应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
gocrew v27.3
60
安全评分
安全基线评分
60/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用安全状况良好,可正常使用
漏洞与安全项分布
0
高危
11
中危
3
信息
2
安全
隐私风险评估
2
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
0
中危安全漏洞
11
安全提示信息
3
已通过安全项
2
重点安全关注
0
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (com.example.gocrew.supervisor.checkinemployment.EmployeeImage) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.example.gocrew.servicebg.BroadCasting) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.example.gocrew.others.MyFirebaseMessagingService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/example/gocrew/housekeeping/apiDataModel/HkUserDetailResponse.java, line(s) 350 com/example/gocrew/housekeeping/taskHK/responseData/TaskListResponse.java, line(s) 470 com/example/gocrew/housekeeping/taskHK/responseData/taskListnewll.java, line(s) 461 com/example/gocrew/supervisor/dashboard/SupervisorDetailsResponse.java, line(s) 292
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "com.google.firebase.crashlytics.mapping_file_id" : "00000000000000000000000000000000" "firebase_database_url" : "https://porter-system.firebaseio.com" "google_api_key" : "AIzaSyC3Kseo0RHXMbAVxdNE-_lJzWV6sPpe8Dc" "google_app_id" : "1:178279551801:android:85b4faf54e3efb64798ee8" "google_crash_reporting_api_key" : "AIzaSyC3Kseo0RHXMbAVxdNE-_lJzWV6sPpe8Dc" "password" : "Password" afc0d1203d23bb10484b7a42a2ac8bba 933057815691b4991aedf5fe8e36e2a1 57a030dc35ad63452e242e7aeb42859c 71485509f156acc397b4d3b45321b554
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/example/gocrew/complaintSubmission/CreateTask.java, line(s) 184,231 com/example/gocrew/complaintSubmission/DashBordComplaintSubmission.java, line(s) 140 com/example/gocrew/complaintSubmission/SelectedCategeryImages.java, line(s) 131,203 com/example/gocrew/driver/home/DashboardDriver.java, line(s) 182 com/example/gocrew/driver/home/DriverTripAdapter.java, line(s) 222 com/example/gocrew/fieldOfficer/FormTask.java, line(s) 496,671,716,774,847 com/example/gocrew/fieldOfficer/ImageSignatureRemarks.java, line(s) 278,197,199,410,411,445,446,470,530 com/example/gocrew/housekeeping/Adapters/HkAddCheckListAdapter.java, line(s) 176 com/example/gocrew/housekeeping/checkIn/ChekinHKActivity.java, line(s) 456,529,561,578,607,670,703,939,992 com/example/gocrew/housekeeping/checkIn/HKDashboardActivity.java, line(s) 221,223,225,292,465,480,552,565,631,819 com/example/gocrew/housekeeping/checkListHk/HKCheckListImageRemarksActivity.java, line(s) 185,389,390,425,426,450,500,531,590,621,673,704,738,857 com/example/gocrew/housekeeping/checkListHk/SubCheckListActivity.java, line(s) 218,263,289,355,378,409,467,497,521,552 com/example/gocrew/housekeeping/checkListHk/TodayCheckListActivity.java, line(s) 152 com/example/gocrew/housekeeping/taskHK/TaskHKActivity.java, line(s) 171,212,287 com/example/gocrew/housekeeping/taskHK/TaskImgRemarkActivity.java, line(s) 216,225,466,507,535,583,611,670,700,702,745,773 com/example/gocrew/housekeeping/workAreaHk/shift/ShiftActivity.java, line(s) 177,305,374 com/example/gocrew/housekeeping/workAreaHk/shift/ShiftAdapter.java, line(s) 119 com/example/gocrew/inspecations/Adapter/AuditFormListAdapter.java, line(s) 120 com/example/gocrew/inspecations/Adapter/AuditListBasedOnAuditTypeAdapter.java, line(s) 66 