应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Studio Go v5.35.0.277
50
安全评分
安全基线评分
50/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
0
高危
6
中危
2
信息
0
安全
隐私风险评估
2
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
0
中危安全漏洞
6
安全提示信息
2
已通过安全项
0
重点安全关注
0
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/microsoft/appcenter/AppCenter.java, line(s) 42,50 com/microsoft/appcenter/Constants.java, line(s) 8 com/microsoft/appcenter/channel/DefaultChannel.java, line(s) 458 com/microsoft/appcenter/crashes/utils/ErrorLogHelper.java, line(s) 39,51 com/microsoft/appcenter/http/DefaultHttpClient.java, line(s) 16,18 com/microsoft/appcenter/ingestion/OneCollectorIngestion.java, line(s) 26,28,33 com/microsoft/appcenter/ingestion/models/WrapperSdk.java, line(s) 9 com/microsoft/appcenter/ingestion/models/one/CommonSchemaLog.java, line(s) 15 com/microsoft/appcenter/persistence/DatabasePersistence.java, line(s) 40 com/microsoft/appcenter/utils/context/SessionContext.java, line(s) 14 com/microsoft/appcenter/utils/storage/DatabaseManager.java, line(s) 18
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/microsoft/appcenter/persistence/DatabasePersistence.java, line(s) 6,7,8,72,77,78,79 com/microsoft/appcenter/utils/storage/DatabaseManager.java, line(s) 7,8,9,10,42
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/microsoft/appcenter/http/HttpClientRetryer.java, line(s) 9
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/microsoft/appcenter/AbstractAppCenterService.java, line(s) 112,200,141,159,215 com/microsoft/appcenter/AppCenter.java, line(s) 488,578,211,216,234,304,309,314,329,337,431,502,512,524,558,567,644,264,268,281,289,387,472,475,592,607,610,627,708,720,724,733,182,253,341,633,364,393,519,554 com/microsoft/appcenter/Constants.java, line(s) 30 com/microsoft/appcenter/Flags.java, line(s) 23 com/microsoft/appcenter/ServiceInstrumentationUtils.java, line(s) 27 com/microsoft/appcenter/UncaughtExceptionHandler.java, line(s) 34,40,43 com/microsoft/appcenter/analytics/Analytics.java, line(s) 237,251,408,417,232,245,393,435,445,508,512,401,402,440,442,448,449,450 com/microsoft/appcenter/analytics/AnalyticsTransmissionTarget.java, line(s) 52,56,60,63,171 com/microsoft/appcenter/analytics/AuthenticationProvider.java, line(s) 53,66,70,72,74 com/microsoft/appcenter/analytics/EventProperties.java, line(s) 45,78,92,84 com/microsoft/appcenter/analytics/channel/AnalyticsValidator.java, line(s) 50,56,74,78,80,83,87,109,114,118,128,131 com/microsoft/appcenter/analytics/channel/SessionTracker.java, line(s) 71,80,91,96,99,109,62,68,78 com/microsoft/appcenter/analytics/ingestion/models/EventLog.java, line(s) 63,63 com/microsoft/appcenter/analytics/ingestion/models/json/EventLogFactory.java, line(s) 29 com/microsoft/appcenter/channel/DefaultChannel.java, line(s) 119,136,154,157,175,180,226,297,302,305,314,446,450,458,462,466,478,509,514,257,383,406,427,469,410 com/microsoft/appcenter/channel/OneCollectorChannelListener.java, line(s) 85,80 com/microsoft/appcenter/crashes/Crashes.java, line(s) 287,307,451,474,481,491,534,545,549,562,579,583,587,590,658,702,705,737,739,765,477,483,528,554,666,668,682,685,757,293,665,420,421,422,423,499,500,501,502,505,507,509,510,518,519,663,664,187,289,339,345,469,673 com/microsoft/appcenter/crashes/WrapperSdkExceptionManager.java, line(s) 33,37,44,50,59,102 com/microsoft/appcenter/crashes/ingestion/models/AbstractErrorLog.java, line(s) 174,174,178,178,182,182,154,154 com/microsoft/appcenter/crashes/ingestion/models/ErrorAttachmentLog.java, line(s) 139,130,130,138,138,126,126,82,83,84 com/microsoft/appcenter/crashes/ingestion/models/HandledErrorLog.java, line(s) 75,77,70,70 com/microsoft/appcenter/crashes/ingestion/models/ManagedErrorLog.java, line(s) 71,71 com/microsoft/appcenter/crashes/utils/ErrorLogHelper.java, line(s) 277,79,168,234,246,261,305,317,73,74,75,77,81,86,91,93,94,95,96,97,98,107,227,368,395,432,436,438,441,445 com/microsoft/appcenter/http/AbstractAppCallTemplate.java, line(s) 14,20 com/microsoft/appcenter/http/DefaultHttpClient.java, line(s) 82 com/microsoft/appcenter/http/DefaultHttpClientCallTask.java, line(s) 132,161,164 com/microsoft/appcenter/http/HttpClientNetworkStateHandler.java, line(s) 31,53 com/microsoft/appcenter/http/HttpClientRetryer.java, line(s) 62 com/microsoft/appcenter/ingestion/OneCollectorIngestion.java, line(s) 71,112,122 com/microsoft/appcenter/ingestion/models/AbstractLog.java, line(s) 150,150,158,158,146,146 com/microsoft/appcenter/ingestion/models/StartServiceLog.java, line(s) 62,64 com/microsoft/appcenter/ingestion/models/one/CommonSchemaDataUtils.java, line(s) 48,63,69,77,82 com/microsoft/appcenter/ingestion/models/one/CommonSchemaLog.java, line(s) 176,178,171,171,163,163,159,159,147,147 com/microsoft/appcenter/persistence/DatabasePersistence.java, line(s) 112,140,149,158,160,168,199,200,205,214,223,257,308,341,345,346,353,363,426,248,280,291,298,322,453,167,397,338,399,428,431 com/microsoft/appcenter/utils/AppCenterLog.java, line(s) 53,64,119,130,75,86,31,42,97,108 com/microsoft/appcenter/utils/AsyncTaskUtils.java, line(s) 15 com/microsoft/appcenter/utils/DeviceInfoHelper.java, line(s) 123,26,53,69,120 com/microsoft/appcenter/utils/IdHelper.java, line(s) 11 com/microsoft/appcenter/utils/NetworkStateHelper.java, line(s) 89,96,104,65 com/microsoft/appcenter/utils/context/SessionContext.java, line(s) 35,31 com/microsoft/appcenter/utils/context/UserIdContext.java, line(s) 44,51,55,66 com/microsoft/appcenter/utils/crypto/CryptoUtils.java, line(s) 155,158,190,194,197,202,215,225 com/microsoft/appcenter/utils/storage/DatabaseManager.java, line(s) 124,96,107,127,140,149,158,166,213,223,232,190,217,220,188,192 com/microsoft/appcenter/utils/storage/FileManager.java, line(s) 56,72 mono/MonoPackageManager_Resources.java, line(s) 4 mono/android/incrementaldeployment/IncrementalClassLoader.java, line(s) 44,45
安全提示信息 此应用程序使用SQL Cipher,确保密钥没有硬编码在代码中
此应用程序使用SQL Cipher,确保密钥没有硬编码在代码中 Files: com/microsoft/appcenter/utils/storage/DatabaseManager.java, line(s) 186,194
综合安全基线评分总结
Studio Go v5.35.0.277
Android APK
50
综合安全评分
中风险