应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Cally v1.2.2
49
安全评分
安全基线评分
49/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
3
高危
17
中危
2
信息
2
安全
隐私风险评估
5
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
3
中危安全漏洞
17
安全提示信息
2
已通过安全项
2
重点安全关注
1
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: d/d/b/b/h/a/ok0.java, line(s) 421,9,10 d/d/b/b/h/a/sk0.java, line(s) 208,743,21,22
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: d/d/b/b/h/a/yf.java, line(s) 30
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个5隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 Activity (com.bin.calllogs.activty.DashBoardActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.bin.calllogs.activty.SubscriptionActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.bin.calllogs.dialer.services.CallService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_INCALL_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.bin.calllogs.dialer.receivers.ActionReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: d/b/a/b/u.java, line(s) 28 d/b/a/b/v.java, line(s) 31 d/b/a/b/w.java, line(s) 31 d/b/a/b/x.java, line(s) 18 d/b/a/f/c/m.java, line(s) 23 d/b/a/g/j.java, line(s) 26 d/d/b/b/a/e0/a/v.java, line(s) 9 d/d/b/b/h/a/l74.java, line(s) 7 d/d/b/b/h/a/le4.java, line(s) 4 d/d/b/b/h/a/pf.java, line(s) 7 d/d/b/b/h/h/x2.java, line(s) 19 d/d/b/b/i/b/la.java, line(s) 32 g/v/a.java, line(s) 3 g/v/b.java, line(s) 4 g/v/d/a.java, line(s) 4
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: c/y/a/l/d.java, line(s) 4,5,6,7,8,91,148 d/d/b/a/j/c0/k/r0.java, line(s) 5,6,148,159,236,275,292,301,358,435 d/d/b/a/j/c0/k/t0.java, line(s) 4,5,121 d/d/b/b/h/a/ew1.java, line(s) 4,5,14,15,26,27 d/d/b/b/h/a/sx1.java, line(s) 6,7,103,108,113 d/d/b/b/h/a/zw1.java, line(s) 5,80,83,87 d/d/b/b/i/b/ca.java, line(s) 7,8,597 d/d/b/b/i/b/n.java, line(s) 6,7,71,84,215,253
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: d/d/e/r/m/b.java, line(s) 48
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: c/j/f/a.java, line(s) 147 com/bin/calllogs/activty/DashBoardActivity.java, line(s) 780,3741 d/b/a/f/d/z.java, line(s) 85 d/d/b/b/h/a/aq.java, line(s) 29 d/d/b/b/h/a/em.java, line(s) 58 d/d/b/b/h/a/zq.java, line(s) 72
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: d/d/b/b/h/a/ek.java, line(s) 19 d/d/b/b/h/a/ge0.java, line(s) 93 d/d/b/b/h/a/ie.java, line(s) 15 d/d/b/b/i/b/la.java, line(s) 140
