应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Xuper v4.34.3
35
安全评分
安全基线评分
35/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在较高安全风险,需要重点关注
漏洞与安全项分布
13
高危
14
中危
2
信息
3
安全
隐私风险评估
5
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
13
中危安全漏洞
14
安全提示信息
2
已通过安全项
3
重点安全关注
0
高危安全漏洞 Activity (com.interactive.brasiliptv.ui.activity.WelcomeActivity) 的启动模式非 standard
Activity 启动模式设置为 "singleTask" 或 "singleInstance" 时,可能成为根 Activity,导致其他应用可读取调用 Intent 内容。涉及敏感信息时应使用 "standard" 启动模式。
高危安全漏洞 Activity (com.vod.ui.activity.TopicMoreActivity) 的启动模式非 standard
Activity 启动模式设置为 "singleTask" 或 "singleInstance" 时,可能成为根 Activity,导致其他应用可读取调用 Intent 内容。涉及敏感信息时应使用 "standard" 启动模式。
高危安全漏洞 Activity (com.download.activity.LocalPlayActivity) 的启动模式非 standard
Activity 启动模式设置为 "singleTask" 或 "singleInstance" 时,可能成为根 Activity,导致其他应用可读取调用 Intent 内容。涉及敏感信息时应使用 "standard" 启动模式。
高危安全漏洞 Activity (com.live.ui.activity.LiveVoiceSearchActivity) 的启动模式非 standard
Activity 启动模式设置为 "singleTask" 或 "singleInstance" 时,可能成为根 Activity,导致其他应用可读取调用 Intent 内容。涉及敏感信息时应使用 "standard" 启动模式。
高危安全漏洞 Activity (com.live.ui.activity.LiveNewVoiceSearchActivity) 的启动模式非 standard
Activity 启动模式设置为 "singleTask" 或 "singleInstance" 时,可能成为根 Activity,导致其他应用可读取调用 Intent 内容。涉及敏感信息时应使用 "standard" 启动模式。
高危安全漏洞 Activity (com.login.ui.activity.ForcePasswordChangeActivity) 的启动模式非 standard
Activity 启动模式设置为 "singleTask" 或 "singleInstance" 时,可能成为根 Activity,导致其他应用可读取调用 Intent 内容。涉及敏感信息时应使用 "standard" 启动模式。
高危安全漏洞 Activity (com.umeng.message.notify.UPushMessageNotifyActivity) 的启动模式非 standard
Activity 启动模式设置为 "singleTask" 或 "singleInstance" 时,可能成为根 Activity,导致其他应用可读取调用 Intent 内容。涉及敏感信息时应使用 "standard" 启动模式。
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: ab/a.java, line(s) 15 e3/a.java, line(s) 32,57
高危安全漏洞 使用弱加密算法
使用弱加密算法 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: e3/d.java, line(s) 17 gc/i.java, line(s) 30 jc/b.java, line(s) 20,27 x9/b.java, line(s) 14
高危安全漏洞 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: m2/a.java, line(s) 24
高危安全漏洞 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: org/xutils/x$Ext.java, line(s) 32,4,5
高危安全漏洞 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: org/xutils/BuildConfig.java, line(s) 3,5
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个5隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.umeng.message.notify.UPushMessageNotifyActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity-Alias (com.umeng.message.UMessageNotifyActivity) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: ab/k.java, line(s) 34,47 com/lzy/okgo/convert/FileConvert.java, line(s) 48,56 i3/e.java, line(s) 143 l9/m.java, line(s) 63,66,68 m2/g.java, line(s) 389 org/xutils/common/util/FileUtil.java, line(s) 74,93 p/g.java, line(s) 193 p9/f.java, line(s) 39,42,44,76,77,78 r9/a.java, line(s) 87 x9/c.java, line(s) 115,118,131,139 xd/q0.java, line(s) 528,536,538,889,897,899 z8/p.java, line(s) 379,382,384
