应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Rilo v2.0.21
49
安全评分
安全基线评分
49/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
5
高危
40
中危
3
信息
3
安全
隐私风险评估
7
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
5
中危安全漏洞
40
安全提示信息
3
已通过安全项
3
重点安全关注
10
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: bolts/WebViewAppLinkResolver.java, line(s) 121,6,7 com/razorpay/CheckoutActivity.java, line(s) 50,5 com/razorpay/CheckoutPresenterImpl.java, line(s) 501,17 com/razorpay/b__J_.java, line(s) 302,307,13,14
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: p002default/Cdo.java, line(s) 15 p010default/Cdo.java, line(s) 15
高危安全漏洞 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: org/bandev/libraries/BuildConfig.java, line(s) 3,5
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/nimbusds/jose/crypto/impl/AESCBC.java, line(s) 31 com/nimbusds/jose/jca/JCASupport.java, line(s) 184
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个7隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (app.callpe.ui.DeepLinkActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(app.callpe.ui.call.ZegoVideoCallActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (app.callpe.ui.call.ZegoVideoCallActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(app.callpe.ui.livestreaming.LiveStreamingActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (app.callpe.ui.livestreaming.LiveStreamingActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(app.callpe.ui.livestreaming.WebViewLiveStreamActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (app.callpe.ui.livestreaming.WebViewLiveStreamActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(app.callpe.ui.call.WebViewCallActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (app.callpe.ui.call.WebViewCallActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (app.callpe.service.jobs.GcmJobService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.permission.BIND_NETWORK_TASK_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.canhub.cropper.CropImageActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.aemerse.cropper.CropImageActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.stripe.android.link.LinkRedirectHandlerActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.stripe.android.payments.StripeBrowserProxyReturnActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.cashfree.pg.core.api.ui.receiver.CFSMSBroadcastReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.phone.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.razorpay.CheckoutActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.GenericIdpActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.RecaptchaActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/birbit/android/jobqueue/persistentQueue/sqlite/DbOpenHelper.java, line(s) 4,5,57,60,61,70,71,72,83 com/birbit/android/jobqueue/persistentQueue/sqlite/SqlHelper.java, line(s) 3,4,268,269,274,278 com/birbit/android/jobqueue/persistentQueue/sqlite/SqliteJobQueue.java, line(s) 5,6,7,70,223,240,269,326,345,378 com/downloader/database/AppDbHelper.java, line(s) 6,26 com/downloader/database/DatabaseOpenHelper.java, line(s) 4,5,21 p014try/Celse.java, line(s) 6,128,148 p014try/Ctry.java, line(s) 6,7,26,78,96,131 p039try/Celse.java, line(s) 6,128,148 p039try/Ctry.java, line(s) 6,7,26,78,96,131
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: androidmads/library/qrgenearator/QRGContents.java, line(s) 6,7 app/callpe/common/utils/Constants.java, line(s) 13 app/callpe/common/utils/sharedpref/PrefKeys.java, line(s) 76 app/callpe/data/model/ChatDetails.java, line(s) 158 app/callpe/data/model/CohostRequestModel.java, line(s) 76 app/callpe/data/model/Data.java, line(s) 102 app/callpe/data/model/FcmModel.java, line(s) 220 app/callpe/data/model/GiftRequestModel.java, line(s) 105 app/callpe/data/model/LivestreamDetails.java, line(s) 146 app/callpe/data/model/LogModel.java, line(s) 132 app/callpe/data/model/MissCallUserModel.java, line(s) 128 app/callpe/data/model/OrderSuccess.java, line(s) 281 app/callpe/data/model/ParticipantModel.java, line(s) 204 app/callpe/data/model/StripeCredentialModel.java, line(s) 52 app/callpe/data/model/VideoCallGameRequestModel.java, line(s) 68 app/callpe/data/model/VideoDetailModel.java, line(s) 437 app/callpe/ui/misc/FrontCameraView.java, line(s) 35 app/module/common/model/RtcUser.java, line(s) 52 app/module/common/model/rtc/RtcRoomDetails.java, line(s) 97 bolts/MeasurementEvent.java, line(s) 19,20 coil/coroutines/Parameters.java, line(s) 173 com/crazylegend/core/abstracts/AbstractAVM.java, line(s) 23 com/crazylegend/imagepicker/pickers/MultiImagePicker.java, line(s) 24,25 com/crazylegend/imagepicker/pickers/SingleImagePicker.java, line(s) 24,25 com/crazylegend/videopicker/pickers/MultiVideoPicker.java, line(s) 25,26 com/crazylegend/videopicker/pickers/SingleVideoPicker.java, line(s) 23,24 com/easebuzz/payment/kit/PWEPaymentInfoHandler.java, line(s) 26 com/nimbusds/jose/HeaderParameterNames.java, line(s) 13 com/nimbusds/jose/jwk/JWKParameterNames.java, line(s) 6,13,14 com/razorpay/AnalyticsConstants.java, line(s) 105,119,57 com/razorpay/BaseConstants.java, line(s) 20,27 com/razorpay/OtpElfData.java, line(s) 7 com/stripe/android/EphemeralKey.java, line(s) 109 com/stripe/android/PaymentConfiguration.java, line(s) 133,101 com/stripe/android/auth/PaymentBrowserAuthContract.java, line(s) 182,182 com/stripe/android/core/injection/InjectorKt.java, line(s) 7 com/stripe/android/core/injection/NamedConstantsKt.java, line(s) 10 com/stripe/android/core/networking/AnalyticsFields.java, line(s) 20 com/stripe/android/core/networking/ApiRequest.java, line(s) 222,297 com/stripe/android/core/networking/NetworkConstantsKt.java, line(s) 13 com/stripe/android/googlepaylauncher/GooglePayLauncherContract.java, line(s) 271,120 com/stripe/android/googlepaylauncher/GooglePayLauncherViewModel.java, line(s) 67 com/stripe/android/googlepaylauncher/GooglePayPaymentMethodLauncherContract.java, line(s) 341,341 com/stripe/android/googlepaylauncher/GooglePayPaymentMethodLauncherViewModel.java, line(s) 35 com/stripe/android/link/serialization/PopupPayload.java, line(s) 198 com/stripe/android/model/ConfirmPaymentIntentParams.java, line(s) 315 com/stripe/android/model/ConfirmSetupIntentParams.java, line(s) 184 com/stripe/android/model/ConfirmStripeIntentParams.java, line(s) 10,31 com/stripe/android/model/ConsumerSession.java, line(s) 174,174 com/stripe/android/model/CreateFinancialConnectionsSessionParams.java, line(s) 