应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Aisle v12.32
50
安全评分
安全基线评分
50/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
4
高危
19
中危
3
信息
3
安全
隐私风险评估
5
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
4
中危安全漏洞
19
安全提示信息
3
已通过安全项
3
重点安全关注
1
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.aisle.app.presentation.features.splashScreen.ui.SplashActivity][android:host=https://aisle.go.link] App Link 资产验证 URL(https://aisle.go.link/.well-known/assetlinks.json)未找到或配置不正确。(状态码:404)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: Q8/c.java, line(s) 21,22,3
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/aisle/app/data/repository/Repository.java, line(s) 209 com/aisle/app/presentation/features/login/ui/PhoneNumberFragment.java, line(s) 502 com/pubnub/internal/vendor/Crypto.java, line(s) 103,116
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个5隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 Broadcast Receiver (com.cashfree.pg.core.api.ui.receiver.CFSMSBroadcastReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.phone.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.GenericIdpActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.RecaptchaActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: B4/h.java, line(s) 74 D4/d.java, line(s) 37 D4/p.java, line(s) 88 D4/x.java, line(s) 77 L5/g.java, line(s) 77 U2/C2101d.java, line(s) 43 U2/C3747d.java, line(s) 43 U8/b.java, line(s) 75 V8/C1131e.java, line(s) 80 V8/C3886e.java, line(s) 84 V8/w.java, line(s) 120 com/aisle/app/data/response/home/SortOptions.java, line(s) 96 com/aisle/app/data/response/imageInappropriate/InappropriateImageResponse.java, line(s) 254 com/aisle/app/domain/model/chat/FirebaseMessage.java, line(s) 661 com/pubnub/api/PubNubException.java, line(s) 165 com/pubnub/internal/managers/TokenParser.java, line(s) 41,47,50,53,56,59,62,38,65,68 com/pubnub/internal/models/server/SubscribeMessage.java, line(s) 257 com/pubnub/internal/models/server/files/FormField.java, line(s) 77 t0/a.java, line(s) 63 z9/b.java, line(s) 136
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/aisle/app/presentation/features/multiImageSelection/MultiImageSelectionFragment.java, line(s) 430 com/yalantis/ucrop/util/FileUtils.java, line(s) 77 z5/z.java, line(s) 466,621,888
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: E9/C0765b.java, line(s) 52 E9/C2693b.java, line(s) 55 H6/C0825a.java, line(s) 22 H6/C2890a.java, line(s) 23 K8/l.java, line(s) 135 com/pubnub/internal/vendor/FileEncryptionUtil.java, line(s) 91 v4/u0.java, line(s) 56
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: E9/C0766c.java, line(s) 81 E9/C2694c.java, line(s) 85 X2/D.java, line(s) 918 c/C0317u.java, line(s) 135 c/C0630u.java, line(s) 135 c2/y.java, line(s) 70
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: G8/a.java, line(s) 5 I5/e.java, line(s) 5 Q8/i.java, line(s) 9 S9/d.java, line(s) 5 Wa/a.java, line(s) 3 X0/C1061r0.java, line(s) 11 X0/C1431r0.java, line(s) 11 com/aisle/app/presentation/features/editprofile/philosophy/ui/PhilosophyFragment.java, line(s) 37 com/appsflyer/internal/AFb1gSDK.java, line(s) 19 d1/a0.java, line(s) 4 v2/C0782a.java, line(s) 28 v2/C1152a.java, line(s) 29
