应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Apple Music v5.9.7.3
34
安全评分
安全基线评分
34/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在较高安全风险,需要重点关注
漏洞与安全项分布
25
高危
44
中危
4
信息
2
安全
隐私风险评估
2
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
25
中危安全漏洞
44
安全提示信息
4
已通过安全项
2
重点安全关注
0
高危安全漏洞 Activity (com.apple.android.music.onboarding.activities.SplashActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(27)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.apple.android.music.common.activity.UriHandlerActivity][android:host=https://se2.itunes.apple.com] App Link 资产验证 URL(https://se2.itunes.apple.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:404)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.apple.android.music.common.activity.UriHandlerActivity][android:host=https://search.itunes.apple.com] App Link 资产验证 URL(https://search.itunes.apple.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:502)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.apple.android.music.common.activity.UriHandlerActivity][android:host=https://buy.itunes.apple.com] App Link 资产验证 URL(https://buy.itunes.apple.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:403)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 Activity(com.apple.android.music.common.activity.UriHandlerActivity)易受 Android Task Hijacking/StrandHogg 攻击。
Activity 启动模式为 "singleTask" 时,恶意应用可将自身置于栈顶,导致任务劫持(StrandHogg 1.0),易被钓鱼攻击。建议将启动模式设为 "singleInstance" 或 taskAffinity 设为空(taskAffinity=""),或将 target SDK 版本(27) 升级至 28 及以上以获得平台级防护。
高危安全漏洞 Activity (com.apple.android.music.common.activity.UriHandlerActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(27)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.apple.android.music.deeplink][android:host=https://buy.itunes.apple.com] App Link 资产验证 URL(https://buy.itunes.apple.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:403)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 Activity (com.apple.android.music.deeplink) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(27)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 Activity (com.apple.android.music.commerce.activities.SonosAppleActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(27)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 Activity(com.apple.android.music.search.google.VoiceSearchHandlerActivity)易受 Android Task Hijacking/StrandHogg 攻击。
Activity 启动模式为 "singleTask" 时,恶意应用可将自身置于栈顶,导致任务劫持(StrandHogg 1.0),易被钓鱼攻击。建议将启动模式设为 "singleInstance" 或 taskAffinity 设为空(taskAffinity=""),或将 target SDK 版本(27) 升级至 28 及以上以获得平台级防护。
高危安全漏洞 Activity (com.apple.android.music.search.google.VoiceSearchHandlerActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(27)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 Activity(com.apple.android.music.common.MainContentActivity)易受 Android Task Hijacking/StrandHogg 攻击。
Activity 启动模式为 "singleTask" 时,恶意应用可将自身置于栈顶,导致任务劫持(StrandHogg 1.0),易被钓鱼攻击。建议将启动模式设为 "singleInstance" 或 taskAffinity 设为空(taskAffinity=""),或将 target SDK 版本(27) 升级至 28 及以上以获得平台级防护。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.apple.android.music.commerce.activities.ChromeTabsActivity][android:host=https://buy.itunes.apple.com] App Link 资产验证 URL(https://buy.itunes.apple.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:403)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 Activity (com.apple.android.music.commerce.activities.ChromeTabsActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(27)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 Activity (com.apple.android.music.widget.AppleMusicWidgetConfigActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(27)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 Activity (com.apple.android.music.widget.ChartsWidgetConfigActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(27)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 Activity (com.apple.android.music.widget.RecentlyPlayedWidgetConfigActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(27)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 Activity (com.apple.android.music.widget.RecommendationsWidgetConfigActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(27)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 Activity (com.apple.android.music.mli.MLIChromeTabActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(27)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 Activity (com.rzmod.Raj.classes.DefaultProvider$MyActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(27)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: E6/C0406b.java, line(s) 77 E6/C2996b.java, line(s) 79
高危安全漏洞 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
com/rzmod/Raj/classes/util/SimpleCrypt.java, line(s) 55
高危安全漏洞 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: andhook/lib/BuildConfig.java, line(s) 3,8 com/rzmod/Raj/classes/BuildConfig.java, line(s) 3,6
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/apple/android/music/commerce/activities/StorePageActivity.java, line(s) 493,14
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/apple/android/svgroupactivities/impl/webview/WebViewHolderImpl.java, line(s) 142,14,15
中危安全漏洞 Activity (com.apple.android.music.common.activity.UriHandlerActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity-Alias (com.apple.android.music.deeplink) 未受保护。