19,76 com/stripe/android/model/ElementsSessionParams.java, line(s) 94,202 com/stripe/android/model/FinancialConnectionsSession.java, line(s) 76 com/stripe/android/model/PaymentIntent.java, line(s) 264 com/stripe/android/model/PaymentMethodCreateParams.java, line(s) 2577,2668 com/stripe/android/model/SetupIntent.java, line(s) 198 com/stripe/android/model/Source.java, line(s) 264 com/stripe/android/model/SourceParams.java, line(s) 1878,37 com/stripe/android/model/Stripe3ds2AuthParams.java, line(s) 28,130 com/stripe/android/model/Stripe3ds2Fingerprint.java, line(s) 240 com/stripe/android/model/StripeIntent.java, line(s) 916 com/stripe/android/model/parsers/ConsumerSessionJsonParser.java, line(s) 26,21,24 com/stripe/android/model/parsers/EphemeralKeyJsonParser.java, line(s) 19 com/stripe/android/model/parsers/FinancialConnectionsSessionJsonParser.java, line(s) 14 com/stripe/android/model/parsers/NextActionDataParser.java, line(s) 269 com/stripe/android/model/parsers/PaymentIntentJsonParser.java, line(s) 19 com/stripe/android/model/parsers/SetupIntentJsonParser.java, line(s) 16 com/stripe/android/model/parsers/SourceJsonParser.java, line(s) 25 com/stripe/android/payments/PaymentFlowResult.java, line(s) 364,163 com/stripe/android/payments/bankaccount/CollectBankAccountLauncher.java, line(s) 76 com/stripe/android/payments/bankaccount/navigation/CollectBankAccountContract.java, line(s) 191,344,492,676 com/stripe/android/payments/bankaccount/ui/CollectBankAccountViewEffect.java, line(s) 73 com/stripe/android/payments/core/authentication/threeds2/Stripe3ds2TransactionContract.java, line(s) 160 com/stripe/android/payments/paymentlauncher/PaymentLauncherContract.java, line(s) 231,445,659,445,659 com/stripe/android/paymentsheet/IntentConfirmationInterceptor.java, line(s) 209 com/stripe/android/paymentsheet/PaymentSheet.java, line(s) 193,270,2937 com/stripe/android/paymentsheet/PaymentSheetContract.java, line(s) 145,145 com/stripe/android/paymentsheet/addresselement/AddressDetails.java, line(s) 12 com/stripe/android/paymentsheet/addresselement/AddressElementActivityContract.java, line(s) 107 com/stripe/android/paymentsheet/addresselement/AddressLauncher.java, line(s) 221 com/stripe/android/paymentsheet/flowcontroller/DefaultFlowController.java, line(s) 956 com/stripe/android/paymentsheet/flowcontroller/FlowControllerViewModel.java, line(s) 19 com/stripe/android/paymentsheet/paymentdatacollection/ach/USBankAccountFormViewModel.java, line(s) 88,89,1085 com/stripe/android/paymentsheet/paymentdatacollection/polling/PollingContract.java, line(s) 134 com/stripe/android/paymentsheet/paymentdatacollection/polling/PollingViewModel.java, line(s) 457 com/stripe/android/polling/IntentStatusPoller.java, line(s) 66 com/stripe/android/stripe3ds2/observability/DefaultSentryConfig.java, line(s) 11,12 com/stripe/android/stripe3ds2/transaction/AcsData.java, line(s) 83 com/stripe/android/stripe3ds2/transaction/AuthenticationRequestParameters.java, line(s) 114 com/stripe/android/stripe3ds2/transaction/DefaultAcsDataParser.java, line(s) 20,22 com/stripe/android/stripe3ds2/transaction/IntentData.java, line(s) 96 com/stripe/android/uicore/elements/AddressType.java, line(s) 89,193 com/stripe/android/view/PaymentAuthWebViewClient.java, line(s) 28,30 com/truecaller/android/sdk/PartnerInformation.java, line(s) 23 com/truecaller/android/sdk/SdkUtils.java, line(s) 26 com/truecaller/android/sdk/TrueException.java, line(s) 16 com/vdx/sud/constants/Constants.java, line(s) 6 im/zego/zim/entity/ZIMMessage.java, line(s) 86 io/livekit/android/audio/AudioProcessorOptions.java, line(s) 81 org/shadow/apache/commons/lang3/SystemUtils.java, line(s) 92,94,74,76
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: app/callpe/common/utils/FileUriUtils.java, line(s) 57,59,99 app/callpe/common/utils/Helper.java, line(s) 541 app/callpe/common/utils/file_helper/Files.java, line(s) 24 app/callpe/common/utils/file_helper/ImageCompressor.java, line(s) 111 app/callpe/common/utils/file_helper/ImageConverter.java, line(s) 85 app/callpe/common/utils/file_helper/RealPathUtil.java, line(s) 57,64 app/callpe/ui/SplashActivity.java, line(s) 1117 app/callpe/ui/chat/AgentBroadcastChatActivity.java, line(s) 369,897 app/callpe/ui/chat/ChatActivity.java, line(s) 522,522,2057 app/callpe/ui/chat/GroupViewModel.java, line(s) 130 app/callpe/ui/chat/NotificationChatActivity.java, line(s) 377,838 app/callpe/ui/chat/StreamerBroadcastChatActivity.java, line(s) 377,909 app/callpe/ui/chat/SupportChatActivity.java, line(s) 430,1061 app/callpe/ui/home/ImageVideoUploadActivity$addVideo$1.java, line(s) 61 app/callpe/ui/home/StreamerHomeActivity.java, line(s) 457 app/callpe/ui/misc/ImageShowActivity.java, line(s) 255 app/callpe/ui/payment/QRPaymentActivity.java, line(s) 594 com/abedelazizshe/lightcompressorlibrary/VideoCompressor.java, line(s) 167 com/aemerse/cropper/BitmapUtils.java, line(s) 280 com/aemerse/cropper/CropImage.java, line(s) 64 com/asynctaskcoffee/audiorecorder/worker/Recorder.java, line(s) 40 com/canhub/cropper/BitmapUtils.java, line(s) 282 com/canhub/cropper/CropImage.java, line(s) 64 com/github/dhaval2404/imagepicker/util/FileUriUtils.java, line(s) 57,59,95 com/github/drjacky/imagepicker/util/FileUriUtils.java, line(s) 60,62 com/github/drjacky/imagepicker/util/FileUtil.java, line(s) 100 com/tencent/aai/audio/utils/FileUtils.java, line(s) 55,65,87,97,107 com/tencent/aai/audio/utils/WavCache.java, line(s) 80,127,139,154,166,184 com/yalantis/ucrop/util/FileUtils.java, line(s) 53 p016while/Cnew.java, line(s) 140 p041while/Cnew.java, line(s) 381 tech/sud/logger/LogUtils.java, line(s) 189,194,448,448,448
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: app/callpe/common/utils/InternetSpeedTest.java, line(s) 143 app/callpe/common/utils/custom/EnhancedWebView.java, line(s) 238 com/aemerse/cropper/BitmapUtils.java, line(s) 280,285,290 com/aemerse/cropper/CropImageActivity.java, line(s) 205 com/aemerse/dazzle/utils/MediaConstants.java, line(s) 65 com/canhub/cropper/BitmapUtils.java, line(s) 282,287,292 com/canhub/cropper/CropImageActivity.java, line(s) 205 com/theartofdev/edmodo/cropper/BitmapUtils.java, line(s) 172 com/theartofdev/edmodo/cropper/CropImageActivity.java, line(s) 205
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/appsflyer/internal/AFb1zSDK.java, line(s) 58 com/downloader/utils/Utils.java, line(s) 86 com/opensource/svgaplayer/SVGACache.java, line(s) 134 com/tencent/aai/task/net/b.java, line(s) 30 p012throws/Ccase.java, line(s) 18 p035this/Cif.java, line(s) 148 p037throws/Ccase.java, line(s) 25,86