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: a8/a.java, line(s) 5,6,18,19 com/bigbee/db/DbOperations.java, line(s) 3,61 com/ixuea/android/downloader/db/DefaultDownloadDBController.java, line(s) 8,90,111,116 com/lzy/okgo/db/DBUtils.java, line(s) 4,16,45,73 com/raizlabs/android/dbflow/sql/language/BaseQueriable.java, line(s) 3,123 com/raizlabs/android/dbflow/structure/database/AndroidDatabase.java, line(s) 5,63,64 com/raizlabs/android/dbflow/structure/database/BaseDatabaseHelper.java, line(s) 3,54,61,126,143 d4/m0.java, line(s) 6,7,258,293,310,319,358,471,486,702 d4/t0.java, line(s) 5,6,136 h3/b.java, line(s) 5,6,40,41,42,43,54,57,60,63 org/xutils/db/DbManagerImpl.java, line(s) 4,5,204,456 t0/a.java, line(s) 6,175 t0/b.java, line(s) 5,6,39,78
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: bc/d.java, line(s) 263 com/ijiami/residconfusion/ConfusionUtils.java, line(s) 267 e3/f.java, line(s) 16 m2/i.java, line(s) 11,53 org/xutils/common/util/MD5.java, line(s) 21,74 p0/h.java, line(s) 31,49 x9/e.java, line(s) 30,49
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/lzy/okgo/cache/CacheEntity.java, line(s) 13,85 com/lzy/okgo/exception/CacheException.java, line(s) 15,11 com/request/bean/AutoLoginBean.java, line(s) 167 com/request/bean/CheckVerifiCodeBean.java, line(s) 176 com/request/bean/EmailResetPwdBean.java, line(s) 158 com/request/bean/LoginBean.java, line(s) 231 com/request/bean/ModifyOttAccountBean.java, line(s) 175 com/request/bean/PasswordCheckBean.java, line(s) 94 com/request/bean/PasswordSetBean.java, line(s) 94 com/request/bean/UnbindBean.java, line(s) 137 com/request/bean/UpdatePwdBean.java, line(s) 114 com/request/bean/UserFeedBackBean.java, line(s) 249 com/request/result/AuthInfoList.java, line(s) 222 com/request/result/ExchangeResultData.java, line(s) 223 com/request/result/FilterInfo.java, line(s) 76 com/request/result/UnBindEmailData.java, line(s) 71 com/titan/ranger/bean/Env.java, line(s) 166 com/titans/entity/RangerBean.java, line(s) 217 e6/d.java, line(s) 80 l1/g.java, line(s) 79 lb/b.java, line(s) 20 n1/d.java, line(s) 37 n1/p.java, line(s) 95 n1/x.java, line(s) 84 org/android/spdy/SpdyProtocol.java, line(s) 43 org/xutils/common/util/KeyValue.java, line(s) 46 w2/e.java, line(s) 30
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: org/repackage/a/a/a/a/c.java, line(s) 54 x6/b.java, line(s) 54
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/bytedance/boost_multidex/DexInstallProcessor.java, line(s) 13 org/android/spdy/SpdyBytePool.java, line(s) 3 re/a.java, line(s) 3 re/b.java, line(s) 3 se/b.java, line(s) 3 u0/d.java, line(s) 8 u0/e.java, line(s) 9
中危安全漏洞 IP地址泄露
IP地址泄露 Files: cc/b.java, line(s) 108,108,108,108,108 de/a.java, line(s) 261 m2/j.java, line(s) 71 org/android/spdy/SpdyRequest.java, line(s) 26,161,180,203,228,248,274,293,316,341
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/bytedance/boost_multidex/Utility.java, line(s) 333,385 x6/c.java, line(s) 81
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/mine/ui/activity/EventCenterActivity.java, line(s) 197,195
