应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Chief Almighty v2.5.74
48
安全评分
安全基线评分
48/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
2
高危
23
中危
4
信息
1
安全
隐私风险评估
4
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
2
中危安全漏洞
23
安全提示信息
4
已通过安全项
1
重点安全关注
0
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/xyd/platform/android/chat/ChatWebView.java, line(s) 260,18,19 com/xyd/platform/android/webPay/WebPayActivity.java, line(s) 252,18,19
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/xyd/platform/android/forum/GameForumActivity.java, line(s) 565,23,24 com/xyd/platform/android/forum/GameForumActivityNew.java, line(s) 459,28,29
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据存在泄露风险
未设置[android:allowBackup]标志 建议将 [android:allowBackup] 显式设置为 false。默认值为 true,允许通过 adb 工具备份应用数据,存在数据泄露风险。
中危安全漏洞 Broadcast Receiver (com.appsflyer.MultipleInstallBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.facebook.FacebookContentProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.INSTALL_PACKAGES [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.facebook.CampaignTrackingReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.INSTALL_PACKAGES [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/xyd/platform/android/autoupdate/AutoUpdater.java, line(s) 94 com/xyd/platform/android/chat/ChatWebView.java, line(s) 58,61,376,58,375 com/xyd/platform/android/config/XinydAttributeLanguage.java, line(s) 29 com/xyd/platform/android/config/XinydConfig.java, line(s) 418 com/xyd/platform/android/config/XinydDeviceID.java, line(s) 138 com/xyd/platform/android/headicon/CirclePhotoClipWindow.java, line(s) 96 com/xyd/platform/android/headicon/LocalPictureHelper.java, line(s) 108,176,238,244,344,465,175,439,464 com/xyd/platform/android/headicon/PhotoClipWindow.java, line(s) 76 com/xyd/platform/android/headicon/PhotoClipWindowNew.java, line(s) 363 com/xyd/platform/android/log/SDKLog.java, line(s) 118 com/xyd/platform/android/pay/horizontal/widget/HorizontalCombinedCreditCardView.java, line(s) 234 com/xyd/platform/android/pay/utils/PayUtils.java, line(s) 30,101,105,100 com/xyd/platform/android/ping/PingUtils.java, line(s) 157 com/xyd/platform/android/uploadImgToGM/GameChatImageWindow.java, line(s) 223 com/xyd/platform/android/utils/ImageCompressorUtils.java, line(s) 240 com/xyd/platform/android/utils/SystemInfoUtils.java, line(s) 26,118 com/xyd/platform/android/utils/XinydFileUtils.java, line(s) 93,124,103,103 z0/C1889X.java, line(s) 1047,1053,1226
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/google/android/recaptcha/internal/zzbh.java, line(s) 35,34 com/xyd/platform/android/chat/ChatWebView.java, line(s) 261,246 com/xyd/platform/android/forum/GameForumActivity.java, line(s) 557,315 com/xyd/platform/android/webPay/WebPayActivity.java, line(s) 313,246
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/xyd/platform/android/chat/ChatWebView.java, line(s) 252,246 com/xyd/platform/android/forum/GameForumActivity.java, line(s) 320,315 com/xyd/platform/android/pay/widget/WebPayView.java, line(s) 139,132 com/xyd/platform/android/webPay/WebPayActivity.java, line(s) 251,246 i3/d.java, line(s) 41,36
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: F3/AbstractC1359a.java, line(s) 3 F3/C1360b.java, line(s) 4 G3/C1376a.java, line(s) 5 i0/C1430s.java, line(s) 3 z0/C1889X.java, line(s) 59
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: S2/C1801b.java, line(s) 56 i0/a.java, line(s) 23 w3/b.java, line(s) 174
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: S2/C1802c.java, line(s) 84 X/b.java, line(s) 125
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: a1/M.java, line(s) 9,10,260,295,312,321,369,478,493,701 a1/U.java, line(s) 5,6,136 com/google/android/recaptcha/internal/zzq.java, line(s) 7,8,38 com/xyd/platform/android/database/XinydSQLOpenHelper.java, line(s) 5,6,25,26,27,28,29,30,31,33,34,35,42,48,54
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: B1/C0246k.java, line(s) 122 L0/g.java, line(s) 98 com/xyd/platform/android/XinydAFTracking.java, line(s) 11 com/xyd/platform/android/config/XinydEncrypt.java, line(s) 4 com/xyd/platform/android/login/XinydThirdPartyUtils.java, line(s) 536,536 com/xyd/platform/android/provider/SharedPreferencesProvider.java, line(s) 16 com/yottagames/stoneage/MainActivity.java, line(s) 55