[android:exported=true] 检测到 Activity-Alias 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.apple.android.music.commerce.activities.SonosAppleActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.apple.android.music.search.google.VoiceSearchHandlerActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(com.apple.android.music.social.activities.SocialWebActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (com.apple.android.music.commerce.activities.ChromeTabsActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.apple.android.music.widget.AppleMusicWidgetConfigActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.apple.android.music.widget.ChartsWidgetConfigActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.apple.android.music.widget.RecentlyPlayedWidgetConfigActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.apple.android.music.widget.RecommendationsWidgetConfigActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.apple.android.music.mli.MLIChromeTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.apple.android.music.player.MediaPlaybackService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.apple.android.music.pushnotifications.controllers.PushNotificationsService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (androidx.media.session.MediaButtonReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.apple.android.music.widget.AppleMusicWidget) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.apple.android.music.widget.RecentlyPlayedWidgetProvider) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.apple.android.music.widget.RecommendationsWidgetProvider) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.apple.android.music.widget.ChartsWidgetProvider) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.apple.android.music.common.controllers.PartnerInstallReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (androidx.mediarouter.media.MediaTransferReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.apple.android.music.provider.ArtworkContentProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Content Provider (com.rzmod.Raj.classes.DefaultProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.rzmod.Raj.service.RemoteService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.rzmod.Raj.classes.DefaultProvider$DefaultReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.rzmod.Raj.classes.DefaultProvider$MyActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.rzmod.Raj.classes.FakeCamera$FakeCameraReceiver) 未受保护。
存在 intent-filter。 检测到 Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。
中危安全漏洞 高优先级 Intent(1000) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: A0/g.java, line(s) 8,304,307,310,313,316,319,322,325,328,331,334,354,357,360,363,366,369,372,375,378,381,384 C8/C0261l.java, line(s) 6,7,115,490,627 C8/C0273p.java, line(s) 5,6,15 C8/C0680l.java, line(s) 7,8,9,142,877,1271,1378,1514,1555 C8/C0692p.java, line(s) 5,6,15 D/e.java, line(s) 16,110 H1/A.java, line(s) 10,262 P4/k.java, line(s) 14,15,133,183,234,440,471 com/apple/android/music/figarometrics/m.java, line(s) 6,7,37 com/apple/android/music/model/notifications/InappNotificationsDB.java, line(s) 14,15,127,286,312 com/apple/android/music/playback/model/StoreMediaItemMapper.java, line(s) 6,54,55,56,64,65,66 com/apple/android/music/playback/queue/persistence/ProviderItemMapper.java, line(s) 5,17,18,26,27 com/apple/android/music/playback/queue/persistence/StorePlaybackQueueItemProviderDao.java, line(s) 5,44 com/apple/android/music/playback/reporting/PlayActivityEventsDataBase.java, line(s) 6,7,175 com/apple/android/music/settings/fragment/d0.java, line(s) 3,47,64 com/apple/android/music/storeapi/stores/migrators/AccountStoreMigrator.java, line(s) 4,38 com/apple/android/music/storeapi/stores/migrators/CookieStoreMigrator.java, line(s) 5,41 com/apple/android/music/storeapi/stores/migrators/DeviceStoreMigrator.java, line(s) 4,27 com/apple/android/music/storeapi/stores/migrators/UserProfileStoreMigrator.java, line(s) 4,45 d7/j.java, line(s) 5,98 d7/k.java, line(s) 5,73 d7/p.java, line(s) 8,9,144,173,258 d7/t.java, line(s) 5,6,181 l5/C0429a.java, line(s) 7,8,62 l5/C0432d.java, line(s) 6,99,303,356 l5/C3550a.java, line(s) 7,8,67 l5/C3553d.java, line(s) 6,108,312,365 z1/c.java, line(s) 7,8,9,10,11,52,80
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: F/C0296h0.java, line(s) 23 F/C0763h0.java, line(s) 23 G3/C1464p0.java, line(s) 181 G3/C3116p0.java, line(s) 183 G3/O0.java, line(s) 240 T0/x.java, line(s) 42 T6/h.java, line(s) 42 V6/f.java, line(s) 35 V6/q.java, line(s) 82 V6/x.java, line(s) 72 com/apple/android/music/collection/mediaapi/controller/AlbumPageController.java, line(s) 143 com/apple/android/music/collection/mediaapi/controller/PlaylistPageController.java, line(s) 174 com/apple/android/music/commerce/SonosViewModel.java, line(s) 44 com/apple/android/music/data/emoji/util/EmojiFileParser.java, line(s) 38,40,42 com/apple/android/music/mediaapi/models/internals/Association.java, line(s) 14,15 com/apple/android/music/mediaapi/models/internals/Relationship.java, line(s) 16,17,18,19,20,29,22,21,23,24,25,26,27,30,31,32 com/apple/android/music/model/BaseStorePlatformResponse.java, line(s) 13 com/apple/android/music/playback/player/cache/MediaAssetCacheControl.java, line(s) 196 com/apple/android/music/playback/player/cache/PersistentKeyData.java, line(s) 125 com/apple/android/music/playback/player/datasource/PlayerFootHillPDataSource.java, line(s) 22,23 com/apple/android/music/playback/player/mediasource/AppleHlsPlaylistParser.java, line(s) 66,73 com/apple/android/music/playback/player/mediasource/MatchAssetRequest.java, line(s) 19 com/apple/android/music/playback/player/mediasource/PurchaseAssetRequest.java, line(s) 19 com/apple/android/music/playback/queue/MediaQueueItemsFactory.java, line(s) 32,35,33,36,34,37,39,38,43,41,50,51,49,42 com/apple/android/music/playback/util/PersistableMap.java, line(s) 27 com/apple/android/music/player/cast/CastRemoteClient.java, line(s) 72,73,74,75,87,82,78,114,83,84,108,93,113,111,112,85,115,117,118,116,121,123,110 com/apple/android/music/pushnotifications/InappQueryResultAddOn.java, line(s) 20 com/apple/android/music/widget/ChartsWidgetConfigEpoxyController.java, line(s) 26 v2/d.java, line(s) 32
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: S9/C0537g.java, line(s) 169 S9/C1030g.java, line(s) 170 na/C1456b.java, line(s) 40 na/C3709b.java, line(s) 64 oa/C3764c.java, line(s) 259
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: C8/u2.java, line(s) 40 U7/C0571a.java, line(s) 8 U7/C1100a.java, line(s) 8 Xb/AbstractC1661a.java, line(s) 3 Xb/AbstractC4322a.java, line(s) 3 Xb/C1662b.java, line(s) 3 Xb/C4323b.java, line(s) 3 Yb/C1673a.java, line(s) 3 Yb/C4390a.java, line(s) 3 com/apple/android/music/common/views/DancingProgressBar.java, line(s) 15 com/apple/android/music/metrics/g.java, line(s) 16 com/apple/android/music/playback/queue/ShuffledPlaybackQueueIndexGenerator.java, line(s) 4 com/apple/android/music/player/T.java, line(s) 3 i0/RunnableC3285u.java, line(s) 51 i9/a.java, line(s) 24