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: c/t/c.java, line(s) 108 c/w/s0.java, line(s) 116 d/d/e/r/m/c.java, line(s) 51
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: d/d/b/b/h/a/sk0.java, line(s) 158,117
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: d/d/b/b/h/a/x3.java, line(s) 61 d/d/e/l/h/l/d.java, line(s) 75
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-8224195300641531~4995301729" "client_server_key" : "752458926861-ga882k07mquclrfuab6rk2kr14piev27.apps.googleusercontent.com" "com.google.firebase.crashlytics.mapping_file_id" : "5f6a6f7ab5af45abae918c7bdb0b804b" "google_api_key" : "AIzaSyB__8V9Ul-rfZJEqHZuI3J2C3r-EBJOrrM" "google_app_id" : "1:752458926861:android:be061590c3dec1d8c9fe44" "google_crash_reporting_api_key" : "AIzaSyB__8V9Ul-rfZJEqHZuI3J2C3r-EBJOrrM" par+dwhNOqYERCSr3oGtYtDVSGtZjjivKpppvR62Z9a5oLpkQQBW7bLTBnuHswur 4CrOyliF592Vc7D7JV+aPXCWH2JLB6HWAiQnf8iH090= 7UZ/EsEPgF4ZRZ1chhiVPxgR+NfE5rqmZss2fiG1QT0= CJ1WRc1PE+xR6/6qo7i2DCIPFySihC2gOkB+O3ToQfek8u0n5+HTKTUaxwoTaOup tqyxGM79wOlAPNBhvtAr5QJDQ+dGmpZ4a1UkwVDI/lw= nvmQ1oBnYa1ILuQMJvjx1Mgo4XB5M+iT4lATd49U3XYe7vyBu0LOBGvU5w3i5cNm wZRBY7DIvhHC8r92vSELjU6e4pNwFbBY03stSUuM3+c= mNltpdI3VDBY3uA+ghPe9p5qLzSeUQcB+n6ngmGQjAWxdqQOivCHaODCjPIyIowZ qp6rBGTCbwl3Du6FT/SAKGuw1FuFEkW7uLvnpWgAVmj4gvXya3866ptnORhDDu8C BoHpLQ4RSQbqcE+eMuZEof5jiC86JqfpyVXCcg3LjBM= HZVgL6ylhUUkiV7kuTw4wEOapRhn6IpTUlLxZYnAszU= Sax58YmBV76Rsz+gTyIxls7MHtcGZGY5FRuTBSGuOW4= lmWiEsyvybM0j+41L12yTdEmhqJ1mxl8TMt/J058O+jb1bYarXjRgBdNW2ZFy83f wkdkWHeqh0k+zNwmTrd5/YaupE9zOer3F4zT7d5lKl4= pAhkgz3GzpF3+CqXZzwu1qvOvu4xxNqL26Gmlx8dugI= YfHvCp/fIECQ9h2Dc66KvN7YWoaMnV2BSJeyfKAdgmQ= jg02i/nmjOtojnLha7JcDbUziDuBiOjLYE3MteO5yoaAgj1btcenznNGCOsuwWch 41X4XnTjMYwUhejH3ObXd8ksoY4thQ/EIVKHpHML+QDKOhWxgVYOi4zhfQqT5GR2 Uhh1veut9miuxW7XP7M2VcepuNqwMJAE2TJQ6F736qMVhS4VpHkM9ihzOV4bRsyj 9B7JBIdZiMTsL9pGnqEcYgUaYpTzUoAB9RvGyrnjQF7CiisbO4+nhiSdhoC6VSqn saBI+3h2Lt3SmMRiIzkSzE+qZwwlCo+f51BVnuQZD0hVVNns8vrAQWZ7UlWn/0b0 eQRTNlDku3oQgUviNcuPPX0vJqvEjzyxzBtk+QMugeI= B3EEABB8EE11C2BE770B684D95219ECB wmJ4yDzysGY/F4MtACYt1Wuo4utI1izySyPuZQUSJhk= e8c4x8hx2nAUk6VVuY651BKZ4rbinGDtu4h/2o24aJo= dE9eOZLY1eX3llTY4h0xyyrKD5UgCxwXxmUW3B3njYU= ZkhLHPiP7Uf4DooNt/1kizZNADm1b+h8tAhXSPwcPrPbN3t+Jx06DZwzXlYEhSXE 6CULVgyWOH82iLGcKn5rh8N75AqCrKeqiHuFUWI8W3RSLolOGMDqAOnKtNTX1AFe 8FdD2h+EoXCjg5eQhtMlQE5LkOSf3AVqgJYbaqrJZgg= Y4VPax9NN/dKmqF+s9P1EMA+IqhcGIPpcbgTKYuHNMmPmp8MhTxur5CR0eiVwBHP