应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
젠브로 v2.8
50
安全评分
安全基线评分
50/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
4
高危
15
中危
3
信息
3
安全
隐私风险评估
1
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
4
中危安全漏洞
15
安全提示信息
3
已通过安全项
3
重点安全关注
1
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=kr.co.smartskin.zenbro2014.MainActivity][android:host=http://m.zenbro.co.kr] App Link 资产验证 URL(http://m.zenbro.co.kr/.well-known/assetlinks.json)未找到或配置不正确。(状态码:403)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=kr.co.smartskin.zenbro2014.MainActivity][android:host=https://m.zenbro.co.kr] App Link 资产验证 URL(https://m.zenbro.co.kr/.well-known/assetlinks.json)未找到或配置不正确。(状态码:403)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: kr/co/smartskin/zenbro2014/MainActivity.java, line(s) 1884,39 kr/co/smartskin/zenbro2014/WebviewActivity.java, line(s) 379,17
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: kr/co/smartskin/zenbro2014/b0.java, line(s) 764,790
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.navercorp.android.selective.livecommerceviewer.ui.common.ShoppingLiveViewerOsPipRootActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: n/d/a/c/g5/i1.java, line(s) 4 n/d/a/c/i5/z.java, line(s) 6 n/d/a/c/k5/f1/v.java, line(s) 16 n/d/a/c/x4/x1.java, line(s) 7 n/d/c/c/v.java, line(s) 7 n/d/c/h/i0.java, line(s) 7 s/h3/a.java, line(s) 3 s/h3/b.java, line(s) 3 s/h3/c.java, line(s) 3 s/h3/d.java, line(s) 4 s/h3/e.java, line(s) 3 s/h3/j/a.java, line(s) 4 s/t2/a0.java, line(s) 6 s/t2/v.java, line(s) 10 u/b0.java, line(s) 11 u/l0/s/e.java, line(s) 9 u/l0/s/i.java, line(s) 5 w/a/a/a/s.java, line(s) 3 w/a/a/a/t.java, line(s) 3
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/naver/prismplayer/j4/n0.java, line(s) 265 com/naver/prismplayer/x1.java, line(s) 381 com/navercorp/android/selective/livecommerceviewer/config/ShoppingLiveViewerSdkManager.java, line(s) 843,859,1008,714,719 com/navercorp/android/selective/livecommerceviewer/data/common/model/ShoppingLiveViewerPagerListResult.java, line(s) 78 com/navercorp/android/selective/livecommerceviewer/data/common/model/ShoppingLiveViewerPagerRequestInfo.java, line(s) 277 com/navercorp/android/selective/livecommerceviewer/data/common/model/ShoppingLiveViewerRequestInfo.java, line(s) 247 com/navercorp/android/selective/livecommerceviewer/data/common/model/contents/ShoppingLiveViewerContentsRecommendLogRequest.java, line(s) 178 com/navercorp/android/selective/livecommerceviewer/data/common/model/contents/ShoppingLiveViewerRecommendProductResult.java, line(s) 317 com/navercorp/android/selective/livecommerceviewer/data/common/model/product/ShoppingLiveExternalProductResult.java, line(s) 576 com/navercorp/android/selective/livecommerceviewer/data/common/model/product/ShoppingLiveProductResult.java, line(s) 734 com/navercorp/android/selective/livecommerceviewer/data/common/model/product/detail/response/ShoppingLiveProductOptionSelectResult.java, line(s) 990,990 com/navercorp/android/selective/livecommerceviewer/data/common/model/shortform/ShoppingLiveViewerShortFormProductItemResult.java, line(s) 635 