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: S2/B.java, line(s) 47,47 X5/h.java, line(s) 149 a3/C0428a.java, line(s) 17,16,17 a3/C1188a.java, line(s) 19,18,19 com/apple/android/music/collection/PlaylistCollectionViewModel.java, line(s) 251 com/apple/android/music/collection/mediaapi/viewmodel/NewPlaylistViewModel.java, line(s) 273 com/apple/android/music/common/views/O.java, line(s) 96 com/apple/android/music/figarometrics/h.java, line(s) 398 com/apple/android/music/figarometrics/j.java, line(s) 149,151 com/apple/android/music/playback/reporting/PlayActivityHelper.java, line(s) 224,297,224,299 com/apple/android/music/utils/C0331h.java, line(s) 512,948,517,948 com/apple/android/music/utils/C2402h.java, line(s) 645,1228,650,1228 com/rzmod/Raj/classes/BundleObb.java, line(s) 79 com/rzmod/Raj/classes/FakeCamera.java, line(s) 414 d4/g.java, line(s) 358 d4/h.java, line(s) 28,31
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/apple/android/music/playback/player/datasource/PlayerHttpDataSource.java, line(s) 188 com/rzmod/Raj/classes/HostsBlocker.java, line(s) 155 v4/m.java, line(s) 53
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: C8/u2.java, line(s) 240 andhook/lib/xposed/XposedHelpers.java, line(s) 1074 com/apple/android/music/utils/C0331h.java, line(s) 791 com/apple/android/music/utils/C2402h.java, line(s) 1035
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/apple/android/music/commerce/activities/StorePageActivity.java, line(s) 477,329 com/apple/android/svgroupactivities/impl/webview/WebViewHolderImpl.java, line(s) 145,201 com/dialogfwtm/FWDialog.java, line(s) 65,60
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/dialogfwtm/FWDialog.java, line(s) 61,60
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/rzmod/Raj/classes/Utils.java, line(s) 428 na/C1457c.java, line(s) 84 na/C3710c.java, line(s) 87
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Toegangssleutel" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Parool" "block_user" : "Blokkeer" "KEY_CATEGORY_LOGIN" : "key_login" "login_password" : "Passwort" "KEY_DEBUG_CAPTURE_LOGS" : "key_capture_logs" "KEY_LIBRARY_CONTENT_CURRENTLY_DISPLAYED_DOWNLOADED_SECTIONS_ADDMUSICMODE" : "library_content_currently_displayed_downloaded_sections_addmusicmode" "KEY_AUDIO_QUALITY" : "audio_quality" "KEY_PLAYBACK_SHOW_LOCKSCREEN_ART" : "key_playback_show_lockscreen_art" "KEY_DOLBY_ATMOS_AUTOMATIC_PREFERENCE" : "key_dolby_atmos_automatic_preference" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Contrasinal" "google_api_key" : "AIzaSyB2az7ihbVLcmh81YKR5TEeLYuH_wCt1Sc" "KEY_CATEGORY_DIAGNOSTICS_DIVIDER" : "key_diagnostics_divider_category" "KEY_AUDIO_QUALITY_ABOUT_PREFERENCE" : "key_audio_quality_about_preference" "shareplay_sessionroute_type_speaker" : "Bocina" "account_settings_connect_username" : "Username" "KEY_CATEGORY_LIBRARY_SUMMARY" : "key_library_category_summary" "social_private_profile_as_recommendation_subtitle" : "Yksityinen" "shareplay_sessionroute_type_appletv" : "Apple TV" "KEY_LAST_USED_SEARCH_TAB" : "last_used_search_tab_ordinal" "KEY_DEBUG_FORCE_PLAYSTORE_INSTALLED" : "key_debug_force_playstore_installed" "shareplay_sessionroute_type_speaker" : "Kaiutin" "KEY_PREFERENCE_LEAKCANARY" : "key_leakcanary" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Passord" "KEY_DEBUG_USE_DEFAULT_BANDWIDTH_METER" : "key_debug_use_default_bandwidth_meter" "KEY_USER_DEBUG_SETTINGS" : "user_debug_settings" "KEY_DEBUG_FORCE_PC_ONAPPSTART" : "key_debug_force_pricechange_onapplaunch" "social_private_profile_as_recommendation_subtitle" : "Privato" "KEY_IS_DOWNLOADED_SECTION_DISABLED_AFTER_DOWNLOADS" : "is_downloaded_section_disabled_after_downloads" "KEY_DEBUG_UID" : "key_debug_uid" "shareplay_sessionroute_type_speaker" : "Speaker" "KEY_AS_CATEGORY_NOTIFICATIONS" : "key_account_settings_notifications_category" "developer_key_user_token" : "eyJraWQiOiIxMzIyMjIyMjI5IiwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiIxMjIyMjIyMjI5IiwiZXhwIjoxNTIxNDA5ODk5LCJpYXQiOjE1MDU4NTc4OTl9.ryCX_aZeHEC216zSDnJ-WKmQ_D-uZzLFfyrw-X18f0xS7ki_yJVegQE9QDmEBQyj4zbWcbDYTe5-jdwJUfX4FA" "KEY_ADD_TO_FAVORITES_BEHAVIOR" : "key_add_to_favorites_behavior" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Parole" "KEY_DEBUG_BIT_STREAM_SWITCHING" : "key_debug_bit_stream_switching" "KEY_HIGH_RES_LOSSLESS_PREFERENCE" : "key_high_res_lossless_preference" "KEY_PREFERENCE_MIGRATED" : "key_preference_migration_completed" "KEY_AS_SDK_APPS" : "key_account_settings_sdk_apps" "block_user" : "Bloquer" "KEY_CATEGORY_ABOUT" : "key_about_category" "KEY_AS_PAYMENT_HISTORY" : "key_account_settings_payment_history" "KEY_GENERAL_RESTRICTIONS_ENABLED" : "explicit_general_restrictions_enabled" "KEY_DISABLE_MOTION" : "key_disable_motion" "KEY_CATEGORY_DEBUG_CHROMECAST" : "key_debug_chromecast_category" "KEY_LAST_READ_SERVER_APP_VERSION" : "key_last_read_server_app_version" "KEY_RECENT_SEARCH_MEDIA_ENTITY" : "recent_search_media_entity" "KEY_CATEGORY_DEBUG_DOWNLOADS" : "key_debug_downloads_category" "KEY_WIFI_STREAMING_PREFERENCE" : "key_wifi_streaming_preference" "KEY_CATEGORY_DEBUG_FORCE_VALUES" : "key_debug_force_values_category" "KEY_MLI_MATCHES" : "key_mli_matches" "apple_id_password" : "Wachtwoord" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Parol" "KEY_AS_SUBSCRIPTION_REDEEM" : "key_account_settings_subscription_redeem" "shareplay_sessionroute_type_car" : "bil" "KEY_PROFILE_IMAGE_URI" : "updated_profile_image_uri" "KEY_SORT_LIBRARY_SECTION" : "sort_library_section" "KEY_MOTION_SCREEN" : "key_motion_screen" "apple_id_password" : "Adgangskode" "apple_id_password" : "Contrasenya" "KEY_AS_FRIENDS_CONTACTS" : "key_account_settings_social_friends_contacts" "shareplay_sessionroute_type_speaker" : "Lautsprecher" "login_password" : "Adgangskode" "KEY_CLOUD_AUTHTOKEN" : "cloud_auth_token" "account_settings_connect_username" : "Brukernavn" "apple_id_password" : "Senha" "KEY_CONTENT_RESTRICTIONS" : "key_content_restrictions" "KEY_WIFI_STREAMING_DIVIDER_PREFERENCE" : "key_wifi_streaming_divider_preference" "apple_id_password" : "Lozinka" "KEY_CATEGORY_DEBUG_OFFLINE_RECO" : "key_debug_offline_reco_category" "com.google.firebase.crashlytics.mapping_file_id" : "00000000000000000000000000000000" "apple_id_password" : "Parola" "login_password" : "Passord" "google_crash_reporting_api_key" : "AIzaSyB2az7ihbVLcmh81YKR5TEeLYuH_wCt1Sc" "KEY_DOWNLOADS_DIVIDER_PREFERENCE" : "key_downloads_divider_preference" "KEY_USER_DEBUG_SETTINGS_DATABASE" : "key_user_debug_settings_database" "user_name" : "[email