应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
MedEd v5.3.6
51
安全评分
安全基线评分
51/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
2
高危
28
中危
2
信息
2
安全
隐私风险评估
4
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
2
中危安全漏洞
28
安全提示信息
2
已通过安全项
2
重点安全关注
0
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/freshchat/consumer/sdk/activity/ArticleDetailActivity.java, line(s) 358,15 com/freshchat/consumer/sdk/activity/BotFaqDetailsActivity.java, line(s) 118,12 com/freshchat/consumer/sdk/activity/FAQDetailsActivity.java, line(s) 136,11 com/penpencil/physicswallah/feature/batch/presentation/fragment/NeetPgDescriptionFragment.java, line(s) 360,12 com/penpencil/player/webYoutube/VideoEnabledWebView.java, line(s) 111,14 in/juspay/hypersdk/core/DynamicUI.java, line(s) 140,321,8 in/juspay/hypersdk/safe/JuspayWebView.java, line(s) 52,9,10
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: in/juspay/hypersdk/core/AndroidInterface.java, line(s) 604 in/juspay/hypersdk/data/KeyValueStore.java, line(s) 13
中危安全漏洞 Activity (com.penpencil.physicswallah.feature.revenue.presentation.activity.MyPurchaseWebViewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.penpencil.physicswallah.feature.auth.presentation.activity.NeetPGAuthActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.penpencil.physicswallah.feature.deeplink.ui.DeepLinkActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.penpencil.physicswallah.broadcast.SmsBroadcastReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.phone.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.exoplayer2.scheduler.PlatformScheduler$PlatformSchedulerService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.exoplayer2.scheduler.PlatformScheduler$PlatformSchedulerService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.penpencil.k8_timeless.ui.K8MainActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.penpencil.k8_timeless.ui.meded.MededVitalsActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.onboarding.activities.NeetPGOnboarding) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (in.juspay.hypersdk.core.CustomtabResult) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.moengage.sdk.debugger.MoEDebuggerActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (androidx.compose.ui.tooling.PreviewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: coil/memory/MemoryCache.java, line(s) 75 com/freshchat/consumer/sdk/beans/fragment/TemplateFragment.java, line(s) 41 com/gyanguru/ui/feedback/StatusRating.java, line(s) 70 com/onboarding/data/remote/dto/BannerCohortDto.java, line(s) 108 com/onboarding/data/remote/dto/FilterDto.java, line(s) 123 com/onboarding/data/remote/dto/OnboardingQuestionDto.java, line(s) 163 com/onboarding/data/remote/dto/OptionsDto.java, line(s) 146 com/onboarding/data/remote/dto/PossibleValueDto.java, line(s) 78 com/onboarding/domain/model/OnboardingQuestion.java, line(s) 118 com/onboarding/domain/model/Options.java, line(s) 114 com/penpencil/core/data/dto/SignedURLResponse.java, line(s) 69 com/penpencil/k8_timeless/domain/model/StatusRating.java, line(s) 70 com/penpencil/network/models/ChangePasswordPayload.java, line(s) 71 com/penpencil/network/models/CreatePasswordPayload.java, line(s) 72 com/penpencil/network/models/FilterData.java, line(s) 114 com/penpencil/network/models/OtpPayload.java, line(s) 93 com/penpencil/network/models/PossibleValueData.java, line(s) 74 com/penpencil/network/models/PreviewVideoId.java, line(s) 146 com/penpencil/network/response/AttachmentIds.java, line(s) 127 com/penpencil/network/response/BannerCohortDto.java, line(s) 