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "PORTAL_KEY" : "346f53476b586674612b4b66324e497a6f726863434832554f6c37597433615275667a582f6e556b634f4b3538304f2b3748567573673d3d" "ad_key_down_to_close" : "Cerrar" "personal_password_modify" : "Trocar" "personal_password_set" : "Configurado" "pwd_confim" : "Confirmar" "pwd_cancel" : "Cancel" "personal_password_set" : "Configurar" "match_stat_possession" : "Posse" "account_input_password" : "Password : " "google_api_key" : "AIzaSyAprDzTtpk_2QVBQv4tyelQ0vrI9SRDDF8" "google_crash_reporting_api_key" : "AIzaSyAprDzTtpk_2QVBQv4tyelQ0vrI9SRDDF8" "personal_password_set" : "Configure" "pwd_confim" : "Confirm" "account_input_password" : "Senha : " "personal_password_modify" : "Modificar" "google_app_id" : "1:648568768538:android:102c69c1f8d590a1f729a3" "match_stat_possession" : "Possession" "account_input_password" : "Clave : " "personal_password" : "Password : " "pwd_cancel" : "Cancelar" "adult_password" : " Definir palavra-passe" "personal_password_modify" : "Modify" "personal_password" : "Senha : " 2b494e53756c774c2f44465245733572 2b494e53756c664c2f44465245733572 NxZZ7EYgaJiJSBHjnq7sDxYvYRm32tPQ 470fa2b4ae81cd56ecbcda9735803434cec591fa 4b4d354a69546a7636736d2f73776a2b705834316d3874536576774470327448 966c1ba6e09b4d96-8617e8c0a0a21587 b700bce0-91c7-47df-a593-747ae941bf34 68b902f7e563686f429a394b 60a1837b1058c29f53efc9e131430202 7FEADE8C72A441FAB5718DC55E746CD7 dd45ef250ae7be5280570621765ac3ff
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a0/h0.java, line(s) 128 a2/d.java, line(s) 33,51,56,61,40,32,39,44,50,55,60,45 ab/v.java, line(s) 58,84 af/g.java, line(s) 25,30 antlr/ASTFactory.java, line(s) 104 antlr/CSharpCodeGenerator.java, line(s) 946,1202 antlr/CharScanner.java, line(s) 171,176,281 antlr/CppCodeGenerator.java, line(s) 1476 antlr/DumpASTVisitor.java, line(s) 11,22,24,32 antlr/JavaCodeGenerator.java, line(s) 671,920 antlr/LLkAnalyzer.java, line(s) 400,466,474 antlr/LLkParser.java, line(s) 23,42 antlr/Parser.java, line(s) 29,183,256 antlr/Tool.java, line(s) 40,41,42,43,44,45,46,47,48,49,50,51,55,80,81,311,458 antlr/TreeParser.java, line(s) 17,50,89 antlr/build/Tool.java, line(s) 26,133,137 antlr/collections/impl/Vector.java, line(s) 33 antlr/debug/InputBufferReporter.java, line(s) 9,14,19,24,29 antlr/debug/LLkDebuggingParser.java, line(s) 258,288 antlr/debug/misc/ASTFrame.java, line(s) 37 antlr/debug/misc/JTreeASTModel.java, line(s) 84 antlr/preprocessor/Tool.java, line(s) 33 b1/h.java, line(s) 434 bd/e.java, line(s) 1895 bd/h$c.java, line(s) 33,34 bd/h$m.java, line(s) 37,38 c2/j.java, line(s) 114,16,242,274 c6/m.java, line(s) 177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195 cc/b.java, line(s) 170 cd/c.java, line(s) 50,72 ce/d.java, line(s) 10 com/adimage/view/TraceAdImageView.java, line(s) 19 com/bytedance/boost_multidex/Monitor.java, line(s) 62,70,96,74,78,100 com/bytedance/boost_multidex/Result.java, line(s) 33 com/core/sysopt/mark/TraceRecycledImageView.java, line(s) 19 com/core/sysopt/mark/vod/detail/VodDetailRootView.java, line(s) 15 com/core/sysopt/mark/welcome/WelcomeRootView.java, line(s) 19 com/download/activity/LocalPlayActivity.java, line(s) 197 com/live/view/g.java, line(s) 97 com/live/view/j.java, line(s) 99 com/lzy/okgo/utils/OkLogger.java, line(s) 