protected]" "KEY_DEBUG_PAF_FILE" : "key_debug_paf_file" "KEY_KARAOKE_LYRICS_ALWAYS_ON_PREFERENCE" : "key_karaoke_lyrics_always_on_preference" "shareplay_sessionroute_type_car" : "Auto" "KEY_CROSSFADE_OFF_PREFERENCE" : "key_crossfade_off_preference" "KEY_DOLBY_ATMOS_OFF_PREFERENCE" : "key_dolby_atmos_off_preference" "KEY_CATEGORY_DEBUG_DIVIDER" : "key_debug_divider_category" "shareplay_sessionroute_type_speaker" : "altavoz" "KEY_CATEGORY_LIBRARY" : "key_library_category" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Sarbide-gakoa" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Contrasenya" "KEY_CATEGORY_DEBUG_ANIMATIONS_DIVIDER" : "key_debug_anim_divider_category" "nav_graph_intent_can_cancel_edit_session" : "nav_graph_intent_can_cancel_edit_session" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" "KEY_DEBUG_SAVE_RENDER_PAGE_DISK" : "key_debug_save_render_page_disk" "shareplay_sessionroute_type_car" : "Cotxe" "login_password" : "Lozinka" "google_app_id" : "1:843686588413:android:460563c870948822" "KEY_CATEGORY_ALLOWED_CONTENT" : "key_allowed_content_category" "shareplay_sessionroute_type_speaker" : "Reproduktor" "KEY_KARAOKE_SCREEN" : "key_karaoke_screen" "KEY_CATEGORY_AUDIO" : "key_audio_category" "login_password" : "Salasana" "unblock_user" : "Avblockera" "login_password" : "Senha" "account_settings_connect_username" : "Gebruikersnaam" "KEY_CATEGORY_DATA" : "key_data_category" "KEY_DEBUG_ALWAYS_SHOW_TOOLTIPS" : "key_debug_always_show_tooltips" "KEY_DEBUG_INAPP_BANNER" : "key_debug_in_app_banner" "KEY_LIBRARY_CONTENT_CURRENTLY_DISPLAYED_SECTIONS" : "library_content_currently_displayed_sections" "KEY_DOLBY_ATMOS_MOUSEPRINT_PREFERENCE" : "key_dolby_atmos_off_preference" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Zaporka" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Wagwoordsleutel" "KEY_USER_DEBUG_SETTINGS_FULL_REPORT" : "key_user_debug_settings_full_report" "block_user" : "Zablokuj" "KEY_KARAOKE_LYRICS_ONLY_WHEN_VA_ON_PREFERENCE" : "key_karaoke_lyrics_only_when_va_on_preference" "social_private_profile_as_recommendation_subtitle" : "Privat" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Pasahitza" "block_user" : "Blokiraj" "KEY_DEBUG_LIBRARY_LOGGER" : "key_debug_library_logger" "INTENT_KEY_SETTINGS_DETAILPAGE_TYPE" : "settings_detail_page_type" "KEY_USE_CELLULAR_DATA_SAVER" : "key_use_cellular_data_saver" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Lozinka" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Nyckel" "apple_id_password" : "Passwort" "login_password" : "Heslo" "password" : "Memotest1234" "block_user" : "Zablokovat" "KEY_LAST_NAVIGATION_FRAGMENT" : "last_nav_fragment" "KEY_SEND_LOGS_BY_EMAIL" : "send_logs_by_email" "KEY_DEBUG_ENABLE_CHROMECAST_QA" : "key_debug_enable_chromecast_qa" "KEY_CATEGORY_DISPLAY_OPTIONS" : "key_display_options" "KEY_CATEGORY_DEBUG_PLAYBACK" : "key_debug_playback_category" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Wagwoord" "KEY_CATEGORY_DOWNLOADS" : "key_downloads_category" "KEY_AS_SOCIAL_ONBOARDING" : "key_account_settings_social_onboarding" "KEY_CELLULAR_STREAMING_PREFERENCE" : "key_cellular_streaming_preference" "KEY_DOLBY_ATMOS_DOWNLOAD_PREFERENCE" : "key_dolby_atmos_download_preference" "KEY_CATEGORY_DIAGNOSTICS" : "key_diagnostics_category" "block_user" : "Blockera" "INTENT_KEY_SETTINGS_DETAILPAGE_TYPE_FEEDBACK" : "detail_page_feedback" "KEY_AS_CATEGORY_SUBSCRIPTION" : "key_account_settings_subscription_category" "KEY_ALLOW_EXPLICIT_PIN" : "PIN" "INTENT_KEY_SETTINGS_DETAILPAGE_TYPE_PRIVACY" : "detail_page_privacy" "KEY_HIGH_RES_LOSSLESS_PREFERENCE_DIVIDER" : "key_high_res_lossless_preference_divider" "KEY_USER_DEBUG_SETTINGS_QUEUE" : "key_user_debug_settings_queue" "KEY_LIBRARY_CONTENT_CURRENTLY_DISPLAYED_DOWNLOADED_SECTIONS" : "library_content_currently_displayed_downloaded_sections" "KEY_EQUALIZER_WARNING_DIALOG" : "key_equalizer_warning_dialog" "shareplay_sessionroute_type_car" : "coche" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Passwort" "KEY_ACCEPTED_EULA" : "key_accepted_eula" "unblock_user" : "Desbloquear" "shareplay_sessionroute_type_homepod" : "HomePod" "KEY_RANDOM_AUDIO_FLAVOR" : "key_random_audio_flavor" "login_password" : "Contrasenya" "shareplay_sessionroute_type_speaker" : "Altaveu" "KEY_ALLOW_STREAMING_ON_CELLULAR" : "key_allow_streaming_on_cellular" "shareplay_sessionroute_type_car" : "Automobil" "KEY_AS_SUBSCRIPTION_OFFER" : "key_account_settings_subscription_offer" "KEY_STREAMING_CACHE_SIZE" : "key_streaming_cache_size" "KEY_STREAM_HIGH_QUALITY_CELLULAR" : "stream_high_quality_cellular" "KEY_ALLOW_EXPLICIT_PROFILES_CONNECT" : "explicit_profiles_connect" "KEY_SHOWN_DIALOG_DIAGNOSTICS" : "diagnostics_dialog_shown" "KEY_DOLBY_ATMOS_ALWAYS_ON_PREFERENCE" : "key_dolby_atmos_always_on_preference" "KEY_DEBUG_CRASH_APPLE_MUSIC" : "key_debug_crash_apple_music" "KEY_LIBRARY_CONTENT_USERSELECTED_SECTIONS" : "library_content_user_selected_sections" "KEY_AUDIO_QUALITY_MOUSEPRINT_PREFERENCE" : "key_audio_quality_mouseprint_preference" "apple_id_password" : "Heslo" "snapchat_oauth_clientid" : "fb247926-c8a4-48d9-9869-5b438c68d31b" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Palavra-passe" "KEY_PREFERENCE_FILE_DEFAULT" : "prefs.system.default" "KEY_HAS_ONBOARDED" : "key_has_onboarded" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Heslo" "block_user" : "Bloker" "KEY_DEBUG_SEARCH_WEIGHT" : "key_debug_search_weights" "KEY_NOTIFICATIONS" : "key_notifications_debug" "login_password" : "Parola" "KEY_CONNECT_ENABLED_BAG" : "key_connect_enabled_bag" "KEY_PLAYLIST_CONTENT_FILTER_SELECTED" : "playlist_content_filter_selected" "KEY_CATEGORY_BETA" : "key_beta_category" "KEY_DEBUG_LAUNCH_TASTE_PROFILE" : "key_debug_launch_taste_profile" "KEY_KARAOKE_LYRICS_OFF_PREFERENCE" : "key_karoake_lyrics_off_preference