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: J0/C1458d.java, line(s) 50 R0/C1774l.java, line(s) 142 com/xyd/platform/android/utils/XinydUtils.java, line(s) 544
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/251912502646/namespaces/firebase:fetch?key=AIzaSyCZ3zhJ4tv_o0sgaEe03NIiS6PFJcR41P0 ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"ca_android_will_purchase": "",
"ca_ios_will_in_app_purchase": ""
},
"state": "UPDATE",
"templateVersion": "12"
}
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个4隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.google.android.gms.games.APP_ID" : "@7F0E0023" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" "app_id" : "1291203008" "facebook_app_id" : "493181124384726" "facebook_client_token" : "4fcbde5a4d0890ccd7bea02afe47fce4" "firebase_database_url" : "https://stone-age-183806.firebaseio.com" "google_api_key" : "AIzaSyCZ3zhJ4tv_o0sgaEe03NIiS6PFJcR41P0" "google_app_id" : "1:251912502646:android:e9aea75168e4454a" "google_crash_reporting_api_key" : "AIzaSyCZ3zhJ4tv_o0sgaEe03NIiS6PFJcR41P0" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Contrasenya" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Adgangskode" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Passord" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Passwort" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Wagwoord" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Wagwoordsleutel" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Salasana" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Avainkoodi" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Heslo" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Contrasinal" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Wachtwoord" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Toegangssleutel" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Klucz" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Geslo" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Sandi" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Zaporka" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Lozinka" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Lozinka" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Heslo" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Parool" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Senha" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Pasahitza" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Sarbide-gakoa" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Iphasiwedi" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Parole" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Nyckel" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Nenosiri" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Parol" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Parol" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Kod" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Senha" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Palavra-passe" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" 45c5d3542b2f66025dfb1b016b82cca3 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 9b8f518b086098de3d77736f9458a3d2f6f95a37 cc2751449a350f668590264ed76692694a80308a df6b721c8b4d3b6eb44c861d4415007e5a35fc95 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 c56fb7d591ba6704df047fd98f535372fea00211 a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 5a34016b251bbdfb2f66582c5c42c0d3
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: A/e.java, line(s) 139 B/C0227o.java, line(s) 78 B/G.java, line(s) 68,74 B1/r.java, line(s) 223 F1/C1357a.java, line(s) 23,37,46,56 J0/C1454G.java, line(s) 154,173 J0/C1457c.java, line(s) 24 J0/C1460f.java, line(s) 74 J0/C1467m.java, line(s) 225 J0/C1472r.java, line(s) 526 J0/D.java, line(s) 327 J0/E.java, line(s) 187 J0/y.java, line(s) 243 K/b.java, line(s) 497 K/k.java, line(s) 365 K1/g.java, line(s) 37 M0/C1515l.java, line(s) 147,157,165,250,299,310,331,353 M1/AbstractC1517A.java, line(s) 29,36,28,35 M1/AbstractC1526b.java, line(s) 37,50,136,139 M1/C1520D.java, line(s) 50,49 M1/C1521E.java, line(s) 26 M1/C1527c.java, line(s) 90,103,124,172,187,290,89,102,123,171,186,289,120,140,152,199,240 M1/C1535k.java, line(s) 16,13,13 M1/C1549y.java, line(s) 23 