ChNjb20uYW5kcm9pZC52ZW5kaW5nCiBjb20uZ29vZ2xlLmFuZHJvaWQuYXBwcy5tZWV0aW5ncwohY29tLmdvb2dsZS5hbmRyb2lkLmFwcHMubWVzc2FnaW5n 308204433082032ba003020102020900c2e08746644a308d300d06092a864886f70d01010405003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3038303832313233313333345a170d3336303130373233313333345a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820120300d06092a864886f70d01010105000382010d00308201080282010100ab562e00d83ba208ae0a966f124e29da11f2ab56d08f58e2cca91303e9b754d372f640a71b1dcb130967624e4656a7776a92193db2e5bfb724a91e77188b0e6a47a43b33d9609b77183145ccdf7b2e586674c9e1565b1f4c6a5955bff251a63dabf9c55c27222252e875e4f8154a645f897168c0b1bfc612eabf785769bb34aa7984dc7e2ea2764cae8307d8c17154d7ee5f64a51a44a602c249054157dc02cd5f5c0e55fbef8519fbe327f0b1511692c5a06f19d18385f5c4dbc2d6b93f68cc2979c70e18ab93866b3bd5db8999552a0e3b4c99df58fb918bedc182ba35e003c1b4b10dd244a8ee24fffd333872ab5221985edab0fc0d0b145b6aa192858e79020103a381d93081d6301d0603551d0e04160414c77d8cc2211756259a7fd382df6be398e4d786a53081a60603551d2304819e30819b8014c77d8cc2211756259a7fd382df6be398e4d786a5a178a4763074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964820900c2e08746644a308d300c0603551d13040530030101ff300d06092a864886f70d010104050003820101006dd252ceef85302c360aaace939bcff2cca904bb5d7a1661f8ae46b2994204d0ff4a68c7ed1a531ec4595a623ce60763b167297a7ae35712c407f208f0cb109429124d7b106219c084ca3eb3f9ad5fb871ef92269a8be28bf16d44c8d9a08e6cb2f005bb3fe2cb96447e868e731076ad45b33f6009ea19c161e62641aa99271dfd5228c5c587875ddb7f452758d661f6cc0cccb7352e424cc4365c523532f7325137593c4ae341f4db41edda0d0b1071a7c440f0fe9ea01cb627ca674369d084bd2fd911ff06cdbf2cfa10dc0f893ae35762919048c7efc64c7144178342f70581c9de573af55b390dd7fdb9418631895d5f759f30112687ff621410c069308a PfXuYpXR8QASWK08ChzzefD8h4IQvIx6Xugf6O+BJbFGNBOs3F9abkomDjkEKIY/ T+InekJlJ8RmIDkSOxSdVK3n60x123LKQKipAj90olVt6NWqXHdtrKrCRV+MIFdG Bdd/SXecSODrNYWNMJakrwr0suwau+ZSaygsyNqj5IcjiKGPVCNYxfh9jESu1wRd atxCXkhFC9Qo4zr+qQKStmlw+xq4VCpNksBYKhnncQoFPxOQrQVA0Q5Y3uEyrMy9 WORPtHCVuMEv3y1w8NHqrRk35a2wyunOkGiiZJxdjaY= pOQv/ncF1LaNtzYOMl87UsR5TvsuG5ecw6dyIcJCym+lewlOBw6IZhtgwF1qNMNH Cb3a/0oybs716dPr7UCf4ZWTrxhPatWThTypQohUWkM= 1MAz8AsFFFR6PX7Q/aoiTCXDxA7Y87QD+tiULVUCjXhSqmeyoEv99dhFUigp84ha et7+F9y0bmWPaNewdNSgaLaOgYWThlyODluK68jSELk= MdKUmuf6DBtYuVjgv6h8BEjHuBvX5PE/R2XdoeGNJT0= cxQLOgxIjd5GqHFd887UzcTVGYJaF4w3kSTCXM9zwKU= 