102 com/penpencil/network/response/BatchTopicContentData.java, line(s) 683 com/penpencil/network/response/FileId.java, line(s) 239 com/penpencil/network/response/FilterDto.java, line(s) 122 com/penpencil/network/response/Image.java, line(s) 136 com/penpencil/network/response/ImageLanguageDto.java, line(s) 103 com/penpencil/network/response/ImageUploadData.java, line(s) 147 com/penpencil/network/response/LoginBody.java, line(s) 138,40 com/penpencil/network/response/PossibleValueDto.java, line(s) 77 com/penpencil/network/response/PreviewVideoId.java, line(s) 181 com/penpencil/network/response/QuestionFile.java, line(s) 144 com/penpencil/network/response/SolutionVideoId.java, line(s) 129 com/penpencil/network/response/teachers/TeachersDoubtDTO.java, line(s) 210 com/penpencil/network/utils/SecureVideoFetchTokenResult.java, line(s) 161 com/penpencil/physicswallah/feature/auth/domain/mapper/data/model/ImageId.java, line(s) 163 com/penpencil/physicswallah/feature/auth/presentation/args/ForgotPasswordArgs.java, line(s) 49 com/penpencil/physicswallah/feature/auth/presentation/viewmodel/AuthContracts$Event$LoginSuccessMoEngage.java, line(s) 86 com/penpencil/physicswallah/feature/auth/presentation/viewmodel/AuthContracts$Event$SignUpSuccessMoEngage.java, line(s) 69 com/penpencil/physicswallah/feature/auth/presentation/viewmodel/AuthContracts$Event.java, line(s) 179,226,358,128 com/penpencil/physicswallah/feature/auth/presentation/viewmodel/AuthContracts$State.java, line(s) 398,399 com/penpencil/physicswallah/feature/batch/data/model/FilterDto.java, line(s) 101 com/penpencil/physicswallah/feature/batch/data/model/MetaBatchesData.java, line(s) 112 com/penpencil/physicswallah/feature/batch/data/model/PossibleValueDto.java, line(s) 78 com/penpencil/physicswallah/feature/batch/data/model/PreviewImageData.java, line(s) 112 com/penpencil/physicswallah/feature/batch/data/model/PreviewImageDto.java, line(s) 120 com/penpencil/physicswallah/feature/home/data/model/Banner.java, line(s) 89 com/penpencil/physicswallah/feature/home/data/model/ImageId.java, line(s) 163 com/penpencil/physicswallah/feature/home/domain/model/Banner.java, line(s) 81 com/penpencil/physicswallah/feature/library/data/model/FileIdDto.java, line(s) 163 com/penpencil/physicswallah/feature/library/data/model/ImageId.java, line(s) 168 com/penpencil/physicswallah/feature/mededWidget/commons/model/FileId.java, line(s) 145 com/penpencil/physicswallah/feature/mededWidget/commons/model/Image.java, line(s) 163 com/penpencil/physicswallah/feature/quiz/domain/model/StatusRating.java, line(s) 70 com/penpencil/physicswallah/feature/revenue/data/model/ImageId.java, line(s) 82 com/penpencil/physicswallah/feature/revenue/data/model/Invoice.java, line(s) 95 com/penpencil/physicswallah/feature/revenue/data/model/PlanTagConfig.java, line(s) 144 com/penpencil/physicswallah/feature/search/data/model/FileId.java, line(s) 212 com/penpencil/physicswallah/feature/search/data/model/ImageId.java, line(s) 141 com/penpencil/player_engagement/live_chat/feature/mqtt/MqttConfigData.java, line(s) 107 com/penpencil/player_engagement/live_chat/network/response/SenderName.java, line(s) 91 com/penpencil/three_d_models/data/dto/ImageId.java, line(s) 145 com/penpencil/ts/data/local/entity/Image.java, line(s) 98 com/penpencil/ts/data/remote/dto/AttachmentId.java, line(s) 145 com/penpencil/ts/data/remote/dto/En.java, line(s) 104 com/penpencil/ts/data/remote/dto/FileId.java, line(s) 104 com/penpencil/ts/data/remote/dto/FileIdDto.java, line(s) 120 com/penpencil/ts/data/remote/dto/Hi.java, line(s) 