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/appsflyer/internal/AFb1zSDK.java, line(s) 33 com/tencent/aai/auth/LocalCredentialProvider.java, line(s) 25 p014interface/Cgoto.java, line(s) 105 p022interface/Cgoto.java, line(s) 106
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: app/callpe/common/utils/custom/EnhancedWebView.java, line(s) 153,97 app/callpe/ui/call/WebViewCallActivity.java, line(s) 300,393 app/callpe/ui/livestreaming/WebViewLiveStreamActivity.java, line(s) 286,379 app/callpe/ui/misc/ContractWebViewActivity.java, line(s) 163,157 app/callpe/ui/payment/CheckoutActivity.java, line(s) 908,903 app/callpe/ui/payment/UPICheckoutActivity.java, line(s) 907,902 app/callpe/ui/user/games/common/GameWebViewActivity.java, line(s) 52,50 bolts/WebViewAppLinkResolver.java, line(s) 111,86 com/cashfree/pg/core/api/ui/BaseCFWebView.java, line(s) 65,58 com/easebuzz/payment/kit/PWEBankPageActivity.java, line(s) 243,229 com/easebuzz/payment/kit/PWEInstaCollectFragment.java, line(s) 217,203 com/pierfrancescosoffritti/androidyoutubeplayer/core/player/views/WebViewYouTubePlayer.java, line(s) 113,110 com/razorpay/BaseUtils.java, line(s) 230,204
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: app/callpe/common/utils/custom/EnhancedWebView.java, line(s) 94,97 app/callpe/ui/call/WebViewCallActivity.java, line(s) 390,393 app/callpe/ui/livestreaming/WebViewLiveStreamActivity.java, line(s) 376,379 app/callpe/ui/user/games/common/GameWebViewActivity.java, line(s) 84,50
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: app/callpe/common/utils/custom/games/spinwheel/LuckyWheelView.java, line(s) 18 app/callpe/common/utils/custom/games/spinwheel/PielView.java, line(s) 29 com/otaliastudios/cameraview/filters/DocumentaryFilter.java, line(s) 6 com/otaliastudios/cameraview/filters/GrainFilter.java, line(s) 7 com/otaliastudios/cameraview/filters/LomoishFilter.java, line(s) 6 com/otaliastudios/cameraview/video/encoding/AudioNoise.java, line(s) 6 com/tencent/aai/task/net/b.java, line(s) 5 nl/dionsegijn/konfetti/core/emitter/PartyEmitter.java, line(s) 8 org/shadow/apache/commons/lang3/RandomStringUtils.java, line(s) 3 org/shadow/apache/commons/lang3/RandomUtils.java, line(s) 3
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/nimbusds/jose/jwk/Curve.java, line(s) 19,20,23,24,25
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.truecaller.android.sdk.PartnerKey" : "@7F130315" 凭证信息=> "com.google.android.geo.API_KEY" : "@7F130220" 凭证信息=> "com.phonepe.android.sdk.AppId" : "79e869a3407e4075ae3cc017bab20b32" "adjustAppToken" : "lzxgtzlfwhkw" "com.google.firebase.crashlytics.mapping_file_id" : "00000000000000000000000000000000" "facebook_app_id" : "1251328896282300" "google_api_key" : "AIzaSyAQBhbwSWJ03DKkXsWoQPmuT9YjZJm7fk8" "google_app_id" : "1:827534710097:android:3466320b0bde107149ef70" "google_crash_reporting_api_key" : "AIzaSyAQBhbwSWJ03DKkXsWoQPmuT9YjZJm7fk8" "image_picker_provider_authority_suffix" : ".imagepicker.provider" "key_google_apis_android" : "AIzaSyBs3wOMCliCK_u7f0Ny2Bydk1VZsUY0Cs8" "partnerKey" : "951s-zyixcslhhfcdruyfzzvxs_cwct5pry4pmv8neg" "private_app_id" : "4edad62c6a084c46ad6ba06c42ca2742" 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 bf55eb46d866f04e98c2da2e4984b015 deca87e736574c5c83c07314051fd93a 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 115792089210356248762697446949407573530086143415290314195533631308867097853951 53e30b7d1de26629170dfe2ff82272b8 115792089237316195423570985008687907853269984665640564039457584007908834671663 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057148 8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 mo124retrieveIssuingCardPinyxL6bBk 39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 9A04F079-9840-4286-AB92-E65BE0885F95 3aff8d3420eb98dd3b61f4ac5d81f0ae mo139verifySetupIntentWithMicrodepositsyxL6bBk PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMTYwIDMzIiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCAxNjAgMzM7IiB4bWw6c3BhY2U9InByZXNlcnZlIj48c3R5bGUgdHlwZT0idGV4dC9jc3MiPi5zdDB7ZmlsbDojMkQyRDJEO308L3N0eWxlPjxnPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik00OS42LDE0LjZjLTAuNCwwLTAuOCwwLjItMSwwLjVjLTAuMiwwLjQtMC40LDAuOS0wLjQsMS41YzAsMC43LDAuMSwxLjIsMC40LDEuNWMwLjIsMC4zLDAuNiwwLjUsMSwwLjVjMC41LDAsMC45LTAuMSwxLjEtMC40YzAuMi0wLjMsMC40LTAuOCwwLjQtMS40di0wLjJjMC0wLjctMC4xLTEuMy0wLjQtMS42QzUwLjUsMTQuNyw1MC4xLDE0LjYsNDkuNiwxNC42eiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni4zLDE3LjNjLTAuMiwwLjEtMC40LDAuNS0wLjcsMS4xYy0wLjMsMC42LTAuMywwLjktMC4yLDFjMC4xLDAuMSwwLjUsMC4yLDEuMSwwLjJjMC4zLDAsMC41LDAsMC43LDBjMC4xLDAsMC4zLDAsMC41LDBjMC4yLDAsMC4zLTAuMSwwLjQtMC4xYzAuMS0wLjEsMC4yLTAuMSwwLjMtMC4yYzAuMS0wLjEsMC4yLTAuMiwwLjItMC40bDAuOC0xLjdsLTEuOCwwQzg2LjksMTcuMSw4Ni41LDE3LjEsODYuMywxNy4zeiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04MC42LDExLjNsLTIuNCwwbC0xLjQsMy4ybDIuNCwwYzAuNywwLDEuMi0wLjEsMS41LTAuM2MwLjMtMC4yLDAuNi0wLjUsMC44LTFsMC40LTAuOGMwLjItMC40LDAuMi0wLjcsMC0wLjlDODEuNiwxMS40LDgxLjIsMTEuMyw4MC42LDExLjN6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTQzLjksMTQuNmMtMC40LDAtMC43LDAuMS0xLDAuNGMtMC4yLDAuMi0wLjQsMC42LTAuNCwxaDIuNmMwLTAuNC0wLjEtMC44LTAuMy0xQzQ0LjYsMTQuNyw0NC4zLDE0LjYsNDMuOSwxNC42eiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0yMC4yLDE0LjZjLTAuNSwwLTAuOSwwLjItMS4xLDAuNWMtMC4zLDAuMy0wLjQsMC44LTAuNCwxLjVjMCwwLjcsMC4xLDEuMiwwLjQsMS41YzAuMywwLjMsMC42LDAuNSwxLjEsMC41YzAuNSwwLDAuOS0wLjIsMS4xLTAuNWMwLjMtMC4zLDAuNC0wLjksMC40LTEuNWMwLTAuNy0wLjEtMS4yLTAuNC0xLjVDMjEuMSwxNC44LDIwLjgsMTQuNiwyMC4yLDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTEwNy40LDEzLjdjLTAuNywwLTEuMiwwLjEtMS42LDAuM2MtMC4zLDAuMi0wLjYsMC41LTAuOCwxbC0xLjUsMy4zYy0wLjIsMC41LTAuMiwwLjgtMC4xLDFjMC4yLDAuMiwwLjYsMC4zLDEuMywwLjNjMC43LDAsMS4zLTAuMSwxLjYtMC4zYzAuMy0wLjIsMC42LTAuNSwwLjgtMWwxLjUtMy4zYzAuMi0wLjUsMC4yLTAuOCwwLjEtMUMxMDguNiwxMy44LDEwOC4yLDEzLjcsMTA3LjQsMTMuN3oiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTUuMywxMy4yYy0wLjMtMC4yLTAuOC0wLjMtMS40LTAuM0gxM3YyLjdoMC43YzAuNywwLDEuMi0wLjEsMS42LTAuM2MwLjMtMC4yLDAuNS0wLjYsMC41LTEuMUMxNS43LDEzLjgsMTUuNiwxMy41LDE1LjMsMTMuMnoiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMzQuMSwxNC42Yy0wLjQsMC0wLjcsMC4xLTEsMC40Yy0wLjIsMC4yLTAuNCwwLjYtMC40LDFoMi42YzAtMC40LTAuMS0wLjgtMC4zLTFDMzQuOCwxNC43LDM0LjUsMTQuNiwzNC4xLDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTU4LjcsMTQuNmMtMC41LDAtMC45LDAuMS0xLjEsMC40Yy0wLjIsMC4zLTAuMywwLjgtMC4zLDEuNmMwLDAuNywwLjEsMS4zLDAuNCwxLjZjMC4yLDAuMywwLjYsMC41