com/navercorp/android/selective/livecommerceviewer/data/live/model/socket/ShoppingLiveSessionIoProductResult.java, line(s) 463 com/navercorp/android/selective/livecommerceviewer/data/replay/model/extraresult/ShoppingLiveViewerReplayHighlightResult.java, line(s) 201 com/navercorp/android/selective/livecommerceviewer/data/shortclip/model/ShoppingLiveViewerShortClipExternalProductResult.java, line(s) 611 com/navercorp/android/selective/livecommerceviewer/data/shortclip/model/ShoppingLiveViewerShortClipProductResult.java, line(s) 635 com/navercorp/android/selective/livecommerceviewer/data/shortclip/model/rewards/ShoppingLiveViewerShortClipRewardsRequest.java, line(s) 99 com/navercorp/android/selective/livecommerceviewer/livesolution/ShoppingLiveViewerExternalTokenManager.java, line(s) 533,548 com/navercorp/android/selective/livecommerceviewer/tools/ShoppingLiveViewerConstants.java, line(s) 225,310,53,328,331,231,262 com/navercorp/android/selective/livecommerceviewer/ui/common/product/detail/ShoppingLiveViewerProductOptionSelectViewModel.java, line(s) 783,534,580,611,694 com/navercorp/android/selective/livecommerceviewer/ui/common/webview/CommonWebView.java, line(s) 510 com/nhncorp/nstatlog/ace/AceClient.java, line(s) 28 com/nhncorp/nstatlog/ace/SharedPrefParamRepository.java, line(s) 9
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/naver/nelo/sdk/android/buffer/c.java, line(s) 4,5,37,38,45,46,47 n/d/a/b/l/x/j/a0.java, line(s) 5,6,88,100,383 n/d/a/b/l/x/j/e0.java, line(s) 3,18 n/d/a/b/l/x/j/f0.java, line(s) 4,5,85 n/d/a/c/b5/g.java, line(s) 6,7,30 n/d/a/c/b5/h.java, line(s) 6,75 n/d/a/c/k5/f1/h.java, line(s) 6,55,98 n/d/a/c/k5/f1/n.java, line(s) 7,8,118,132
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/naver/prismplayer/l4/e.java, line(s) 35 com/nhncorp/nstatlog/ClientInfo.java, line(s) 36 n/i/b/e0/j.java, line(s) 197
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/naver/prismplayer/j4/h3/a.java, line(s) 63 com/naver/prismplayer/j4/h3/b.java, line(s) 1735 com/naver/prismplayer/j4/h3/c.java, line(s) 609 com/naver/prismplayer/j4/h3/d.java, line(s) 9 com/naver/prismplayer/j4/h3/e.java, line(s) 446 kr/co/smartskin/zenbro2014/SettingsActivity.java, line(s) 901,902,903,904,900 m/h/a/k/i/e0.java, line(s) 62 n/d/c/l/e.java, line(s) 29,28
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/naver/prismplayer/j4/h3/b.java, line(s) 321 n/d/a/c/l5/x0.java, line(s) 203 n/d/c/j/r.java, line(s) 100 s/b3/a0/t.java, line(s) 679,700,704,729 s/b3/q.java, line(s) 129,155
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/navercorp/android/selective/livecommerceviewer/tools/utils/FileUtils.java, line(s) 29 com/navercorp/android/selective/livecommerceviewer/tools/utils/ImageUtils.java, line(s) 139 kr/co/smartskin/zenbro2014/ByappsWebView.java, line(s) 1176 m/j/l/e.java, line(s) 33,50,50 n/e/b/a/b.java, line(s) 126,140,164,212,249
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: kr/co/smartskin/zenbro2014/ByappsWebView.java, line(s) 2756,1144,2754
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: kr/co/smartskin/zenbro2014/MainActivity.java, line(s) 1364 n/i/b/e0/j.java, line(s) 205,213