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: J2/C1830c.java, line(s) 6,7,8,9,10,82,150 J2/C3034c.java, line(s) 6,7,8,9,10,83,151 Y6/C1197M.java, line(s) 5,6,103,148,160,172,249,258,274,646 Y6/C4094M.java, line(s) 5,6,111,156,168,180,257,266,282,654 Y6/W.java, line(s) 4,5,147 d8/q.java, line(s) 9,10,11,12,126,738
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: J5/C0242d.java, line(s) 43 J5/C0768d.java, line(s) 52 L2/g.java, line(s) 48 U5/n.java, line(s) 132
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: v4/z0.java, line(s) 186,186,186,186
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/cashfree/pg/core/api/ui/BaseCFWebView.java, line(s) 50,45
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/aisle/app/presentation/common/ui/WebViewFragment.java, line(s) 538,537
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "ACCOUNT_KIT_CLIENT_TOKEN" : "23805a10ac0cd7b5fb86e3f05f4cdf40" "android.credentials.TYPE_PASSWORD_CREDENTIAL" : "Password" "androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" : "Passkey" "com.google.firebase.crashlytics.mapping_file_id" : "a6406013aa2b4a62ad7bf48215e7650b" "facebook_app_id" : "198768123650236" "facebook_client_token" : "6e70d46a79f7d7e11e05fd3503e92cf4" "firebase_database_url" : "https://aisle-network.firebaseio.com" "ga_tracker_key" : "UA-63681596-1" "google_api_key" : "AIzaSyADQzw0vh7dmkmxnG8v0Y2A_GnmdS88Eu4" "google_app_id" : "1:652927018963:android:33b9546a4395ac7f" "google_crash_reporting_api_key" : "AIzaSyADQzw0vh7dmkmxnG8v0Y2A_GnmdS88Eu4" 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 b-c-00ae1ca3-cb15-4776-afcf-ca569a818c12 b-c-06ee692d-fbf6-4d44-83ce-9fdb44943bad FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 9b8f518b086098de3d77736f9458a3d2f6f95a37 c56fb7d591ba6704df047fd98f535372fea00211 df6b721c8b4d3b6eb44c861d4415007e5a35fc95 aXNccyhcZHs2LDh9KXwoXGR7Niw4fSlcc2lzfGlzXHMoXGR7NH0p 470fa2b4ae81cd56ecbcda9735803434cec591fa 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 cc2751449a350f668590264ed76692694a80308a b-c-55c591d4-8b71-4e06-9dbf-68005f653b51 a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 ljEX7eVfoBvBQ3DBnWMj12rapNQygIBA 3E611E3A0A779518AF2CD9468A96AE072D77C9879AF19216503E58EA3770503A b-c-d6e00d19-8f68-42e6-b4aa-054b56b977e0 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: A/D.java, line(s) 358,396,412,511,365 A/L.java, line(s) 12,19,26,33,40,49,67,74 A4/d.java, line(s) 73,101,72,100 A9/B.java, line(s) 91,93 A9/C0230g.java, line(s) 34 A9/C0600g.java, line(s) 36 A9/D.java, line(s) 80,93,166,182,194,203,253,256,277,109,283 A9/G.java, line(s) 48,62,37,54 A9/k.java, line(s) 60,67 A9/x.java, line(s) 141,87,269 B7/d.java, line(s) 146,174 C4/c.java, line(s) 104,103 C4/e.java, line(s) 57,56 D4/h.java, line(s) 613,363,378,612,467 D4/i.java, line(s) 46,47 D4/k.java, line(s) 13,179 D4/z.java, line(s) 69,107,59,68,106,60 D6/c.java, line(s) 102 E3/L0.java, line(s) 2790,2833,2893,4150,4961,5178,5416,5417,5418,5816,5941 E4/i.java, line(s) 103,145,104,146 E4/j.java, line(s) 96,140,153,165,65,95,105,129,139,152,164,185,192,71,106,186,193,130 E6/a.java, line(s) 23,41,50,60 E7/h.java, line(s) 261 E9/C0765b.java, line(s) 56,73 E9/C2693b.java, line(s) 59,76 F4/e.java, line(s) 42,48,76,86,43,77,49,89 F4/i.java, line(s) 102,86 F6/m.java, line(s) 22,21 