8+Gsu284Xz8VlJdhu6cTHCdcvCVVHyOiPBH/5JkF0bc= 6f32224f52472dca661b0406b6d073cf iJMtal0QkdCCvDIFbIXn2Msn+SEpgaeW0QkQ5fhgj50r8RtLZhDVC6lwnLAWkcW0 K1BE5iDLpIxaZZJp7C4O3DsdHGbDPO0C9L+hxNcDxpM= BoYdDgxF0J4Z6qBFEz0Y0ptcEBy4vkae+v/aE6rWTPA= u0deiS9oYmD364nfSsTKCoaogh75qkGLLRLBySCBi52jAL+3CKcuH0JuOgAzQyxJ b418c6babba4f8390c3679e68e27b148 mgC3WGYZcRZZUEO15izZ6XddH7Xv5j+uOXn1fcHyPpA= Egu28ffoQSw9KOwYfG/AJmF7jqmf54ISsd5MNAePHGo= rrjLlsla978gQsd21zlsNlBlI2LX695vD5/bR0YoarWUKt9pBHEKqU2V70kXmeqs 470fa2b4ae81cd56ecbcda9735803434cec591fa SIWeD0mZMtnr44TzGlKsRDDYnRFr4kkvUC1v+CRvf1A= 50C4883907597803F9BF3C085C768ED6 2FC8CB612ECB0B649F7A43C1D166A919 R2RBJfxfdXZyH4kWmH3CYK5g20DhfXioszVJ9FTqzrY= 85FE663910593C6039EB04F05A005FA9 308204a830820390a003020102020900d585b86c7dd34ef5300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233333635365a170d3335303930313233333635365a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100d6ce2e080abfe2314dd18db3cfd3185cb43d33fa0c74e1bdb6d1db8913f62c5c39df56f846813d65bec0f3ca426b07c5a8ed5a3990c167e76bc999b927894b8f0b22001994a92915e572c56d2a301ba36fc5fc113ad6cb9e7435a16d23ab7dfaeee165e4df1f0a8dbda70a869d516c4e9d051196ca7c0c557f175bc375f948c56aae86089ba44f8aa6a4dd9a7dbf2c0a352282ad06b8cc185eb15579eef86d080b1d6189c0f9af98b1c2ebd107ea45abdb68a3c7838a5e5488c76c53d40b121de7bbd30e620c188ae1aa61dbbc87dd3c645f2f55f3d4c375ec4070a93f7151d83670c16a971abe5ef2d11890e1b8aef3298cf066bf9e6ce144ac9ae86d1c1b0f020103a381fc3081f9301d0603551d0e041604148d1cc5be954c433c61863a15b04cbc03f24fe0b23081c90603551d230481c13081be80148d1cc5be954c433c61863a15b04cbc03f24fe0b2a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900d585b86c7dd34ef5300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010019d30cf105fb78923f4c0d7dd223233d40967acfce00081d5bd7c6e9d6ed206b0e11209506416ca244939913d26b4aa0e0f524cad2bb5c6e4ca1016a15916ea1ec5dc95a5e3a010036f49248d5109bbf2e1e618186673a3be56daf0b77b1c229e3c255e3e84c905d2387efba09cbf13b202b4e5a22c93263484a23d2fc29fa9f1939759733afd8aa160f4296c2d0163e8182859c6643e9c1962fa0c18333335bc090ff9a6b22ded1ad444229a539a94eefadabd065ced24b3e51e5dd7b66787bef12fe97fba484c423fb4ff8cc494c02f0f5051612ff6529393e8e46eac5bb21f277c151aa5f2aa627d1e89da70ab6033569de3b9897bfff7ca9da3e1243f60b AIzaSyDRKQ9d6kfsoZT2lUnZcZnBYvH69HExNPE All9dLPTMel/eCIBoDimh2kew7aPoVe9eZ80kN1esN4= sZcaWvHk5YMGi5Y+Upjcj5xXN/uJAE5+o93AJh0tgcKgvaqPrd4dFC6HKBJZfNCh pQ8JnVS7yUZANCXtBVm35/Ifx7Qa6SIA2WAFLNMh0sw= 0G0hVgzYtuXNuzEKOxAON/a0c4+sHPmbkckIOa2TK0w=
