerService.java, line(s) 227,239,443,543,560,575,591,644,655,660,665,677,687,696,722,735 com/htmedia/mint/ui/activity/ExpandGraphActivity.java, line(s) 278,293,318,812,822,825 com/htmedia/mint/ui/activity/HomeActivity$b0.java, line(s) 30,19,46,51 com/htmedia/mint/ui/activity/HomeActivity$v.java, line(s) 16 com/htmedia/mint/ui/activity/HomeActivity.java, line(s) 644,1235,1263,5988,2331,3394,3881 com/htmedia/mint/ui/activity/LoginActivity.java, line(s) 1413 com/htmedia/mint/ui/activity/SplashActivity.java, line(s) 562,563,260,414,415 com/htmedia/mint/ui/activity/VideoDetailActivity.java, line(s) 187,404 com/htmedia/mint/ui/fragments/CommodityDetailFragment.java, line(s) 95 com/htmedia/mint/ui/fragments/DEWidgetViewAllFragment.java, line(s) 378 com/htmedia/mint/ui/fragments/EditWatchListFragment.java, line(s) 258,259 com/htmedia/mint/ui/fragments/HomeFragment.java, line(s) 2411,3425,586,587,4207 com/htmedia/mint/ui/fragments/HomeGainerLooserWedgetFragment.java, line(s) 80,193,200,283 com/htmedia/mint/ui/fragments/HomeMarketWedgetFragment.java, line(s) 97,124,171 com/htmedia/mint/ui/fragments/HomeTabViewFragment.java, line(s) 464,475,343 com/htmedia/mint/ui/fragments/HomeWatchListWedgetFragment.java, line(s) 87,166 com/htmedia/mint/ui/fragments/MutualFundListingFragment.java, line(s) 209,214,222 com/htmedia/mint/ui/fragments/MyWatchlistListingFragment.java, line(s) 765,804 com/htmedia/mint/ui/fragments/NighModeAlertDialogFragment.java, line(s) 80 com/htmedia/mint/ui/fragments/PodcastDetailFragment.java, line(s) 94,176 com/htmedia/mint/ui/fragments/RecentlyVisitWedgetFragment.java, line(s) 115 com/htmedia/mint/ui/fragments/SearchNewsFragment.java, line(s) 232,309 com/htmedia/mint/ui/fragments/StoryDetailFragment.java, line(s) 245,574 com/htmedia/mint/ui/fragments/StoryDetailViewFragment.java, line(s) 314,3331,770,771 com/htmedia/mint/ui/fragments/TopStoriesBottomSheetFragment.java, line(s) 157 com/htmedia/mint/ui/fragments/UserInputNudgeTopicAdditionPillsBottomSheet.java, line(s) 282,283,362 com/htmedia/mint/ui/fragments/leftmenudrawer/LefMenuRevampFragment.java, line(s) 217,227 com/htmedia/mint/ui/fragments/onBoardingSplash/NotificationPrefFragment.java, line(s) 200 com/htmedia/mint/ui/fragments/onBoardingSplash/SettingsPreferencesFragment$setUpViewModel$1$1.java, line(s) 48 com/htmedia/mint/ui/fragments/onBoardingSplash/SettingsPreferencesFragment.java, line(s) 58,184 com/htmedia/mint/ui/workmanager/ConfigWorker.java, line(s) 29,39 com/htmedia/mint/ui/workmanager/HomeWorker.java, line(s) 38 com/htmedia/mint/utils/SimpleCoachmarkManager.java, line(s) 198,204,246,313,482,484 com/htmedia/mint/utils/SingleLiveData.java, line(s) 51 com/htmedia/mint/utils/e1.java, line(s) 229,270 com/htmedia/mint/utils/f0.java, line(s) 2596,3773,3776,3777,1611,4582,4587,4588,4592,4652,4657,4658,4661,4688,1344,1360,1364,1368,1370,1372,3949 com/htmedia/mint/utils/g0.java, line(s) 68,145 com/htmedia/mint/utils/h0.java, line(s) 73 com/htmedia/mint/utils/j.java, line(s) 