应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
drupe v3.19.13.1
42
安全评分
安全基线评分
42/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
7
高危
32
中危
5
信息
1
安全
隐私风险评估
7
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
7
中危安全漏洞
32
安全提示信息
5
已通过安全项
1
重点安全关注
0
高危安全漏洞 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危安全漏洞 域配置不安全地配置为允许明文流量到达范围内的这些域。
Scope: 127.0.0.1
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/applovin/impl/adview/C0868a.java, line(s) 444,805,15 com/applovin/impl/adview/C1522a.java, line(s) 445,806,15 mobi/drupe/app/ads/proxy/o.java, line(s) 141,11,12,134 zendesk/support/guide/ViewArticleActivity.java, line(s) 311,16,17
高危安全漏洞 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/appsflyer/internal/AFa1zSDK.java, line(s) 649
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/applovin/impl/adview/AppLovinWebViewBase.java, line(s) 23,5 com/applovin/impl/adview/l.java, line(s) 27,6
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: me/sync/callerid/ef1.java, line(s) 51
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个7隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用数据存在泄露风险
未设置[android:allowBackup]标志 建议将 [android:allowBackup] 显式设置为 false。默认值为 true,允许通过 adb 工具备份应用数据,存在数据泄露风险。
中危安全漏洞 Activity (mobi.drupe.app.LauncherActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (mobi.drupe.app.views.contact_information.utils.ContactShortcutActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (mobi.drupe.app.DialerIconActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (mobi.drupe.app.DialerLaunchedActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (mobi.drupe.app.intercept.InterceptActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (mobi.drupe.app.activities.notification_settings.NotificationSettingsActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (mobi.drupe.app.receivers.SMSReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BROADCAST_SMS [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (mobi.drupe.app.receivers.ScreenUnlockReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (mobi.drupe.app.receivers.UpdateDrupeAppReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (mobi.drupe.app.drupe_call.DrupeInCallService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_INCALL_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (mobi.drupe.app.overlay.OverlayService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (mobi.drupe.app.ui.custom_chrome_tabs.KeepAliveService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(me.sync.callerid.sdk.CidAfterCallActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(me.sync.callerid.sdk.CidAfterSmsActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.google.android.gms.games.internal.v2.appshortcuts.PlayGamesAppShortcutsActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: A3/b.java, line(s) 75 B1/g.java, line(s) 85 D1/d.java, line(s) 40 D1/p.java, line(s) 113 D1/x.java, line(s) 86 E4/C0518b.java, line(s) 149 E4/C1986b.java, line(s) 160 W0/d.java, line(s) 54 b3/C0181e.java, line(s) 88 b3/C0662e.java, line(s) 92 b3/w.java, line(s) 132 com/amazonaws/internal/keyvaluestore/AWSKeyValueStore.java, line(s) 254,251 com/amazonaws/mobileconnectors/s3/transferutility/TransferObserver.java, line(s) 102 com/amazonaws/services/s3/model/S3ObjectSummary.java, line(s) 46 com/applovin/impl/sdk/AppLovinSdkInitializationConfigurationImpl.java, line(s) 217,167 com/applovin/impl/sdk/C1057j.java, line(s) 1814 com/applovin/impl/sdk/C1711j.java, line(s) 1858 com/applovin/mediation/AppLovinUtils.java, line(s) 23 com/applovin/mediation/MaxSegment.java, line(s) 39 com/applovin/mediation/ads/MaxAdView.java, line(s) 206,196 com/applovin/mediation/ads/MaxAppOpenAd.java, line(s) 84,74 com/applovin/mediation/ads/MaxInterstitialAd.java, line(s) 106,96 com/applovin/mediation/ads/MaxRewardedAd.java, line(s) 133,123 com/applovin/mediation/nativeAds/MaxNativeAdLoader.java, line(s) 107,102 com/applovin/sdk/AppLovinSdk.java, line(s) 146 com/applovin/sdk/AppLovinSdkSettings.java, line(s) 133 com/applovin/sdk/AppLovinWebViewActivity.java, line(s) 25 me/sync/admob/sdk/Ads.java, line(s) 21 me/sync/callerid/calls/flow/PrefValue.java, line(s) 128 me/sync/callerid/contacts/base/legacy/model/DeviceContact.java, line(s) 270 me/sync/callerid/ql0.java, line(s) 31 me/sync/callerid/w70.java, line(s) 164 r4/h.java, line(s) 91 zendesk/core/Constants.java, line(s) 13 zendesk/core/LegacyIdentityMigrator.java, line(s) 14,11,18,12,19,21,13,15,22,20,16,17 zendesk/core/ZendeskCoreSettingsStorage.java, line(s) 7,8 zendesk/core/ZendeskIdentityStorage.java, line(s) 9,13,14,15,10,11 zendesk/core/ZendeskMachineIdStorage.java, line(s) 7 zendesk/core/ZendeskStorage.java, line(s) 8 zendesk/support/CreateRequest.java, line(s) 9 zendesk/support/LegacyRequestMigrator.java, line(s) 12 zendesk/support/ZendeskArticleVoteStorage.java, line(s) 8 zendesk/support/ZendeskHelpCenterSettingsProvider.java, line(s) 9 zendesk/support/ZendeskRequestStorage.java, line(s) 14,15,16 zendesk/support/ZendeskSupportSettingsProvider.java, line(s) 10,12 zendesk/support/requestlist/RequestListModel.java, line(s) 12,13 zendesk/support/requestlist/RequestListView.java, line(s) 41,42
