应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Calculator v12.2.00.4
73
安全评分
安全基线评分
73/100
安全
综合风险等级
风险等级评定
- A
- B
- C
- F
应用安全状况良好,可正常使用
漏洞与安全项分布
0
高危
4
中危
2
信息
2
安全
隐私风险评估
0
第三方跟踪器
隐私安全
未检测到第三方跟踪器
检测结果分布
高危安全漏洞
0
中危安全漏洞
4
安全提示信息
2
已通过安全项
2
重点安全关注
0
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/sec/android/app/popupcalculator/common/utils/CommonUtils.java, line(s) 59,60,61
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: i1/a.java, line(s) 6,34 i1/b.java, line(s) 4,5,25
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/sec/android/app/popupcalculator/BuildConfig.java, line(s) 8
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a0/a.java, line(s) 419 com/sec/android/app/popupcalculator/Calculator.java, line(s) 352,353,587 com/sec/android/app/popupcalculator/CalculatorBroadcastReceiver.java, line(s) 16,51 com/sec/android/app/popupcalculator/calc/controller/CalculatorUtils.java, line(s) 316,325,340 com/sec/android/app/popupcalculator/calc/controller/HandleButtonsController.java, line(s) 56 com/sec/android/app/popupcalculator/calc/controller/HistoryController.java, line(s) 299 com/sec/android/app/popupcalculator/calc/controller/KeypadController.java, line(s) 453,505 com/sec/android/app/popupcalculator/calc/controller/MultiWindowLayoutController.java, line(s) 323,328,440 com/sec/android/app/popupcalculator/calc/model/HistoriesData.java, line(s) 96,107,118,133,144,155,165,172,182,224,234,245,337,383,393,404,419,430,441,456,467,478,488,495,505 com/sec/android/app/popupcalculator/calc/view/HandleButtonsLayout.java, line(s) 123 com/sec/android/app/popupcalculator/calc/view/KeyboardLayout.java, line(s) 77 com/sec/android/app/popupcalculator/common/logic/CalculateTool.java, line(s) 125,761,520 com/sec/android/app/popupcalculator/common/logic/CalculatorLogic.java, line(s) 887 com/sec/android/app/popupcalculator/common/utils/AccessibilityUtils.java, line(s) 150 com/sec/android/app/popupcalculator/common/utils/AnalystUtils.java, line(s) 194,634,642,653,660,667,674,177,196,685 com/sec/android/app/popupcalculator/common/utils/CommonUtils.java, line(s) 241,594,207,418,422 com/sec/android/app/popupcalculator/converter/controller/BaseUnitConverterFragment.java, line(s) 80,99,105,126,136,168,195 com/sec/android/app/popupcalculator/converter/controller/ConverterKeyboardLayout.java, line(s) 74 com/sec/android/app/popupcalculator/converter/controller/ConverterKeypadController.java, line(s) 176 com/sec/android/app/popupcalculator/converter/controller/ConverterPagerController.java, line(s) 106,192,197,201,220,303,326,334,343,355,406,467,586,594,596,621,644,704,771,803 com/sec/android/app/popupcalculator/converter/controller/ConverterPagerItemController.java, line(s) 198,440,754,798,824,895,933,977,986,998,1018,1024 com/sec/android/app/popupcalculator/converter/controller/NewUnitConverterActivity.java, line(s) 240,264,478 com/sec/android/app/popupcalculator/converter/model/UnitManager.java, line(s) 71,85,152,173,79,131 com/sec/android/app/popupcalculator/converter/mortgage/controller/BaseConverterFragment.java, line(s) 49 com/sec/android/app/popupcalculator/converter/mortgage/controller/MortgageConverterFragment.java, line(s) 60,74,212,239,245,319 com/sec/android/app/popupcalculator/converter/mortgage/controller/MortgageDetailActivity.java, line(s) 44 com/sec/android/app/popupcalculator/converter/mortgage/controller/MortgageEditText.java, line(s) 156,209 com/sec/android/app/popupcalculator/converter/mortgage/controller/MortgageInputFragment.java, line(s) 783,927,993 com/sec/android/app/popupcalculator/converter/mortgage/controller/MortgageResultActivity.java, line(s) 121 com/sec/android/app/popupcalculator/converter/mortgage/controller/MortgageResultFragment.java, line(s) 154 com/sec/android/app/popupcalculator/converter/mortgage/logic/MortgageComputer.java, line(s) 136,138,160,167,196,198,204,206,232,263,315,317,323,325,331,333,339,341,347,349,355,357,363,365,371,373,379,381,388,389,391,397,399,405,407,428,430,469,471,477,479,505,512 com/sec/android/app/popupcalculator/converter/mortgage/svc/http/Connection.java, line(s) 47,137,141,150,159,188,56,61,81,95,193,198,213,229 com/sec/android/app/popupcalculator/converter/mortgage/svc/util/MortgageLastStateUtil.java, line(s) 35,55 com/sec/android/app/popupcalculator/converter/utils/ConverterUtils.java, line(s) 65,68,83,84,570,574,643,101,113,123,131,136,147,156,166 e/g.java, line(s) 152,188,265 e0/a0.java, line(s) 30,44 e0/b0.java, line(s) 31,45 e0/c0.java, line(s) 29 e0/w.java, line(s) 23,38,42 e0/z.java, line(s) 67 f/d.java, line(s) 234 i0/h.java, line(s) 38 m1/b.java, line(s) 7,20,15,31,26,35 n/b.java, line(s) 124,135,146 o1/a.java, line(s) 13,18 v/c.java, line(s) 18 w/c.java, line(s) 142
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/sec/android/app/popupcalculator/calc/controller/HistoryController.java, line(s) 6,110
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: d1/a.java, line(s) 44,41,44,37,40,40
已通过安全项 此应用程序没有隐私跟踪程序
此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。
综合安全基线评分总结
Calculator v12.2.00.4
Android APK
73
综合安全评分
低风险