1968,1977 com/htmedia/mint/utils/j1.java, line(s) 875,1440,1444,1448,1452,1456,1460,1464,1587 com/htmedia/mint/utils/k.java, line(s) 299,309,324,334,352,362,383,392,513,514,526,489 com/htmedia/mint/utils/k1.java, line(s) 80,257 com/htmedia/mint/utils/l0.java, line(s) 66,88 com/htmedia/mint/utils/n.java, line(s) 1397 com/htmedia/mint/utils/r1.java, line(s) 199,229,602 com/htmedia/mint/utils/u0.java, line(s) 38,42,70 com/htmedia/mint/worker/SdkInitializer.java, line(s) 29 com/htmedia/sso/GoogleOneTapLoginHelper$logout$1.java, line(s) 55,60,77,82,50 com/htmedia/sso/GoogleOneTapLoginHelper.java, line(s) 46 com/htmedia/sso/activities/LoginRegisterActivity.java, line(s) 432,258,599 com/htmedia/sso/models/EmailOrMobileModel.java, line(s) 161,163 com/htmedia/sso/network/NetworkSafetyInterceptor.java, line(s) 16 com/htmedia/sso/presenter/CIRConsentPresenter.java, line(s) 30 com/razorpay/AppSignatureHelper.java, line(s) 34,50 com/razorpay/BaseUtils.java, line(s) 967 com/razorpay/MagicXActivity$setWebViewClientForMagicX$1.java, line(s) 103 com/snowplowanalytics/snowplow/tracker/utils/Logger.java, line(s) 13,19,71 com/taboola/android/global_components/network/handlers/TBLKustoHandler.java, line(s) 29,35 com/taboola/android/h.java, line(s) 77,86 com/taboola/android/tblnative/TBLNativeUnitInternal.java, line(s) 245 com/taboola/android/tblnative/TBLRecommendationItem.java, line(s) 422 com/taboola/android/tblnative/b.java, line(s) 40,100,29,32 com/taboola/android/utils/TBLOnClickHelper.java, line(s) 89 com/taboola/android/utils/g.java, line(s) 13,22,31,44,74 com/taboola/lightnetwork/State.java, line(s) 26 com/taboola/lightnetwork/dynamic_url/DynamicRequest.java, line(s) 127,58,71,119,139 com/taboola/lightnetwork/protocols/http/CookiesTracker.java, line(s) 37,43,52,39 com/taboola/lightnetwork/protocols/http/HttpManager.java, line(s) 35,38,40,42 com/taboola/lightnetwork/protocols/http/HttpRequest.java, line(s) 82,119,177,197,66,91 com/taboola/lightnetwork/url_components/PathParam.java, line(s) 19 com/taboola/lightnetwork/url_components/UrlParameters.java, line(s) 20 com/taboola/lightnetwork/utils/SharedPrefUtil.java, line(s) 21,35,44 com/tbuonomo/viewpagerdotsindicator/DotsIndicator.java, line(s) 200 com/zoho/zsm/inapppurchase/util/Util.java, line(s) 103,96 d0/e.java, line(s) 44,50,78,88,45,79,51,91 d0/i.java, line(s) 117,101 d1/e.java, line(s) 54 d1/f.java, line(s) 153,177 d8/z0.java, line(s) 190 dc/b.java, line(s) 56 di/e.java, line(s) 499 e0/a.java, line(s) 176,173 e7/a.java, line(s) 48,67 e7/d.java, line(s) 110 e7/j.java, line(s) 64,92,93,103,104 eu/dkaratzas/android/inapp/update/InAppUpdateManager.java, line(s) 184,193 f0/c.java, line(s) 17,16 f0/d.java, line(s) 47,46 f0/f.java, line(s) 108,107 f0/s.java, line(s) 88,91 f0/t.java, line(s) 36,35 f6/a.java, line(s) 106,129,171 f6/b.java, line(s) 29,25 f6/e.java, line(s) 22,29 f6/h.java, line(s) 113,118,122 f6/i.java, line(s) 31,37,55,59,67,84 f6/m.java, line(s) 151 f8/d.java, line(s) 111,178,202,503 