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/applovin/impl/AbstractC0962l3.java, line(s) 107,109,104,108,113,101,102,106,97,115,110,112,114,98,111,100,103,117,116,105,99 com/applovin/impl/AbstractC1616l3.java, line(s) 109,111,106,110,115,103,104,108,99,117,112,114,116,100,113,102,105,119,118,107,101 com/applovin/mediation/BuildConfig.java, line(s) 4 mobi/drupe/app/ads/proxy/MobiTechAPIProxy.java, line(s) 147
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/amazonaws/retry/PredefinedRetryPolicies.java, line(s) 9 com/applovin/impl/m7.java, line(s) 18 com/applovin/impl/z6.java, line(s) 62 mobi/drupe/app/activities/notification_reboot/NotificationRebootActivity.java, line(s) 16 mobi/drupe/app/overlay/OverlayService.java, line(s) 37
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: T1/C1395g.java, line(s) 52 T1/C2800g.java, line(s) 53 com/amazonaws/util/Md5Utils.java, line(s) 21 me/sync/admob/sdk/Ads.java, line(s) 62
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/applovin/impl/adview/l.java, line(s) 25,21
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: R7/C0380z.java, line(s) 400 R7/C2727k.java, line(s) 181,184 R7/C2741z.java, line(s) 485 bin/mt/signature/KillerApplication.java, line(s) 80
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: G0/c.java, line(s) 7,43,45 P2/M.java, line(s) 5,6,75,87,164,268,380,473,509,634 P2/W.java, line(s) 4,5,162 R7/C0373s.java, line(s) 7,32,66 R7/C2734s.java, line(s) 7,32,66 c0/h.java, line(s) 11,83,89,155,167 com/amazonaws/mobileconnectors/s3/transferutility/TransferTable.java, line(s) 3,7,8,9,10,11,15,19,23,27,31 h0/f.java, line(s) 7,8,9,10,11,12,203,205,209,212 me/sync/callerid/ta1.java, line(s) 6,66,70 mobi/drupe/app/db/b.java, line(s) 4,5,92,93,94,95,96,97,98,99,100,101,102,103,110,111,112,113,114,115,116,117,118,119,120,121,122,123,142,190,199,200,266,267,273 mobi/drupe/app/db/c.java, line(s) 16,17,417,418,202,211,244,253,262,270,271,273,281,282,287,395,396,397,398,399,424,433,442,451,461,496,504,505,506,507,508,523,528,533,609,623,624,636,641,688,697,721,726,731,735,741,750,755,764,788,797,806,815,824,833,842,850 net/sqlcipher/DatabaseUtils.java, line(s) 6,7,8,9,10,11,58 net/sqlcipher/database/SQLiteDatabase.java, line(s) 9,10,730,753,776,297,414,444,1102,1109,1367,1371,1411,1436,1440
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: R0/C1356b.java, line(s) 140 R0/C2699b.java, line(s) 141 c0/n.java, line(s) 69 u3/c.java, line(s) 85
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/applovin/impl/AbstractC0939i4.java, line(s) 146 com/applovin/impl/AbstractC1593i4.java, line(s) 148 com/applovin/impl/sdk/utils/StringUtils.java, line(s) 43 me/sync/callerid/jf0.java, line(s) 29 u3/b.java, line(s) 52
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/742150358348/namespaces/firebase:fetch?key=AIzaSyBlZ3oeRl3-rV8fvnRnscCLlcmqIC6KEnM ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"IGNORE2_debug_dynamicAdWaterfall": "",
"IGNORE_debug_abBillingPlan": "[{\"name\":\"Force TG2 Oct 18\",\"year\":{\"product_id\":\"drupe_lt_tg1_nov18\",\"type\":\"inapp\"},\"half_year\":{\"product_id\":\"drupe_6_month_tg1_sep18\",\"type\":\"subs\"},\"month\":{\"product_id\":\"drupe_year_tg3_trial7d_20off_sep18\",\"type\":\"subs\",\"is_trial\":\"TRUE\"},\"year_50off\":{\"product_id\":\"drupe_lt50off_tg1_sep18\",\"type\":\"inapp\"},\"year_20off\":{\"product_id\":\"drupe_lt20off_tg1_sep18\",\"type\":\"inapp\"},\"claim_my_name\":{\"product_id\":\"drupe_feature_lt_14.2\",\"type\":\"inapp\"},\"free_trial\":{\"product_id\":\"drupe_year_tg3_trial3d_20off_sep18\",\"type\":\"subs\",\"is_trial\":\"TRUE\"}}]",
"IGNORE_debug_dynamicAdId": "",
"abAdsConfig": "{\"mainView\":\"contact&action\", \"afterCall\":\"bottom\", \"isInterstitial\":\"true\", \"isAfterCallVariantB\":\"true\", \"missedCalls\":\"missed_call_b\", \"contactInfo\":\"contact_info_b\", \"afterCallVer_3_30\":\"after_call_variant_c\"}",
"abAdsWfConfig": "[{mediation},{mediation},{mediation},{mediation},{mediation},{mediation},{mediation},{mediation},{mediation},{mediation},{mediation},{mediation},{mediation},{mediation},{mediation},{mediation},{mediation},{mediation},{mediation},{dynamicWt}]",
"abAfterCallFullScreen": "false",
"abBillingActivity": "[videos]",
"abBillingPlan": "[{\"name\":\"LT TG1 Sep18\",\"year\":{\"product_id\":\"drupe_lt_tg1_sep18\",\"type\":\"inapp\",\"is_lifetime\":\"TRUE\"},\"half_year\":{\"product_id\":\"drupe_6_month_tg1_sep18\",\"type\":\"subs\"},\"month\":{\"product_id\":\"drupe_month_tg1_sep18\",\"type\":\"subs\"},\"year_50off\":{\"product_id\":\"drupe_lt50off_tg1_sep18\",\"type\":\"inapp\"},\"year_20off\":{\"product_id\":\"drupe_lt20off_tg1_sep18\",\"type\":\"inapp\"},\"claim_my_name\":{\"product_id\":\"drupe_feature_lt_14.2\",\"type\":\"inapp\"},\"free_trial\":{\"product_id\":\"drupe_year_tg3_trial3d_20off_sep18\",\"type\":\"subs\",\"is_trial\":\"TRUE\"}}]",