104 com/penpencil/ts/data/remote/dto/HiEn.java, line(s) 104 com/penpencil/ts/data/remote/dto/Icon.java, line(s) 104 com/penpencil/ts/data/remote/dto/IconData.java, line(s) 89 com/penpencil/ts/data/remote/dto/Image.java, line(s) 104 com/penpencil/ts/data/remote/dto/ImageId.java, line(s) 104 com/penpencil/ts/data/remote/dto/ImageIdDto.java, line(s) 120 com/penpencil/ts/data/remote/dto/ImageIdItemDto.java, line(s) 104 com/penpencil/ts/data/remote/dto/QuestionFileIdDto.java, line(s) 104 com/penpencil/ts/data/remote/dto/ScheduleFileIdDto.java, line(s) 120 com/penpencil/ts/data/remote/dto/TestPassFilterDto.java, line(s) 108 com/penpencil/ts/data/remote/dto/TestPassSubFilters.java, line(s) 89 com/penpencil/ts/domain/model/En.java, line(s) 93 com/penpencil/ts/domain/model/FileId.java, line(s) 119 com/penpencil/ts/domain/model/Hi.java, line(s) 93 com/penpencil/ts/domain/model/HiEn.java, line(s) 93 com/penpencil/ts/domain/model/QuestionFileId.java, line(s) 93 com/penpencil/ts/domain/model/StatusRating.java, line(s) 70 com/penpencil/ts/domain/model/TestFilter.java, line(s) 126 com/penpencil/ts/domain/model/TestPassSubFilters.java, line(s) 105 com/truecaller/android/sdk/common/TrueException.java, line(s) 16
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/appsflyer/internal/AFb1gSDK.java, line(s) 14 com/freshchat/consumer/sdk/service/c/aa.java, line(s) 8 com/freshchat/consumer/sdk/util/cc.java, line(s) 36 com/penpencil/player_engagement/live_chat/ui/fragment/LiveChatFragment.java, line(s) 117
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/penpencil/physicswallah/feature/player/ui/activity/a.java, line(s) 174,177,168 com/penpencil/physicswallah/feature/revenue/presentation/activity/MyPurchaseWebViewActivity.java, line(s) 296,285 com/penpencil/physicswallah/feature/revenue/presentation/activity/WebViewActivity.java, line(s) 106,101 com/penpencil/player/webYoutube/VideoEnabledWebView.java, line(s) 98,87,146 in/juspay/hypersdk/core/DynamicUI.java, line(s) 78,101,164,76 in/juspay/hypersdk/safe/Godel.java, line(s) 331,570,564
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/freshchat/consumer/sdk/c/b.java, line(s) 6,7,8,35,67,76 com/freshchat/consumer/sdk/c/e.java, line(s) 6,321 com/freshchat/consumer/sdk/c/k.java, line(s) 6,173 com/freshchat/consumer/sdk/c/l.java, line(s) 6,129,176 com/freshchat/consumer/sdk/c/n.java, line(s) 6,102,278,431 com/freshchat/consumer/sdk/c/w.java, line(s) 5,6,126,133,297,384
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/freshchat/consumer/sdk/util/as.java, line(s) 214 com/freshchat/consumer/sdk/util/co.java, line(s) 21
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/freshchat/consumer/sdk/util/cc.java, line(s) 203 in/juspay/hypersdk/security/EncryptionHelper.java, line(s) 146,224
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/freshchat/consumer/sdk/util/as.java, line(s) 17 com/freshchat/consumer/sdk/util/cc.java, line(s) 151
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/penpencil/physicswallah/feature/player/ui/activity/a.java, line(s) 169,168 com/penpencil/physicswallah/feature/revenue/presentation/activity/MyPurchaseWebViewActivity.java, line(s) 291,285 in/juspay/hypersdk/safe/Godel.java, line(s) 577,564
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/964603495685/namespaces/firebase:fetch?key=AIzaSyD4zHEh5cAoT526uauwPVvvkNtgBHUlTyU ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"account_deletion_config": "{\"is_enabled\":true, \"reasons\":[\"I am not using this account anymore\",\"Account Security Concerns\",\"Privacy Concerns\",\"I have open issues with MedEd\",\"Others\"]}",