f8/m.java, line(s) 91,259,557 f8/n.java, line(s) 241 g1/b.java, line(s) 65,80,136,149,246,276,288 g6/f.java, line(s) 201,202 g7/a.java, line(s) 482 g7/b.java, line(s) 61 g7/c.java, line(s) 161 g7/f.java, line(s) 303,362 g7/k.java, line(s) 38,39 g7/q.java, line(s) 65,70,79 g7/s.java, line(s) 170,173,239,242 h0/h.java, line(s) 78,79 h1/a.java, line(s) 51,66,124,127,218,230,278 h3/f.java, line(s) 126 h3/m.java, line(s) 96 h4/d.java, line(s) 75 h6/c0.java, line(s) 233 h6/m.java, line(s) 81,87,140,143,113 h7/c.java, line(s) 35 h8/e.java, line(s) 268 i0/a0.java, line(s) 137,142,154,163,170,138,143,155,164,171,172,173,177 i0/d.java, line(s) 19,20 i0/e0.java, line(s) 197,204,247,196,203,244 i0/l.java, line(s) 175,182,275,285,297,309,327,337,340,343,346,349,363,368,174,181,274,284,296,308,326,336,339,342,345,348,362,367 i0/n.java, line(s) 112,130,111,129,194,256,282,195,257,354 i0/o.java, line(s) 47,53,48,54 i0/s.java, line(s) 92,125,131,137,143,149,156,162,170,126,132,138,144,150,157,163,171,93 i6/b.java, line(s) 103 i7/b.java, line(s) 30 i8/m.java, line(s) 105,238,263 in/juspay/hyper/core/JuspayLogger.java, line(s) 13,19,25,31,56 in/juspay/hypersdk/core/AndroidInterface.java, line(s) 451,458,853 j1/b.java, line(s) 182 j1/l.java, line(s) 151,162,167 j1/o.java, line(s) 155,180,185 j5/h.java, line(s) 63 k6/c.java, line(s) 42 k6/m.java, line(s) 241 k6/m1.java, line(s) 25,33 k6/o1.java, line(s) 29 k6/p.java, line(s) 205,178,190,62,124,129 k6/p0.java, line(s) 24,31 k6/v.java, line(s) 166,188,210,217,227,240,295 k6/v0.java, line(s) 43,55 k6/y0.java, line(s) 136,141,149 k7/j.java, line(s) 41,55,58,61 k7/u.java, line(s) 29,32,52 l1/g.java, line(s) 203 l1/j.java, line(s) 190 l1/k.java, line(s) 147,151,280 l2/f.java, line(s) 12 l4/i.java, line(s) 296,241,376 l7/e.java, line(s) 340,384,403,411,428 l7/h.java, line(s) 309,335,343 l7/j.java, line(s) 81,299 m0/a.java, line(s) 96,101,106,115,97,102,107,116 m0/c.java, line(s) 24,25 m0/h.java, line(s) 42,45 m4/b.java, line(s) 119 m7/g.java, line(s) 48,273 m7/r.java, line(s) 57,61,66,80,84,116,124 n4/b.java, line(s) 88 n4/e.java, line(s) 265,362 ni/e.java, line(s) 52,52,72 o0/d.java, line(s) 29,36,47,52,28,35,40,46,51,41 o1/a.java, line(s) 94 org/lsposed/hiddenapibypass/HiddenApiBypass.java, line(s) 74,313 p000/p001/up1.java, line(s) 377 p002i/p003i/pk.java, line(s) 488 p004/p005/up1.java, line(s) 380 p006i/p007i/pk.java, line(s) 491 p6/d.java, line(s) 66 q0/i.java, line(s) 141,20,283,317 q6/c.java, line(s) 205,206,217,645,646,190,283,294,573,593,599,611,621 q7/a2.java, line(s) 98 q7/a5.java, line(s) 463 q7/a8.java, line(s) 65 q7/c0.java, line(s) 55 q7/c1.java, line(s) 37 q7/d.java, line(s) 205,250 q7/d1.java, line(s) 115 q7/f1.java, line(s) 90 q7/g1.java, line(s) 86 q7/h6.java, line(s) 233 q7/j3.java, line(s) 75 q7/j5.java, line(s) 158 q7/k6.java, line(s) 106 q7/l6.java, line(s) 41 q7/p.java, line(s) 63 q7/p0.java, line(s) 81,134,189,251,305,370,397 q7/q4.java, line(s) 1009 q7/r1.java, line(s) 34 q7/s0.java, line(s) 