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: c/a0/a.java, line(s) 35 c/b/k/i.java, line(s) 67,177 c/b/k/j.java, line(s) 2237,1482,1488,2328,1204 c/b/k/m.java, line(s) 90 c/b/k/o.java, line(s) 87,101,111 c/b/k/r.java, line(s) 50,60,75,85,102,114,126,135,148,162,174 c/b/k/t.java, line(s) 52,67 c/b/p/g.java, line(s) 142,189,248 c/b/p/j/i.java, line(s) 387 c/b/p/j/j.java, line(s) 273 c/b/q/c0.java, line(s) 47 c/b/q/f1.java, line(s) 384,389 c/b/q/h1.java, line(s) 94 c/b/q/i0.java, line(s) 78,130,144,158,167,445 c/b/q/i1.java, line(s) 83 c/b/q/k1.java, line(s) 27,38,56,58,60 c/b/q/r0.java, line(s) 442,583,189,194,201,316,609 c/b/q/t0.java, line(s) 132,166 c/b/q/u0.java, line(s) 181,42,54,92,121,385 c/b/q/y0.java, line(s) 90,118,290,122,125,178,272,325,380,394,467,470 c/b/q/z0.java, line(s) 28 c/b0/i0.java, line(s) 37,83 c/b0/y.java, line(s) 33,42,44 c/c0/a/a/h.java, line(s) 960,963 c/g0/e.java, line(s) 159,164,173,179,185,195,202 c/g0/p.java, line(s) 23,25,34,36,45,47,56,58,67,69 c/h/a/d.java, line(s) 396 c/h/b/a/a.java, line(s) 95,98 c/h/b/b/j.java, line(s) 1242,1140 c/h/c/a.java, line(s) 217,220,221,226,228 c/h/c/b.java, line(s) 61,86,95 c/h/c/c.java, line(s) 222,111,268 c/h/c/d.java, line(s) 686,1646,2442,1856,746,749,1454,1724,1778,2525,2531 c/j/e/d.java, line(s) 81,231 c/j/e/f.java, line(s) 36,45 c/j/e/i.java, line(s) 42 c/j/e/m.java, line(s) 61,75,79 c/j/e/n.java, line(s) 208,224,230,278,309,319,330,338,207,223,229,277,308,318,329,337,161,233,283,300 c/j/e/s.java, line(s) 66 c/j/f/d/e.java, line(s) 55 c/j/f/d/f.java, line(s) 65 c/j/f/d/j.java, line(s) 140,149,271 c/j/g/d.java, line(s) 392,397 c/j/g/f.java, line(s) 68 c/j/g/g.java, line(s) 40,72 c/j/g/h.java, line(s) 49,219 c/j/g/k.java, line(s) 84,87 c/j/g/l.java, line(s) 104 c/j/g/m/a.java, line(s) 166,175,233,243 c/j/g/m/e.java, line(s) 44,67 c/j/k/g.java, line(s) 27,31,35 c/j/k/l.java, line(s) 34 c/j/m/b.java, line(s) 56,69,71,84,86,106,109 c/j/o/b0.java, line(s) 1437,1299,1436 c/j/o/c0.java, line(s) 40,51 c/j/o/e.java, line(s) 56 c/j/o/e0.java, line(s) 50,65,86,113,134,155,176 c/j/o/j.java, line(s) 20,29 c/j/o/k0.java, line(s) 356,515,146,158,165,174,43,65,506 c/j/o/m.java, line(s) 69 c/j/o/m0/c.java, line(s) 159 c/j/o/o0/c.java, line(s) 136 c/j/p/b.java, line(s) 25,34 c/j/p/c.java, line(s) 50,59 c/j/p/h.java, line(s) 