F6/r.java, line(s) 85 F9/c.java, line(s) 87,90,112,120,121,141,143 G4/a.java, line(s) 150,147 G8/e.java, line(s) 61 H0/a.java, line(s) 31 H4/c.java, line(s) 18,15 H4/d.java, line(s) 43,42 H4/g.java, line(s) 99,98 H4/s.java, line(s) 62,65 H4/t.java, line(s) 60,65,78,94,61,66,81,97 H4/u.java, line(s) 34,33 H8/C0828b.java, line(s) 46,87 H8/C0840n.java, line(s) 37,40,133 H8/C2893b.java, line(s) 50,91 H8/C2905n.java, line(s) 44,47,140 I0/h.java, line(s) 30,34,38 I0/n.java, line(s) 31 J2/C1831d.java, line(s) 220 J2/C3035d.java, line(s) 220 J4/h.java, line(s) 68,69 J5/C0241c.java, line(s) 19 J5/C0244f.java, line(s) 71 J5/C0251m.java, line(s) 215 J5/C0767c.java, line(s) 24 J5/C0770f.java, line(s) 87,102,112,123,138,177 J5/C0777m.java, line(s) 222 J5/T.java, line(s) 146,161 K3/a0.java, line(s) 1647 K4/C0263f.java, line(s) 23,24 K4/C0819c.java, line(s) 65,64,74,88,89 K4/C0822f.java, line(s) 24,25 K4/E.java, line(s) 129,134,185,199,202,130,135,186,187,188,192,200,203 K4/H.java, line(s) 187,197,240,299,186,194,237,298 K4/o.java, line(s) 169,176,268,278,290,302,320,330,333,336,339,342,356,361,168,175,267,277,289,301,319,329,332,335,338,341,355,360 K4/q.java, line(s) 94,113,93,112,184,249,292,185,268,361 K4/r.java, line(s) 43,49,44,50 K4/v.java, line(s) 70,95,101,107,113,119,127,96,102,108,114,120,128,71 K7/i.java, line(s) 30,21,37,44,29,36,43,50,51,57,58 K8/l.java, line(s) 93 L/y.java, line(s) 285,522 L7/C0898a.java, line(s) 62,66 L7/C3202a.java, line(s) 67,71 L9/e.java, line(s) 59 M0/AbstractC1891B.java, line(s) 41 M0/AbstractC1902a0.java, line(s) 869,814,868 M0/AbstractC1918i0.java, line(s) 43,52,66,86,100,115,129 M0/AbstractC3211B.java, line(s) 41 M0/AbstractC3222a0.java, line(s) 869,814,868 M0/AbstractC3238i0.java, line(s) 43,52,66,86,100,115,129 M0/C0.java, line(s) 841,858,612,624,631,640,832 M7/C0910a.java, line(s) 106,176,188,258,201,273 M7/C3305a.java, line(s) 128,198,210,284,223,299 M8/AbstractC0917C.java, line(s) 27,44,19,20 M8/AbstractC0948w.java, line(s) 77 M8/AbstractC3312C.java, line(s) 27,44,19,20 M8/AbstractC3343w.java, line(s) 79 M8/C0921G.java, line(s) 28,29 M8/C0924J.java, line(s) 39,40 M8/C3316G.java, line(s) 32,33 M8/C3319J.java, line(s) 41,42 M8/M.java, line(s) 27,28 M8/W.java, line(s) 32,48,59,68,77 M8/h0.java, line(s) 49,83 M9/m.java, line(s) 103 N0/c.java, line(s) 55 N0/t.java, line(s) 257 O0/a.java, line(s) 174,179,186,190,201,213 O2/c.java, line(s) 16,42,31 O4/a.java, line(s) 73,82,87,96,106,77,83,93,97,107 O4/d.java, line(s) 21,24 O4/j.java, line(s) 37,40 O6/g.java, line(s) 32 O7/C0991d.java, line(s) 50 O7/C3446d.java, line(s) 52 O8/a.java, line(s) 19,24,29,34 P0/AbstractC2004c.java, line(s) 49 P0/AbstractC3465c.java, line(s) 49 Q4/d.java, line(s) 50,69,74,80,57,49,56,61,68,73,79,62 Q6/A.java, line(s) 25,32,24,31 Q6/AbstractC0273b.java, line(s) 35,48,136,139 Q6/AbstractC0933b.java, line(s) 38,51,139,142 Q6/C0274c.java, line(s) 80,93,114,162,177,301,79,92,113,161,176,300,110,130,142,184,205,251 Q6/C0934c.java, line(s) 91,104,125,173,188,312,90,103,124,172,187,311,121,141,153,195,216,262 Q6/D.java, line(s) 49,48 Q6/E.java, line(s) 44,26,65 Q6/k.java, line(s) 15,12 Q6/x.java, line(s) 33,72,141,32,71,85,140,186,218,247,276,86,187,219,248,277,40,175 Q6/y.java, line(s) 21 Q8/C1041g.java, line(s) 