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/naver/prismplayer/l4/f.java, line(s) 29,27,28,29,29,29,28,28,29,29,28,29,29 kr/co/smartskin/zenbro2014/MainActivity.java, line(s) 1128
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "google_api_key" : "AIzaSyDSU4oDbpprp-n_aLqhf4lD4HyqieVqafU" "google_app_id" : "1:605734268352:android:926f763b63f12209482c25" "google_crash_reporting_api_key" : "AIzaSyDSU4oDbpprp-n_aLqhf4lD4HyqieVqafU" YJVQpmHKa3DIU9QZNI3PJArbEkYxMniH 16a09e667f3bcc908b2fb1366ea957d3e3adec17512775099da2f590b0667322a 1077efec-c0b2-4d02-ace3-3c1e52e2fb4b 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 edef8ba9-79d6-4ace-a3c8-27dcd51d21ed 1e911c7f486649a6bbfbfc13fb07783b e2719d58-a985-b3c9-781a-b030af78d30e wxJzBrnhNeQQaJB2FU4Ez8yYYtNtZiRW 9a04f079-9840-4286-ab92-e65be0885f95
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/naver/prismplayer/api/audioplatform/AudioLog.java, line(s) 117,117,117,117,117 com/naver/prismplayer/b4/o0/i.java, line(s) 181,231 com/naver/prismplayer/f4/d.java, line(s) 128,134,136,139,70,130,242,132 com/naver/prismplayer/f4/g.java, line(s) 64,73,67,61,70,76 com/naver/prismplayer/f4/j.java, line(s) 358,375,368,378 com/naver/prismplayer/nativesupport/NativeSupport.java, line(s) 44,77 com/naver/prismplayer/ui/e0/b.java, line(s) 365 com/navercorp/android/selective/livecommerceviewer/tools/logger/Logger.java, line(s) 157,159,214,221,231,64,66,177,179,78,80,189,128,130,139,141 com/navercorp/android/selective/livecommerceviewer/tools/retrofit/RetrofitErrorUtils.java, line(s) 52,53 com/navercorp/android/selective/livecommerceviewer/ui/common/modalwebview/ShoppingLiveViewerModalBehavior.java, line(s) 868 com/nhncorp/nstatlog/ClientInfo.java, line(s) 56,100 com/nhncorp/nstatlog/WebkitCookieRepository.java, line(s) 28,49 com/nhncorp/nstatlog/ace/AceClient.java, line(s) 194,198,208,193,197,115 com/nhncorp/nstatlog/ace/DummyAceClient.java, line(s) 21 com/nhncorp/nstatlog/ace/SharedPrefParamRepository.java, line(s) 26,25 com/nhncorp/nstatlog/httpclient/HttpGetRequest.java, line(s) 32 com/nhncorp/nstatlog/httpclient/HttpLog.java, line(s) 9,19,8,14,17 kr/co/smartskin/zenbro2014/ByappsApplication.java, line(s) 115,142,187 kr/co/smartskin/zenbro2014/ByappsWebView.java, line(s) 220,518,604,635,815,1048,1087,2688,2695,2721,2818,2850,516,517 kr/co/smartskin/zenbro2014/ClearService.java, line(s) 19,24 kr/co/smartskin/zenbro2014/GifImageView.java, line(s) 175 kr/co/smartskin/zenbro2014/LoginActivity.java, line(s) 125,164,172,176 kr/co/smartskin/zenbro2014/MainActivity.java, line(s) 191,330,340,376,385,387,722,726,773,837,873,883,926,928,998,1270,1289,1319,1333,1368,1371,1374,1409,1481,1510,1582,1595,1623,1671,1699,1705,1706,1707,1722,1751,1786,1790,1792,1796,1819,1826,402,404 kr/co/smartskin/zenbro2014/MyFireBaseMessagingService.java, line(s) 81,83,88,91,94,115,125,130,132 kr/co/smartskin/zenbro2014/NotiReceiver.java, line(s) 85,100,115,130,140,203,233,236,239,249,260,296,297,331,332,347,361 kr/co/smartskin/zenbro2014/NotiSettingsActivity.java, line(s) 68,70,128,136,142,163,205,269 kr/co/smartskin/zenbro2014/PushPopupActivity.java, line(s) 