93 q7/y4.java, line(s) 18 q7/z0.java, line(s) 121 r0/i.java, line(s) 67,108,109,68 s3/c.java, line(s) 114 s4/f.java, line(s) 517,252,307 s4/q.java, line(s) 424 s5/b.java, line(s) 57,76 s8/c.java, line(s) 49,77,172,199,293,317,522,549,638 t0/b.java, line(s) 23 t7/e.java, line(s) 379 t7/l.java, line(s) 208 t7/u.java, line(s) 50,53,54,337,425 u/c.java, line(s) 20,41,35 u2/d.java, line(s) 37,55,73,91,109,127 u4/h.java, line(s) 80,120 u7/q.java, line(s) 1712,1717,1723,2787,2810,2824,3964,3965,1087,1093,1099,1105,2789,2812,2826 v0/a.java, line(s) 66,67 v4/b.java, line(s) 486,733,163,238,306,383 v5/m.java, line(s) 134,217,269,316,333,383 v5/t.java, line(s) 497,554 v5/y.java, line(s) 469 v7/d.java, line(s) 51 va/f.java, line(s) 47,50,59,55 ve/b.java, line(s) 158,161,164,200,275 w5/f.java, line(s) 28 w7/h.java, line(s) 19,22 w7/i.java, line(s) 58 x/a.java, line(s) 319 x3/b.java, line(s) 94 x5/b.java, line(s) 176 x5/f.java, line(s) 129 x5/l.java, line(s) 261 x5/s.java, line(s) 439 y/d.java, line(s) 79,107,78,106 y/e.java, line(s) 541,562,580,540,561,579 y0/e.java, line(s) 22 y5/o.java, line(s) 106,204,215,217,223 y7/p.java, line(s) 397,478,514 y7/r4.java, line(s) 437 y7/w0.java, line(s) 2103 z7/d.java, line(s) 330,120 z7/h.java, line(s) 186 z7/t.java, line(s) 286,172,627 z7/w.java, line(s) 322
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: c8/k0.java, line(s) 4,38,43 com/htmedia/mint/ui/activity/SubscriptionOffersActivity.java, line(s) 4,50,61 com/razorpay/RzpAssist.java, line(s) 5,138 q7/p0.java, line(s) 4,176,293 r5/n.java, line(s) 5,89,114 t7/e.java, line(s) 4,137,536,138,537 t7/n.java, line(s) 4,133,134 yb/c.java, line(s) 11,955,956
安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: in/juspay/hypersdk/core/ClipboardListener.java, line(s) 16,5
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: lf/h.java, line(s) 121,121 p1/b.java, line(s) 90,90 qb/f.java, line(s) 229,258,229,258 sf/q.java, line(s) 21,21 z0/c0.java, line(s) 16,16
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://driven-slice-778.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/comscore/android/CommonUtils.java, line(s) 37,42,190 com/comscore/android/util/jni/AndroidJniHelper.java, line(s) 259 in/juspay/hypersdk/data/SessionInfo.java, line(s) 125,129
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/htmedia/mint/marketRevamp/graphqlNetwork/GraphQLRetrofitClient.java, line(s) 55,55 com/htmedia/sso/network/ApiClient.java, line(s) 36,44,52,36,44,52 com/snowplowanalytics/snowplow/tracker/emitter/TLSArguments.java, line(s) 28,27,26,26 in/juspay/hypersdk/security/HyperSSLSocketFactory.java, line(s) 66,65,67,64,64 mi/c.java, line(s) 113,112,111 mi/d.java, line(s) 132,122,131,144,130,130 mi/i.java, line(s) 115,114,113,113 mi/j.java, line(s) 233,221,232,231,231 of/c.java, line(s) 15,15 sf/h.java, line(s) 103,107,103,107 xf/o.java, line(s) 238,327 y7/d2.java, line(s) 1201,1201 y7/w0.java, line(s) 1815,1816,1392
综合安全基线评分总结
Mint v5.7.3
Android APK
39
综合安全评分
高风险