" "KEY_DOWNLOAD_LOCATION" : "key_download_location" "KEY_USE_CELLULAR_DATA" : "key_use_cellular_data" "KEY_SHOWN_DIALOG_EXPLICIT_DEFAULT" : "explicit_default_dialog_shown" "KEY_DEBUG_EXTRA_LOGS_DOWNLOADS" : "key_debug_extra_logs_downloads" "KEY_IS_AUDIT_LIBRARY_DONE_ONCE" : "is_audit_library_performed_once_beta_hatfield_sun" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Sandi" "shareplay_sessionroute_type_car" : "Carro" "KEY_LOSSLESS_AUDIO_SWITCH" : "key_lossless_audio_switch" "KEY_SOUND_CHECK" : "key_sound_check" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Salasana" "KEY_CONNECT_SHOW_RECOMMENDATION_BANNER" : "connect_show_recommendation_banner" "shareplay_sessionroute_type_speaker" : "Haut-parleur" "block_user" : "Bloqueja" "KEY_SHOWN_ATPWATL_DIALOG" : "atpwatl_dialog" "apple_id_password" : "Passord" "unblock_user" : "Desbloqueja" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Senha" "KEY_AS_CATEGORY_FRIENDS" : "key_account_settings_friends" "KEY_CROSSFADE" : "key_crossfade" "KEY_DEBUG_ENABLE_ALL_CONTENT_CHROMECAST" : "key_debug_enable_all_content_chromecast" "shareplay_sessionroute_type_speaker" : "Luidspreker" "KEY_CATEGORY_DEBUG_KILL_MS" : "key_debug_kill_ms" "block_user" : "Blockieren" "KEY_CLOSE_CAPTION_LANGUAGE" : "key_close_caption_language" "KEY_THEME_MODE" : "key_theme_mode" "KEY_LIBRARY_CONTENT_CURRENTLY_DISPLAYED_SECTIONS_ADDMUSICMODE" : "library_content_currently_displayed_sections_addmusicmode" "KEY_IS_SHOWS_SECTION_DISABLED_AFTER_ADDING" : "is_shows_section_disabled_after_adding" "KEY_DEBUG_EXPERIMENTAL_ADAPTIVE_TRACK_SELECTION" : "key_debug_experimental_adaptive_track_selection" "KEY_USER_DEBUG_SETTINGS_COLLECT_LOGS" : "key_user_debug_settings_collect_logs" "KEY_AS_SUBSCRIPTION_PAYMENT" : "key_account_settings_subscription_payment" "social_private_profile_as_recommendation_subtitle" : "Prywatny" "KEY_AS_FRIENDS_ALLOW" : "key_account_settings_social_friends_allow" "KEY_AS_CATEGORY_SOCIAL" : "key_account_settings_social_category" "KEY_CATEGORY_DISPLAY_DIVIDER" : "key_display_divider" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Iphasiwedi" "KEY_LIBRARY_CONTENT_FILTER_SELECTED" : "library_content_filter_selected" "shareplay_sessionroute_type_car" : "Araba" "shareplay_sessionroute_type_speaker" : "Loa" "shareplay_sessionroute_type_car" : "Mobil" "KEY_CATEGORY_DEBUG_MISCELLANEOUS" : "key_debug_miscellaneous_category" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Adgangskode" "KEY_PLAYBACK_USE_LISTENING_HISTORY" : "playback_use_listening_history" "KEY_CROSSFADE_AUTOMATIC_PREFERENCE" : "key_crossfade_automatic_preference" "INTENT_KEY_SETTINGS_DETAILPAGE_TYPE_ACKNOWLEDGEMENTS" : "detail_page_acknowledgments" "KEY_REDUCE_PLAYER_MOTION" : "key_reduce_player_motion" "account_settings_connect_username" : "Benutzername" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Geslo" "KEY_AS_SUBSCRIPTION_COUNTRY" : "key_account_settings_subscription_country" "KEY_FILTER_FAVORITE_LIBRARY_SECTION" : "filter_favorite_library_section" "KEY_AS_NOTIFICATIONS_MANAGE" : "key_account_settings_notifications_manage" "search_media_api_url" : "https://amp-api.music.apple.com/v1/catalog/%s/search/query" "block_user" : "Blokker" "KEY_CATEGORY_DEBUG_DUMP_DB" : "key_debug_category_dump_db" "KEY_HIGH_EFFICIENCY_PREFERENCE" : "key_high_efficiency_preference" "KEY_CHROMECAST_APP_ID" : "key_chromecast_app_id" "shareplay_sessionroute_type_speaker" : "Difuzor" "KEY_ALLOW_DIAGNOSTICS" : "allow_diagnostics" "KEY_AS_SUBSCRIPTION_FAMILY" : "key_account_settings_subscription_family" "KEY_DEBUG_FORCE_DATA_SAVER_ENABLED" : "key_debug_force_data_saver" "social_private_profile_as_recommendation_subtitle" : "Peribadi" "unblock_user" : "Odblokovat" "KEY_DEBUG_FORCE_METRICS_PERFORMANCE" : "key_debug_force_performance_metrics" "KEY_LAST_NAVIGATION_ACTIVITY" : "last_nav_activity" "KEY_DEBUG_LIBRARYAUDIT" : "key_debug_libraryaudit" "unblock_user" : "Sblocca" "KEY_ADD_TO_PLAYLISTS_BEHAVIOR" : "key_add_to_playlists_behavior" "private_dir_name" : "files" "KEY_DOLBY_ATMOS_PREFERENCE" : "key_dolby_atmos_preference" "KEY_CONTENT_RATING_TV_SHOWS" : "key_rating_tv_shows" "KEY_AS_SUBSCRIPTION_MANAGE" : "key_account_settings_subscription_manage" "KEY_PREFERENCE_ONLINE_SECURITY" : "key_online_security_preference" "KEY_RECENT_SEARCH" : "recent_search" "KEY_RESTRICT_MUSIC_VIDEO_CONTENT_SWITCH" : "key_allow_music_video_content_switch" "KEY_INSTALLED_VERSION" : "installed_version" "KEY_CATEGORY_ALLOW_DEBUG_CHROMECAST" : "key_allow_debug_chromecast" "KEY_CLOSED_CAPTION_TRACK_TYPE" : "key_closed_caption_track_type" "KEY_HIGH_QUALITY_PREFERENCE" : "key_high_quality_preference" "block_user" : "Blokir" "KEY_COPYRIGHT" : "copyright_text" "KEY_ALLOW_EXPLICIT_CONTENT" : "key_allow_explicit_content" "KEY_DEBUG_DEVELOPER_TOKEN" : "key_debug_developer_token" "login_password" : "Wachtwoord" "KEY_HAS_CHECKED_CARRIER_ELIGIBILITY_ON_START" : "carrier_eligibility_check" "shareplay_sessionroute_type_speaker" : "Altoparlante" "unblock_user" : "Nyahsekat" "KEY_SHOW_CONTENT_EXPLICIT_DIALOG_COUNT" : "content_explicit_default_dialog_show_count" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password" "KEY_EQUALIZER" : "equalizer" "KEY_DEBUG_SONOS_UI" : "key_debug_sonos_ui" "account_settings_connect_username" : "Brugernavn" "shareplay_sessionroute_type_car" : "Car" "INTENT_KEY_SETTINGS_DETAILPAGE_TYPE_TERMSOFSERVICEPAGE" : "detail_page_tos" "social_private_profile_as_recommendation_subtitle" : "Privado" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Kod" "KEY_FILTER_FAVORITE_LIBRARY_SUB_SECTION" : "filter_favorite_library_sub_section" "block_user" : "Sekat" "KEY_PREFERENCE_FILE_EVENTS" : "prefs.events" "KEY_DEBUG_JINGLE_IP" : "key_debug_jingle_ip" "KEY_CROSSFADE_DURATION" : "key_crossfade_duration" "KEY_AS_CATEGORY_OTHERS" : "key_account_settings_others" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Klucz" "KEY_PREFERENCE_FILE_APPLICATION" : "preferences" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Nenosiri" "KEY_LAST_MODIFIED_TIME_SDCARD" : "key_sdcard_lastmodifiedtime" "shareplay_sessionroute_type_car" : "Voiture" "login_password" : "Password" "shareplay_sessionroute_type_car" : "Kereta" "social_private