28,38,15,48,58,68 Q8/C3541g.java, line(s) 31,41,18,51,61,71 R6/k.java, line(s) 31,60,67,70,83,86,89,92,95 S/d.java, line(s) 208 S0/p.java, line(s) 37,32,42,27 S1/C0682c.java, line(s) 309,317 S1/C1052c.java, line(s) 310,318 S4/h.java, line(s) 90,18,224,257 T4/i.java, line(s) 42,83,84,43 T8/r.java, line(s) 171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189 U0/C2093c.java, line(s) 423 U0/C3739c.java, line(s) 421 U1/AbstractC0755b.java, line(s) 19 U1/AbstractC1125b.java, line(s) 19 U5/g.java, line(s) 186 U5/j.java, line(s) 182 U5/k.java, line(s) 131,134,268 U5/n.java, line(s) 78 U6/AbstractC1111a.java, line(s) 9,16,23,8,15,22,33,34,40,41 U6/AbstractC3787a.java, line(s) 9,16,23,8,15,22,33,34,40,41 W/o.java, line(s) 80 W2/C0912g1.java, line(s) 272,359,566,928,1105 W2/C1282g1.java, line(s) 286,375,585,953,1134 W2/L3.java, line(s) 121 W2/S2.java, line(s) 140,141 W2/U2.java, line(s) 79 X4/a.java, line(s) 66,67 Y6/g.java, line(s) 16 Y6/s.java, line(s) 19,16 Y6/t.java, line(s) 56,64,93,37,46,109 Y7/AbstractC1230a.java, line(s) 32,51 Y7/AbstractC4127a.java, line(s) 41,60 Z1/f.java, line(s) 127 Z4/C1245a.java, line(s) 254 Z4/C4164a.java, line(s) 282 Z4/a.java, line(s) 29,36,43,54 Z7/g.java, line(s) 289,235,239,252 ai/digitap/faceclient/facedetection/FaceDet.java, line(s) 19,21 ai/digitap/faceclient/utils/DTSensorBiometrics.java, line(s) 319,324,190 b0/AbstractC1466c.java, line(s) 57 b0/AbstractC1878c.java, line(s) 60 b0/C1467d.java, line(s) 66 b0/C1879d.java, line(s) 66 b0/h.java, line(s) 140,149,266 b9/a.java, line(s) 97,103,122,126 c/T.java, line(s) 135,137,141,145,150 c0/AbstractC1505f.java, line(s) 598,603 c0/AbstractC1946f.java, line(s) 642,647 c0/k.java, line(s) 65 c0/l.java, line(s) 55,114 c0/n.java, line(s) 44,98,112,134,145 c0/p.java, line(s) 81 c2/o.java, line(s) 499,527,657,659 c2/r.java, line(s) 71,167 c2/u.java, line(s) 324 c2/y.java, line(s) 145,148,153 c7/b.java, line(s) 55 c9/c.java, line(s) 118 c9/f.java, line(s) 36 com/aisle/app/helper/CustomLinearLayoutManager.java, line(s) 24 com/aisle/app/presentation/common/ui/SendReplyActivity.java, line(s) 515 com/aisle/app/presentation/common/viewmodel/PaymentViewModel.java, line(s) 1163,820,928,977,1151,1160,1221,1229,1289,1511,1352,1355 com/aisle/app/presentation/features/chat/ui/ChatFragment.java, line(s) 206,585,634,635,946,947,1005,1006,1101,1381,1462,1511,1590,1674,1860,1931,2006,2018,2022,2068 com/aisle/app/presentation/features/editprofile/about/ui/AboutFragment.java, line(s) 1399,1456,1532 com/aisle/app/presentation/features/editprofile/audioprompt/ui/EditVoicePromptFragment.java, line(s) 690,1138 com/aisle/app/presentation/features/editprofile/base/ui/EditProfileFragment.java, line(s) 534,1098,2121 com/aisle/app/presentation/features/editprofile/curator_feedback/ui/CuratorFeedbackDetailFragment.java, line(s) 785,786,807,1012,1026,1092,1106 com/aisle/app/presentation/features/editprofile/icebreaker/ui/IceBreakersListFragment.java, line(s) 280 com/aisle/app/presentation/features/editprofile/imagePrompt/ui/ImagePromptListFragment.java, line(s) 119 com/aisle/app/presentation/features/editprofile/imagePrompt/ui/ImagePromptSelectionFragment.java, line(s) 642,711 com/aisle/app/presentation/features/editprofile/philosophy/ui/PhilosophyFragment.java, line(s) 