42,53,59,65,71 com/module/utils/glide/MyOkHttpGlideModule.java, line(s) 52 com/module/view/FixGifImageView.java, line(s) 170 com/module/view/MyWebView.java, line(s) 52,61 com/open/leanback/widget/GridLayoutManager.java, line(s) 669,1302 com/raizlabs/android/dbflow/config/FlowLog.java, line(s) 19,37,25,13,31,43 com/titan/ranger/NativeJni.java, line(s) 352 com/titan/thumbnail/ThumbnailRequest.java, line(s) 122 com/uyumao/c.java, line(s) 26,22 com/uyumao/d.java, line(s) 309,311 com/uyumao/e.java, line(s) 225,273,566 d2/d.java, line(s) 54,95,96,55 d2/k.java, line(s) 56,97,98,57 dd/c.java, line(s) 126 e/b.java, line(s) 101 e0/c.java, line(s) 418 e1/c.java, line(s) 32 e3/c.java, line(s) 32 ed/k$a.java, line(s) 91,103,118,129,142,153,164,176,187,199 ed/k$b.java, line(s) 21,32,116 ef/b.java, line(s) 13 f5/a.java, line(s) 67,71 g/g.java, line(s) 155,188,269 g0/a.java, line(s) 30 g5/a.java, line(s) 122,188,194,263,210,277 h/c.java, line(s) 271 h1/b.java, line(s) 15 h2/a.java, line(s) 72,73 h4/a.java, line(s) 117,157 h4/d.java, line(s) 23,41,50,60 h9/a.java, line(s) 74,76,80,91,94 hd/b.java, line(s) 193 hd/c.java, line(s) 81,107,135,159,164,168,171,178,182,185,191,194,196 hd/e.java, line(s) 94,599 i0/b.java, line(s) 30 i1/b.java, line(s) 281 i5/c.java, line(s) 52 j0/o0.java, line(s) 33,66 j1/d.java, line(s) 78,105,77,104 j1/e.java, line(s) 598,619,637,597,618,636 j2/c.java, line(s) 21,27,33,16 j4/b.java, line(s) 63,76,52 j4/d.java, line(s) 85,98,123,175,190,264,83,97,122,170,189,259,119,135,147,202,238 j4/h.java, line(s) 15,12,12 j4/r.java, line(s) 39,78,138,35,76,91,133,182,206,231,262,92,183,207,232,263,47,173 j4/s.java, line(s) 25 j4/u.java, line(s) 35,49,27,41 j4/x.java, line(s) 47,42 j4/y.java, line(s) 50,33,70 jb/e.java, line(s) 228,263,308,261 k/a.java, line(s) 135,139 k1/a.java, line(s) 86,85 k4/c0.java, line(s) 39 k4/g0.java, line(s) 66,84,88,114,118,50 k4/i.java, line(s) 112,157,164 k4/l0.java, line(s) 53,56,34 k4/q.java, line(s) 30,59 k4/q0.java, line(s) 53,55,49 k4/r.java, line(s) 39,113 k4/t.java, line(s) 24 l0/b.java, line(s) 67 lb/b.java, line(s) 31 lb/c.java, line(s) 72 lb/f$c.java, line(s) 18,26 m0/b.java, line(s) 91,162,187,242,282,110,127,128,218,223,224,247,248 m1/c.java, line(s) 107,106 m1/e.java, line(s) 63,62 m4/v.java, line(s) 47 me/jessyan/autosize/AutoSize.java, line(s) 107 me/jessyan/autosize/AutoSizeConfig.java, line(s) 321,334,347,243 me/jessyan/autosize/DefaultAutoAdaptStrategy.java, line(s) 21,31,34,15,28 me/jessyan/autosize/utils/AutoSizeLog.java, line(s) 15,21,35 n1/h.java, line(s) 618,303,318,617,410 n1/i.java, line(s) 51,52 n1/k.java, line(s) 14,199 n1/q.java, line(s) 107 n1/z.java, line(s) 76,118,66,75,117,67 n4/a.java, line(s) 18 n4/b0.java, line(s) 26 n4/c.java, line(s) 186,204,393,397,401,407 n4/d1.java, line(s) 53,58 n4/h1.java, line(s) 39 n4/q0.java, line(s) 34 n4/t0.java, line(s) 90 n4/u0.java, line(s) 27 n4/v0.java, line(s) 27 n4/x0.java, line(s) 36,52 n4/y.java, line(s) 96,99,102,105,108,111,119,122,125,128,160,168 o/b1.java, line(s) 62 o/e.java, line(s) 91,247 o/j.java, line(s) 27 