LDEuMSwwLjVjMC41LDAsMC44LTAuMiwxLTAuNWMwLjItMC4zLDAuNC0wLjksMC40LTEuNWMwLTAuNy0wLjEtMS4yLTAuNC0xLjVDNTkuNiwxNC44LDU5LjIsMTQuNiw1OC43LDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTE1Ni45LDAuMkgzLjFDMS40LDAuMiwwLDEuNiwwLDMuNHYyNi41QzAsMzEuNiwxLjQsMzMsMy4xLDMzaDE1My43YzEuNywwLDMuMS0xLjQsMy4xLTMuMVYzLjRDMTYwLDEuNiwxNTguNiwwLjIsMTU2LjksMC4yeiBNMTYsMTZjLTAuNSwwLjQtMS4zLDAuNi0yLjIsMC42SDEzdjIuOGgtMVYxMmgyYzEuOSwwLDIuOCwwLjcsMi44LDIuMkMxNi44LDE1LDE2LjUsMTUuNSwxNiwxNnogTTIyLjIsMTguN2MtMC41LDAuNS0xLjEsMC44LTEuOSwwLjhjLTAuNSwwLTEtMC4xLTEuMy0wLjRjLTAuNC0wLjItMC43LTAuNi0wLjktMWMtMC4yLTAuNC0wLjMtMS0wLjMtMS41YzAtMC45LDAuMi0xLjYsMC43LTIuMWMwLjUtMC41LDEuMS0wLjgsMS45LTAuOGMwLjgsMCwxLjQsMC4zLDEuOSwwLjhjMC41LDAuNSwwLjcsMS4yLDAuNywyLjFDMjIuOCwxNy41LDIyLjYsMTguMiwyMi4yLDE4Ljd6IE0yOS42LDE5LjRoLTEuMWwtMS0zLjJjLTAuMS0wLjItMC4xLTAuNS0wLjMtMWMtMC4xLDAuNC0wLjIsMC44LTAuMywxbC0xLDMuMmgtMS4xbC0xLjUtNS42aDEuMWwwLDAuMWMwLjMsMS40LDAuNiwyLjQsMC44LDMuMWMwLjEsMC40LDAuMiwwLjgsMC4yLDFjMC0wLjEsMC4xLTAuMiwwLjEtMC4zYzAuMS0wLjMsMC4yLTAuNSwwLjItMC43bDEtMy4yaDFsMSwzLjJjMC4xLDAuNCwwLjIsMC43LDAuMywxYzAsMCwwLTAuMSwwLTAuMWMwLjEtMC4yLDAuNC0xLjYsMS00bDAtMC4xaDEuMUwyOS42LDE5LjR6IE0zNi40LDE2LjloLTMuN2MwLDAuNiwwLjIsMSwwLjUsMS4zYzAuMywwLjMsMC43LDAuNSwxLjIsMC41YzAuNiwwLDEuMS0wLjEsMS43LTAuNGwwLjEtMC4xdjFsLTAuMSwwYy0wLjMsMC4xLTAuNiwwLjItMC44LDAuM2MtMC4zLDAuMS0wLjYsMC4xLTEsMC4xYy0wLjgsMC0xLjUtMC4zLTItMC44Yy0wLjUtMC41LTAuNy0xLjItMC43LTIuMWMwLTAuOSwwLjItMS42LDAuNy0yLjFjMC40LTAuNSwxLjEtMC44LDEuOC0wLjhjMC43LDAsMS4zLDAuMiwxLjcsMC43YzAuNCwwLjUsMC42LDEuMSwwLjYsMS44VjE2Ljl6IE00MC44LDE0LjdsLTAuMSwwYy0wLjIsMC0wLjQtMC4xLTAuNi0wLjFjLTAuNCwwLTAuOCwwLjItMSwwLjVjLTAuMywwLjMtMC40LDAuOC0wLjQsMS4zdjNoLTF2LTUuNmgwLjlsMC4xLDAuOGMwLjItMC4zLDAuNC0wLjUsMC42LTAuNmMwLjMtMC4yLDAuNi0wLjMsMS0wLjNjMC4yLDAsMC41LDAsMC43LDAuMWwwLjEsMEw0MC44LDE0Ljd6IE00Ni4yLDE2LjloLTMuN2MwLDAuNiwwLjIsMSwwLjUsMS4zYzAuMywwLjMsMC43LDAuNSwxLjIsMC41YzAuNiwwLDEuMS0wLjEsMS43LTAuNGwwLjEtMC4xdjFsLTAuMSwwYy0wLjMsMC4xLTAuNiwwLjItMC44LDAuM2MtMC4zLDAuMS0wLjYsMC4xLTEsMC4xYy0wLjgsMC0xLjUtMC4zLTItMC44Yy0wLjUtMC41LTAuNy0xLjItMC43LTIuMWMwLTAuOSwwLjItMS42LDAuNy0yLjFjMC40LTAuNSwxLjEtMC44LDEuOC0wLjhjMC43LDAsMS4zLDAuMiwxLjcsMC43YzAuNCwwLjUsMC42LDEuMSwwLjYsMS44VjE2Ljl6IE01Mi4xLDE5LjRoLTAuOWwtMC4xLTAuNmMtMC40LDAuNS0xLDAuNy0xLjcsMC43Yy0wLjcsMC0xLjMtMC4zLTEuNy0wLjhjLTAuNC0wLjUtMC42LTEuMi0wLjYtMi4xYzAtMC45LDAuMi0xLjYsMC42LTIuMWMwLjQtMC41LDEtMC44LDEuNy0wLjhjMC43LDAsMS4yLDAuMiwxLjYsMC43bDAtMC4xbDAtMC40bDAtMi4zaDFWMTkuNHogTTYwLjYsMTguN2MtMC40LDAuNS0xLDAuOC0xLjcsMC44Yy0wLjQsMC0wLjctMC4xLTEtMC4yYy0wLjMtMC4xLTAuNS0wLjMtMC43LTAuNUw1NywxOS40aC0wLjh2LTcuOWgxdjJjMCwwLjMsMCwwLjYsMCwwLjljMC40LTAuNCwwLjktMC43LDEuNi0wLjdjMC43LDAsMS4zLDAuMywxLjcsMC44YzAuNCwwLjUsMC42LDEuMiwwLjYsMi4xQzYxLjIsMTcuNSw2MSwxOC4yLDYwLjYsMTguN3ogTTY0LjUsMjAuMWMtMC4yLDAuNi0wLjUsMS4xLTAuOCwxLjNjLTAuMywwLjMtMC43LDAuNC0xLjIsMC40Yy0wLjMsMC0wLjUsMC0wLjgtMC4xbC0wLjEsMHYtMC45bDAuMSwwYzAuMiwwLDAuNCwwLjEsMC42LDAuMWMwLjUsMCwwLjktMC4zLDEuMS0wLjlsMC4zLTAuN2wtMi4yLTUuNWgxLjFsMS4yLDMuMmMwLjIsMC41LDAuMywwLjksMC40LDEuMmMwLTAuMiwwLjEtMC4zLDAuMi0wLjZjMC4xLTAuNCwwLjYtMS43LDEuMy0zLjhsMC0wLjFoMS4xTDY0LjUsMjAuMXogTTgxLjUsMjFsLTMuMiwwbC0xLTQuNmwtMS4zLDBsLTIsNC42TDcxLDIxbDUuMi0xMS43bDUuMywwYzEuNSwwLDIuNiwwLjIsMy4xLDAuNmMwLjUsMC40LDAuNiwxLDAuMiwxLjlsLTAuOSwyLjFjLTAuMywwLjctMC44LDEuMy0xLjUsMS42Yy0wLjcsMC40LTEuNCwwLjYtMi4yLDAuN0w4MS41LDIxeiBNODcuNiwyMWwwLjQtMC44Yy0wLjMsMC4zLTAuNywwLjYtMS4yLDAuN2MtMC40LDAuMi0xLjEsMC4yLTIuMSwwLjJjLTEuMiwwLTEuOS0wLjItMi4xLTAuNWMtMC4yLTAuNC0wLjEtMS4xLDAuNC0yLjNjMC41LTEsMS0xLjgsMS42LTIuMmMwLjYtMC40LDEuNC0wLjYsMi40LTAuNmwzLDBsMC4zLTAuNmMwLjItMC41LDAuMy0wLjksMC4xLTEuMWMtMC4yLTAuMi0wLjctMC4zLTEuNC0wLjNjLTAuNywwLTEuOCwwLjEtMy4yLDAuMmwwLjctMS43YzEuMS0wLjEsMi4yLTAuMiwzLjQtMC4yYzEuNiwwLDIuNiwwLjIsMy4xLDAuNmMwLjUsMC40LDAuNCwxLjItMC4xLDIuM2wtMi43LDZMODcuNiwyMXogTTk5LDIxbC03LjksMGwwLjYtMS40bDYuOS01LjZsLTQuMiwwbDAuOC0xLjdsNy42LDBsLTAuNiwxLjRsLTYuOSw1LjZsNC41LDBMOTksMjF6IE0xMDgsMjAuNGMtMC40LDAuMi0wLjgsMC40LTEuMywwLjVjLTAuNSwwLjEtMC45LDAuMi0xLjMsMC4yYy0wLjQsMC0wLjgsMC0xLjMsMGMtMC41LDAtMC45LDAtMS4zLDBjLTAuMywwLTAuNy0wLjEtMS4xLTAuMmMtMC40LTAuMS0wLjYtMC4zLTAuOC0wLjVjLTAuMi0wLjItMC4yLTAuNS0wLjItMC45YzAtMC40LDAuMS0wLjksMC40LTEuNWwxLjEtMi42YzAuMy0wLjYsMC42LTEuMSwxLTEuNWMwLjQtMC40LDAuOC0wLjgsMS4xLTFjMC40LTAuMiwwLjgtMC40LDEuMy0wLjVjMC41LTAuMSwwLjktMC4yLDEuMy0wLjJjMC40LDAsMC44LDAsMS4zLDBjMC41LDAsMC45LDAsMS4yLDBjMC4zLDAsMC43LDAuMSwxLjEsMC4yYzAuNCwwLjEsMC42LDAuMywwLjgsMC41YzAuMiwwLjIsMC4zLDAuNiwwLjIsMWMwLDAuNC0wLjEsMC45LTAuNCwxLjVMMTEwLDE4Yy0wLjMsMC42LTAuNiwxLTAuOSwxLjVDMTA4LjcsMTkuOSwxMDguMywyMC4yLDEwOCwyMC40eiBNMTA5LjgsMjFsMy45LTguN2wyLjUsMGwtMC43LDEuNWMwLjItMC40LDAuNi0wLjgsMS4zLTEuMmMwLjYtMC40LDEuMi0wLjUsMS44LTAuNWwwLjksMGwtMSwyLjJsLTAuOSwwYy0wLjcsMC0xLjMsMC4xLTEuOCwwLjNjLTAuNSwwLjItMC44LDAuNi0xLjEsMS4xbC0yLjMsNS4yTDEwOS44LDIxeiBNMTI0LjYsMjAuNWMtMC44LDAuNC0xLjgsMC43LTMuMSwwLjdjLTAuOCwwLTEuNC0wLjEtMS43LTAuMmMtMC4zLTAuMS0wLjUtMC40LTAuNC0wLjlsLTIuMSw0LjZsLTIuNiwwbDUuNi0xMi41bDIuNSwwbC0wLjQsMC45YzAuMy0wLjQsMC44LTAuNywxLjMtMC44YzAuNS0wLjIsMS4yLTAuMiwyLjEtMC4yYzAuNywwLDEuMywwLjEsMS43LDAuMmMwLjQsMC4xLDAuNywwLjMsMC44LDAuNmMwLjEsMC4zLDAuMSwwLjYsMC4xLDAuOWMtMC4xLDAuMy0wLjIsMC44LTAuNSwxLjNsLTEuMywyLjlDMTI2LDE5LjIsMTI1LjMsMjAuMSwxMjQuNiwyMC41eiBNMTMxLjgsMjFsMC40LTAuOGMtMC4zLDAuMy0wLjcsMC42LTEuMiwwLjdjLTAuNCwwLjItMS4xLDAuMi0yLjEsMC4yYy0xLjIsMC0xLjktMC4yLTIuMS0wLjVjLTAuMi0wLjQtMC4xLTEuMSwwLjQtMi4zYzAuNS0xLDEtMS44LDEuNi0yLjJjMC42LTAuNCwxLjQtMC42LDIuNC0wLjZsMywwbDAuMy0wLjZjMC4yLTAuNSwwLjMtMC45LDAuMS0xLjFjLTAuMi0wLjItMC43LTAuMy0xLjQtMC4zYy0wLjcsMC0xLjgsMC4xLTMuMiwwLjJsMC43LTEuN2MxLjEtMC4xLDIuMi0wLjIsMy40LTAuMmMxLjYsMCwyLjYsMC4yLDMuMSwwLjZjMC41LDAuNCwwLjQsMS4yLTAuMSwyLjNsLTIuNyw2TDEzMS44LDIxeiBNMTM3LjcsMjQuOGwtMi43LDBsMy4zLTMuOGwwLjQtOC43bDIuOSwwbC0wLjgsNi4ybDQuNS02LjJsMi43LDBMMTM3LjcsMjQuOHoiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTMwLjUsMTcuM2MtMC4yLDAuMS0wLjQsMC41LTAuNywxLjFjLTAuMywwLjYtMC4zLDAuOS0wLjIsMWMwLjEsMC4xLDAuNSwwLjIsMS4xLDAuMmMwLjMsMCwwLjUsMCwwLjcsMGMwLjEsMCwwLjMsMCwwLjUsMGMwLjIsMCwwLjMtMC4xLDAuNC0wLjFjMC4xLTAuMSwwLjItMC4xLDAuMy0wLjJjMC4xLTAuMSwwLjItMC4yLDAuMi0wLjRsMC44LTEuN2wtMS44LDBDMTMxLjEsMTcuMSwxMzAuNywxNy4xLDEzMC41LDE3LjN6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTEyMy45LDEzLjdjLTAuNywwLTEuMywwLjEtMS42LDAuM2MtMC4zLDAuMi0wLjYsMC41LTAuOCwxbC0xLjQsMy4yYy0wLjIsMC41LTAuMywwLjktMC4xLDFjMC4xLDAuMiwwLjYsMC4zLDEuNCwwLjNjMC44LDAsMS4zLTAuMSwxLjYtMC4zYzAuMy0wLjIsMC42LTAuNSwwLjgtMWwxLjQtMy4yYzAuMy0wLjYsMC4zLTAuOSwwLjItMS4xQzEyNS4zLDEzLjgsMTI0LjgsMTMuNywxMjMuOSwxMy43eiIvPjwvZz48L3N2Zz4= 2661740802050217063228768716723360960729859168756973147706671368418802944996427808491545080627771902352094241225065558662157113545570916814161637315895999846 