_profile_as_recommendation_subtitle" : "Privatno" "KEY_CLEARSDCARD_ON_NEXTINSERT" : "clear_sdcard_on_next_insert" "KEY_IS_PENDING_SEND_LOGS_BY_EMAIL" : "is_pending_send_logs_by_email" "KEY_DEBUG_CPU_LOGGING_WHEN_BACKGROUNDED" : "key_debug_cpu_logging_when_backgrounded" "KEY_ENABLE_CROSSFADE" : "key_enable_crossfade" "KEY_PREFERENCE_MEDIA_PLAYBACK_MIGRATED" : "key_preference_media_playback_completed" "KEY_CATEGORY_DEBUG_SHORTCUTS" : "key_debug_shortcuts_category" "shareplay_sessionroute_type_speaker" : "coluna" "apple_id_password" : "Password" "apple_id_password" : "Salasana" "KEY_LAST_UPGRADED_DB_VERSION" : "last_upgraded_db_version" "firebase_database_url" : "https://apple-music-8cac2.firebaseio.com" "social_private_profile_as_recommendation_subtitle" : "Private" "block_user" : "Bloquear" "social_private_profile_as_recommendation_subtitle" : "Gizli" "KEY_ACCOUNT_SETTINGS" : "key_account_settings" "KEY_LOSSLESS_PREFERENCE" : "key_lossless_preference" "KEY_PRESTO_APP_ID" : "key_presto_app_id" "block_user" : "Blocca" "unblock_user" : "Unblock" "shareplay_sessionroute_type_car" : "carro" "KEY_PRIVACY_URL" : "key_privacy_url" "KEY_MLI" : "key_mli" "KEY_HIGH_EFFICIENCY_PREFERENCE_DIVIDER" : "key_high_efficiency_preference_divider" "KEY_DEBUG_GUID" : "key_debug_guid" "KEY_HAS_STARTED_APP" : "user_has_used_app_before" "social_private_profile_as_recommendation_subtitle" : "Pribadi" "unblock_user" : "Deblokkeer" "KEY_FLAVORS_CONFIGURATION" : "key_flavors_configuration" "snapchat_oauth_clientid_prod" : "f5ee5df6-421d-49fa-aece-05684aa0e843" "KEY_CATEGORY_ACCOUNT" : "key_category_account" "KEY_CATEGORY_INTERNAL_FEATURES_STRING" : "key_internal_features_string" "KEY_DOWNLOAD_ON_CELLULAR" : "key_download_on_cellular" "KEY_USERPROFILE_DATA_VALIDATED_TIME" : "userprofile_lastvalidated_at" "KEY_DEBUG_CONSUMPTION_UI" : "key_debug_consumptiononly_ui" "KEY_USER_DEBUG_SETTINGS_COOKIES" : "key_user_debug_settings_cookies" "KEY_DOWNLOADS_PREFERENCE" : "key_downloads_preference" "block_user" : "Block" "block_user" : "Engelle" "unblock_user" : "Odblokiraj" "KEY_ANIM_MODE" : "key_anim_mode" "KEY_AS_SIGN_OUT" : "key_account_settings_sign_out" "KEY_CATEGORY_DEBUG_DOWNLOADER_CONNECTIONS" : "key_debug_downloader_connections" "KEY_PREFERENCE_BETA_DIVIDER" : "key_beta_divider_preference" "KEY_LOSSLESS_PREFERENCE_DIVIDER" : "key_lossless_preference_divider" "KEY_ADD_TO_FAVORITES_BEHAVIOR_UI" : "key_add_to_favorites_behavior_ui" "KEY_DEBUG_LIBRARY_INIT_OPTIMISATION" : "key_debug_library_init_optimisation" "unblock_user" : "Odblokuj" "KEY_CONTENT_RATING_MOVIES" : "key_rating_movies" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Avainkoodi" "shareplay_sessionroute_type_car" : "Bil" "personal_station_media_api_url" : "https://amp-api.music.apple.com/v1/catalog/%s/stations?filter[identity]=personal" "KEY_USER_PROFILE" : "key_user_profile" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Wachtwoord" e522f431ae254056b615da223530d623 nlwr5ETjezBRsKULS6ZJWAU8xvoIPcBxwGQRaC5I0iNvycX7oSARkPgQQQNKjwHJgQugIBGYiVLwY b1fbb3de5661bc1d2f66d8d51d4fdb39 nzHYAd4WORoWsA241sxkhgw8jJi6SHgPuC+lQifwMvAu8ZGavhnYmptVM+CLc4RUzgEm42eiehP2E nsw0NDQ0NDQ0FUesnYpIOBE4BTsKt2ewLTEyYDCfK0MfeUYzYO8ROjmQsca3o2lrYFJm2AXuAL81s nxtAB6Dkkzc+55W9DaF97Fkkv5BBgPHxbUjgkvZgS+F2SbgztX10o9cGJpAXA1cB03BOr94DlZvZT eyJpc3MiOiIxMjIyMjIyMjI5IiwiZXhwIjoxNTIxNDA5ODk5LCJpYXQiOjE1MDU4NTc4OTl9 njY7OJr0mLOpwiHpt4BgUi6Q3PCZi8h1SSjpR0vaM9LxEkHSMh69dMRHz7agGfUSIhqhzKG50dHiJ 86b285399239a065da9d808cc3f4a2e3 n78C8qoIPewXwOcK9V1kHzIi2qlRGLEB3LDSVx3KgP3rEWSlxHzAZt8OgljPjEvkcWGJmr4dyoA/A nJ2k5MBi65DXhQ6iwE5b0BHBP6FLXhB3AUWa2u5ImSNKdNMFPcp2Z7YYKaoCkmcDa0CWuCVuBu8zs nCXBIWXMAAC4jAAAuIwF4pT92AAAHk0lEQVR42u2dW6wdUxjHf98pirqURElc6tIihKZOL0rqLiEl n+ZGkpzrId6ak3RlpLm1xz5kePn0QOrZ5A3H9GIMf80wHeZ+l7OZo6Qh7HwFWh45t3iCsKEiATkXo e60449237467840479d3f65490ce9fd7 b2a7fe596d5e4aba7fc9ea344ce36302 nEWYD347Bz/VmtmYM96cSWoCWRCLMJVsE38naNXQ+k30gdExyI+kVj3Z1fpu0Jssdnp1GWxEkHSTp 42b610f1f5587bba8be0c92991b3219a nd7qkHRn2vssMU5VdE3xYVka86jITBsDMNuBGM2mjDa9lhqhj7ifnqmsbvLfG5CH0PGDUkNXMvqV4 n+AxcP7sT90e4wsx2lRLoVkh6KOeOs1Z8IekeSce3yWOWpL9T0tglaWGb+w/x8OmdyoJXQPCPkDTc nAP7xsB0qOvNGAL+5kIrOvBGghKD60AgQmEYAONDD9oSiM98ndOlrwNdAPL4fjn7G/UKyedoX+C60 n2olwU2SXZdN1AtzmEfwtI+49oSQRspqj1yT9EUqAMoahx3rYvpW8MLONwFzglxT7WyQ97eOMmX0M 470fa2b4ae81cd56ecbcda9735803434cec591fa nnEP6ewBXAAflTa7oYJUhwJEetmtGlXCvCL+m3LNYblk7NznmCXnpivcDfARoGWQz+wH3PlZaTRjs n6ILXhSq+P2Ae7qsIh4HV0REDDQ314F/QQmVQhaYmuwAAAABJRU5ErkJggg== nYfAXeebVnyGCJC3JuHeGh1/vFx2nMjvh++m8iTvax9jMPgHOBv5OMXlE0tICyhR86SYXchted46h nbmhoaGhoaMig8M5S0hTgENxxYMk8kg9v+nAPg34ys79CB6GnkDt8Q5KGon97Er8nPxu1LWU8UsbB n4EPbNtXMNgNzgO0pJjfLc54Q9QnnUoOaUIYAPh3VtjxGkQhzM+wXdSDCxzgR/iipbLkIXQNuy2sY n5cgy1k4ASf3A5cAFuJXKKaF9KpBPgDvM7KP4g1oIIGkCMADcBJwb2p8KOMvMPoUaCCBpALgfmBba Y29tLmFwcGxpc3RvLmFwcGNsb25lci5jbGFzc2VzLnNlY29uZGFyeQ== nZWtL6D4gxleEjTgRsiZreZ8nNC9qRwx6BC0WIWuyNpCzY/YJalfUgLEw4LPgFs0T+snumNuJ4BOD nJBUhcameExFCkEhow4NEJCIST32oW4TEg3ogbg+NklAaSl1KFG2lNGlJimqU0/P3sGZ0nLNn9qx9 noCasBeYxdhEKpQwBfJ50pb7yY2abgNmki7C4F0QoQ4DC2slIhFm4VchWLJb0nGeaa3F9QicidEUf edef8ba9-79d6-4ace-a3c8-27dcd51d21ed nbz2PpFXK5obQPvYskh5WPqaG9rXnkDRR0q6cAjxZdP59oQNQA84ADshpO6vozBsB4DAP2/2KzrwR eac697c005f5bee97e6bf50de12f65db
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: A/h.java, line(s) 102 A4/A.java, line(s) 93 A7/a.java, line(s) 8 B6/C0121a.java, line(s) 57,98 B6/C1346a.java, line(s) 66,109 C6/C0107h.java, line(s) 88,89 C6/C0637h.java, line(s) 103,104 C6/M.java, line(s) 8 C8/L.java, line(s) 25 C8/X.java, line(s) 170 D1/C1337l.java, line(s) 19 D1/C2925l.java, line(s) 19 D1/d.java, line(s) 488 D2/b.java, line(s) 99,150,171,191,205,238,268 D2/m.java, line(s) 77 D2/q.java, line(s) 56,147,192 D2/s.java, line(s) 78,94 D2/t.java, line(s) 39,52 D2/v.java, line(s) 15,26 D2/y.java, line(s) 48,78 Da/a.java, line(s) 331 E0/e.java, line(s) 228 E2/b.java, line(s) 38,54,75 E8/C1173a.java, line(s) 42 E8/C2999a.java, line(s) 46 Ea/f.java, line(s) 102,120 F0/p.java, line(s) 68 G8/C1207i.java, line(s) 21 G8/C3152i.java, line(s) 21 H1/C0335a.java, line(s) 324 H1/C0815a.java, line(s) 329 H1/i.java, line(s) 352 H1/q.java, line(s) 528 H1/z.java, line(s) 645 H5/i.java, line(s) 280 I7/o.java, line(s) 