M1/ServiceConnectionC1548x.java, line(s) 36,76,139,35,75,89,138,183,210,235,262,90,184,211,236,263,43,173 N0/C1610e.java, line(s) 53 N0/C1611f.java, line(s) 114,138 P0/C1657a.java, line(s) 180 P1/C1664E.java, line(s) 238,325 P1/C1670e.java, line(s) 320,416 P1/H.java, line(s) 37 P1/I.java, line(s) 46 P1/X.java, line(s) 49 P1/a.java, line(s) 126,195,207,277,220,292 P1/b0.java, line(s) 22,31 Q1/AbstractC1732c.java, line(s) 199,218,386,392,396,402 Q1/AbstractDialogInterfaceOnClickListenerC1709E.java, line(s) 28 Q1/BinderC1730a.java, line(s) 18 Q1/C1706B.java, line(s) 94,97,100,103,106,109,117,120,123,126,159,167 Q1/C1729Z.java, line(s) 35 Q1/d0.java, line(s) 91 Q1/e0.java, line(s) 28 Q1/f0.java, line(s) 36 Q1/h0.java, line(s) 37,53 Q1/p0.java, line(s) 43 R0/C1768f.java, line(s) 191 R0/C1771i.java, line(s) 99,116 R0/C1774l.java, line(s) 88,120 S/a.java, line(s) 32 S2/C1801b.java, line(s) 60,77 T0/k.java, line(s) 37,66,73,76,89,92,95,98,101 T1/C1810a.java, line(s) 45,50,37 T1/H.java, line(s) 31,22,38,45,30,37,44,51,52,58,59 T2/C1813c.java, line(s) 92,95,117,125,126,146,148 U0/C1818a.java, line(s) 89 U1/C1820b.java, line(s) 58,69 V/c.java, line(s) 86 V/e.java, line(s) 53,84 W/a.java, line(s) 180,185,192,196,212,222 W0/a.java, line(s) 15,22,29,14,21,28,42,43,49,50 X/a.java, line(s) 187,223,267,269,63,70,72,78,209,211,217,220,256,36,66,74,81,93,101,112,176,190 X/b.java, line(s) 57,68,70,106,108,126,142,185,227,249,299,311,315,317,322,102,110,119,237,253,268,307 Y/c.java, line(s) 21 b2/e.java, line(s) 266,201,205,218 bitter/jnibridge/a.java, line(s) 37 com/facebook/FacebookContentProvider.java, line(s) 106 com/facebook/internal/FacebookInitProvider.java, line(s) 56 com/google/androidgamesdk/SwappyDisplayManager.java, line(s) 30 com/google/androidgamesdk/b.java, line(s) 16,20 com/google/androidgamesdk/d.java, line(s) 25,32 com/xyd/platform/android/UnityCallBack.java, line(s) 22,49,69,81,102,115,133,146,161,244,256,269,281,293,311 com/xyd/platform/android/UnityInterface.java, line(s) 429,442,466,481,497,555,560,567,594,599,606,830,835,842,97,123,131,196,352,361,369,544,677,686,721,817,858,880,893,902 com/xyd/platform/android/Xinyd.java, line(s) 311,446,632 com/xyd/platform/android/XinydAdjust.java, line(s) 186,178,265 com/xyd/platform/android/antispam/XinydAntiSpam.java, line(s) 156 com/xyd/platform/android/apm/XydApmLog.java, line(s) 24,31,33,44,51,53 com/xyd/platform/android/autoupdate/DownloadTask.java, line(s) 72,100 com/xyd/platform/android/autoupdate/NotificationView.java, line(s) 77 com/xyd/platform/android/config/CommonResult.java, line(s) 33 com/xyd/platform/android/config/XinydConfig.java, line(s) 394,402,327 com/xyd/platform/android/config/XinydNetwork.java, line(s) 209,656 com/xyd/platform/android/emulator/checker/EmulatorCheckService.java, line(s) 23,25 com/xyd/platform/android/experiment/XinydExperiment.java, line(s) 21,34,38,42,60,98,131,161,199 com/xyd/platform/android/facebook/FacebookHelper.java, line(s) 103,221,490,600,621,678,719,725,736 com/xyd/platform/android/google/utils/BillingHelper.java, line(s) 173,178,250,410,415,421,428 com/xyd/platform/android/google/utils/GoogleBillingPayHelper.java, line(s) 203,301,308,318,330 com/xyd/platform/android/google/utils/GooglePlayGamesHelper.java, line(s) 46,97,130 com/xyd/platform/android/google/utils/GooglePlayGamesHelperNew.java, line(s) 99,104,111,113,123,125,127,132,137,142,146,53,105,167,200 com/xyd/platform/android/google/utils/GooglePlayReview.java, line(s) 27,30,49 com/xyd/platform/android/google/utils/XinydGooglePay.java, line(s) 83 com/xyd/platform/android/google/utils/old/BillingHelperOld.java, line(s) 227 com/xyd/platform/android/google/utils/old/GoogleBillingPayHelperOld.java, line(s) 208,289,299,311 com/xyd/platform/android/headicon/CircleCropView.java, line(s) 457 com/xyd/platform/android/headicon/CirclePhotoClipWindow.java, line(s) 104,153 com/xyd/platform/android/headicon/LocalPictureHelper.java, line(s) 352,394,52,151,193,338,483 com/xyd/platform/android/headicon/MyCropView.java, line(s) 484 com/xyd/platform/android/headicon/PhotoClipWindow.java, line(s) 84,133 com/xyd/platform/android/headicon/PhotoClipWindowNew.java, line(s) 371,420 com/xyd/platform/android/helpcenter/GameHelpCenterActivity.java, line(s) 267 com/xyd/platform/android/helper/DocumentObjectFragment.java, line(s) 64 