378ee04c16891a9016931fdda9bedabd 3757180025770020463545507224491183603594455134769762486694567779615544477440556316691234405012945539562144444537289428522585666729196580810124344277578376784 6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIHdpZHRoPSIxNHB4IiBoZWlnaHQ9IjE0cHgiIHZpZXdCb3g9IjAgMCAxNCAxNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4gICAgICAgIDx0aXRsZT5Hcm91cCA2PC90aXRsZT4gICAgPGRlc2M+Q3JlYXRlZCB3aXRoIFNrZXRjaC48L2Rlc2M+ICAgIDxkZWZzPjwvZGVmcz4gICAgPGcgaWQ9IlBhZ2UtMSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+ICAgICAgICA8ZyBpZD0iNS4xIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMjUuMDAwMDAwLCAtNTI1LjAwMDAwMCkiPiAgICAgICAgICAgIDxnIGlkPSJHcm91cC02IiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgyNC4wMDAwMDAsIDUyNC4wMDAwMDApIj4gICAgICAgICAgICAgICAgPHBvbHlnb24gaWQ9IlNoYXBlIiBwb2ludHM9IjAgMCAxNiAwIDE2IDE2IDAgMTYiPjwvcG9seWdvbj4gICAgICAgICAgICAgICAgPHBhdGggZD0iTTEzLjMzMzMzMzMsMS4zMzMzMzMzMyBDMTQuMDY2NjY2NywxLjMzMzMzMzMzIDE0LjY2NjY2NjcsMS45MzMzMzMzMyAxNC42NjY2NjY3LDIuNjY2NjY2NjcgTDE0LjY2NjY2NjcsMTAuNjY2NjY2NyBDMTQuNjY2NjY2NywxMS40IDE0LjA2NjY2NjcsMTIgMTMuMzMzMzMzMywxMiBMNCwxMiBMMS4zMzMzMzMzMywxNC42NjY2NjY3IEwxLjMzMzMzMzMzLDIuNjY2NjY2NjcgQzEuMzMzMzMzMzMsMS45MzMzMzMzMyAxLjkzMzMzMzMzLDEuMzMzMzMzMzMgMi42NjY2NjY2NywxLjMzMzMzMzMzIEwxMy4zMzMzMzMzLDEuMzMzMzMzMzMgWiBNNS4zMzMzMzMzMyw3LjMzMzMzMzMzIEM1LjcwMTUyMzE3LDcuMzMzMzMzMzMgNiw3LjAzNDg1NjUgNiw2LjY2NjY2NjY3IEM2LDYuMjk4NDc2ODMgNS43MDE1MjMxNyw2IDUuMzMzMzMzMzMsNiBDNC45NjUxNDM1LDYgNC42NjY2NjY2Nyw2LjI5ODQ3NjgzIDQuNjY2NjY2NjcsNi42NjY2NjY2NyBDNC42NjY2NjY2Nyw3LjAzNDg1NjUgNC45NjUxNDM1LDcuMzMzMzMzMzMgNS4zMzMzMzMzMyw3LjMzMzMzMzMzIFogTTgsNy4zMzMzMzMzMyBDOC4zNjgxODk4Myw3LjMzMzMzMzMzIDguNjY2NjY2NjcsNy4wMzQ4NTY1IDguNjY2NjY2NjcsNi42NjY2NjY2NyBDOC42NjY2NjY2Nyw2LjI5ODQ3NjgzIDguMzY4MTg5ODMsNiA4LDYgQzcuNjMxODEwMTcsNiA3LjMzMzMzMzMzLDYuMjk4NDc2ODMgNy4zMzMzMzMzMyw2LjY2NjY2NjY3IEM3LjMzMzMzMzMzLDcuMDM0ODU2NSA3LjYzMTgxMDE3LDcuMzMzMzMzMzMgOCw3LjMzMzMzMzMzIFogTTEwLjY2NjY2NjcsNy4zMzMzMzMzMyBDMTEuMDM0ODU2NSw3LjMzMzMzMzMzIDExLjMzMzMzMzMsNy4wMzQ4NTY1IDExLjMzMzMzMzMsNi42NjY2NjY2NyBDMTEuMzMzMzMzMyw2LjI5ODQ3NjgzIDExLjAzNDg1NjUsNiAxMC42NjY2NjY3LDYgQzEwLjI5ODQ3NjgsNiAxMCw2LjI5ODQ3NjgzIDEwLDYuNjY2NjY2NjcgQzEwLDcuMDM0ODU2NSAxMC4yOTg0NzY4LDcuMzMzMzMzMzMgMTAuNjY2NjY2Nyw3LjMzMzMzMzMzIFoiIGlkPSJDb21iaW5lZC1TaGFwZSIgZmlsbD0iI0ZGRkZGRiIgZmlsbC1ydWxlPSJub256ZXJvIj48L3BhdGg+ICAgICAgICAgICAgPC9nPiAgICAgICAgPC9nPiAgICA8L2c+PC9zdmc+ 0ac1169ae6cead75264c725febd8e8d941f25e31 27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 36134250956749795798585127919587881956611106672985015071877198253568414405109 FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112316 48439561293906451759052585252797914202762949526041747995844080717082404635286 b7743119f3b53930606d342105bf928d 9b8f518b086098de3d77736f9458a3d2f6f95a37 41058363725152142129326129780047268409114441015993725554835256314039467401291 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151 1093849038073734274511112390766805569936207598951683748994586394495953116150735016013708737573759623248592132296706313309438452531591012912142327488478985984 55066263022277343669578718895168534326250603453777594175500187360389116729240 df6b721c8b4d3b6eb44c861d4415007e5a35fc95 mo138verifySetupIntentWithMicrodepositsBWLJW6A 0fd2883dc4033c0dfe50e3fd9a6770e5 1d12a87cbee567f5764efeea2bc240dc aXNccyhcZHs2LDh9KXwoXGR7Niw4fSlcc2lzfGlzXHMoXGR7NH0p 115792089210356248762697446949407573529996955224135760342422259061068512044369 efe18913246663006e71b97c7f6b8f5d 5e8f16062ea3cd2c4a0d547876baa6f38cabf625 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 0550fa93143b0bb01c512435af4b6e3c cc2751449a350f668590264ed76692694a80308a 0386896a3155b50ca86f8e7a5d6f7af2 8422a80c52d1d23056f1b2b41cbf4f5cf74f0bf21f498129b566b25d76d61ab2 a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc 8ae34dba26951ae65f9d0a0559debc10 m222perform3ds2AuthenticationRequestyxL6bBk bb392ec0-8d4d-11e0-a896-0002a5d5c51b c06c8400-8e06-11e0-9cb6-0002a5d5c51b m392CircularProgressIndicatorLxG7B9w 8fce8d4d3a40245ce7b57beee6b74cf6e7b0f203fa703f1f5cdedbdff01c447c FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 8a03e08e354a73ac49509c8b708fbe15aee2fb2a A2B55680-6F43-11E0-9A3F-0002A5D5C51B mo137verifyPaymentIntentWithMicrodepositsyxL6bBk PHN2ZyBmaWxsPSIjRkZGRkZGIiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4gICAgPHBhdGggZD0iTTguNTkgMTYuMzRsNC41OC00LjU5LTQuNTgtNC41OUwxMCA1Ljc1bDYgNi02IDZ6Ii8+ICAgIDxwYXRoIGQ9Ik0wLS4yNWgyNHYyNEgweiIgZmlsbD0ibm9uZSIvPjwvc3ZnPg== 543121ba1cd47780e92d48546b880333265b37b5 dcb428fea25c40e7b99f81ae5981ee6a zxcvbnmlkjhgfdsaqwertyuiopQWERTYUIOPASDFGHJKLZXCVBNM1234567890 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIHdpZHRoPSIxMnB4IiBoZWlnaHQ9IjE1cHgiIHZpZXdCb3g9IjAgMCAxMiAxNSIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4gICAgICAgIDx0aXRsZT5pYy1sb2NrLTI0cHhAMng8L3RpdGxlPiAgICA8ZGVzYz5DcmVhdGVkIHdpdGggU2tldGNoLjwvZGVzYz4gICAgPGRlZnM+PC9kZWZzPiAgICA8ZyBpZD0iUGFnZS0xIiBzdHJva2U9Im5vbmUiIHN0cm9rZS13aWR0aD0iMSIgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4gICAgICAgIDxnIGlkPSI1LjQiIHRyYW5zZm9ybT0idHJhbnNsYXRlKC0yNi4wMDAwMDAsIC01OTYuMDAwMDAwKSI+ICAgICAgICAgICAgPGcgaWQ9Ikdyb3VwLTciIHRyYW5zZm9ybT0idHJhbnNsYXRlKDE2LjAwMDAwMCwgNTg4LjAwMDAwMCkiPiAgICAgICAgICAgICAgICA8ZyBpZD0iaWMtbG9jay0yNHB4IiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg4LjAwMDAwMCwgOC4wMDAwMDApIj4gICAgICAgICAgICAgICAgICAgIDxwb2x5Z29uIGlkPSJTaGFwZSIgcG9pbnRzPSIwIDAgMTYgMCAxNiAxNiAwIDE2Ij48L3BvbHlnb24+ICAgICAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMTIsNS4zMzMzMzMzMyBMMTEuMzMzMzMzMyw1LjMzMzMzMzMzIEwxMS4zMzMzMzMzLDQgQzExLjMzMzMzMzMsMi4xNiA5Ljg0LDAuNjY2NjY2NjY3IDgsMC42NjY2NjY2NjcgQzYuMTYsMC42NjY2NjY2NjcgNC42NjY2NjY2NywyLjE2IDQuNjY2NjY2NjcsNCBMNC42NjY2NjY2Nyw1LjMzMzMzMzMzIEw0LDUuMzMzMzMzMzMgQzMuMjY2NjY2NjcsNS4zMzMzMzMzMyAyLjY2NjY2NjY3LDUuOTMzMzMzMzMgMi42NjY2NjY2Nyw2LjY2NjY2NjY3IEwyLjY2NjY2NjY3LDEzLjMzMzMzMzMgQzIuNjY2NjY2NjcsMTQuMDY2NjY2NyAzLjI2NjY2NjY3LDE0LjY2NjY2NjcgNCwxNC42NjY2NjY3IEwxMiwxNC42NjY2NjY3IEMxMi43MzMzMzMzLDE0LjY2NjY2NjcgMTMuMzMzMzMzMywxNC4wNjY2NjY3IDEzLjMzMzMzMzMsMTMuMzMzMzMzMyBMMTMuMzMzMzMzMyw2LjY2NjY2NjY3IEMxMy4zMzMzMzMzLDUuOTMzMzMzMzMgMTIuNzMzMzMzMyw1LjMzMzMzMzMzIDEyLDUuMzMzMzMzMzMgWiBNOCwxMS4zMzMzMzMzIEM3LjI2NjY2NjY3LDExLjMzMzMzMzMgNi42NjY2NjY2NywxMC43MzMzMzMzIDYuNjY2NjY2NjcsMTAgQzYuNjY2NjY2NjcsOS4yNjY2NjY2NyA3LjI2NjY2NjY3LDguNjY2NjY2NjcgOCw4LjY2NjY2NjY3IEM4LjczMzMzMzMzLDguNjY2NjY2NjcgOS4zMzMzMzMzMyw5LjI2NjY2NjY3IDkuMzMzMzMzMzMsMTAgQzkuMzMzMzMzMzMsMTAuNzMzMzMzMyA4LjczMzMzMzMzLDExLjMzMzMzMzMgOCwxMS4zMzMzMzMzIFogTTEwLjA2NjY2NjcsNS4zMzMzMzMzMyBMNS45MzMzMzMzMyw1LjMzMzMzMzMzIEw1LjkzMzMzMzMzLDQgQzUuOTMzMzMzMzMsMi44NiA2Ljg2LDEuOTMzMzMzMzMgOCwxLjkzMzMzMzMzIEM5LjE0LDEuOTMzMzMzMzMgMTAuMDY2NjY2NywyLjg2IDEwLjA2NjY2NjcsNCBMMTAuMDY2NjY2Nyw1LjMzMzMzMzMzIFoiIGlkPSJTaGFwZSIgZmlsbD0iI0ZGRkZGRiIgZmlsbC1ydWxlPSJub256ZXJvIj48L3BhdGg+ICAgICAgICAgICAgICAgIDwvZz4gICAgICAgICAgICA8L2c+ICAgICAgICA8L2c+ICAgIDwvZz48L3N2Zz4= 