"abClaimMyNamePro": "beginning",
"abConvertOldUsersToPro": "false",
"abNewBillingNotificationType": "[\"block\", \"drive\", \"themes\"]",
"abShowPrimedayAd": "https://www.amazon.com/shop/influencer-020f48ab",
"abUploadAbook": "false",
"admob_waterfalls": "[\n {\n \"name\": \"after_call_bottom\",\n \"waterfall\": [\n {\n \"type\": \"banner\",\n \"unit_id\": \"ca-app-pub-6692513808478862/4676415444\",\n \"ad_size\": \"medium_rectangle\"\n },\n {\n \"type\": \"banner\",\n \"unit_id\": \"ca-app-pub-6692513808478862/3431857784\",\n \"ad_size\": \"medium_rectangle\"\n },\n {\n \"type\": \"banner\",\n \"unit_id\": \"ca-app-pub-6692513808478862/9748272516\",\n \"ad_size\": \"medium_rectangle\"\n },\n {\n \"type\": \"banner\",\n \"unit_id\": \"ca-app-pub-6692513808478862/3256294040\",\n \"ad_size\": \"medium_rectangle\"\n },\n {\n \"type\": \"banner\",\n \"unit_id\": \"ca-app-pub-6692513808478862/7161390204\",\n \"ad_size\": \"medium_rectangle\"\n }\n ]\n }\n]",
"admob_waterfalls_v2": "[{\"name\":\"after_call_bottom\",\"waterfalls\":[[{\"type\":\"banner\",\"unit_id\":\"ca-app-pub-6692513808478862/2763625363\",\"ad_size\":\"medium_rectangle\",\"is_adaptive\":true},{\"type\":\"banner\",\"unit_id\":\"ca-app-pub-6692513808478862/3306966440\",\"ad_size\":\"medium_rectangle\",\"is_adaptive\":true}]]},{\"name\":\"during_call_top\",\"waterfalls\":[[{\"type\":\"banner\",\"unit_id\":\"ca-app-pub-6692513808478862/6520321051\",\"ad_size\":\"medium_rectangle\",\"is_adaptive\":false},{\"type\":\"banner\",\"unit_id\":\"ca-app-pub-6692513808478862/1443254195\",\"ad_size\":\"medium_rectangle\",\"is_adaptive\":true}]]},{\"name\":\"after_call_interstitial\",\"waterfalls\":[[{\"type\":\"interstitial\",\"unit_id\":\"ca-app-pub-6692513808478862/9188458797\"},{\"type\":\"interstitial\",\"unit_id\":\"ca-app-pub-6692513808478862/1475256789\"}]]}]",
"app_open_mode": "0",
"cfg_abAdsConfig": "{\"dynamicMinVersion\":\"303100170\"}",
"cfg_abAdsWfConfig": "{\"dynamicMinVersion\":\"304000008\"}",
"cfg_abConvertOldUsersToPro": "{\"dynamicMinVersion\":\"302600290\"}",
"cfg_abShowPrimedayAd": "{\"dynamicMinVersion\":\"304400000\"}",
"cfg_dynamicAdId": "{\"dynamicMinVersion\":\"302100000\"}",
"cfg_dynamicAdWaterfall": "{\"dynamicMinVersion\":\"302100000\"}",
"cfg_seasonalDates": "{\"dynamicMinVersion\":\"302900510\"}",
"debug_abAdsWfConfig": "[{dynamicWt}]",
"debug_dynamicAdWaterfall": "{\"AD_TYPE_AFTER_CALL\":\"mediation\",\"AD_TYPE_MISSED_CALL\":\"fan1, fan2, admob\",\"AD_TYPE_CONTACT_INFO\":\"fan1, fan2, admob\",\"AD_TYPE_MAIN_VIEW_CONTACT\":\"mediation\"}",
"dynamicAdId": "",
"dynamicAdWaterfall": "{\"AD_TYPE_AFTER_CALL\":\"mediation\",\"AD_TYPE_MISSED_CALL\":\"fan1, fan2, admob\",\"AD_TYPE_CONTACT_INFO\":\"fan1, fan2, admob\",\"AD_TYPE_MAIN_VIEW_CONTACT\":\"mediation\"}",
"expected_ad_placement_names": "[ \"after_call_bottom\", \"during_call_top\", \"after_call_interstitial\" ]",
"ios_abBillingPlan": "[{\"name\":\"A\",\"lifetime\":{\"product_id\":\"drupe_lt\",\"product_id_discount\":\"drupe_lt_discount\"},\"month\":{\"product_id\":\"drupe_sub_month\"},\"year\":{\"product_id\":\"drupe_sub_year\"},\"half\":{\"product_id\":\"drupe_lt_half\"}},{\"name\":\"C\",\"lifetime\":{\"product_id\":\"drupe_lt_B\",\"product_id_discount\":\"drupe_lt_discount_B\"},\"month\":{\"product_id\":\"drupe_sub_month_B\"},\"year\":{\"product_id\":\"drupe_sub_year_B\"},\"half\":{\"product_id\":\"drupe_lt_half_B\"}}]",
"ios_billingScreen": "[\"list\"]",
"ios_isFBAllow": "true",
"isBillingIOS": "true",
"is_aggressive_mode": "true",
"max_rate_us_banner_or_popup_show_count": "3",
"max_rate_us_recent_list_item_show_count": "3",
"onboarding_permissions_texts_variant": "0",
"predefinedTextEnable": "true",
"rate_us_recent_list_item_delay_days": "30",
"seasonalDates": "<{\"id\":\"back2school2\", \"countries\":[], \"countries_exclude\":[], \"start_date\":\"15/8/2018\", \"end_date\":\"19/8/2018\"}>",
"show_rate_us_app_open_count": "10",
"show_rate_us_first_time_hours": "48",
"show_rate_us_reschedule_days": "7",
"themesVersion": "18",
"themesVersionDev": "19",
"time_to_delay_after_call_if_ad_in_progress_ms": "0",
"time_to_delay_after_call_if_no_ad_ms": "0"
},
"state": "UPDATE",
