应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Sandridge Go v2025.2.170190457
53
安全评分
安全基线评分
53/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
0
高危
20
中危
2
信息
1
安全
隐私风险评估
1
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
0
中危安全漏洞
20
安全提示信息
2
已通过安全项
1
重点安全关注
2
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Service (com.staffbase.capacitor.plugin.podcast.service.PodcastService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.microsoft.intune.mam.client.notification.MAMNotificationReceiverService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.microsoft.intune.mam.client.service.MAMBackgroundReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: F2/y.java, line(s) 37 H5/a.java, line(s) 61 com/getcapacitor/C.java, line(s) 182 com/parse/ParseCommandCache.java, line(s) 531 com/tchvu3/capacitorvoicerecorder/b.java, line(s) 35 u4/c.java, line(s) 61
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/getcapacitor/Y.java, line(s) 31 com/microsoft/intune/mam/client/app/backup/BackupAgentBehavior.java, line(s) 15 com/parse/OfflineSQLiteOpenHelper.java, line(s) 12 com/parse/ParseACL.java, line(s) 24,25,26 com/parse/ParseRESTCommand.java, line(s) 25,27 com/parse/ParseUser.java, line(s) 22,23 com/staffbase/capacitor/plugin/kvStore/StaffbaseKVStore.java, line(s) 26,44 com/staffbase/capacitor/plugin/kvStore/db/KVEntry.java, line(s) 113 m2/c.java, line(s) 190 t1/C1715a.java, line(s) 134 t1/C2251a.java, line(s) 134 v/C1771l0.java, line(s) 23 v/C2315l0.java, line(s) 23 v/L0.java, line(s) 432
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: E1/c0.java, line(s) 4 V6/a.java, line(s) 3 V6/b.java, line(s) 3 W5/C0543e.java, line(s) 13 W5/C2412e.java, line(s) 13 com/parse/LocalIdManager.java, line(s) 5 com/parse/ParsePushBroadcastReceiver.java, line(s) 17 com/pushNotification/a.java, line(s) 4 w6/a.java, line(s) 3 y1/C2006x0.java, line(s) 7 y1/C2564x0.java, line(s) 7
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/parse/ParseDigestUtils.java, line(s) 14 com/parse/ParseRESTCommand.java, line(s) 290,290
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: u4/b.java, line(s) 54
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: T2/C1721c.java, line(s) 5,6,7,8,9,159 T2/C2257c.java, line(s) 5,6,7,8,9,161 V3/C1809D.java, line(s) 3,19 V3/C1810E.java, line(s) 4,5,81 V3/C1837z.java, line(s) 5,6,69,81,343 V3/C2353D.java, line(s) 3,19 V3/C2354E.java, line(s) 4,5,81 V3/C2381z.java, line(s) 5,6,71,83,345 com/parse/OfflineSQLiteOpenHelper.java, line(s) 4,23,24 com/parse/ParseSQLiteDatabase.java, line(s) 5,6,367
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: H5/a.java, line(s) 20 com/getcapacitor/C.java, line(s) 182 g5/d.java, line(s) 96 m5/g.java, line(s) 72
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/staffbase/capacitor/plugin/tabs/c.java, line(s) 185,178
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" ZkWBotC4nL+Ba/kXaVPx7TpoRSF9uwxEAuufz67J7sQ= yBjnrcmcUp2nylDRWnQvSPRspmhm1f/fOuKrsNiaSdA= OhdUJ+wrpPRtpX53tkyqVLKQoNpdCCWve8MQQaQDQ2A= NHwusbC7w844JzTmvIRIo8NL7D6StITK9phzFgtJi0w= e0IRz5Tio3GA1Xs4fUVWmH1xHDiH2dMbVtCBSkOIdqM= LjZtjXjXZ6xC52xYpbqo+7iCeMHHB3aNu04+PJtDyYg= 4i4h0jN9NROr1xKJI+TQ1Q/ZIfUjPMXtmWUsDR3Pjiw= VObRTDLlT/F+gUSuQacH62jRPzch1yNU6oGxRzgsyck= OZOx9JJC3JsSDSjFX2iEA3/ED6gCha3L1ZrOeRNoyx8= bd470a0088dc189c6bc9b1b65f042f6b E++ujdrbZMGIJ0eA9QXCCHs5D8ABeIzQ2mAqHPFN+gs= k09MzmwiRPkPmkpgmUtprMk/uALSVedNLtfOBkCMvXE= 291d1e7e3de67fc0ea0e5967b9733877 ZckwC4fqIUCeiz1/ihqLY9TDek4tDc704HFPrhqylPo= 5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w= Z6NGNGtJqKusRdpHxcqa3PDNHEN8vStoX+WLg9xt4t4= zAwfx2iFcQ5vMOCc9vt+MXLdLl08EquNsOWgDF0hOw8= Mfmoi2wKbxJCpI54JB7B+PPNkO8dRO51Bpbp+Gu4aFg= Wl8MFY+9zijGG8QgEHCAK5fhA+ydPZxaLQOFdiEPz3U=