com/example/gocrew/inspecations/Adapter/QuestionListAdapter.java, line(s) 157,183 com/example/gocrew/inspecations/Adapter/QuestionOptionAdapter.java, line(s) 148 com/example/gocrew/inspecations/AuditFormBasedOnAuditType.java, line(s) 322,460,502,504,255,323,324,344 com/example/gocrew/inspecations/AuditFormList.java, line(s) 151 com/example/gocrew/inspecations/AuditImageActivity.java, line(s) 204,229 com/example/gocrew/inspecations/CheckImageRequired.java, line(s) 162 com/example/gocrew/labrunner/home/HomeActivity.java, line(s) 272,667,733 com/example/gocrew/login/LoginActivity.java, line(s) 281,300,348,457,458,506 com/example/gocrew/minutesOfMeeting/MinuteMeetingActivity.java, line(s) 300,301,545,700,749 com/example/gocrew/others/AESEncryptionDecryption.java, line(s) 130,131,132 com/example/gocrew/others/Cm.java, line(s) 112,229,239 com/example/gocrew/others/MyFirebaseMessagingService.java, line(s) 62,70,124,152 com/example/gocrew/runner/dashBoard/RunnerAdapter.java, line(s) 127 com/example/gocrew/runner/dashBoard/TripDetailsActivity.java, line(s) 128,130,211,225 com/example/gocrew/runner/pubTypeTrip/AddExpenseActivity.java, line(s) 159,214,236,286 com/example/gocrew/runner/pubTypeTrip/EndPubTripActivity.java, line(s) 54,171 com/example/gocrew/runner/pubTypeTrip/PublicTripActivity.java, line(s) 63,264,322,333,386,408,458 com/example/gocrew/runner/vehicleTypeTrip/EndSelfTripActivity.java, line(s) 65,157,164,211 com/example/gocrew/runner/vehicleTypeTrip/SelfVehicleActivity.java, line(s) 74,190,313,385,395,417,467 com/example/gocrew/servicebg/BackGroundService.java, line(s) 75,80,104,149,163,170,172,176,187,201,208,210,214,226,240,247,249,253 com/example/gocrew/servicebg/CoM.java, line(s) 177 com/example/gocrew/supervisor/TodayCheckList/NewScannerBar.java, line(s) 165 com/example/gocrew/supervisor/TodayCheckList/NewTodayCheckList.java, line(s) 94 com/example/gocrew/supervisor/checkinemployment/AddressSelectAdapter.java, line(s) 86,88 com/example/gocrew/supervisor/checkinemployment/AssignEmpActivity.java, line(s) 183,191,214,256,313,355,413,455,512,574,586,598 com/example/gocrew/supervisor/checkinemployment/CheckInEmployeeAdapter.java, line(s) 113,114 com/example/gocrew/supervisor/checkinemployment/CheckInEmployees.java, line(s) 266,276,285,297,298,367,374,383,397,398,468,488 com/example/gocrew/supervisor/checkinemployment/EmployeeImage.java, line(s) 365,401,420,434,497,521,522 com/example/gocrew/supervisor/checkinemployment/RelieveEmpActivity.java, line(s) 99,144,155 com/example/gocrew/supervisor/dashboard/DashboardActivity.java, line(s) 465,526,634,661,663 com/example/gocrew/supervisor/selectFloor/SelectFloorActivity.java, line(s) 134,162 com/example/gocrew/supervisor/selectbuilding/SelectBuildingActivity.java, line(s) 92 com/example/gocrew/supervisor/selectshift/SelectShift.java, line(s) 105 com/example/gocrew/supervisor/tasksup/TaskListSvAdapter.java, line(s) 133,134,135 com/example/gocrew/supervisor/tasksup/TaskSupVis.java, line(s) 240,259,355,435,463 com/example/gocrew/supervisor/tasksup/VerifyTaskImgRemark.java, line(s) 182,297,346,376,478,518,543,579,604,643,674 com/example/gocrew/supervisor/tickets/AssignTicketActivity.java, line(s) 165,207,269 com/example/gocrew/supervisor/tickets/ResolvedTicketsActivity.java, line(s) 133,185,275,307 com/example/gocrew/supervisor/tickets/TicketActivity.java, line(s) 250,324,397,470,531,561 