"templateVersion": "874"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.google.android.awareness.API_KEY" : "@string/google_api_key" 谷歌地图的=> "com.google.android.maps.v2.API_KEY" : "AIzaSyDU4fIr2GnhelGsvqYf0QVwEhKe_bulo20" "pref_call_voice_commands_key" : "pref_call_voice_commands_key" "pref_family_name_first_key" : "pref_family_name_first_key" "pref_call_speaker_based_on_proximity_key" : "pref_call_speaker_based_on_proximity_key" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Pasahitza" "repo_block_private_numbers" : "repo_block_private_numbers" "pref_lock_screen_key" : "pref_lock_screen_key" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Nenosiri" "google_app_id" : "1:742150358348:android:8f137f5e60cd00ef" "pref_dual_sim_key" : "pref_dual_sim_key" "pref_call_answer_based_on_proximity_key" : "pref_call_answer_based_on_proximity_key" "pref_theme_key" : "pref_theme_key" "library_android_database_sqlcipher_authorWebsite" : "https://www.zetetic.net/sqlcipher/" "pref_animations_enabled_key" : "pref_animations_enabled_key" "pref_missed_call_indication_key" : "pref_missed_call_indicator_key" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Passwort" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Lozinka" "pref_drupe_def_dialer_key" : "pref_drupe_def_dialer_key" "pref_sound_enabled_key" : "pref_sound_enabled_key" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Contrasenya" "pref_drive_mode_by_notifications_enabled_key" : "pref_drive_mode_by_notifications_enabled_key" "pref_after_call_is_edit_shown_key" : "pref_after_call_is_edit_shown_key" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Adgangskode" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Heslo" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Contrasinal" "pref_drive_mode_call_on_click_key" : "pref_drive_mode_call_on_click_key" "pref_aftercall_state_key" : "pref_aftercall_state_key" "pref_default_handedness_key" : "pref_default_handedness_key" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Wagwoordsleutel" "pref_predictive_actions_key" : "pref_predictive_actions_key" "pref_enable_1st_time_tutorial_key" : "pref_enable_1st_time_tutorial_key" "pref_show_call_duration_key" : "pref_show_call_duration_key" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Zaporka" "pref_after_call_is_add_contact_shown_key" : "pref_after_call_is_add_contact_key" "pref_speech_sms_view_key" : "pref_speech_sms_view_key" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Parool" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Sandi" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Sarbide-gakoa" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password" "pref_search_based_on_importance_key" : "pref_search_based_on_importance_key" "pref_call_popup_key" : "pref_call_popup_key" "pref_after_call_is_snooze_shown_key" : "pref_after_call_is_snooze_key" "pref_unknown_number_enabled_key" : "pref_unknown_number_enabled_key" "pref_2_clicks_gesture_key" : "pref_2_clicks_gesture_key" "library_roundedimageview_authorWebsite" : "https://github.com/vinc3m1" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Wagwoord" "pref_find_contacts_without_phone_key" : "pref_find_contacts_without_phone_key" "pref_drive_mode_enabled_key" : "pref_drive_mode_enabled_key" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Kod" "pref_lock_trigger_move_key" : "pref_lock_trigger_move_key" "pref_call_recorder_config_id_key" : "pref_call_recorder_config_id" "admob_app_id" : "ca-app-pub-0000000000000000~0000000000" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Klucz" "pref_show_notes_during_call_key" : "pref_show_notes_during_call_key" "pref_approved_apps_for_after_call_key" : "pref_approved_apps_for_after_call_key" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Toegangssleutel" "pref_after_call_is_quick_reply_shown_key" : "pref_after_call_is_quick_reply_shown_key" "pref_aftercall_length_key" : "pref_aftercall_length_key" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Nyckel" "repo_user" : "repo_user" "pref_show_contact_photos_key" : "pref_show_contact_photos_key" "pref_unanswered_outgoing_call_enabled_key" : "pref_unanswered_outgoing_call_enabled_key" "google_crash_reporting_api_key" : "AIzaSyBlZ3oeRl3-rV8fvnRnscCLlcmqIC6KEnM" "pref_after_call_is_edit_contact_shown_key" : "pref_after_call_is_edit_contact_shown_key" "pref_after_call_is_spam_shown_key" : "pref_after_call_is_spam_shown_key" "pref_after_call_is_block_shown_key" : "pref_after_call_is_block_key" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Geslo" "pref_doubletap_dualsim_key" : "pref_doubletap_dualsim_key" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Wachtwoord" "pref_reduce_trigger_hit_area_key" : "pref_reduce_trigger_hit_area_key" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Parol" "pref_version_key" : "pref_version_key" "pref_call_recorder_after_a_call_enabled_key" : "pref_call_recorder_after_a_call_enabled_key" "pref_call_sound_vibration_key" : "pref_call_sound_vibration_key" "pref_predictive_contacts_key" : "pref_predictive_contacts_key" "google_api_key" : "AIzaSyBlZ3oeRl3-rV8fvnRnscCLlcmqIC6KEnM" "pref_show_minimized_call_view_during_call_key" : "pref_show_minimized_call_view_during_call_key" "com.google.firebase.crashlytics.mapping_file_id" : "688b15d63e304ddf9bf07c95470a5339" "pref_after_call_is_delete_shown_key" : "pref_after_call_is_delete_shown_key" "pref_contact_names_size_key" : "pref_contact_names_size_key" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Avainkoodi" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Palavra-passe" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Senha" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Salasana" "pref_lock_contacts_reorder_key" : "pref_lock_contacts_reorder_key" "pref_after_call_is_share_shown_key" : "pref_after_call_is_share_shown_key" "pref_show_blocked_call_notif_key" : "pref_show_blocked_call_notif_key" "repo_jwt_auth_token" : "repo_jwt_auth_token" "pref_number_copied_enabled_key" : "pref_number_copied_enabled_key" "firebase_database_url" : "https://drupeapp.firebaseio.com" "pref_vibrations_enabled_key" : "pref_vibrations_enabled_key" "app_id" : "670906042960685" "pref_after_all_call_enabled_key" : "pref_after_all_call_enabled_key" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Parole" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Iphasiwedi" "pref_call_show_minimized_view_key" : "pref_call_show_minimized_view" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Passord" "pref_after_call_is_play_shown_key" : "pref_after_call_is_play_shown_key" 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F 60bf857034c02856ff5e603b4c6a6bba 3-d861b25a-1edf-11eb-adc1-0242ac120002 110f07958ee347ee0680a8a89bf1e385 17b05df55b7b2679287fe76a617f0048 E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 b68df4fb33202239cac60356dfe07138 629af34d21274d91882261dce63e1bb5 470fa2b4ae81cd56ecbcda9735803434cec591fa fc61f0c6fa7b3d4e02f247bfb30a4ec3 B3EEABB8EE11C2BE770B684D95219ECB FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 b601de1705ccf998a8196d3e93033595 80c0f98db7a6b0f78aa67fc5fecb7c18
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: A/o.java, line(s) 81 B/a.java, line(s) 97,99,101 B/c.java, line(s) 87,89 B/d.java, line(s) 143,145 B/f.java, line(s) 172,174 C1/e.java, line(s) 63 D1/h.java, line(s) 359,376,663 D1/k.java, line(s) 16 D1/z.java, line(s) 69,81 E1/i.java, line(s) 112,155 E1/k.java, line(s) 92,128,138,164,173,217,224 F1/e.java, line(s) 49,83 F1/i.java, line(s) 106 F4/C0532A.java, line(s) 128 F4/C2022A.java, line(s) 221 F4/G.java, line(s) 49 F4/l.java, line(s) 94 F4/v.java, line(s) 197 G0/d.java, line(s) 85 G1/a.java, line(s) 174,171 H1/u.java, line(s) 68,73,87,102 H4/a.java, line(s) 45 I/a.java, line(s) 26,31,46,51,54,64,69 I4/C0586c.java, line(s) 163 I4/C2135c.java, line(s) 189,355 J/x.java, line(s) 310 J1/l.java, line(s) 80 K1/C0447f.java, line(s) 26 K1/C0874c.java, line(s) 65,84 K1/C0877f.java, line(s) 26 K1/J.java, line(s) 189 K1/v.java, line(s) 108,127,287 K1/w.java, line(s) 44,50 L0/C1214c.java, line(s) 136 L0/C2225c.java, line(s) 136 O1/a.java, line(s) 93,99,104,115 P7/i.java, line(s) 270 R0/C1355a.java, line(s) 100,209,245,247 R0/C2698a.java, line(s) 100,209,245,247 R7/U.java, line(s) 207 V1/b.java, line(s) 21 V3/c.java, line(s) 89,92,114 W/d.java, line(s) 208 W3/g.java, line(s) 36,15 X/C1446c.java, line(s) 117 X/C2932c.java, line(s) 119 X/l.java, line(s) 48,49 X/o.java, line(s) 127 X1/a.java, line(s) 75 Y/c.java, line(s) 149 Y1/g.java, line(s) 798 Z1/C1468b.java, line(s) 402 Z1/C2976b.java, line(s) 403 bin/mt/signature/KillerApplication.java, line(s) 119,129,164 com/amazonaws/logging/AndroidLog.java, line(s) 61,68,22,30,38 com/amazonaws/logging/ConsoleLog.java, line(s) 21,23 com/applovin/impl/C1099w3.java, line(s) 50,54,60 com/applovin/impl/C1753w3.java, line(s) 50,54,60 com/applovin/impl/sdk/C1061n.java, line(s) 54,99 com/applovin/impl/sdk/C1715n.java, line(s) 54,99 com/appsflyer/internal/AFg1eSDK.java, line(s) 67 com/iab/omid/library/applovin/utils/d.java, line(s) 17 com/zendesk/logger/a.java, line(s) 69 k0/C1208a.java, line(s) 704,713,742,755,768,781,794,807,820,833,846,854,863,874,132 k0/C2204a.java, line(s) 706,715,744,757,770,783,796,809,822,835,848,856,865,876,134 l2/C2228a.java, line(s) 30,16,22,29,42,48 me/sync/admob/ads/CidAdInitializer.java, line(s) 179 me/sync/admob/ads/composite/AbstractAdLoader.java, line(s) 358 me/sync/admob/ads/interstitial/InterstitialAdDelegate.java, line(s) 204 me/sync/admob/ads/nativead/CidNativeSingleAdLoader.java, line(s) 298 me/sync/admob/common/flow/CallerIdScope$coroutineContext$lambda$1$$inlined$CoroutineExceptionHandler$1.java, line(s) 28 me/sync/admob/common/flow/ExtentionsKt$subscribeLog$2.java, line(s) 51 me/sync/admob/g1.java, line(s) 82 me/sync/admob/j4.java, line(s) 771 me/sync/admob/k4.java, line(s) 37,47 me/sync/admob/n0.java, line(s) 82 me/sync/callerid/a01.java, line(s) 24 me/sync/callerid/a2.java, line(s) 94 me/sync/callerid/a20.java, line(s) 45,57 me/sync/callerid/a30.java, line(s) 49 me/sync/callerid/a50.java, line(s) 17,24,30 me/sync/callerid/a6.java, line(s) 35 me/sync/callerid/aa0.java, line(s) 20 me/sync/callerid/ads/ScreenStateFlow.java, line(s) 60 me/sync/callerid/ads/progress/CidSetupAdsLoadingDelegate.java, line(s) 165,203,211,229,231,237,242,270,272,278,284,295,297,304,214,224,255,265 me/sync/callerid/al0.java, line(s) 41 me/sync/callerid/aq0.java, line(s) 40 me/sync/callerid/as.java, line(s) 53 me/sync/callerid/as0.java, line(s) 27,30,37,42 me/sync/callerid/au.java, line(s) 28,32 me/sync/callerid/ax0.java, line(s) 24 