"account_deletion_otp_timer_duration": "45000",
"ai_guru_cohort_config": "[{\"courseYear\":\"1\",\"courseExam\":\"FMGE\"},{\"courseYear\":\"1\",\"courseExam\":\"NEET_PG\"},{\"courseYear\":\"2\",\"courseExam\":\"FMGE\"},{\"courseYear\":\"2\",\"courseExam\":\"NEET_PG\"},{\"courseYear\":\"3\",\"courseExam\":\"FMGE\"},{\"courseYear\":\"3\",\"courseExam\":\"NEET_PG\"},{\"courseYear\":\"4\",\"courseExam\":\"FMGE\"},{\"courseYear\":\"4\",\"courseExam\":\"NEET_PG\"},{\"courseYear\":\"internMode\",\"courseExam\":\"FMGE\"},{\"courseYear\":\"internMode\",\"courseExam\":\"NEET_PG\"},{\"courseYear\":\"postIntern\",\"courseExam\":\"FMGE\"},{\"courseYear\":\"postIntern\",\"courseExam\":\"NEET_PG\"}]",
"ai_guru_onboarding_config": "{\"is_enabled\":true,\"data\":{\"mode\":\"GENERAL\",\"title\":\"Meet MedEd AI Guru!\",\"sub_title\":\"I'm here to guide you through your learning journey, 24/7 📚✨\",\"features\":[{\"type\":\"Instant help, no waiting!\",\"description\":\"Get assistance without delays\",\"icon\":\"https://static.pw.live/5eb393ee95fab7468a79d189/23ac018c-62c2-4da8-a284-066621018d40.png\"},{\"type\":\"Stuck on a problem?\",\"description\":\"Ask anything, from puzzles to mysteries.\",\"icon\":\"https://static.pw.live/5eb393ee95fab7468a79d189/7d66e6a5-fa25-45f4-b0e6-d8483f20094f.png\"},{\"type\":\"Boost your understanding!\",\"description\":\"Dive deep into concepts with personalised explanations and examples.\",\"icon\":\"https://static.pw.live/5eb393ee95fab7468a79d189/0d3d17bc-992c-4beb-8818-506ca892a282.png\"},{\"type\":\"I'm still learning!\",\"description\":\"As of now, I can assist you with academic queries related to Anatomy, Biochemistry & Physiology. I am actively training on other subjects.\",\"icon\":\"https://static.pw.live/5eb393ee95fab7468a79d189/a9a32f35-96f4-478e-bf62-17938289db39.png\"}]}}",
"android_app_cache_enabled": "true",
"android_app_cache_max_age": "3600",
"android_is_meded_store_enabled": "true",
"auth_V3": "true",
"auth_cookies_config": "{\"enabled\":true, \"cookie_expiry_time_hr\": 4, \"device_detail_expiry_time_hr\": 168}",
"basic_calculator_web_url": "https://widgets.pw.live/calculator/basic",
"bottom_nav_tabs": "Home,Videos,QBank,Test,Batches:Home",
"bypass_plans": "{\"batchIds\":[\"64f86b942baa8f00185acef5\",\"67e3d9cf4dacd2cde4761048\",\"67e50fcbac833aeaff01f69d\"]}",
"comment_char_limit": "300",
"concurrent_download_limit": "3",
"disable_bookmark_feature": "false",
"enable_meded_store_web": "true",
"enable_web_batch_videos": "false",
"free_trial_config": "{ \"isEnabled\":true , \"countDownTime\":8, \"maxSessions\":3 }",
"free_trial_expiry_config": "{\"isEnabled\": true, \"maxFrequencyPerDay\": 3, \"maxDaysAfterExpiry\": 5 }",
"gyan_guru_feedback_tags": "{\"feedbackEnable\":true,\"tags\":[{\"rating\":1,\"question\":\"What went wrong?\",\"tags\":[\"Poor Explanations\",\"Incorrect Answers\",\"Wrong Information\",\"Slow Response\",\"Others\"]},{\"rating\":2,\"question\":\"What went wrong?\",\"tags\":[\"Poor Explanations\",\"Incorrect Answers\",\"Wrong Information\",\"Slow Response\",\"Others\"]},{\"rating\":3,\"question\":\"What went wrong?\",\"tags\":[\"Poor Explanations\",\"Incorrect Answers\",\"Wrong Information\",\"Slow Response\",\"Others\"]},{\"rating\":4,\"question\":\"What went well?\",\"tags\":[\"Clear Explanations\",\"Helpful Answers\",\"Easy to use\",\"Quick help\",\"Others\"]},{\"rating\":5,\"question\":\"What went well?\",\"tags\":[\"Clear Explanations\",\"Helpful Answers\",\"Easy to use\",\"Quick help\",\"Others\"]}]}",