57,66 c/j/p/i.java, line(s) 396,387 c/j/p/j.java, line(s) 49,48 c/l/b/c.java, line(s) 516 c/n/a/f.java, line(s) 83 c/o/d/a.java, line(s) 120,187,196,208 c/o/d/b.java, line(s) 128 c/o/d/b0.java, line(s) 16 c/o/d/c.java, line(s) 482,509,514,871 c/o/d/c0.java, line(s) 115,188,197,204,213,250,295,305,313,363,370,377,384,408,475,493 c/o/d/d.java, line(s) 93,186,194,196,280,342 c/o/d/k.java, line(s) 83,96 c/o/d/m.java, line(s) 734,1804,1805,1813,1821,445,282,522,1246,1346,1385,1394,1404,1426,1482,1493,1587,1596,1759,1986,1994,101,111,130,140,250,260 c/o/d/p.java, line(s) 43,77,51,59,130,136 c/o/d/t.java, line(s) 131,148,233,255,339,383,402,417,427,521,583,622,733,741,125,226,320,471,637 c/o/d/u.java, line(s) 130 c/o/d/v.java, line(s) 220,230,273,288,306 c/q/a/a.java, line(s) 29 c/s/a/b.java, line(s) 45,60,68,92,195,208,313,319,341,52 c/s/b/c.java, line(s) 70 c/t/a.java, line(s) 321,361,412,414,194,201,203,209,343,345,355,358,401,107,138,197,205,212,225,234,246,306,324 c/t/c.java, line(s) 51,62,64,109,125,167,179,183,185,190,195,237,259,292,294,102,175,247,263,278,288,296 c/u/m.java, line(s) 37,82,182,186,80 c/v/d/d.java, line(s) 27 c/w/f0.java, line(s) 460,488,672,674 c/w/g0.java, line(s) 58,152,211 c/w/n0.java, line(s) 303 c/w/s0.java, line(s) 232,235,240 c/w/x0/a.java, line(s) 136 c/y/a/h.java, line(s) 56,59,73,49,63 c/y/a/l/e.java, line(s) 269 c/y/b/a.java, line(s) 88 com/bin/calllogs/activty/DailerPermissionActivity.java, line(s) 86 com/bin/calllogs/activty/DashBoardActivity.java, line(s) 301,307,309,1267,1733,1049,1077,2655,2770,3757,3762,3811,4017,4020,619,671,880,1136,1833,1853,2106,2807,2816,3496,4214,4457,4468,4623,4848,4947 com/bin/calllogs/activty/PermissionActivity.java, line(s) 130,354 com/bin/calllogs/activty/SplashActivity.java, line(s) 198,242 com/bin/calllogs/application/AppApplication.java, line(s) 171,363,370,373 com/bin/calllogs/dialer/CallActivity.java, line(s) 128,663 com/bin/calllogs/dialer/receivers/ActionReceiver.java, line(s) 51,57,59,212,168 com/bin/calllogs/dialer/services/CallService.java, line(s) 55,66,70,71,90,121 com/bin/calllogs/utils/service/RestoreService.java, line(s) 106 com/bin/calllogs/utils/workmanager/BackupWorkerDaily.java, line(s) 223,278,199,202,208,212,231,283,104,128,158 d/b/a/b/p.java, line(s) 155 d/b/a/b/r.java, line(s) 87,130 d/b/a/b/u.java, line(s) 312 d/b/a/b/v.java, line(s) 328 d/b/a/b/y.java, line(s) 81 d/b/a/e/w/b.java, line(s) 