o1/i.java, line(s) 110,150,111,151 o1/k.java, line(s) 109,149,159,171,76,108,118,138,148,158,170,191,198,82,119,192,199,139 oc/e.java, line(s) 55,65 org/android/spdy/NetTimeGaurd.java, line(s) 26,36 org/android/spdy/ProtectedPointerTest.java, line(s) 14,19,55 org/android/spdy/spduLog.java, line(s) 12,26,19,33,69,40,47 org/mozilla/intl/chardet/HtmlCharsetDetector.java, line(s) 13,14,15,16,17,18,19,20,21,22,54 org/xutils/common/util/LogUtil.java, line(s) 18,70,25,77,42,84,49,91,56,63,98,105,110,116 p/e.java, line(s) 38 p1/e.java, line(s) 44,54,68,74,105,45,69,57,75,106 p1/j.java, line(s) 123,107 pc/j.java, line(s) 35 q/a.java, line(s) 45 q/b.java, line(s) 67 q1/a.java, line(s) 171,168 q2/b.java, line(s) 16 q3/f.java, line(s) 14,19,26,31,36 q4/b.java, line(s) 55,66 r/d.java, line(s) 535,540 r/f.java, line(s) 83 r/g.java, line(s) 40,76 r/h.java, line(s) 54,113 r/k.java, line(s) 95,98 r/l.java, line(s) 97 r1/c.java, line(s) 16,15 r1/d.java, line(s) 39,38 r1/h.java, line(s) 103,102 r1/t.java, line(s) 79,82 r1/u.java, line(s) 72,77,90,106,73,78,93,109 r1/v.java, line(s) 35,34 r4/f.java, line(s) 16 r4/n.java, line(s) 17,16 r4/o.java, line(s) 135,143,80,90,116,125 r5/d.java, line(s) 148,181 rb/b.java, line(s) 10,16,22 s/c0.java, line(s) 30,62 s/k.java, line(s) 94,103,152,162 s5/b.java, line(s) 56 t1/n.java, line(s) 71,72 u1/f.java, line(s) 24,25 u1/i0.java, line(s) 134,139,151,160,167,135,140,152,161,168,169,170,174 u1/l0.java, line(s) 203,210,251,310,202,209,248,309 u1/n.java, line(s) 175,182,274,284,296,306,324,334,337,340,343,346,360,365,174,181,273,283,295,305,323,333,336,339,342,345,359,364 u1/u.java, line(s) 116,136,115,135,216,277,303,217,278,371 u1/v.java, line(s) 44,50,45,51 u1/z.java, line(s) 74,96,102,108,114,120,128,97,103,109,115,121,129,75 v/k.java, line(s) 31 v3/k.java, line(s) 37,66,73,76,89,92,95,98,101 v4/b.java, line(s) 31,93 v5/d.java, line(s) 249,188,192,204 w2/e.java, line(s) 22,26,30 x0/d.java, line(s) 16 x5/g.java, line(s) 30,37,40,49,87 x5/o.java, line(s) 106 x6/b.java, line(s) 58,75 y1/a.java, line(s) 79,84,89,98,80,85,90,99 y1/d.java, line(s) 21,22 y1/j.java, line(s) 40,43 y6/c.java, line(s) 98,101,123,131,132,152,154 z/g.java, line(s) 21,30 z/g1.java, line(s) 22,33 z/o.java, line(s) 14 z/q1.java, line(s) 20,35,56,83,104,125,146 z/t0.java, line(s) 769,660,768 z/w1.java, line(s) 678,696,469,481,488,497,44,63,669 z3/a.java, line(s) 15,22,29,14,21,28,42,43,49,50 z5/f.java, line(s) 31,41,18,51,61,71
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: ab/d1.java, line(s) 160,160 gd/b.java, line(s) 131,131 h1/e.java, line(s) 91,91
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: c6/g.java, line(s) 315,315,316
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/lzy/okgo/https/HttpsUtils.java, line(s) 121,70,87,120,108,119,119 com/uyumao/k.java, line(s) 37,35 fc/e.java, line(s) 315,242
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/648568768538/namespaces/firebase:fetch?key=AIzaSyAprDzTtpk_2QVBQv4tyelQ0vrI9SRDDF8 ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
综合安全基线评分总结
Xuper v4.34.3
Android APK
35
综合安全评分
高风险