115792089237316195423570985008687907852837564279074904382605163141518161494337 32670510020758816978083085130507043184471273380659243275938904335757337482424 26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 mo136verifyPaymentIntentWithMicrodepositsBWLJW6A 115792089210356248762697446949407573530086143415290314195533631308867097853948 73b8269a65533406f2e0fd220bd3c303 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: androidmads/library/qrgenearator/QRGSaver.java, line(s) 17,26 app/callpe/common/utils/InAppUpdate.java, line(s) 192 app/callpe/common/utils/custom/mediaslider/TouchImageView.java, line(s) 1037 app/callpe/common/utils/custom/panels/PanelsChildGestureRegionObserver.java, line(s) 46 app/callpe/common/utils/file_helper/ImageCompressor.java, line(s) 70,74,77,80,164,168,171,174 app/callpe/common/utils/helper_functions/AnalyticsHelper.java, line(s) 121 app/callpe/rtc/components/LocalRtcVideoView.java, line(s) 205,244,257,259,264,272,213 app/callpe/rtc/components/RemoteRtcVideoView.java, line(s) 240,260,285 app/callpe/service/FirebaseNotificationService.java, line(s) 246 app/callpe/ui/SplashActivity.java, line(s) 1056 app/callpe/ui/home/HomeActivity.java, line(s) 360 app/callpe/ui/login/LoginActivity.java, line(s) 919,1515,1526,1527,1536,1596 app/callpe/ui/misc/FrontCameraView.java, line(s) 323 app/callpe/ui/misc/SettingsActivity.java, line(s) 454 app/callpe/ui/payment/UPICheckoutActivity.java, line(s) 452,455,485 app/livekit/module/LivekitSdkManager.java, line(s) 186,194,206,258 app/livekit/module/rtc/LivekitService.java, line(s) 127,129,156,163,181,183,235,246,252,263,270,373,640,825,137,197,226,300,308,334,380,384,414,437,441,444,465,469,502,516,538,545,564,576,599,621,628,630,795 app/module/common/utils/AudioRouteHelper.java, line(s) 33,42,59,104,107,110,112,182,187,191,194,196 b0/Cdo.java, line(s) 17 bolts/MeasurementEvent.java, line(s) 61,73 com/abedelazizshe/lightcompressorlibrary/utils/CompressorUtils.java, line(s) 173,104,223 com/abedelazizshe/lightcompressorlibrary/utils/StreamableVideo.java, line(s) 143,170,174,177,105,113,156,187 com/aemerse/cropper/BitmapUtils.java, line(s) 284,250,322 com/aemerse/cropper/CropImageActivity.java, line(s) 480 com/aemerse/cropper/CropOverlayView.java, line(s) 960 com/aemerse/dazzle/Dazzle$getMedia$1.java, line(s) 85 com/aemerse/dazzle/Dazzle$takePhoto$1$1.java, line(s) 48,83,35 com/aemerse/dazzle/Dazzle.java, line(s) 597,602,777,1063,1087,672,996,1003,1074,1114,1349,1371,1724 com/aemerse/dazzle/DazzleGallery$getMedia$1.java, line(s) 65 com/aemerse/dazzle/DazzleGallery.java, line(s) 227 com/aemerse/dazzle/gallery/BottomSheetMediaRecyclerAdapter.java, line(s) 170 com/agora/agorasdk/AgoraSdkManager.java, line(s) 245 com/ak/ui/CountryCodePicker.java, line(s) 321,327 com/ak/utils/CountryCodeHelper.java, line(s) 33,46,57 com/appsflyer/AFLogger.java, line(s) 48,77,140,46,12,66,59 com/appsflyer/internal/AFa1dSDK.java, line(s) 3101 com/appsflyer/internal/AFd1fSDK.java, line(s) 19,21,22 com/appsflyer/internal/AFd1kSDK.java, line(s) 21,29 com/appsflyer/internal/AFd1nSDK.java, line(s) 61,76,126,128,139,144 com/appsflyer/internal/AFd1oSDK.java, line(s) 36 com/appsflyer/internal/AFd1pSDK.java, line(s) 14 com/appsflyer/internal/AFd1sSDK.java, line(s) 74,79 com/appsflyer/internal/AFd1tSDK.java, line(s) 95,93,174,91,163 com/appsflyer/internal/AFd1uSDK.java, line(s) 85,102,39 com/appsflyer/internal/AFe1kSDK.java, line(s) 32,35,36,76 com/appsflyer/internal/AFe1uSDK.java, line(s) 200,203,207,217,218,223,227,234,241,247,256,261,268,334,335,340,354,357 com/appsflyer/internal/AFf1bSDK.java, line(s) 147,175,181,336,148,162,170,176,184 com/birbit/android/jobqueue/CancelHandler.java, line(s) 53 com/birbit/android/jobqueue/ConsumerManager.java, line(s) 92,94,98,108,112,122,138,145,170,173,180,198,215,296,330,335 com/birbit/android/jobqueue/Job.java, line(s) 117,123,147,130,142,116,122 com/birbit/android/jobqueue/JobManager.java, line(s) 111,346 com/birbit/android/jobqueue/JobManagerThread.java, line(s) 112,115,234,383,391,492,463,111,60,227,230,588,597,600 com/birbit/android/jobqueue/RunningJobSet.java, line(s) 25 com/birbit/android/jobqueue/log/JqLog.java, line(s) 79,84 com/birbit/android/jobqueue/messaging/DelayedMessageBag.java, line(s) 14,29,34 com/birbit/android/jobqueue/messaging/MessageFactory.java, line(s) 33,37 com/birbit/android/jobqueue/messaging/PriorityMessageQueue.java, line(s) 31,66,68,82 com/birbit/android/jobqueue/messaging/SafeMessageQueue.java, line(s) 42,81,85,90 com/birbit/android/jobqueue/messaging/UnsafeMessageQueue.java, line(s) 20,31 com/birbit/android/jobqueue/persistentQueue/sqlite/FileStorage.java, line(s) 72 com/birbit/android/jobqueue/persistentQueue/sqlite/SqlHelper.java, line(s) 86 com/birbit/android/jobqueue/persistentQueue/sqlite/SqliteJobQueue.java, line(s) 182,230,247,280,397 com/birbit/android/jobqueue/scheduling/FrameworkJobSchedulerService.java, line(s) 26,37,47,57,66 com/birbit/android/jobqueue/scheduling/FrameworkScheduler.java, line(s) 95,100,116,148,103,110,152,161 com/birbit/android/jobqueue/scheduling/GcmJobSchedulerService.java, line(s) 24,33 com/birbit/android/jobqueue/scheduling/GcmScheduler.java, line(s) 30,100,116,66,107,134,29,99,115 com/birbit/android/jobqueue/timer/SystemTimer.java, line(s) 11 com/birjuvachhani/locus/LocationBroadcastReceiver.java, line(s) 45,53 com/birjuvachhani/locus/LocationProvider.java, line(s) 77,94,185,192,91,149,182 com/birjuvachhani/locus/Locus.java, line(s) 175,182,285,222 com/birjuvachhani/locus/LocusActivity.java, line(s) 155,211,295,303,311,318,472,486,494,75 com/birjuvachhani/locus/LoggerKt.java, line(s) 39,23,31 com/birjuvachhani/locus/PermissionObserver.java, line(s) 22,30,35 com/canhub/cropper/BitmapUtils.java, line(s) 286,252,324 com/canhub/cropper/CropImageActivity.java, line(s) 475 com/canhub/cropper/CropOverlayView.java, line(s) 1053 com/cashfree/pg/base/logger/CFLoggerService.java, line(s) 56,35,49,63,42 com/cashfree/pg/core/hidden/nfc/NfcCardReader.java, line(s) 25,67 com/cashfree/pg/core/hidden/nfc/parser/EmvParser.java, line(s) 