106 P5/C0456b.java, line(s) 692 P5/C3824b.java, line(s) 1519,1534,1544,841 P9/b.java, line(s) 36 P9/d.java, line(s) 23,34 Q0/h.java, line(s) 73,282 Q6/a.java, line(s) 277 Q7/A.java, line(s) 37 Q7/C3877a.java, line(s) 43 Q9/c.java, line(s) 26,29,32 Q9/f.java, line(s) 27 Q9/h.java, line(s) 31 R6/d.java, line(s) 174,199 R6/e.java, line(s) 80,101,116 R9/c.java, line(s) 8 R9/f.java, line(s) 29 R9/m.java, line(s) 40 S6/a.java, line(s) 53 S9/C0537g.java, line(s) 75 S9/C0540j.java, line(s) 20 S9/C0545o.java, line(s) 20 S9/C1030g.java, line(s) 76 S9/C1033j.java, line(s) 22 S9/C1038o.java, line(s) 21 S9/CallableC0547q.java, line(s) 47 S9/CallableC0548s.java, line(s) 24,35 S9/CallableC1040q.java, line(s) 54 S9/CallableC1041s.java, line(s) 26,37 S9/D.java, line(s) 24 S9/E.java, line(s) 62,85,88,95 S9/H.java, line(s) 30,34,35,41,47 S9/I.java, line(s) 93 S9/L.java, line(s) 24,29,36 S9/O.java, line(s) 37,67,70,73,93 S9/Q.java, line(s) 53,302,304,306,310 S9/v.java, line(s) 31 S9/y.java, line(s) 78,230,247,262,295,329,333,336,340,341,347 T7/a.java, line(s) 139 T9/g.java, line(s) 114,124 U6/a.java, line(s) 91 U7/B.java, line(s) 154,241,304 U7/C0572b.java, line(s) 21,27 U7/C1101b.java, line(s) 24,30 U7/C4103b.java, line(s) 170,257,320 V6/A.java, line(s) 37,73,85 V6/j.java, line(s) 286,350,367 V6/k.java, line(s) 134 V6/m.java, line(s) 19 W/k.java, line(s) 314,338 W6/i.java, line(s) 145,178 W6/j.java, line(s) 40,50,83,87,94,133,137,141,158,168,172 W7/ExecutorC4246r.java, line(s) 24 W7/c.java, line(s) 75,92 W7/q.java, line(s) 34,68,82,102,126,144,150 W7/r.java, line(s) 22 W7/w.java, line(s) 34 X6/d.java, line(s) 57,63,99,109 X6/i.java, line(s) 67 Y1/C2028b.java, line(s) 78 Y1/C4364b.java, line(s) 78 Y6/a.java, line(s) 89 Z0/E.java, line(s) 1041 Z4/l.java, line(s) 108 Z6/c.java, line(s) 52 Z6/f.java, line(s) 95 Z6/v.java, line(s) 71 Z6/w.java, line(s) 65,70,78,92 Z9/b.java, line(s) 55 Z9/e.java, line(s) 40,42,54,75 Z9/f.java, line(s) 43,50,55,60 andhook/lib/AndHook.java, line(s) 97,145,55 andhook/lib/HookHelper.java, line(s) 34,67,92,144,155,168,189,210,231,266,271,79 andhook/lib/xposed/XposedBridge.java, line(s) 30,26 andhook/lib/xposed/XposedHelpers.java, line(s) 455,466,477,488,499,510,521,532,543,554,569,580,591,602,613,624,635,646,657,668,679,690,701,712,723,734,745,756,767,778,789,800,811,822,833,844,855,868,881,894,915,930 b7/C0122a.java, line(s) 68 b7/C1347a.java, line(s) 71 c7/C0131c.java, line(s) 25 c7/C0137i.java, line(s) 20,23 c7/C0139k.java, line(s) 153,169,173,177,183 c7/C1892C.java, line(s) 187,203,219,254 c7/C1895b.java, line(s) 50,58,84 c7/C1896c.java, line(s) 27 c7/C1902i.java, line(s) 21,24 c7/C1904k.java, line(s) 158,174,178,182,188,275,292,306,311,313,316,320,325,336 c7/c.java, line(s) 91 c7/n.java, line(s) 46,49 c7/r.java, line(s) 57,61,65,69,73,85,96 c7/z.java, line(s) 74,81,86 com/apple/android/music/browse/BrowseViewModel.java, line(s) 55 com/apple/android/music/collection/mediaapi/fragment/AddMusicPickerSheetFragment.java, line(s) 119,384,569,774,845,577,579 com/apple/android/music/collection/mediaapi/fragment/C1070j.java, line(s) 63,71 com/apple/android/music/collection/mediaapi/fragment/C1959j.java, line(s) 68,76 com/apple/android/music/collection/mediaapi/fragment/CollaboratorsFragment.java, line(s) 213 com/apple/android/music/collection/mediaapi/viewmodel/PlaylistViewModel.java, line(s) 906 com/apple/android/music/commerce/billing/repository/GoogleBillingClient.java, line(s) 229,275,281,337,354,362,373,384,388 com/apple/android/music/commerce/billing/viewmodel/GoogleBillingUIInterface.java, line(s) 605,812,820,840,851 com/apple/android/music/common/QRCodeFragment.java, line(s) 223 com/apple/android/music/common/actionsheet/z.java, line(s) 67,73 com/apple/android/music/common/activity/BaseActivity.java, line(s) 877,900 com/apple/android/music/common/activity/s.java, line(s) 150,267,272,277,281,288,302,305,310,319 com/apple/android/music/download/a.java, line(s) 23,41,51,56,63,68,74,85,46,70 com/apple/android/music/library/Search2LibraryTabViewModelImp.java, line(s) 14,22 com/apple/android/music/listennow/ListenNowUnsubscribedEpoxyController.java, line(s) 87,116,155,156,163 com/apple/android/music/mli/MLIViewModel.java, line(s) 501 com/apple/android/music/playback/player/MovingAverageBandwidthMeter.java, line(s) 515,564 com/apple/android/music/playback/player/PlayerAudioFadeControl.java, line(s) 166,288,293,302,318,323,365,516,517,525,539,557,581,721,737,756,767,794,845,459,493,510,513,522,541,567,569 com/apple/android/music/playback/player/mediasource/PlayerPlsMediaSource.java, line(s) 90,104,94,128,81,112,126 com/apple/android/music/playback/preferences/MediaPlaybackPreferences.java, line(s) 329,309,345,440 com/apple/android/music/settings/fragment/q0.java, line(s) 426 com/apple/android/music/shows/ShowsFragment.java, line(s) 174 com/apple/android/music/widget/ChartsWidgetConfigEpoxyController.java, line(s) 82,96 com/apple/android/music/widget/f.java, line(s) 142,255,305,322,325,459,495,500,508,552,559,566,591,441 com/apple/android/music/widget/h.java, line(s) 51 com/dialogfwtm/C0004.java, line(s) 194 com/dialogfwtm/C0378.java, line(s) 195 com/dialogfwtm/FWCredit.java, line(s) 193,415,904 com/rzmod/Raj/classes/AbstractActivityContentProvider.java, line(s) 25,31 com/rzmod/Raj/classes/AppClonerNative.java, line(s) 19 com/rzmod/Raj/classes/ApplicationWrapper.java, line(s) 32,189,196,203,210,217,59,71,87,99,111,123,135,147,159,175 com/rzmod/Raj/classes/AutoPressButtons.java, line(s) 30,43,60,65,70,89,104,118,98,120,124,128,151 com/rzmod/Raj/classes/AutoRotateControls.java, line(s) 18,19,38,45,36,50 com/rzmod/Raj/classes/BackKeyHandler.java, line(s) 33,35,43,52,64,72,85,54,94 com/rzmod/Raj/classes/BluetoothControls.java, line(s) 18,19,37,40,45,52,58,61,43,64 com/rzmod/Raj/classes/BootReceiver.java, line(s) 14,24 com/rzmod/Raj/classes/BundleFilesDirectories.java, line(s) 18,25,33,36,54,57,62 com/rzmod/Raj/classes/BundleObb.java, line(s) 19,29,32,43,49,70,73 com/rzmod/Raj/classes/CalculatorActivity.java, line(s) 51,61,124,249 com/rzmod/Raj/classes/ClearCacheOnExitProvider.java, line(s) 16,42,46,21,38,51 com/rzmod/Raj/classes/ClearCacheOnExitService.java, line(s) 18,24 