"iOSChatSocketActive": "false",
"iOSChatWebSocketActive": "false",
"iOSEmojiMqttActive": "true",
"iOSPollMqttActive": "true",
"iOSPollSocketActive": "false",
"iOSPollWebSocketActive": "false",
"iOS_enable_new_video_settings": "false",
"iOS_mqtt_poll_isActive": "true",
"ios_aiGuru_prod_url": "https://ai-guru-mf.pw.live/ai-guru",
"ios_buynow_alert": "true",
"ios_buynow_alert_text": "Thanks for choosing us. Keep up your learning.",
"ios_enableIAP": "true",
"ios_free_trial_enable": "true",
"ios_hlsDownloadActive": "true",
"ios_hlsDownloadActiveBatches": "",
"ios_ignore_Resolutions": "\"90\"",
"ios_in_app_rating_enable": "true",
"ios_isMyPurchaseEnable": "true",
"ios_isStoreEnable": "true",
"ios_is_clinical_corner_enabled": "true",
"ios_is_medverse_3d_enabled": "true",
"ios_is_sentry_enabled": "true",
"ios_meded_store_url": "https://meded.pw.live/store",
"ios_mqtt_chat_isActive": "true",
"ios_myPurchase_url": "https://help-centre.pw.live/mypurchase",
"ios_pip_enable": "true",
"is_clinical_corner_enabled": "true",
"is_custom_module_enabled": "true",
"is_custom_module_enabled_web": "true",
"is_farre_enabled": "true",
"is_medverse_3d_enabled": "true",
"is_thankyou_page_enabled": "false",
"is_vitals_enabled": "true",
"ivr_number": "07948223345",
"mqtt_configs_v4": "{\"baseurl\":\"wss://emqx.penpencil.net/mqtt\",\"password\":\"gTK8Ei+3Yh$5Soq\",\"client-id\":\"mqtt-android-\",\"isEnabled\":true}",
"my_purchase_enabled_android": "true",
"my_purchase_enabled_web": "true",
"neetpg_enable_fresh_chat": "true",
"non_zip_enabled_batches_v2": "ALL,65c4be5eb334880018f90295,67b9ecfa99c67fe800210194,63ef71dfd978e80018dfc3f1,651be6f902b75d0018b529ee,668e722bbce8d90018bde1d4,6673f8c44f7e3b0018fae9a2,66ed2c0f382e7d7510a0bb85,63ef727c750a800018174266,64f86b942baa8f00185acef5,67a5eca75ba4b832d63c9144,63ef4dc205b9f000182a3995,68701d74307b4f8401c7dbc6,6744324cab8b661ebf7b0ca1,686529001dc437d30762eae5,6400b23afbefd2001899b23f,63f38ccea642a30018a857a2,640078a1c05d840018e2cb29,66d082e91b4ff300184c5646,65dd924e5e49ce0018c554ce,63f61e4a9ac9e40018d0d864,64007aa1df120a0018c3c59a,63ee149f79755a0019dadd01,64008d77df120a0018c4194e,6400780bdf120a0018c3c34c,66d191b141729f001840e19a,645ce94064c79200183cc72d,6729ce9fe83896a9510990be,63f61ca69ac9e40018d0d7c9,6411992a1d2dfc0018ae0eea,678b54000f5475aadaad34e4,6597dc87ef63c400189a85b6,67bdad95dd4e878716e018cf,6541e595aa31d00018418679,67ac58a96126f986eb401db4,676a7b5081691200bf273bca,6516684188c6bc0019523861,67b9ecfa99c67fe800210194",
"offline_video_download_cap": "20",
"player_config": "{\"enable_uwebsocket\":false}",
"player_live_chat_config_data": "{\"min_refresh_send_emoji_in_seconds\":3,\"max_refresh_send_emoji_in_seconds\":10,\"receive_emoji_time_interval_in_seconds\":5,\"enable_emoji\":false,\"enable_image_attach\":false,\"attach_image_max_size\":5,\"is_uwebsocket_enabled_for_emoji\":false,\"is_uwebsocket_enabled_for_chat_meta\":false,\"is_uwebsocket_enabled_for_chat_message\":false}",
"player_transition_config": "{\"enableExcludeChildrenConfig\":true,\"enableExcludeTargetConfig\":false,\"enableTransition\":false}",
"quiz_max_attempt_time_ms": "45000",
"scientific_calculator_web_url": "https://calculator-dev.penpencil.co/",
"server_down_info": "{ \"message\":\"Server is Under Maintenance\", \"timeInMin\":30 }",
"show_in_app_rating_popup": "true",
"slide_image_base_url": "https://slide-image.pw.live",
"suggested_videos_date_enabled": "false",
"suggested_videos_duration_enabled": "false",
"teacher_transition_bottom_sheet_enable": "true",
"telegram_link": "https://t.me/pwmeded ",