362 com/aisle/app/presentation/features/editprofile/relationshipGoals/ui/RelationshipGoalsFragment.java, line(s) 457 com/aisle/app/presentation/features/editprofile/verification/ui/VerificationFragment.java, line(s) 559,617,693 com/aisle/app/presentation/features/home/base/ui/HomeFragment.java, line(s) 1411,1482,1494,1803 com/aisle/app/presentation/features/login/ui/OtpFragment.java, line(s) 273,960,1015,1125 com/aisle/app/presentation/features/login/ui/PhoneNumberFragment.java, line(s) 436,586 com/aisle/app/presentation/features/newOnboarding/ui/NewBasicInfoFragment.java, line(s) 917 com/aisle/app/presentation/features/newOnboarding/ui/NewMotherTongueFragment.java, line(s) 396,397 com/aisle/app/presentation/features/newOnboarding/ui/NewOnBoardingFragment.java, line(s) 509 com/aisle/app/presentation/features/newOnboarding/ui/NewPhotoFragment.java, line(s) 286,438 com/aisle/app/presentation/features/onBoarding/ui/BasicInfoFragment.java, line(s) 995 com/aisle/app/presentation/features/onBoarding/ui/PhotoFragment.java, line(s) 255 com/aisle/app/presentation/features/profile/ui/ViewProfileFragment.java, line(s) 375,1989,2263,2634 com/aisle/app/presentation/features/profileState/ImageInappropriateFragment.java, line(s) 1278 com/aisle/app/presentation/features/settings/preference/ui/PreferencesFragment.java, line(s) 484 com/aisle/app/presentation/features/settings/safety_tips/ui/SafetyTipsFragment.java, line(s) 561 com/aisle/app/presentation/features/settings/your_likes/ui/YourLikesFragment.java, line(s) 534 com/aisle/app/presentation/features/splashScreen/ui/SplashActivity.java, line(s) 326,332,345,380,1078 com/aisle/app/presentation/features/subscriptions/ui/NewPaymentFragment.java, line(s) 2484,3073,3117 com/aisle/app/presentation/features/subscriptions/ui/PhonePeFragment.java, line(s) 665 com/appsflyer/internal/AFa1aSDK.java, line(s) 69 com/appsflyer/internal/AFb1vSDK.java, line(s) 2217,2224,144,336,483,924,1376,1989,2214,2269,2273,2319 com/appsflyer/internal/AFc1uSDK.java, line(s) 36 com/appsflyer/internal/AFc1vSDK.java, line(s) 70,78 com/appsflyer/internal/AFf1cSDK.java, line(s) 83,92,134 com/appsflyer/internal/AFf1dSDK.java, line(s) 100 com/appsflyer/internal/AFf1hSDK.java, line(s) 168 com/appsflyer/internal/AFf1tSDK.java, line(s) 76,82,143,148 com/appsflyer/internal/AFg1hSDK.java, line(s) 51,97,66,55,61,59 com/appsflyer/internal/AFg1jSDK.java, line(s) 843,894 com/appsflyer/internal/AFg1nSDK.java, line(s) 48 com/appsflyer/share/CrossPromotionHelper.java, line(s) 28 com/appsflyer/share/LinkGenerator.java, line(s) 78,218 com/cashfree/pg/core/hidden/nfc/NfcCardReader.java, line(s) 35,52 com/cashfree/pg/core/hidden/nfc/parser/EmvParser.java, line(s) 209 com/cashfree/pg/core/hidden/nfc/utils/EnumUtils.java, line(s) 18 com/fenchtose/nocropper/c.java, line(s) 207,231,271,275,320,327,349,356,552,666,687,724,746,765,784,811,816,335,364,417,421,422,428,429,430,434,440,476,484,490,491,562,568,578,579,580,581,586,590,597,601,660,794 com/yalantis/ucrop/UCropActivity.java, line(s) 559 com/yalantis/ucrop/task/BitmapCropTask.java, line(s) 156,122 com/yalantis/ucrop/task/BitmapLoadTask.java, line(s) 59,113,119,126,158,161 com/yalantis/ucrop/util/BitmapLoadUtils.java, line(s) 55,103,121 