me/sync/callerid/ay.java, line(s) 71 me/sync/callerid/b30.java, line(s) 19 me/sync/callerid/b40.java, line(s) 40 me/sync/callerid/b61.java, line(s) 65,68 me/sync/callerid/bd1.java, line(s) 36 me/sync/callerid/bg.java, line(s) 47 me/sync/callerid/bu.java, line(s) 34 me/sync/callerid/c01.java, line(s) 344,380,654,661,139,147,167,170,314,322,325,328,332,355,358,394,397,403,430,576,592,596,605 me/sync/callerid/c2.java, line(s) 113,133 me/sync/callerid/c30.java, line(s) 30,27 me/sync/callerid/c50.java, line(s) 15,20 me/sync/callerid/c51.java, line(s) 38,40,52 me/sync/callerid/c60.java, line(s) 29,63,86,103,126 me/sync/callerid/ca.java, line(s) 36 me/sync/callerid/calls/activity/UpdateConsentActivity.java, line(s) 25,31 me/sync/callerid/calls/common/ActiveActivity.java, line(s) 81,221 me/sync/callerid/calls/common/AndroidUtilsKt.java, line(s) 205,219,156,366,586 me/sync/callerid/calls/common/StorageUtilsKt.java, line(s) 125 me/sync/callerid/calls/debug/Debug.java, line(s) 98 me/sync/callerid/calls/debug/DebugDelegate.java, line(s) 97 me/sync/callerid/calls/flow/ExtentionsKt$asFlow$3.java, line(s) 46 me/sync/callerid/calls/flow/SharedPrefsFlow$observeChanges$1.java, line(s) 31,66,84 me/sync/callerid/calls/flow/SimStateFlow$observe$1.java, line(s) 52 me/sync/callerid/calls/flow/SimStateFlow$observe$4.java, line(s) 46 me/sync/callerid/calls/setup/popup/dialog/view/AnimateFlowGifView.java, line(s) 66 me/sync/callerid/calls/sim/SimCardManager$init$2.java, line(s) 46 me/sync/callerid/calls/sim/SimCardManager$init$6.java, line(s) 57 me/sync/callerid/calls/sim/SimCardManager.java, line(s) 293,294,623,890,916 me/sync/callerid/calls/sim/SimCardManagerKt.java, line(s) 18 me/sync/callerid/calls/theme/scheme/CidColorSchemeKt.java, line(s) 20,30 me/sync/callerid/calls/view/CallerImageView.java, line(s) 92,93,94 me/sync/callerid/cc1.java, line(s) 247 me/sync/callerid/ce.java, line(s) 36 me/sync/callerid/ce1.java, line(s) 17 me/sync/callerid/cf0.java, line(s) 57,58,59,60,61,83,84,85,86,87,89,109,110,111,112,113 me/sync/callerid/cq.java, line(s) 62 me/sync/callerid/cv.java, line(s) 17 me/sync/callerid/cw0.java, line(s) 9 me/sync/callerid/d00.java, line(s) 37 me/sync/callerid/d30.java, line(s) 34,42 me/sync/callerid/d50.java, line(s) 40,48 me/sync/callerid/d60.java, line(s) 35 me/sync/callerid/d91.java, line(s) 20 me/sync/callerid/df1.java, line(s) 250 me/sync/callerid/dg.java, line(s) 217,220,225,226 me/sync/callerid/dp.java, line(s) 57 me/sync/callerid/du.java, line(s) 18 me/sync/callerid/dw.java, line(s) 32,36,40,44,48,52,56,62 me/sync/callerid/e11.java, line(s) 23,30,38,46,54,62,71,79,87,96 me/sync/callerid/ec0.java, line(s) 49,61,66 me/sync/callerid/ef0.java, line(s) 36,49,50,78,96,113,124 me/sync/callerid/ei0.java, line(s) 38 me/sync/callerid/ek0.java, line(s) 20 me/sync/callerid/el0.java, line(s) 60,62,64 me/sync/callerid/er0.java, line(s) 37 me/sync/callerid/et0.java, line(s) 22 me/sync/callerid/eu.java, line(s) 24 me/sync/callerid/ew.java, line(s) 29 me/sync/callerid/ez.java, line(s) 35 me/sync/callerid/f21.java, line(s) 58,61 me/sync/callerid/fl0.java, line(s) 26 me/sync/callerid/fq.java, line(s) 62 me/sync/callerid/fr0.java, line(s) 210,249,238,243,308,373,410 me/sync/callerid/fy.java, line(s) 32,36,40,48,50,66 me/sync/callerid/fz.java, line(s) 79,85,89,98,100,124,171,173,178,191 me/sync/callerid/g.java, line(s) 52,81,43,62,65,67 me/sync/callerid/g40.java, line(s) 25 me/sync/callerid/g50.java, line(s) 29,63,86,103,126 me/sync/callerid/g6.java, line(s) 24 me/sync/callerid/g60.java, line(s) 26 me/sync/callerid/gf0.java, line(s) 29,19 me/sync/callerid/gp.java, line(s) 35 me/sync/callerid/gt0.java, line(s) 27 me/sync/callerid/gz.java, line(s) 58 me/sync/callerid/h0.java, line(s) 41,57,90,106,128,141,151,157 me/sync/callerid/h00.java, line(s) 54 me/sync/callerid/h20.java, line(s) 46,41,98 me/sync/callerid/h3.java, line(s) 31 me/sync/callerid/h50.java, line(s) 75,79,83,90,92,113 me/sync/callerid/h60.java, line(s) 40 me/sync/callerid/ha.java, line(s) 26,32 me/sync/callerid/hb0.java, line(s) 108,125,110,48,212,567,610,656,702 me/sync/callerid/hf0.java, line(s) 35,40,46,25,32 me/sync/callerid/hn0.java, line(s) 29,34,35 me/sync/callerid/hp.java, line(s) 60 me/sync/callerid/ht.java, line(s) 84,164,171,211,240,249,132 me/sync/callerid/hu0.java, line(s) 235 me/sync/callerid/i11.java, line(s) 30 me/sync/callerid/ia1.java, line(s) 36 me/sync/callerid/ie1.java, line(s) 14 me/sync/callerid/if0.java, line(s) 34,46,29 me/sync/callerid/ig.java, line(s) 26,31,39,44 me/sync/callerid/iq.java, line(s) 46 me/sync/callerid/iw.java, line(s) 41,43 me/sync/callerid/iw0.java, line(s) 36 me/sync/callerid/j00.java, line(s) 35 me/sync/callerid/j21.java, line(s) 64 me/sync/callerid/j3.java, line(s) 67 me/sync/callerid/jb.java, line(s) 22 me/sync/callerid/je1.java, line(s) 47 me/sync/callerid/jg.java, line(s) 10,15 me/sync/callerid/ju0.java, line(s) 126,168,26,34,38,49,60,69,76,85,92,110,115,129,138,150 me/sync/callerid/k0.java, line(s) 30 