67 kr/co/smartskin/zenbro2014/SettingsActivity.java, line(s) 66,75,119,122,221,231,363,380,453,811,897,906,932,937,958 kr/co/smartskin/zenbro2014/ShoppingLive.java, line(s) 83,96,199,202,244,286,291,298,304,353,399,407,417,431,435,437,439 kr/co/smartskin/zenbro2014/ShoppingLive2.java, line(s) 231,274,308,317,325,336,351,353,359,361 kr/co/smartskin/zenbro2014/ShowMSGActivity.java, line(s) 50 kr/co/smartskin/zenbro2014/SplashActivity.java, line(s) 127 kr/co/smartskin/zenbro2014/TabMenu.java, line(s) 297,459,470 kr/co/smartskin/zenbro2014/WebviewActivity.java, line(s) 185,186,187,188,211,447,486,496 kr/co/smartskin/zenbro2014/a0.java, line(s) 14 kr/co/smartskin/zenbro2014/b0.java, line(s) 184,195,238,239,273,282,452,583,598,619,655,693,740,745,863,867,967,972,985,988,991,992,1010,1086,1093,1105,1112,1148,1024,827,829 kr/co/smartskin/zenbro2014/c0.java, line(s) 42,51,64,87,111,169,177,183,185,209,221,222,226,235,269,277,297,299,330,348,356,357,365,368,377,392,393,394,465,468,492,505,548,549,571,572,574,576,577,591,615 kr/co/smartskin/zenbro2014/d0.java, line(s) 60,70,318,358,359,369,392,440,505,530,547,575,580,593,620,624,101,107,598,601 kr/co/smartskin/zenbro2014/e0.java, line(s) 213,222,230,389,402,425,517,529,35,38,39,40,48,85,88,90,174,251,252,267,268,277,278,318,326,327,328,331,341,342,371,372,467,489,490,500,505 kr/co/smartskin/zenbro2014/f0.java, line(s) 528,554,561,527,553,560,353,589,598 kr/co/smartskin/zenbro2014/i0.java, line(s) 74,102,73,101 kr/co/smartskin/zenbro2014/k.java, line(s) 53,40,45 kr/co/smartskin/zenbro2014/l.java, line(s) 22 kr/co/smartskin/zenbro2014/n.java, line(s) 44,48,58,62,66 kr/co/smartskin/zenbro2014/o.java, line(s) 36,41,46 kr/co/smartskin/zenbro2014/o0.java, line(s) 34,48 kr/co/smartskin/zenbro2014/p0.java, line(s) 305,314,319,584,85,97,98,110,137,171,189,190,272,279,348,353,470,491,501 kr/co/smartskin/zenbro2014/q0.java, line(s) 82,100,148,156,172,281 kr/co/smartskin/zenbro2014/r0.java, line(s) 59 kr/co/smartskin/zenbro2014/w.java, line(s) 44,103,113 kr/co/smartskin/zenbro2014/x.java, line(s) 109,134,135 kr/co/smartskin/zenbro2014/y.java, line(s) 97,455,470 kr/co/smartskin/zenbro2014/z.java, line(s) 152,169,195,217,253,40 m/a/c/a/a.java, line(s) 298,301 m/a/f/g.java, line(s) 142,175,256 m/b0/b.java, line(s) 92 m/c/b/a.java, line(s) 127,131 m/c0/e1.java, line(s) 35,120 m/c0/q.java, line(s) 49,61,76 m/c0/u0.java, line(s) 38,47,49 m/d/b/d.java, line(s) 259 m/d/b/i.java, line(s) 36,46,56,65,74,83 m/d/b/l.java, line(s) 91 m/d/c/h.java, line(s) 107,120 m/d/c/j.java, line(s) 29 m/d/c/u.java, line(s) 109,47,94,104 m/d0/c/a/c.java, line(s) 197,200 m/d0/c/a/e.java, line(s) 96,111 m/d0/c/a/i.java, line(s) 269,272,363,368,893 m/f/c.java, line(s) 68,90 m/h/a/a.java, line(s) 286,290,293 m/h/a/e.java, line(s) 92,96,369,495,1004 m/h/a/j.java, line(s) 80,310,314,317 m/h/a/k/c.java, line(s) 1087 m/h/a/k/g/c.java, line(s) 288,292 m/h/a/k/g/d.java, line(s) 415 m/h/a/k/g/e.java, line(s) 122 m/h/a/k/h/c.java, line(s) 35,42,45,48 m/h/a/k/i/d.java, line(s) 54 m/h/a/k/i/e0.java, line(s) 47,23,31,42 m/h/a/k/i/i.java, line(s) 37,38,48,116,117,127,195,196,206 