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: A0/C0666H.java, line(s) 150 A0/C0772H.java, line(s) 150 A0/h.java, line(s) 27 A0/m.java, line(s) 184,200,206,228,259,269,307,315,183,199,205,227,258,268,306,314,137,209,233,250 A0/t.java, line(s) 62 C2/a.java, line(s) 17 D0/c.java, line(s) 56 D0/d.java, line(s) 66 D0/h.java, line(s) 134,143,256 E0/d.java, line(s) 598,603 E0/i.java, line(s) 64 E0/j.java, line(s) 54,113 E0/l.java, line(s) 44,98,112,134,145 E0/n.java, line(s) 81 E3/g.java, line(s) 36 E4/C1034a.java, line(s) 74,78 E4/C1412a.java, line(s) 74,78 F/e.java, line(s) 364,368 F4/C1071a.java, line(s) 75,132 F4/C1466a.java, line(s) 77,125,191 G1/C1086c.java, line(s) 104,125,119 G1/C1487c.java, line(s) 104,125,119 G3/C1094a.java, line(s) 31 G3/C1495a.java, line(s) 31 G3/d.java, line(s) 114,159,166 G3/g.java, line(s) 80,64,99,111,121,127,130,132,136 G3/h.java, line(s) 41,77 G3/k.java, line(s) 27 G3/r.java, line(s) 38 G3/v.java, line(s) 23 H/f.java, line(s) 25 I0/k.java, line(s) 31 I3/z.java, line(s) 51 J0/d.java, line(s) 72 J3/A.java, line(s) 95,98,101,104,107,110,121,124,127,130,163,168 J3/AbstractBinderC0540a.java, line(s) 18 J3/AbstractC0434a.java, line(s) 18 J3/AbstractC0436c.java, line(s) 202,220,421,427,431,437 J3/AbstractC0542c.java, line(s) 202,220,421,427,431,437 J3/C0442i.java, line(s) 26,32,21,38,44 J3/C0548i.java, line(s) 26,32,21,38,44 J3/D.java, line(s) 26 J3/Z.java, line(s) 34 J3/c0.java, line(s) 101 J3/d0.java, line(s) 29 J3/e0.java, line(s) 36 J3/g0.java, line(s) 39,57 J3/m0.java, line(s) 49,54 J3/q0.java, line(s) 54 J4/h.java, line(s) 61 K0/z.java, line(s) 252 K4/c.java, line(s) 215 L0/C1440a.java, line(s) 19 L0/C1920a.java, line(s) 19 M/MenuItemC1461c.java, line(s) 264 M/MenuItemC1944c.java, line(s) 264 M4/f.java, line(s) 29,36,39,48,88,91,93,95,97,99 N0/AbstractC0503d0.java, line(s) 43,52,66,86,100,115,129 N0/AbstractC0541y.java, line(s) 40 N0/AbstractC0609d0.java, line(s) 43,52,66,86,100,115,129 N0/AbstractC0647y.java, line(s) 40 N0/X.java, line(s) 706,651,705 N0/x0.java, line(s) 756,773,529,541,548,557,747 O0/n.java, line(s) 249 O3/b.java, line(s) 57,68 P3/l.java, line(s) 16,15 P3/m.java, line(s) 68,76,49,58,90,133 Q0/c.java, line(s) 48 Q2/AbstractC1601a.java, line(s) 70 Q2/AbstractC2124a.java, line(s) 70 Q3/k.java, line(s) 36,65,72,75,88,91,94,97,100 R0/C0580o.java, line(s) 75 R0/C0686o.java, line(s) 77 R0/Q.java, line(s) 74,81,131,137 R4/b.java, line(s) 56,51 R4/c.java, line(s) 111,152,255,106,150,173,202,251,286,308,347,174,203,287,309,348,140,264 R4/l.java, line(s) 26 R4/n.java, line(s) 31,47,23,39 R4/o.java, line(s) 78,34,97 T2/C1722d.java, line(s) 216 T2/C2258d.java, line(s) 216 U2/C1739a.java, line(s) 93 U2/C2279a.java, line(s) 93 W0/o.java, line(s) 83 X0/AbstractC1860a.java, line(s) 97,99,101 X0/AbstractC1862c.java, line(s) 90,92 X0/AbstractC1863d.java, line(s) 144,146 X0/AbstractC2416a.java, line(s) 97,99,101 X0/AbstractC2418c.java, line(s) 90,92 X0/AbstractC2419d.java, line(s) 144,146 X0/f.java, line(s) 173,175 X2/AbstractC1932a.java, line(s) 31 X2/AbstractC2488a.java, line(s) 31 Z0/c.java, line(s) 148 Z2/b.java, line(s) 1252,1373 Z2/h.java, line(s) 772,2486,2902,1698,2771,2777 