me/sync/callerid/k00.java, line(s) 60 me/sync/callerid/k11.java, line(s) 119,125,131,137,143,149,156,162,168,175 me/sync/callerid/k21.java, line(s) 66 me/sync/callerid/k4.java, line(s) 22 me/sync/callerid/ke.java, line(s) 24 me/sync/callerid/kf0.java, line(s) 19 me/sync/callerid/km0.java, line(s) 38 me/sync/callerid/kp.java, line(s) 112,114,67,82,85,92,121,152,163 me/sync/callerid/l20.java, line(s) 35 me/sync/callerid/lb.java, line(s) 21 me/sync/callerid/lq.java, line(s) 99,109,118,127,155,168,187,226,260 me/sync/callerid/lt0.java, line(s) 35,49,67 me/sync/callerid/lx.java, line(s) 77,80 me/sync/callerid/m0.java, line(s) 31 me/sync/callerid/m2.java, line(s) 44,32,38 me/sync/callerid/m4.java, line(s) 22 me/sync/callerid/m60.java, line(s) 97,112 me/sync/callerid/m8.java, line(s) 36 me/sync/callerid/ma.java, line(s) 44 me/sync/callerid/mb0.java, line(s) 21 me/sync/callerid/mp0.java, line(s) 37 me/sync/callerid/mq.java, line(s) 35,50,74 me/sync/callerid/n.java, line(s) 43,62 me/sync/callerid/n0.java, line(s) 20 me/sync/callerid/n00.java, line(s) 81,87,69,100,109,112,118,148,152,155,161,166,201,205,208,215,220,230,236 me/sync/callerid/n10.java, line(s) 20 me/sync/callerid/n31.java, line(s) 22 me/sync/callerid/n40.java, line(s) 18 me/sync/callerid/n41.java, line(s) 36,29 me/sync/callerid/ne.java, line(s) 27 me/sync/callerid/ne0.java, line(s) 38 me/sync/callerid/nq.java, line(s) 7 me/sync/callerid/ns0.java, line(s) 62,65,150,179,233,39,49,52,73,81,91,94,103,111,121,124,133,141,206 me/sync/callerid/o0.java, line(s) 23 me/sync/callerid/o4.java, line(s) 21 me/sync/callerid/o40.java, line(s) 18 me/sync/callerid/o7.java, line(s) 23 me/sync/callerid/o70.java, line(s) 39 me/sync/callerid/o71.java, line(s) 36,53,61 me/sync/callerid/o80.java, line(s) 46 me/sync/callerid/o90.java, line(s) 10,15 me/sync/callerid/ob.java, line(s) 81,135,148,199,212 me/sync/callerid/os0.java, line(s) 26,62,83 me/sync/callerid/ov.java, line(s) 30,23 me/sync/callerid/p11.java, line(s) 38 me/sync/callerid/p2.java, line(s) 70,49 me/sync/callerid/p20.java, line(s) 55 me/sync/callerid/p70.java, line(s) 45,49 me/sync/callerid/p80.java, line(s) 51 me/sync/callerid/pe1.java, line(s) 38 me/sync/callerid/pn.java, line(s) 96,101,246 me/sync/callerid/pw.java, line(s) 49,57 me/sync/callerid/q.java, line(s) 51 me/sync/callerid/q10.java, line(s) 42 me/sync/callerid/q11.java, line(s) 70 me/sync/callerid/q20.java, line(s) 71,75,91,104,117,119,130,132,143,149,161,163,169,172,187,192,214,216,220,226,238,252,258,65,181,235 me/sync/callerid/q50.java, line(s) 25 me/sync/callerid/qc1.java, line(s) 10,15 me/sync/callerid/qg0.java, line(s) 13 me/sync/callerid/qn0.java, line(s) 24,35 me/sync/callerid/qr0.java, line(s) 26,62,83 me/sync/callerid/qv.java, line(s) 33,26 me/sync/callerid/qz0.java, line(s) 22 me/sync/callerid/r4.java, line(s) 92,153,171,229,250 me/sync/callerid/r70.java, line(s) 49 me/sync/callerid/ra.java, line(s) 202,205,210,211,244,335 me/sync/callerid/rb0.java, line(s) 21 me/sync/callerid/rc1.java, line(s) 92,99,48,52,56,60,65,78,82,86,136 me/sync/callerid/rd1.java, line(s) 20,24 me/sync/callerid/re1.java, line(s) 30 me/sync/callerid/rf.java, line(s) 36 me/sync/callerid/rp.java, line(s) 35 me/sync/callerid/rr.java, line(s) 30 me/sync/callerid/rs0.java, line(s) 21 me/sync/callerid/rx0.java, line(s) 54 me/sync/callerid/s.java, line(s) 41 me/sync/callerid/s0.java, line(s) 22 me/sync/callerid/s1.java, line(s) 84 me/sync/callerid/s10.java, line(s) 32,56,76,81,86 me/sync/callerid/s30.java, line(s) 17,23 me/sync/callerid/s41.java, line(s) 193,59 me/sync/callerid/s70.java, line(s) 107,48,64,65,76,82,89 me/sync/callerid/s91.java, line(s) 386,404,410,484,489,589 me/sync/callerid/sa0.java, line(s) 88,129,153 me/sync/callerid/sdk/CidAfterCallActivity$onCreate$1.java, line(s) 55 me/sync/callerid/sdk/CidAfterCallActivity.java, line(s) 176,178,180,182,186,191,194,195,280,306 me/sync/callerid/sdk/CidAfterSmsActivity$onCreate$1.java, line(s) 55 me/sync/callerid/sdk/CidAfterSmsActivity.java, line(s) 120,122,124,126,130,135,138,139,248,277 me/sync/callerid/sdk/CidCallScreeningService.java, line(s) 73,99 me/sync/callerid/sdk/CidCallStateReceiver.java, line(s) 377,281,288,295,348,349,371,376,487,489,587,624,659 me/sync/callerid/sdk/CidCallStateService.java, line(s) 163,175,184 me/sync/callerid/sdk/CidGameSetupConfigKt.java, line(s) 82,85,89,95,98,321,327,330 me/sync/callerid/sdk/CidIncomingSmsReceiver.java, line(s) 67 me/sync/callerid/sdk/CidNotificationListenerService.java, line(s) 151,188,203,216,229,250,240,260 me/sync/callerid/sdk/CidPermissionActivity.java, line(s) 96,98,128,189,209,211 me/sync/callerid/sdk/CidReminderReceiver.java, line(s) 220 me/sync/callerid/sdk/CidSetupActivity.java, line(s) 367,375,444,447,773,782,388,410,431,438,453,476,486,496,514,524,534,550,563,566,573,575,581,603,604,607,609,615,620,645,675,721,727,737,762,765,817,826,835,837,859,861,875,879,928,941,957 me/sync/callerid/sdk/CidSetupPopupActivity.java, line(s) 100,144,145,154,173,195,202 