m/h/a/k/i/p.java, line(s) 87 m/h/a/k/i/q.java, line(s) 58,59 m/h/a/k/i/t.java, line(s) 311 m/h/a/l/b.java, line(s) 21 m/h/a/l/c.java, line(s) 108 m/h/a/l/g.java, line(s) 59,273 m/h/a/m/p.java, line(s) 187 m/h/a/m/r.java, line(s) 418,446 m/h/a/n/p/e.java, line(s) 267 m/h/b/a/b.java, line(s) 230 m/h/b/a/c.java, line(s) 67,84,221,236,251 m/h/c/a/a.java, line(s) 96,99 m/h/c/a/c.java, line(s) 90,92 m/h/c/a/d.java, line(s) 141,143 m/h/c/a/f.java, line(s) 166,168 m/h/c/b/b0.java, line(s) 284,285 m/h/c/b/c0.java, line(s) 272,97 m/h/c/b/d.java, line(s) 137,179,19,25,30,37,40,48,60,65,70,191 m/h/c/b/e.java, line(s) 350 m/h/c/b/h.java, line(s) 102 m/h/c/b/i.java, line(s) 207,273,339 m/h/c/b/j.java, line(s) 35,118 m/h/c/b/k.java, line(s) 143,148,313 m/h/c/b/m.java, line(s) 114 m/h/c/b/n.java, line(s) 109,212,219 m/h/c/b/o.java, line(s) 196,203 m/h/c/b/p.java, line(s) 184 m/h/c/b/t.java, line(s) 1368,1571,1591,1594,1599,1602,1638,1870,2218,2853,637,663,665,717,771,1583,1657,2845,1614,1617,1625,1628,1631,1958,2721 m/h/c/b/v.java, line(s) 489,525,858,1045,1525,1569,255,153,314,514,1035,1036,1060,1061,1067 m/h/c/b/y.java, line(s) 261 m/h/d/a/e.java, line(s) 402,796 m/j/e/a0.java, line(s) 65,124 m/j/e/d0.java, line(s) 103,106 m/j/e/e0.java, line(s) 122 m/j/e/o.java, line(s) 535,540 m/j/e/y.java, line(s) 90 m/j/e/z.java, line(s) 48,83 m/j/l/e.java, line(s) 52 m/j/l/g.java, line(s) 58,62,66,93,97,101 m/j/l/t.java, line(s) 75,90,109,129,143 m/j/o/e.java, line(s) 72,88,90,103,105,126,129 m/j/q/a.java, line(s) 26,31,54,59,64,72,77,93 m/j/q/f.java, line(s) 19 m/j/r/b0.java, line(s) 142,225 m/j/r/c1.java, line(s) 95,110,135,170,195,220,245 m/j/r/l.java, line(s) 81 m/j/r/l1.java, line(s) 994,1038,789,801,808,817,46,69,1029 m/j/r/n1/d.java, line(s) 230 m/j/r/p1/c.java, line(s) 200 m/j/r/v.java, line(s) 49,58 m/j/r/x0.java, line(s) 2459,2587,2857,1687,1694,1696,1698,2152,2339,2458 m/j/r/y0.java, line(s) 53,67 m/l/c/d.java, line(s) 166 m/m/b/b.java, line(s) 59,120,134 m/m/b/c.java, line(s) 28,77 m/m/b/e.java, line(s) 144 m/q/b/a.java, line(s) 988,1001,1130,1194,1326,1476,1479,1499,1505,1595,1711,1727,1738,1745,1851,1927,1985,1987,2384,2436,2501,2813,1464,1470,494,1110,1114,1349,1887,1895,2099,2324,2331,2394,2402,2674 m/t/a/a.java, line(s) 187,217,226 m/t/b/a.java, line(s) 30 m/u/b/b.java, line(s) 57,72,80,105,212,232,360,381,426,432,453,64 m/u/c/d.java, line(s) 82 m/v/b/a.java, line(s) 158,163,170,174,190,200 m/w/a.java, line(s) 151,398,409 n/a/a/c/a.java, line(s) 7,13,8,14 n/a/b/x.java, line(s) 96,100,104,11,110,115,120,124 n/b/a/a/a0/a.java, line(s) 39 n/b/a/a/a0/b.java, line(s) 61,76,77,96,100,103,106,109,111,113,117,120,122,124,127,141,143,145,149,151,153,155,165,185,217,223,228 n/b/a/a/a0/c.java, line(s) 32 n/b/a/a/a0/d.java, line(s) 39 n/b/a/a/a0/e.java, line(s) 41,45,54,88,91,95,107,112,152,155,159,165,170 n/b/a/a/b0/i.java, line(s) 53,66 n/b/a/a/d.java, line(s) 28 n/b/a/a/e.java, line(s) 25 n/b/a/a/l.java, line(s) 34 n/b/a/a/n.java, line(s) 27 n/b/a/a/o.java, line(s) 55 n/b/a/a/u.java, line(s) 281,350 n/d/a/b/l/v/a.java, line(s) 10,14,18,22,26,34,38 n/d/a/c/l5/z.java, line(s) 44,56,82,113 