com/rzmod/Raj/classes/ClearCacheReceiver.java, line(s) 15 com/rzmod/Raj/classes/CloneSettings.java, line(s) 78,240,251,53,91,96,248 com/rzmod/Raj/classes/Configuration.java, line(s) 23,45,64,68,71,78,88,98,37,59,82,92,102 com/rzmod/Raj/classes/ConfirmExit.java, line(s) 14 com/rzmod/Raj/classes/CrashHandler.java, line(s) 82,91,105,27,71,93,109 com/rzmod/Raj/classes/DefaultFontProvider.java, line(s) 23,37,39,58 com/rzmod/Raj/classes/DefaultProvider.java, line(s) 38,77,82,90,94,110,44,56,69,101,116,169,188 com/rzmod/Raj/classes/DisableCameras.java, line(s) 22,43,60,78,98,104,124,138,26,55,73,91,119,131 com/rzmod/Raj/classes/DisableClipboardAccess.java, line(s) 57,97,101,105,112,119,125,131,148,152,156,160,164,168,177,194,203,233,242,248,253,257,274,290,71,139,196,235,260,277,292 com/rzmod/Raj/classes/FacebookLoginBehavior.java, line(s) 14,34 com/rzmod/Raj/classes/FacebookMessengerProvider.java, line(s) 36,38 com/rzmod/Raj/classes/FakeCalculator.java, line(s) 12,20,27,30 com/rzmod/Raj/classes/FakeCamera.java, line(s) 56,80,87,97,122,138,152,170,179,234,262,294,308,326,359,370,377,385,496,106,289,301,321,392,397,524 com/rzmod/Raj/classes/FileAccessMonitor.java, line(s) 18,42 com/rzmod/Raj/classes/GmailSupport.java, line(s) 32,38,41,53,103,116,128,133,151,163,179,181,191,193,209,212,220,43,107,111,138,146,165 com/rzmod/Raj/classes/HeadphonesEventReceiver.java, line(s) 12,24,31,18,44 com/rzmod/Raj/classes/HostsBlocker.java, line(s) 87,115,119,139,163,166,182,238,269,277,285,293,358,369,378,387,398,411,479,105,304,350,401,494 com/rzmod/Raj/classes/InterruptionFilterControls.java, line(s) 21,22,37,47,48,57,62,64 com/rzmod/Raj/classes/LaunchTileService.java, line(s) 14,19,26 com/rzmod/Raj/classes/LoadLibraryWorkaround.java, line(s) 18,23,43,39 com/rzmod/Raj/classes/LogcatViewer.java, line(s) 47,308,61,146 com/rzmod/Raj/classes/NotificationOptions.java, line(s) 141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,188,193,198,200,249,299,308,320,327,91,232,240,251,255,283,356 com/rzmod/Raj/classes/OnAppExitListener.java, line(s) 19,26 com/rzmod/Raj/classes/OpenLinksWith.java, line(s) 27,43,51 com/rzmod/Raj/classes/PasswordActivity.java, line(s) 73,280,290,295,81,109,128,153,195,211,231,236,284,363,371 com/rzmod/Raj/classes/PasswordProvider.java, line(s) 12,18,20,27,30 com/rzmod/Raj/classes/PenEventReceiver.java, line(s) 12,17,33 com/rzmod/Raj/classes/PersistentApp.java, line(s) 13,21 com/rzmod/Raj/classes/PersistentAppAccessibilityService.java, line(s) 12 com/rzmod/Raj/classes/PersistentAppService.java, line(s) 18 com/rzmod/Raj/classes/PictureInPicture.java, line(s) 24,30,36,48,59,69,79,61,84 com/rzmod/Raj/classes/PowerEventReceiver.java, line(s) 12,16,19,23,27,30,40 com/rzmod/Raj/classes/PreferenceEditor.java, line(s) 24,26,29,39,56,64 com/rzmod/Raj/classes/PressBackAgainToExit.java, line(s) 17,32,55 com/rzmod/Raj/classes/SecretDialerCodeReceiver.java, line(s) 15,25 com/rzmod/Raj/classes/SetBrightnessOnStart.java, line(s) 22,23,38,47,89,59,68,83,96,105 com/rzmod/Raj/classes/ShowOnLockScreen.java, line(s) 14,25 com/rzmod/Raj/classes/Signatures.java, line(s) 37,56,59,95,102,111,116,143,85,138,147,151,168,177,200,213 com/rzmod/Raj/classes/SplashScreenActivity.java, line(s) 86,55,77,93 com/rzmod/Raj/classes/StartExitAppEventReceiver.java, line(s) 19,39,48,61,34,56,66 com/rzmod/Raj/classes/ToastFilter.java, line(s) 25,29,55,61,89,81,91 com/rzmod/Raj/classes/TrustAllCertificatesProvider.java, line(s) 35,37 com/rzmod/Raj/classes/Utils.java, line(s) 73,80,92,95,110,114,129,168,178,188,199,220,230,244,326,442,480,507,543,577,593 com/rzmod/Raj/classes/WhatsAppSupport.java, line(s) 29,52,65,55,59,67,78 com/rzmod/Raj/classes/WifiControls.java, line(s) 18,19,37,40,45,52,58,61,43,64 com/rzmod/Raj/classes/freeform/FreeFormWindow.java, line(s) 35,39,44,59 com/rzmod/Raj/classes/freeform/FreeFormWindowActivity.java, line(s) 33,49,52,72,92,55,85 com/rzmod/Raj/classes/util/IActivityManagerHook.java, line(s) 19 com/rzmod/Raj/classes/util/IPackageManagerHook.java, line(s) 20 com/rzmod/Raj/hooking/Hooking.java, line(s) 36,67,85,95,126,80,89,118,136 com/rzmod/Raj/service/RemoteService.java, line(s) 40,88,99 com/swift/sandhook/ClassNeverCall.java, line(s) 14 com/swift/sandhook/HookLog.java, line(s) 18,26,30,14,10,22 com/swift/sandhook/SandHook.java, line(s) 164 com/swift/sandhook/utils/FileUtils.java, line(s) 80,86 com/swift/sandhook/utils/ReflectionUtils.java, line(s) 22 com/swift/sandhook/utils/Unsafe.java, line(s) 94,32 com/swift/sandhook/wrapper/HookWrapper.java, line(s) 132,162,346,358 d7/p.java, line(s) 239 g7/C0417a.java, line(s) 101,110,116,123 g7/C3143a.java, line(s) 110,119,125,132 g7/h.java, line(s) 42 i4/C1594b.java, line(s) 52 i4/C3301b.java, line(s) 53 java/io/ByteArrayOutputStrean.java, line(s) 13,17,18,36,20 l2/c.java, line(s) 384,390,394 l2/f.java, line(s) 157,292,296 l2/g.java, line(s) 312,350,385,391,395,462 l7/C3568j.java, line(s) 26 l7/j.java, line(s) 23 m7/d.java, line(s) 35,88 m7/k.java, line(s) 41,94 n2/N.java, line(s) 1626 o9/b.java, line(s) 15 org/bytedeco/javacpp/tools/Logger.java, line(s) 21,45,17,25 u1/d.java, line(s) 197 v4/c.java, line(s) 157 w1/C1974a.java, line(s) 88 w1/C4212a.java, line(s) 90 x9/c.java, line(s) 59,88 y9/c.java, line(s) 51,91
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/apple/android/music/settings/fragment/A.java, line(s) 5,297 com/apple/android/music/utils/C0331h.java, line(s) 5,618,619 com/apple/android/music/utils/C2402h.java, line(s) 7,847,848 com/rzmod/Raj/classes/DisableClipboardAccess.java, line(s) 8,69,254
安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/rzmod/Raj/classes/DisableClipboardAccess.java, line(s) 44,120,120,126,126,135,8
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://apple-music-8cac2.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: Q9/h.java, line(s) 48 S9/C0537g.java, line(s) 160,160,161 S9/C1030g.java, line(s) 161,161,162 com/apple/android/music/AppleMusicApplication.java, line(s) 225
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/843686588413/namespaces/firebase:fetch?key=AIzaSyB2az7ihbVLcmh81YKR5TEeLYuH_wCt1Sc ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
综合安全基线评分总结
Apple Music v5.9.7.3
Android APK
34
综合安全评分
高风险