"test_proctoring_count": "5",
"three_d_web_url": "https://meded.pw.live/3d-model",
"video_cookies_enabled": "true",
"video_secure_cdn_config": "{\"enable\": false, \"cdn_to_replace\": \"d1d34p8vz63oiq.cloudfront.net\", \"secure_cdn\": \"d213rja32k2s4u.cloudfront.net\"}",
"web_is_clinical_corner_enabled": "true",
"web_is_medverse_3d_enabled": "true",
"whatsapp_disabled_country_group": "[\"CN\",\"KP\",\"SY\",\"QA\",\"IN\"]"
},
"state": "UPDATE",
"templateVersion": "323"
}
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个4隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "FRESH_CHAT_APP_KEY" : "@7F1404FB" 凭证信息=> "HANSEL_APP_KEY" : "@7F140623" 凭证信息=> "HANSEL_APP_ID" : "@7F140622" 凭证信息=> "FRESH_CHAT_APP_ID" : "@7F1404FA" "com.google.firebase.crashlytics.mapping_file_id" : "1e9622bafcca413fab8e2ef68d0aac25" "downloading_key" : "Downloading" "firebase_freshchat_api_key" : "AIzaSyD9BBlqgAcGJ-h8X-L3n-BjhVw16jQVQpg" "firebase_freshchat_application_id" : "1:47266157193:android:81de3bdf097b19ff576c58" "firebase_freshchat_gcm_sender_id" : "47266157193" "firebase_freshchat_project_id" : "freshchat-9eb66" "fresh_chat_app_id" : "08540689-360a-450a-a10b-a9c27b687060" "fresh_chat_app_key" : "ca979b77-265b-4343-97b9-956be54c3989" "freshchat_file_provider_authority" : "xyz.penpencil.neetPG.provider" "google_api_key" : "AIzaSyD4zHEh5cAoT526uauwPVvvkNtgBHUlTyU" "google_app_id" : "1:964603495685:android:8585f25e0094c239dfe36c" "google_crash_reporting_api_key" : "AIzaSyD4zHEh5cAoT526uauwPVvvkNtgBHUlTyU" "hansel_app_id" : "GOHUQ537FYR2N1DE1ZIEV8XXX" "hansel_app_key" : "EPK75OTH5LSQX4S16PDPW997O5KZLT23AQS0XA8PDVKEDPJ816" "hippo_secret_key" : "a54598d5f5aa6e8f3600857368ddedf7" "password" : "Password" "password_hidden" : "********" "sessions" : "Sessions" "study_mode_key" : "studyMode" "username_bank" : "username@bank" 3bb16eeece5b95295c561794c061bbcd 63b52963e72e8b00186c11f3 460643a974555d792b8f5a6e1a5d323c 73463f9d-70de-41f8-857a-58590bdd5903 KjPXuAVfC5xbmgreETNMaL7z 90bd96d1c0b3dbe341cc5a33f373183a FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 43c3ee578af49f1a2d38f88def6450a4 c343c249646188fd149da2c4172bd512 946eca6b182e63ebe50cf82e483715bf 6582a7c188c4a0f6997557e6 E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 b5ecb7340656dd7652a58e3b1c3092bc FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 3241c65b0c63f983ada8ea79af5be48b 5c0c10dcbcca2ef16b20d4aa0c5d8ac8 63e671793965000019e13c19 5f257dc553ee62ca52a7c24ff2ed2b2c Vn3kj4pUblROi2S+QfRRL9nhsaO2uoHQg6+dpEtxdTE= 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/appsflyer/internal/AFf1cSDK.java, line(s) 138 com/appsflyer/internal/AFf1fSDK.java, line(s) 121 com/appsflyer/internal/AFf1uSDK.java, line(s) 52,57,99,105 com/appsflyer/share/LinkGenerator.java, line(s) 204 com/mocklets/pluto/PlutoLog.java, line(s) 18,25,32,39,46 com/pairip/SignatureCheck.java, line(s) 33 com/pairip/VMRunner.java, line(s) 49,56,91,158,185,190,195 com/pairip/licensecheck/LicenseActivity.java, line(s) 93,71 com/pairip/licensecheck/LicenseClient.java, line(s) 77,90,121,138,168,196,187,112
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/freshchat/consumer/sdk/activity/al.java, line(s) 4,31 com/gyanguru/ui/GyanGuruActivity.java, line(s) 4,633,634 in/juspay/hypersdk/core/JBridge.java, line(s) 7,408
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: in/juspay/hypersdk/security/HyperSSLSocketFactory.java, line(s) 61,60,62,59,59
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: in/juspay/hypersdk/data/SessionInfo.java, line(s) 117,121
综合安全基线评分总结
MedEd v5.3.6
Android APK
51
综合安全评分
中风险