n/d/a/e/b/a/a.java, line(s) 289,308,342 n/d/a/e/b/a/b.java, line(s) 40,55,65,76 n/d/a/e/b/a/c.java, line(s) 16,29,42,52 n/d/a/e/e/n.java, line(s) 23 n/d/a/e/f/e/k.java, line(s) 24 n/d/a/e/h/a.java, line(s) 37,51,49,76,87 n/d/a/e/j/b.java, line(s) 25 n/d/a/e/j/d.java, line(s) 69,135 n/d/a/f/b/h.java, line(s) 66 n/d/a/f/e/a.java, line(s) 217 n/d/a/f/r/d.java, line(s) 176,209 n/d/a/f/s/b.java, line(s) 90 n/d/a/f/u/j.java, line(s) 285 n/d/a/f/x/l.java, line(s) 865,895 n/d/a/f/x/w/l.java, line(s) 794,824 n/d/d/e.java, line(s) 170,268 n/e/b/b/j.java, line(s) 73,77 n/e/c/a/a/m/d/b.java, line(s) 132 n/i/b/e0/h.java, line(s) 95,396,400 n/j/a/c0.java, line(s) 525,538 n/j/a/f0.java, line(s) 21,25,29,31,34,36,40,42,45,62,70,72,74,78,82,87,89,93,98,100,104,109,111,116,118,120,142,144,146,149,152,159,226,228 s/b3/d.java, line(s) 14,19,24,29,34,39,44,49,54,60,65,70,75,80,85,90,95,100,105,110,116 t/b/h4/b.java, line(s) 80 u/l0/f.java, line(s) 718 u/l0/p/i/c.java, line(s) 56,56,71 w/a/a/a/z.java, line(s) 229 w/d/n.java, line(s) 58,60,61,62,63,65,66,67,69,70,71,73,74,75,77,78,79,80,81,82,83,84,117,118,119,122,124,125,126,150,151,152,153,154,155,156,157,158,159,161,162,163,165,166,167,169,170,171,173,174,175,177,178,179,181,182,183,185,186,187,189,190,191,193,194,195,197,198,199,201,202,203,205,206,207,209,210,211,212,213,214,216,217,218,220,221,222,224,225,226,228,229,230,231,232,235,236,237,238,239,241,242,243,244,246,247,248,249,251,252,254,256,258,259,260,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,282,283,284,288,290,296,297,298,300,301,303,304,306,307,321,322,324,326,327,328,330,331,332,333,334,340,344,346,347,348,349,350,351,352,353,354,355,356,357,358,360,362,364,365,366,367,368,369,370,371,372,375,379,381,383,385,387,392,394,396,398,400,402,404,406,408,410,412,414,416,418,420,422,424,426,428,432,434,438,440,444,446,448,450,452,454,456,458,460,462,464,466,468,470,473,477,480,482,485
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/naver/prismplayer/y2.java, line(s) 102,102 n/e/c/a/a/n/d.java, line(s) 34,34
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/navercorp/android/selective/livecommerceviewer/tools/extension/ContextExtensionKt.java, line(s) 4,127
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/naver/prismplayer/j4/h3/b.java, line(s) 993,971,991,993,990,990 com/navercorp/android/selective/livecommerceviewer/tools/retrofit/BaseRetrofit.java, line(s) 36,36 u/l0/p/c.java, line(s) 118,117,116 u/l0/p/d.java, line(s) 160,149,159,170,158,158 u/l0/p/g.java, line(s) 119,118,117,117 u/l0/p/h.java, line(s) 270,257,269,268,268
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/naver/prismplayer/l4/f.java, line(s) 27,27,27,27,27,27 kr/co/smartskin/zenbro2014/MainActivity.java, line(s) 1169,1190,1128,1128,1128,1128,1128,1128,1128
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/605734268352/namespaces/firebase:fetch?key=AIzaSyDSU4oDbpprp-n_aLqhf4lD4HyqieVqafU ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pagead2.googlesyndication.com) 通信。
{'ip': '180.163.150.38', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
综合安全基线评分总结
젠브로 v2.8
Android APK
50
综合安全评分
中风险