Z2/k.java, line(s) 1905,1954,1978,3793,1983,2433,2470,2487 Z4/i.java, line(s) 247 b4/l.java, line(s) 26 com/capacitorjs/plugins/network/NetworkPlugin.java, line(s) 61 com/caverock/androidsvg/SVGImageView.java, line(s) 44,66,146,159,172,137 com/darkedges/capacitor/webauthn/WebAuthnPlugin.java, line(s) 58 com/darkedges/capacitor/webauthn/a.java, line(s) 46 com/getcapacitor/O.java, line(s) 18,28,49,79,89 com/github/barteksc/pdfviewer/PDFView.java, line(s) 504,568 com/github/barteksc/pdfviewer/h.java, line(s) 118 com/parse/CachedCurrentInstallationController.java, line(s) 90 com/parse/ConnectivityNotifier.java, line(s) 54 com/parse/InstallationId.java, line(s) 23,43,46 com/parse/ManifestInfo.java, line(s) 93,106 com/parse/NetworkQueryController.java, line(s) 31,48 com/parse/Parse.java, line(s) 323,387 com/parse/ParseAnalytics.java, line(s) 42 com/parse/ParseDateFormat.java, line(s) 40 com/parse/ParseImpreciseDateFormat.java, line(s) 40 com/parse/ParseInstallation.java, line(s) 130 com/parse/ParseKeyValueCache.java, line(s) 114,139 com/parse/ParsePinningEventuallyQueue.java, line(s) 235,101 com/parse/ParsePush.java, line(s) 240 com/parse/ParsePushBroadcastReceiver.java, line(s) 107,145,157,164,160 com/parse/ParseRequest.java, line(s) 89 com/parse/PushHistory.java, line(s) 84 com/parse/PushRouter.java, line(s) 84 com/parse/fcm/ParseFCM.java, line(s) 10,21,23 com/parse/fcm/ParseFirebaseMessagingService.java, line(s) 14,23 com/shockwave/pdfium/PdfiumCore.java, line(s) 41,33,248,251 com/staffbase/capacitor/MainActivity.java, line(s) 219,225 k2/e.java, line(s) 210,376,79,264,26,195,256,77 k2/g.java, line(s) 78,38,657,89,652,661,707,729,735,760,807,854,882,1140 k2/h.java, line(s) 23 k2/i.java, line(s) 445,507,547,561,588,615,657,996,1026 k2/l.java, line(s) 164,203 k2/m.java, line(s) 174,243,1509,1596,1633 k2/o.java, line(s) 147,14 k2/r.java, line(s) 78,90,98 l7/o.java, line(s) 10,16,22,28,34,40,46 m3/a.java, line(s) 45,50,37 o1/c.java, line(s) 85 q6/C0519e.java, line(s) 87 q6/C2137e.java, line(s) 92 r3/AbstractC1619a.java, line(s) 7,11,15,23,27 r3/AbstractC2149a.java, line(s) 7,11,15,23,27 s0/C1650d.java, line(s) 208 s0/C2183d.java, line(s) 209 s1/AbstractC1688q.java, line(s) 37,32,42,27 s1/AbstractC2221q.java, line(s) 37,32,42,27 s2/h.java, line(s) 74,60,64 t0/AbstractC1713o.java, line(s) 127 t0/AbstractC2249o.java, line(s) 127 t0/C1701c.java, line(s) 117 t0/C1710l.java, line(s) 48,49 t0/C2237c.java, line(s) 117 t0/C2246l.java, line(s) 48,49 t5/C0527b.java, line(s) 79 t5/C2267b.java, line(s) 80 u4/AbstractC1743a.java, line(s) 39,58 u4/AbstractC2283a.java, line(s) 39,58 u4/b.java, line(s) 58,75 v/AbstractC1750b.java, line(s) 48 v/AbstractC2294b.java, line(s) 49 v4/c.java, line(s) 66,69 w4/d.java, line(s) 168,201
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/microsoft/intune/mam/client/content/ClipboardBehavior.java, line(s) 5,22 l5/C0470a.java, line(s) 5,35,36 l5/C1939a.java, line(s) 5,35,36
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/microsoft/intune/mam/http/g.java, line(s) 30,29,37,28,28 com/microsoft/intune/mam/http/j.java, line(s) 23,22,44,21,21
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (login.partner.microsoftonline.cn) 通信。
{'ip': '52.130.17.205', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (login.chinacloudapi.cn) 通信。
{'ip': '52.130.17.205', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
综合安全基线评分总结
Sandridge Go v2025.2.170190457
Android APK
53
综合安全评分
中风险