302 com/cashfree/pg/core/hidden/nfc/utils/EnumUtils.java, line(s) 15 com/cashfree/pg/image_caching/cache/DiskLruCache.java, line(s) 108 com/cashfree/pg/ui/hidden/nfc/NfcCardReader.java, line(s) 25,67 com/cashfree/pg/ui/hidden/nfc/parser/EmvParser.java, line(s) 302 com/cashfree/pg/ui/hidden/nfc/utils/EnumUtils.java, line(s) 15 com/coremedia/iso/boxes/sampleentry/AudioSampleEntry.java, line(s) 194 com/crazylegend/imagepicker/dialogs/multi/MultiImagePickerBottomSheetDialog.java, line(s) 234 com/crazylegend/imagepicker/dialogs/single/SingleImagePickerBottomSheetDialog.java, line(s) 258 com/crazylegend/imagepicker/pickers/MultiImagePicker.java, line(s) 57 com/crazylegend/imagepicker/pickers/SingleImagePicker.java, line(s) 57 com/crazylegend/videopicker/dialogs/multi/MultiVideoPickerBottomSheetDialog.java, line(s) 236 com/crazylegend/videopicker/dialogs/single/SingleVideoPickerBottomSheetDialog.java, line(s) 258 com/crazylegend/videopicker/pickers/MultiVideoPicker.java, line(s) 58 com/crazylegend/videopicker/pickers/SingleVideoPicker.java, line(s) 56 com/github/dhaval2404/imagepicker/ImagePickerActivity.java, line(s) 76,82,137,224,228,277 com/github/dhaval2404/imagepicker/provider/CropProvider.java, line(s) 90,101,118,147,151 com/github/dhaval2404/imagepicker/provider/GalleryProvider.java, line(s) 131,146,155,191,136,181,188 com/github/dhaval2404/imagepicker/util/ExifDataCopier.java, line(s) 30 com/github/drjacky/imagepicker/ImagePickerActivity.java, line(s) 328 com/github/drjacky/imagepicker/util/ExifDataCopier.java, line(s) 33 com/github/drjacky/imagepicker/util/FileUriUtils.java, line(s) 88 com/jakewharton/disklrucache/DiskLruCache.java, line(s) 108 com/ncorti/slidetoact/SlideToActView.java, line(s) 1064 com/opensource/svgaplayer/utils/log/DefaultLogCat.java, line(s) 30,43,23,16,37 com/otaliastudios/cameraview/CameraLogger.java, line(s) 35,28,24,30 com/otaliastudios/opengl/core/EglContextFactory.java, line(s) 55 com/otaliastudios/opengl/core/EglNativeConfigChooser.java, line(s) 35 com/otaliastudios/opengl/core/EglNativeCore.java, line(s) 124,135 com/otaliastudios/opengl/core/Egloo.java, line(s) 45,57,69,76 com/otaliastudios/opengl/internal/MiscKt.java, line(s) 36,24,18,30 com/permissionx/guolindev/request/InvisibleFragment.java, line(s) 925 com/razorpay/AppSignatureHelper.java, line(s) 47,36,50 com/razorpay/BaseUtils.java, line(s) 653 com/razorpay/CheckoutPresenterImpl.java, line(s) 910 com/razorpay/M$_3_.java, line(s) 88 com/razorpay/OpinionatedSoln.java, line(s) 269 com/razorpay/OtpElfData.java, line(s) 31 com/razorpay/SmsReceiver.java, line(s) 48,44 com/razorpay/d__1_.java, line(s) 7 com/razorpay/d__B_.java, line(s) 31 com/razorpay/g$_H$.java, line(s) 161 com/stripe/android/IssuingCardPinService.java, line(s) 197 com/stripe/android/core/Logger.java, line(s) 44,62,50,56 com/stripe/android/core/storage/SharedPreferencesStorage.java, line(s) 130,152,175,198,221,55,68,81,94,107,123,127,145,150,168,173,191,196,214,219,236,248 com/stripe/android/core/utils/PluginDetector.java, line(s) 44 com/stripe/android/stripe3ds2/transaction/Logger.java, line(s) 52,46 com/stripe/android/ui/core/elements/LpmSerializer.java, line(s) 49 com/stripe/android/uicore/image/ImageLruDiskCache.java, line(s) 76,119,121,177,190 com/stripe/android/uicore/image/UiUtilsKt.java, line(s) 71,83 com/theartofdev/edmodo/cropper/BitmapUtils.java, line(s) 181,219 com/theartofdev/edmodo/cropper/CropImageActivity.java, line(s) 89,240 com/theartofdev/edmodo/cropper/CropOverlayView.java, line(s) 707 com/tiktok/util/TTLogger.java, line(s) 41,44,51,23,26,33 com/twilio/audioswitch/android/ProductionLogger.java, line(s) 40,58,68,49 com/vdx/sud/BaseGameViewModel.java, line(s) 299,167 com/vdx/sud/SudGameViewModel.java, line(s) 87,106,184 com/vdx/sud/widget/view/round/RoundedDrawable.java, line(s) 117 com/vdx/sud/widget/view/round/RoundedImageView.java, line(s) 268 com/yalantis/ucrop/UCropActivity.java, line(s) 154 com/yalantis/ucrop/task/BitmapCropTask.java, line(s) 150,163,190,129 com/yalantis/ucrop/task/BitmapLoadTask.java, line(s) 125,147,86,89,131,138 com/yalantis/ucrop/util/BitmapLoadUtils.java, line(s) 104,52,83 com/yalantis/ucrop/util/EglUtils.java, line(s) 27 com/yalantis/ucrop/util/FileUtils.java, line(s) 61 com/yalantis/ucrop/util/ImageHeaderParser.java, line(s) 57,64,75,83,115,125,137,151,165,171,175,180,186,190,281,287,300,307,314,327,340,347,354,56,63,74,82,114,124,136,150,164,170,174,179,185,189 com/yalantis/ucrop/view/TransformImageView.java, line(s) 226,243,135,80 com/zego/ve/AudioDevice.java, line(s) 253,261,277,283,304,318,425,440,463 com/zego/ve/AudioDeviceHelper.java, line(s) 145,149,159 com/zego/ve/AudioEventMonitor.java, line(s) 138,141,282,323,341,437,551,575,100,259,321,336,401,435,477,483,500,516,611,624,660,673,689,703,132,272,491,506,647,677,696,710 com/zego/ve/FileMediaDataSource.java, line(s) 13,20,23,27 com/zego/ve/HwAudioKaraokeFeatureKit.java, line(s) 124 com/zego/ve/HwAudioKit.java, line(s) 131,164,81 com/zego/ve/KaraokeHelper.java, line(s) 129 com/zego/ve/Log.java, line(s) 71 com/zego/ve/MediaCodecVideoDecoder.java, line(s) 80,150,152,173,202,238,243,255,293,315,325,335,356,358,370,377,387,403,407,409,528,544,582,592,603,755,319,346,350,373,393,396,416,425,439,453,467,620,631,85,90,95,100,176,180,648,652 com/zego/ve/MediaCodecVideoEncoder.java, line(s) 234,342,389,402,406,462,464,495,558,572,576,594,671,323,429,515,526,578,584,587,629,639,703,722,761,612,615,621,239,244,249,254,310,314,355,359 com/zego/ve/VCam.java, line(s) 222,237,306,355,428,811,817,830,834,842,980,1074,1085,1105,1116,1154,1160,1192,1207,1223,1233,1241,1257,1270,1279,1287,1306,1350,1382,1430,1595,1629,1786,1877,1911,1927,1947,1986,2016,2032,2054,2063,2071,2089,2129,201,211,293,299,359,376,441,442,663,700,790,860,931,960,1010,1012,1014,1020,1079,1110,1181,1189,1267,1295,1303,1388,1408,1424,1435,1439,1444,1449,1529,1535,1541,1560,1568,1653,1660,1669,1734,1792,1902,1908,1932,1952,2008,2051,2080,2086,2124,2148,2151,326,364,820 com/zego/ve/VImageReader.java, line(s) 141,76,79,111,114 com/zego/ve/VSurTex.java, line(s) 42 com/zego/zegoavkit2/receiver/Background.java, line(s) 91 com/zego/zegoavkit2/screencapture/ve_gl/EglBase14.java, line(s) 31 com/zego/zegoavkit2/screencapture/ve_gl/GlShader.java, line(s) 95,22,43 com/zegocloud/zegosdk/ZegoSdkManager.java, line(s) 372,462,481,499,370,422,489,502 com/zegocloud/zegosdk/rtc/ZEGOExpressService.java, line(s) 501,521,171,180,364,405,411,459 com/zegocloud/zegosdk/utils/LogUtil.java, line(s) 19 