me/sync/callerid/sdk/unity/config/CidInitializer.java, line(s) 125,161,170,130,135,140,175,182 me/sync/callerid/se1.java, line(s) 52,59 me/sync/callerid/sp.java, line(s) 43 me/sync/callerid/sr.java, line(s) 37 me/sync/callerid/sw.java, line(s) 30 me/sync/callerid/t51.java, line(s) 21 me/sync/callerid/t61.java, line(s) 21 me/sync/callerid/te.java, line(s) 39 me/sync/callerid/tp.java, line(s) 43 me/sync/callerid/tr0.java, line(s) 75,84,86,89,69,104,129,136,146 me/sync/callerid/ty.java, line(s) 89,91,95 me/sync/callerid/ty0.java, line(s) 42 me/sync/callerid/u10.java, line(s) 51 me/sync/callerid/u21.java, line(s) 143,154 me/sync/callerid/u31.java, line(s) 152,153,394,403,408 me/sync/callerid/u50.java, line(s) 88,89,106,136,152,158,191,213,224,236,268,285,295,302,304,306,310,316 me/sync/callerid/u51.java, line(s) 21 me/sync/callerid/u8.java, line(s) 24 me/sync/callerid/ub1.java, line(s) 21 me/sync/callerid/ul.java, line(s) 20 me/sync/callerid/up.java, line(s) 44 me/sync/callerid/ut.java, line(s) 35 me/sync/callerid/uv.java, line(s) 62,68 me/sync/callerid/v2.java, line(s) 121,129,136,140,163,178,219,254,88,95,97,104,193,195,202,204,292,320,146,171,185,191 me/sync/callerid/vn0.java, line(s) 8 me/sync/callerid/vr.java, line(s) 37 me/sync/callerid/vt.java, line(s) 34 me/sync/callerid/vt0.java, line(s) 68 me/sync/callerid/vx.java, line(s) 18 me/sync/callerid/vz0.java, line(s) 22 me/sync/callerid/w3.java, line(s) 38 me/sync/callerid/w30.java, line(s) 478,511,525,541,589,591,607,171,246,257,262,283,297,347,366,375,384,391,402,404,412,425,435,446,453,465,471 me/sync/callerid/w50.java, line(s) 36,40,41 me/sync/callerid/wb0.java, line(s) 35 me/sync/callerid/wc1.java, line(s) 43 me/sync/callerid/wg.java, line(s) 17 me/sync/callerid/wr.java, line(s) 53 me/sync/callerid/wx.java, line(s) 18 me/sync/callerid/wz0.java, line(s) 22 me/sync/callerid/x.java, line(s) 66,73,91,101 me/sync/callerid/x11.java, line(s) 35 me/sync/callerid/x81.java, line(s) 43,55,67,77 me/sync/callerid/xa.java, line(s) 24 me/sync/callerid/xb0.java, line(s) 40 me/sync/callerid/xc1.java, line(s) 46,42 me/sync/callerid/xt.java, line(s) 18 me/sync/callerid/xz0.java, line(s) 22 me/sync/callerid/y41.java, line(s) 37,31,43 me/sync/callerid/y71.java, line(s) 42 me/sync/callerid/yg0.java, line(s) 20,18,42,51 me/sync/callerid/yi.java, line(s) 20 me/sync/callerid/yp0.java, line(s) 37 me/sync/callerid/yr.java, line(s) 51 me/sync/callerid/yt.java, line(s) 18 me/sync/callerid/yu.java, line(s) 526,556,567,585,592,607,641,650,665,677,684,715,720,183,186,198,211,224,318,331,334,341,368,375,382,384,387,388,405,619,683,697,705,707,726,727,734,746,780,832,850,862,866 me/sync/callerid/yx.java, line(s) 18 me/sync/callerid/yz0.java, line(s) 22 me/sync/callerid/z1.java, line(s) 36 me/sync/callerid/z90.java, line(s) 45 me/sync/callerid/za.java, line(s) 65 me/sync/callerid/za1.java, line(s) 39,41,59,64 me/sync/callerid/zd.java, line(s) 47 me/sync/callerid/zk0.java, line(s) 35 me/sync/callerid/zr0.java, line(s) 43 me/sync/callerid/zs0.java, line(s) 179,183,264,299,303,307,314,327,332,367,437,452,488,519,542,582,628,631,701,704,712,714,716,725,162,185,191,194,200,210,214,248,254,259,272,280,426,698,741,752,763,811,812,813,814,815 me/sync/callerid/zx.java, line(s) 18 me/sync/callerid/zz0.java, line(s) 22 mobi/drupe/app/App.java, line(s) 123 mobi/drupe/app/ads/e.java, line(s) 291 mobi/drupe/app/db/c.java, line(s) 192 net/sqlcipher/AbstractCursor.java, line(s) 143 net/sqlcipher/BulkCursorToCursorAdaptor.java, line(s) 43,65,104,115,159,186,210 net/sqlcipher/DatabaseUtils.java, line(s) 119,192,731,742 net/sqlcipher/DefaultDatabaseErrorHandler.java, line(s) 14,24,26,30 net/sqlcipher/database/SQLiteDatabase.java, line(s) 215 net/sqlcipher/database/SQLiteDebug.java, line(s) 8,9,10,11,12,13 net/sqlcipher/database/SQLiteOpenHelper.java, line(s) 83 net/sqlcipher/database/SqliteWrapper.java, line(s) 30,40,54,64,74 org/lsposed/hiddenapibypass/HiddenApiBypass.java, line(s) 74,313 r1/d.java, line(s) 49,37,48 s/C1362a.java, line(s) 80,532,566 s/C2742a.java, line(s) 82,534,568 s0/z.java, line(s) 18 u4/C0737a.java, line(s) 383 u4/C2865a.java, line(s) 413 zendesk/core/MediaFileResolver.java, line(s) 333,337,338 zendesk/support/request/MediaResultUtility.java, line(s) 104
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: R7/o0.java, line(s) 8,362 me/sync/callerid/dg.java, line(s) 9,163,164
安全提示信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密
此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 Files: me/sync/callerid/rc1.java, line(s) 64,12,13 net/sqlcipher/database/SupportHelper.java, line(s) 13,1
安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: B6/j.java, line(s) 388,4
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://drupeapp.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: me/sync/callerid/a90.java, line(s) 216,861,216,861 zendesk/core/ZendeskNetworkModule.java, line(s) 47,57,63,47,57,63
综合安全基线评分总结
drupe v3.19.13.1
Android APK
42
综合安全评分
中风险