com/example/gocrew/supervisor/workarea/CheckInActivity.java, line(s) 508,609,647,664,689,758,782,853,947 com/example/gocrew/supervisor/workarea/SelectWorkArea.java, line(s) 114,177,230 com/example/gocrew/supervisor/workarea/UpdateAllotmentActivity.java, line(s) 189,200,207,233 com/example/gocrew/supplyManagement/OrderCompleteActivity.java, line(s) 173,182,186,190,243,291 com/example/gocrew/supplyManagement/ProductSubCategariesActivity.java, line(s) 270,633 com/example/gocrew/supplyManagement/RecieveOrder.java, line(s) 268,302,303,331,363,516 com/example/gocrew/supplyManagement/SupplyDashboardActivity.java, line(s) 107 com/example/gocrew/supplyManagement/SupplyManagmentDashBord.java, line(s) 94,162 com/example/gocrew/supplyManagement/adapter/ProductSubCatAdapter.java, line(s) 95 com/example/gocrew/supplyManagement/adapter/RecieveOrderAdaptervar.java, line(s) 103,104 com/example/gocrew/supplyManagement/productSubCatAdapter/SupplyListBySubCategoryIdAdapter.java, line(s) 142,161 com/example/gocrew/supplyManagement/viewCard/CardViewAdapter.java, line(s) 172 com/example/gocrew/supplyManagement/viewCard/ViewCardActivity.java, line(s) 148,153,167,169 com/example/gocrew/traning/TraningActivtiy.java, line(s) 341,557,732,780,838 com/pairip/licensecheck/LicenseActivity.java, line(s) 93,71 com/pairip/licensecheck/LicenseClient.java, line(s) 78,91,122,139,169,197,188,113
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/example/gocrew/fieldOfficer/ImageSignatureRemarks.java, line(s) 176 com/example/gocrew/others/Cm.java, line(s) 129,141,149,158,168,175,129,141,149,158,168,175
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://porter-system.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/example/gocrew/fieldOfficer/FormTask.java, line(s) 274,280,427,493,644,647,689,692,745,767,833,840,768,841 com/example/gocrew/housekeeping/workAreaHk/shift/ShiftActivity.java, line(s) 167,234,295,364,167,234,295,364 com/example/gocrew/minutesOfMeeting/MinuteMeetingActivity.java, line(s) 206,292,297,418,444,476,542,673,676,730,731,740 com/example/gocrew/others/RetrofitClient.java, line(s) 23,23 com/example/gocrew/siteAssement/SiteAssementActivity.java, line(s) 233,306,308,309,234 com/example/gocrew/supervisor/checkinemployment/AssignEmpActivity.java, line(s) 190,228,327,427,200,299,399,502 com/example/gocrew/supervisor/selectFloor/SelectFloorActivity.java, line(s) 149,158,118 com/example/gocrew/supervisor/selectbuilding/SelectBuildingActivity.java, line(s) 82,82 com/example/gocrew/supervisor/selectshift/SelectShift.java, line(s) 95,95 com/example/gocrew/supervisor/tickets/AssignTicketActivity.java, line(s) 179,151 com/example/gocrew/supervisor/tickets/ResolvedTicketsActivity.java, line(s) 111,245,250,300 com/example/gocrew/supervisor/tickets/TicketActivity.java, line(s) 243,314,390,460,549,243,314,390,460,549 com/example/gocrew/supervisor/workarea/CheckInActivity.java, line(s) 632,645,646,662,663,678,679,841 com/example/gocrew/supervisor/workarea/UpdateAllotmentActivity.java, line(s) 246,216 com/example/gocrew/traning/TraningActivtiy.java, line(s) 235,241,339,456,488,554,705,708,751,756,820,832
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/178279551801/namespaces/firebase:fetch?key=AIzaSyC3Kseo0RHXMbAVxdNE-_lJzWV6sPpe8Dc ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
综合安全基线评分总结
gocrew v27.3
Android APK
60
综合安全评分
低风险