32,39,69,73,78 d/b/a/f/a/j1.java, line(s) 342 d/b/a/f/a/k1.java, line(s) 243 d/b/a/f/a/l1.java, line(s) 243 d/b/a/f/a/m1.java, line(s) 243 d/b/a/f/a/n1.java, line(s) 243 d/b/a/f/a/o1.java, line(s) 243 d/b/a/f/a/p1.java, line(s) 243 d/b/a/f/a/q1.java, line(s) 243 d/b/a/f/b/n.java, line(s) 248,268 d/b/a/f/c/g.java, line(s) 424,311,316,405 d/b/a/f/d/b0.java, line(s) 116 d/b/a/f/d/c0.java, line(s) 313,589,774,780,783,104,118,121,127,594,385,974,998,1028 d/b/a/f/d/d0.java, line(s) 157 d/b/a/f/d/z.java, line(s) 158 d/b/a/f/e/a.java, line(s) 361 d/b/a/f/e/b.java, line(s) 58 d/b/a/g/e.java, line(s) 185 d/b/a/g/f.java, line(s) 174 d/c/a/a/d/a.java, line(s) 52 d/c/a/a/d/b.java, line(s) 291,367,371,555,730,736 d/c/a/a/d/d.java, line(s) 169,173,199 d/c/a/a/f/k.java, line(s) 18 d/c/a/a/f/m.java, line(s) 22 d/c/a/a/j/a.java, line(s) 123 d/c/a/a/l/j.java, line(s) 76,199 d/d/b/a/j/a0/a.java, line(s) 15,22,29,14,21,28,42,43,49,50 d/d/b/a/j/x/k.java, line(s) 35,42,45,53,79,82,85,88,91 d/d/b/b/a/b0/a.java, line(s) 117,150,251 d/d/b/b/a/b0/d.java, line(s) 23,41,50,60 d/d/b/b/a/e0/c/i1.java, line(s) 11,17,19,28 d/d/b/b/c/b/e/d/g.java, line(s) 30 d/d/b/b/c/h.java, line(s) 167,174 d/d/b/b/e/a0.java, line(s) 42 d/d/b/b/e/e.java, line(s) 109,155,162 d/d/b/b/e/e0.java, line(s) 73,91,95,121,125,56 d/d/b/b/e/h.java, line(s) 42,106,55,93,125,137,147,153,156,158,162 d/d/b/b/e/i.java, line(s) 42,78 d/d/b/b/e/j0.java, line(s) 27,30,51 d/d/b/b/e/l/k/f.java, line(s) 241,357 d/d/b/b/e/l/k/f1.java, line(s) 23,38 d/d/b/b/e/l/k/g0.java, line(s) 107,433 d/d/b/b/e/l/k/j0.java, line(s) 47 d/d/b/b/e/l/k/k0.java, line(s) 35 d/d/b/b/e/l/k/y0.java, line(s) 43 d/d/b/b/e/m/a.java, line(s) 18 d/d/b/b/e/m/a1.java, line(s) 30 d/d/b/b/e/m/c.java, line(s) 367,300,304,308,314,385 d/d/b/b/e/m/d0.java, line(s) 94,97,100,103,106,109,120,123,126,129,161,166 d/d/b/b/e/m/d1.java, line(s) 100 d/d/b/b/e/m/e1.java, line(s) 27 d/d/b/b/e/m/f1.java, line(s) 27 d/d/b/b/e/m/g0.java, line(s) 26 d/d/b/b/e/m/h1.java, line(s) 37,55 d/d/b/b/e/m/n1.java, line(s) 55,60 d/d/b/b/e/m/q1.java, line(s) 49 d/d/b/b/e/n/a.java, line(s) 42,47,34,62 d/d/b/b/e/o/a.java, line(s) 82,93 d/d/b/b/e/o0.java, line(s) 50,52,46 d/d/b/b/e/p/g.java, line(s) 15 d/d/b/b/e/p/r.java, line(s) 17,16 d/d/b/b/e/r.java, line(s) 28 d/d/b/b/h/a/be2.java, line(s) 16,22,32,38 d/d/b/b/h/a/c13.java, line(s) 21,30,37,29,36,43,44,50,51 d/d/b/b/h/a/ee.java, line(s) 