com/zegocloud/zegosdk/utils/ZegoUtil.java, line(s) 41 custom_animations/animator/PWESpriteAnimatorBuilder.java, line(s) 146 eightbitlab/com/blurview/BlurView.java, line(s) 64 fastscroll/app/fastscrollalphabetindex/AlphabetIndexFastScrollRecyclerSection.java, line(s) 183 im/zego/zegoexpress/ZegoUnityAndroidRenderer.java, line(s) 57,62,68,75,94,145,147,151,155,164,182,197,204,223,230,249,260,264 im/zego/zegoexpress/ZegoUnitySurfaceTexture.java, line(s) 18,22,27,40,46 im/zego/zegoexpress/ZegoUnityTexture2D.java, line(s) 44,130,155 im/zego/zegoexpress/ZegoUnityTextureOES.java, line(s) 16,50,130,138 im/zego/zegoexpress/ZegoUnityUtils.java, line(s) 15,27,37,49 im/zego/zegoexpress/internal/ZegoExpressEngineInternalImpl.java, line(s) 191 im/zego/zegoexpress/utils/ZegoLibraryLoadUtil.java, line(s) 33,45 im/zego/zegoexpress/ve_gl/EglBase14.java, line(s) 31 im/zego/zegoexpress/ve_gl/GlShader.java, line(s) 95,22,43 im/zego/zim/internal/ZIMBridge.java, line(s) 382,539,577,619,650,680,711,740,770,800,830,855,898,941,1153,1199,1229,1298,1329,1372,1414,1442,1470,1591,1682,1731,1785,1821,1932,1981,2054,2088,2124,2179,2215,2238,2261,2305,2348,2398,2436,2460,2489,2514,2542,2559,2571,2580,3245,3254,3280,3293,3306,3319,3332,3345,3429 im/zego/zim/internal/ZIMImpl.java, line(s) 184 im/zego/zim/internal/util/ZIMSysUtil.java, line(s) 28,39 in/onato/imageeditor/editor/EditorActivity.java, line(s) 133,168 in/onato/imageeditor/editor/EditorFragment.java, line(s) 121,154 in/onato/imageeditor/editor/EditorListActivity.java, line(s) 23 in/onato/imageeditor/editor/SExtendActivity.java, line(s) 144,241,247,228 io/livekit/android/renderer/SurfaceViewRenderer.java, line(s) 62 io/livekit/android/renderer/TextureViewRenderer.java, line(s) 172 ja/burhanrashid52/photoeditor/ImageFilterView.java, line(s) 91 ja/burhanrashid52/photoeditor/PhotoEditor.java, line(s) 441,463,467 ja/burhanrashid52/photoeditor/PhotoEditorView.java, line(s) 75,96 ja/burhanrashid52/photoeditor/ScaleGestureDetector.java, line(s) 213 listeners/ConnectionDetector.java, line(s) 29 listfilter/FilterAdapter.java, line(s) 229 org/extra/tools/LibraryLoadUtils.java, line(s) 41,54 org/extra/tools/Lifecycle.java, line(s) 54,56 org/libpag/PAGImage.java, line(s) 49 org/libpag/PAGView.java, line(s) 283,377,472,566,755,758,764,951 org/libpag/TraceImage.java, line(s) 11 org/shadow/apache/commons/lang3/SystemUtils.java, line(s) 211 p010if/Cstrictfp.java, line(s) 96 p011implements/Cdo.java, line(s) 225 p014interface/Cgoto.java, line(s) 36,43,55,126 p016while/Cfor.java, line(s) 21,32,39,73 p016while/Cnew.java, line(s) 162 p018if/Cstrictfp.java, line(s) 97 p019implements/Cdo.java, line(s) 175,263,285,364,490,290,321,358 p022interface/Celse.java, line(s) 369,384 p022interface/Cgoto.java, line(s) 37,44,56,127 p041while/Cfor.java, line(s) 21,32,39,73 p041while/Cnew.java, line(s) 403 pub/devrel/easypermissions/AppSettingsDialog.java, line(s) 68 pub/devrel/easypermissions/EasyPermissions.java, line(s) 138,140,34 pub/devrel/easypermissions/helper/ActivityPermissionHelper.java, line(s) 36 pub/devrel/easypermissions/helper/BaseSupportPermissionsHelper.java, line(s) 20 s/Cif.java, line(s) 28 t/Cdo.java, line(s) 19,43,32,56,23,47,15,39,27,51 tech/sud/logger/LogUtils.java, line(s) 147,316 timber/log/Timber.java, line(s) 522,540 y/Cfor.java, line(s) 10 y/Cif.java, line(s) 124,146,162,170,183,204,229,301,313,357,371,380 y/Ctry.java, line(s) 79
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: app/callpe/common/utils/Helper.java, line(s) 7,514,515 app/callpe/ui/payment/ScreenshotUpiActivity.java, line(s) 6,276,277 com/easebuzz/payment/kit/PWEBankPageActivity.java, line(s) 7,573 com/razorpay/RzpAssist.java, line(s) 5,294
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/truecaller/android/sdk/clients/callVerification/RequestPermissionHandler.java, line(s) 223,223
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: app/callpe/common/di/AppModule.java, line(s) 71,71 app/callpe/service/RetrofitInstance.java, line(s) 31,31 clientRequestsApi/ApiClient.java, line(s) 12,12 com/cashfree/pg/network/POSTApiWithSSLPin.java, line(s) 37,36,34,34,58,58,60,60,61,76 com/easebuzz/payment/kit/PWEBankListFragment.java, line(s) 161,161 com/easebuzz/payment/kit/PWECouponsActivity.java, line(s) 485,504,1234,485,504,1234 com/easebuzz/payment/kit/PWEDiscountHelper.java, line(s) 97,105,265 com/easebuzz/payment/kit/PWEInstaCollectFragment.java, line(s) 244,322,361,244,322,361 com/easebuzz/payment/kit/PWEOlaFragment.java, line(s) 126,126 com/easebuzz/payment/kit/PWESavedCardFragment.java, line(s) 165,289 com/easebuzz/payment/kit/PWEUpiFragment.java, line(s) 519,721,895,979 com/truecaller/android/sdk/network/RestAdapter.java, line(s) 17,17
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/cashfree/pg/base/util/RootUtil.java, line(s) 31,15,19,19,19,19,19,19,9 com/cashfree/pg/cf_analytics/context/CFOSContext.java, line(s) 17
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/827534710097/namespaces/firebase:fetch?key=AIzaSyAQBhbwSWJ03DKkXsWoQPmuT9YjZJm7fk8 ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.sud.tech) 通信。
{'ip': '103.220.64.91', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '广州', 'latitude': '23.127361', 'longitude': '113.264572'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (dev-fqs.sudden.ltd) 通信。
{'ip': '114.230.197.178', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sim-fqs.sud.ltd) 通信。
{'ip': '58.216.4.204', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '常州', 'latitude': '31.783331', 'longitude': '119.966667'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (fat-fqs.sudden.ltd) 通信。
{'ip': '114.230.197.123', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (dev-fqs.sud.ltd) 通信。
{'ip': '114.230.197.178', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (asr.cloud.tencent.com) 通信。
{'ip': '106.55.89.122', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (fat-fqs.sud.ltd) 通信。
{'ip': '114.230.197.178', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (fqs.sudden.ltd) 通信。
{'ip': '121.14.142.132', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '东莞', 'latitude': '23.048780', 'longitude': '113.745003'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (fqs.sud.ltd) 通信。
{'ip': '114.230.197.178', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (sim-fqs.sudden.ltd) 通信。
{'ip': '58.216.4.159', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '常州', 'latitude': '31.783331', 'longitude': '119.966667'}
综合安全基线评分总结
Rilo v2.0.21
Android APK
49
综合安全评分
中风险