com/yalantis/ucrop/util/EglUtils.java, line(s) 75 com/yalantis/ucrop/util/FileUtils.java, line(s) 85 com/yalantis/ucrop/util/ImageHeaderParser.java, line(s) 128,178,188,200,212,217,230,235,242,255,261,268,284,300,304,309,318,321,326,339,350,353,363,177,187,199,211,216,229,234,283,299,303,308,317,320,325 com/yalantis/ucrop/view/TransformImageView.java, line(s) 128,183,213,230 d8/p.java, line(s) 74,75,76 e0/c.java, line(s) 105,126,120 e2/AbstractC1628a.java, line(s) 71 e2/AbstractC2619a.java, line(s) 70 g3/G.java, line(s) 1279 h1/l.java, line(s) 71,104 i1/g.java, line(s) 89,95,101,107,121 i2/InterfaceC1781h.java, line(s) 74,60,64 i2/InterfaceC2969h.java, line(s) 74,60,64 i3/r.java, line(s) 143,864,1089,1142,1178 i8/C0851b.java, line(s) 28,38,15 i8/C2998b.java, line(s) 31,41,18 j0/d.java, line(s) 65 k2/C1841a.java, line(s) 88 k2/C3078a.java, line(s) 88 l3/b.java, line(s) 590,610 l8/a.java, line(s) 242 m2/AbstractC1953a.java, line(s) 31 m2/AbstractC3273a.java, line(s) 31 m5/l.java, line(s) 138,148,156,241,290,301,322,344 n/d.java, line(s) 153 n5/e.java, line(s) 49 n5/f.java, line(s) 142,167 n8/C0975f.java, line(s) 27,34,37,46,84 n8/C3389f.java, line(s) 30,37,40,49,87 n8/n.java, line(s) 103 o/MenuItemC1977c.java, line(s) 265 o/MenuItemC3397c.java, line(s) 265 o9/c.java, line(s) 27,31,35,39 q5/b.java, line(s) 100,111,124,136 r5/a.java, line(s) 37,52,105,109,112,222 s5/b.java, line(s) 169 s5/l.java, line(s) 124,135,140 s5/o.java, line(s) 108,133,138 t6/a.java, line(s) 41,46,50,33,61,70,75,79,83 u7/a.java, line(s) 40,50,67,76,86 u7/b.java, line(s) 61,72 u7/c.java, line(s) 97 v2/C0800j.java, line(s) 722 v2/C0824v0.java, line(s) 1493 v2/C1170j.java, line(s) 724 v2/C1194v0.java, line(s) 1496 v4/C2189l.java, line(s) 262,282,311,338,362,542,545,547,701,368,370,507,510,573,366,621,224,245,296,329,434,465,625,634 v4/C3855l.java, line(s) 272,293,322,349,374,554,557,559,608,707,712,936,380,382,519,522,600,654,726,746,808,378,856,234,255,307,340,446,477,860,869 v4/b.java, line(s) 19 v4/q0.java, line(s) 170,181,199,229,285,354,378,410,451,456,509,514,578,693 v4/u0.java, line(s) 44,64,67,72,76,88 x5/a.java, line(s) 89 x6/a.java, line(s) 55,66 x9/C4030a.java, line(s) 58 x9/a.java, line(s) 56 x9/e.java, line(s) 40,56 z5/A.java, line(s) 37 z5/m.java, line(s) 169 z5/t.java, line(s) 44 z5/z.java, line(s) 365,372
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: I5/v.java, line(s) 24,24 y5/b.java, line(s) 84,84
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://aisle-network.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: K7/w.java, line(s) 24 T8/AbstractC1086i.java, line(s) 294,294,295 T8/AbstractC3682i.java, line(s) 296,296,297 b5/c.java, line(s) 27,11,15,15,15,15,15,15 v4/z0.java, line(s) 142,142,142,185,185,185,142,185
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: S2/i.java, line(s) 234,234 com/cashfree/pg/network/o.java, line(s) 25,24,22,22
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/652927018963/namespaces/firebase:fetch?key=AIzaSyADQzw0vh7dmkmxnG8v0Y2A_GnmdS88Eu4 ) 已禁用。响应内容如下所示: 响应码是 403
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (firebase-settings.crashlytics.com) 通信。
{'ip': '180.163.150.34', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
综合安全基线评分总结
Aisle v12.32
Android APK
50
综合安全评分
中风险