23 d/d/b/b/h/a/ez3.java, line(s) 19 d/d/b/b/h/a/f04.java, line(s) 53 d/d/b/b/h/a/kz2.java, line(s) 44,53,62 d/d/b/b/h/a/lv2.java, line(s) 8 d/d/b/b/h/a/my2.java, line(s) 41 d/d/b/b/h/a/ne0.java, line(s) 19,25,27,36,43,49,51,60,67,73,75,117,85,91,93,102 d/d/b/b/h/a/ny2.java, line(s) 44,51,35 d/d/b/b/h/a/sf.java, line(s) 169 d/d/b/b/h/a/tg.java, line(s) 157,407,311,312,313 d/d/b/b/h/a/wa.java, line(s) 14,18,22,9,27 d/d/b/b/h/a/xg0.java, line(s) 71,125,126 d/d/b/b/h/c/l.java, line(s) 50,56,68,101,108 d/d/b/b/h/e/d5.java, line(s) 36 d/d/b/b/h/e/f0.java, line(s) 15 d/d/b/b/h/e/g0.java, line(s) 18 d/d/b/b/h/e/h0.java, line(s) 15 d/d/b/b/h/e/i0.java, line(s) 17 d/d/b/b/h/e/q.java, line(s) 129 d/d/b/b/h/e/y.java, line(s) 60 d/d/b/b/h/h/b1.java, line(s) 19 d/d/b/b/h/h/f6.java, line(s) 60 d/d/b/b/h/h/m6.java, line(s) 15 d/d/b/b/h/h/n6.java, line(s) 18 d/d/b/b/h/h/o6.java, line(s) 15 d/d/b/b/h/h/v1.java, line(s) 55 d/d/b/b/h/h/x2.java, line(s) 72,58,69,78,155,166,205,211 d/d/b/b/h/h/x5.java, line(s) 97 d/d/b/b/h/i/v.java, line(s) 112,128,134,114,120,129,135 d/d/b/b/i/b/a6.java, line(s) 14 d/d/b/b/i/b/m3.java, line(s) 153 d/d/b/b/j/b/a.java, line(s) 79,83 d/d/b/c/e0/b.java, line(s) 653 d/d/b/c/i0/d.java, line(s) 147,180 d/d/b/c/j0/b.java, line(s) 74 d/d/b/c/l0/g.java, line(s) 665 d/d/b/c/m/h.java, line(s) 50 d/d/b/c/t/a.java, line(s) 193 d/d/b/d/a/a/e/p.java, line(s) 21,30,37,29,36,43,44,50,51 d/d/e/h.java, line(s) 309,283,287,190 d/d/e/k/q.java, line(s) 32,39,42,51,85 d/d/e/k/t.java, line(s) 158 d/d/e/l/h/f.java, line(s) 28,38,19,48,58,68 d/d/e/l/h/j/q.java, line(s) 115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133 d/d/e/r/e.java, line(s) 26 d/d/e/r/m/b.java, line(s) 52,73 d/d/e/r/n/c.java, line(s) 92,273,276,100,101,306,308
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: d/b/a/b/o.java, line(s) 4,101 d/b/a/b/v.java, line(s) 5,138 d/b/a/b/w.java, line(s) 5,130
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: d/d/b/b/h/a/q13.java, line(s) 23 d/d/b/d/a/a/e/c.java, line(s) 23 d/d/e/l/h/j/n.java, line(s) 303,303,304
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/752458926861/namespaces/firebase:fetch?key=AIzaSyB__8V9Ul-rfZJEqHZuI3J2C3r-EBJOrrM ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app-measurement.com) 通信。
{'ip': '180.163.150.161', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
综合安全基线评分总结
Cally v1.2.2
Android APK
49
综合安全评分
中风险