com/xyd/platform/android/helper/HelperNetworkUtils.java, line(s) 30 com/xyd/platform/android/log/CrashHandler.java, line(s) 72,81 com/xyd/platform/android/log/SDKErrorData.java, line(s) 84 com/xyd/platform/android/log/SdkReport.java, line(s) 30 com/xyd/platform/android/login/ViewManager.java, line(s) 2105,2288 com/xyd/platform/android/login/XinydLogin.java, line(s) 218,350 com/xyd/platform/android/login/XinydShareUtils.java, line(s) 77 com/xyd/platform/android/login/XinydThirdPartyUtils.java, line(s) 212,443,490,541 com/xyd/platform/android/login/YottaWSUtils.java, line(s) 20 com/xyd/platform/android/notification/XinydNotification.java, line(s) 88,93,116,149,150,151,337,340,391,418,63,333 com/xyd/platform/android/pay/utils/PayGroupUtils.java, line(s) 278,341 com/xyd/platform/android/pay/vertical/widget/PaypalBankWindow.java, line(s) 217 com/xyd/platform/android/ping/PingUtils.java, line(s) 60 com/xyd/platform/android/privacy/PrivacyNetworkUtils.java, line(s) 45,59,72 com/xyd/platform/android/privacy/PrivacyPolicyDialog.java, line(s) 157,176 com/xyd/platform/android/provider/PreferenceProviderHelper.java, line(s) 66,68,70,25,46,74,103,139,171,203,234,237,254,282,303,315,327,339,351,360,385 com/xyd/platform/android/provider/SharedPreferencesProvider.java, line(s) 60,75,130,203 com/xyd/platform/android/track/BigDataTrack.java, line(s) 240,276,292,301,329,359,383,438,479,505,584,612,648,665,711,757 com/xyd/platform/android/utils/IconChangeUtils.java, line(s) 56 com/xyd/platform/android/utils/KeyboardHeightUtils.java, line(s) 70 com/xyd/platform/android/utils/RecaptchaUtils.java, line(s) 89,119,123,143 com/xyd/platform/android/utils/SystemInfoUtils.java, line(s) 48,66 com/xyd/platform/android/utils/XinydPictureUtils.java, line(s) 67,139,145,193,259,266 com/xyd/platform/android/utils/XinydToastUtil.java, line(s) 49 com/xyd/platform/android/utils/XinydUtils.java, line(s) 494,501,503,514,521,523,299 com/yottagames/stoneage/CustomInputConnection.java, line(s) 32,40,45,50,56,62,68,74,81,89,105,111,119,126,132,138,149,155,161,167,173,179,185,191,200,206,212,214,224,229,234,239,244,250,259,266,274 com/yottagames/stoneage/MainActivity.java, line(s) 355,370,374,378,401,439,457,472,487,502,522,539,567,582,595,613,637,641,656,662,680,695,699,703,773,786,820,857,860,876,891,894,909,937,942,958,1196,1209,1219,1232,1247,1257,1271,1285,1355,1370,1390,1420,1438,1453,1476,1536,1553,1567,1581,1725,1740,1760,1775,1807,72,91,127,146,182,201,237,256,289,310,339,525,542,570,585,600,741,754,835,1358,1373,1382,1513,1614,1630,1645,1660,1676,1788,1793,1818,1823,1844,1081,1083,1087,1129,1131,1172,1175,1177,1505,1836 com/yottagames/stoneage/UnityPlayerWrapper.java, line(s) 58,86,97,103,117,132,137 d0/c.java, line(s) 104 e2/g.java, line(s) 31,38,41,50,88 e2/o.java, line(s) 64 f0/C1355b.java, line(s) 31 i/b.java, line(s) 353,382 i0/J.java, line(s) 1184 i0/O.java, line(s) 54,182 i0/T.java, line(s) 57,64 i0/c.java, line(s) 95 i0/d0.java, line(s) 285,389,392,397 j/MenuItemC1446c.java, line(s) 269 j/a.java, line(s) 270 l/a.java, line(s) 357,417 n1/C1614C.java, line(s) 58,61,39 n1/C1618G.java, line(s) 54,56,50 n1/j.java, line(s) 44,128 n1/t.java, line(s) 45 n1/x.java, line(s) 71,89,93,119,123,54 net/agasper/unitynotification/UnityNotificationManager.java, line(s) 46,68,75,135,136,137,138,139,140,141,147,229 o1/a.java, line(s) 83,87 org/fmod/FMODAudioDevice.java, line(s) 75 org/fmod/a.java, line(s) 84 r/c.java, line(s) 102,123,117 z0/AbstractC1900k.java, line(s) 157,117 z0/C1868B.java, line(s) 157 z0/C1876J.java, line(s) 126 z0/C1878L.java, line(s) 92 z0/C1889X.java, line(s) 601,621,646 z0/Y.java, line(s) 121,136
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: J0/D.java, line(s) 152,152 P0/j.java, line(s) 104,104 V0/C1827b.java, line(s) 92,92 i0/C1414b.java, line(s) 128,128 i0/C1422j.java, line(s) 40,40 i0/Q.java, line(s) 80,80 i0/U.java, line(s) 24,24 i0/d0.java, line(s) 207,207
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: jp/ne/donuts/uniclipboard/Clipboard.java, line(s) 6,26
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://stone-age-183806.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: T1/C0401j.java, line(s) 32 com/xyd/platform/android/antispam/XinydAntiSpam.java, line(s) 65,53,53,53,53,53,53
综合安全基线评分总结
Chief Almighty v2.5.74
Android APK
48
综合安全评分
中风险