应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
FanCode v7.24.0
48
安全评分
安全基线评分
48/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
4
高危
28
中危
5
信息
2
安全
隐私风险评估
13
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
4
中危安全漏洞
28
安全提示信息
5
已通过安全项
2
重点安全关注
1
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/connectsdk/service/webos/lgcast/common/utils/PrefUtil.java, line(s) 12 in/juspay/hypersdk/core/AndroidInterface.java, line(s) 812 in/juspay/hypersdk/data/KeyValueStore.java, line(s) 14
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/clevertap/android/sdk/inapp/c.java, line(s) 68,12,13 com/clevertap/android/sdk/inapp/f.java, line(s) 126,16,17 com/reactnativecommunity/webview/i.java, line(s) 436,15 in/juspay/hypersdk/core/DynamicUI.java, line(s) 205,411,10 in/juspay/hypersdk/safe/JuspayWebView.java, line(s) 78,9,10
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: f6/a.java, line(s) 69
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个13隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 Broadcast Receiver (com.deeplink.InstallReferrerReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.appsflyer.MultipleInstallBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.dream11sportsguru.utils.FCFirebaseMessagingService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.connectsdk.notification.MediaNotificationManager$MediaNotificationService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Content Provider (com.dream11sportsguru.UserAuthProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.fancode.shop.component.productrail.WebViewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (io.invertase.firebase.messaging.ReactNativeFirebaseMessagingReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.clevertap.android.sdk.pushnotification.fcm.CTFirebaseMessagingReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (in.juspay.hypersdk.core.CustomtabResult) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: a5/g.java, line(s) 85 com/NewRelic/agent/android/SavedState.java, line(s) 51,43 com/NewRelic/agent/android/distributedtracing/TracePayload.java, line(s) 11,12,14,15,19,22,20,18,23 com/NewRelic/agent/android/harvest/AgentHealth.java, line(s) 12 com/NewRelic/agent/android/harvest/HarvestConfiguration.java, line(s) 21,409,409 com/NewRelic/agent/android/util/PersistentUUID.java, line(s) 29 com/appsflyer/reactnative/RNAppsFlyerConstants.java, line(s) 36,27 com/connectsdk/device/DefaultConnectableDeviceStore.java, line(s) 24,40 com/connectsdk/service/airplay/PListParser.java, line(s) 21 com/connectsdk/service/capability/KeyControl.java, line(s) 8 com/connectsdk/service/config/WebOSTVServiceConfig.java, line(s) 15 com/connectsdk/service/sessions/WebOSWebAppSession.java, line(s) 38 com/connectsdk/service/webos/lgcast/common/connection/ConnectionManager.java, line(s) 29 com/connectsdk/service/webos/lgcast/common/connection/LGCastCommand.java, line(s) 20 com/dream11sportsguru/BuildConfig.java, line(s) 24,46,19,15,49,50,22,38,44,51,68,18 com/fancode/video/base/VideoSource.java, line(s) 409,409 com/fancode/video/base/WMDetails.java, line(s) 91 com/sudoplz/rninappupdates/SpReactNativeInAppUpdatesModule.java, line(s) 33,34 com/vmax/ng/internal/sourceconfig/models/ServiceDomain.java, line(s) 77 com/vmax/ng/internal/userprofile/request/UserProfileRequestData.java, line(s) 124 com/vmax/ng/request/vmaxRequestAttributes/AdClickBrowserRequestAttribute.java, line(s) 12 com/vmax/ng/request/vmaxRequestAttributes/AdvertisingIdRequestAttribute.java, line(s) 14 com/vmax/ng/request/vmaxRequestAttributes/ApisSupportedRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/AppKeywordRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/AppVersionRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/CarrierRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/CityRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/ConnectionTypeRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/CountryRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/CustomDataRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/DeviceMakeRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/DeviceMarketingNameRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/DeviceMccMncRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/DeviceModelRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/DeviceOSRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/DeviceOSVRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/DevicePlatformRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/DeviceTypeRequestAttribute.java, line(s) 12 com/vmax/ng/request/vmaxRequestAttributes/DisplayManagerRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/DisplayManagerVerRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/GenderRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/GeoDetectionTypeRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/InterstitialExperienceRequestAttribute.java, line(s) 12 com/vmax/ng/request/vmaxRequestAttributes/IsAllOfRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/IsNotOfAnyRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/LacRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/LanguageRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/LastFixRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/LatitudeRequestAttribute.java, line(s) 12 com/vmax/ng/request/vmaxRequestAttributes/LimitAdTrackingRequestAttribute.java, line(s) 12 com/vmax/ng/request/vmaxRequestAttributes/LocationAccuracyRequestAttribute.java, line(s) 12 com/vmax/ng/request/vmaxRequestAttributes/LocationDeterminedTimeStampRequestAttribute.java, line(s) 12 com/vmax/ng/request/vmaxRequestAttributes/LongitudeRequestAttribute.java, line(s) 12 com/vmax/ng/request/vmaxRequestAttributes/OmSdkEnabledRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/OrientationRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/PageRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/RegionRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/SectionRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/SecureRequestAttribute.java, line(s) 12 com/vmax/ng/request/vmaxRequestAttributes/TagIdRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/UserAgeRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/UserAgentRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/UserIdRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/UserKeywordRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/UtcOffsetRequestAttribute.java, line(s) 13 com/vmax/ng/request/vmaxRequestAttributes/ZipCodeRequestAttribute.java, line(s) 13 com/vmax/ng/utilities/Constant.java, line(s) 98,132 dd/o.java, line(s) 85 ei/b.java, line(s) 139 el/a.java, line(s) 74 i3/d.java, line(s) 50 ik/d.java, line(s) 73 io/invertase/firebase/common/TaskExecutorService.java, line(s) 15,16 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingHeadlessService.java, line(s) 11,9 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingSerializer.java, line(s) 21 j9/g.java, line(s) 105 l8/a.java, line(s) 37 mg/b.java, line(s) 73 ng/e.java, line(s) 81 ng/w.java, line(s) 123 qc/k.java, line(s) 75 v8/f.java, line(s) 248,535,915,995
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: c1/b.java, line(s) 6,7,24 c1/c.java, line(s) 6,54 com/NewRelic/agent/android/instrumentation/SQLiteInstrumentation.java, line(s) 7,76,78,150,152 com/dream/sports/pluggermodule/database/EventDatabase_Impl.java, line(s) 3,39,44,49,58 com/reactnativecommunity/asyncstorage/k.java, line(s) 4,5,6,104,106 com/reactnativecommunity/asyncstorage/next/StorageDb_Impl.java, line(s) 3,35,40,45,53 com/reactnativecommunity/asyncstorage/next/a.java, line(s) 3,28,34,40 h6/e.java, line(s) 6,7,8,139,139 he/m0.java, line(s) 5,6,205,205,243,243,267,267,277,277,325,325,461,480,480,818,818 he/v0.java, line(s) 4,5,249,249 i7/c.java, line(s) 5,104,106,256,258 s8/d.java, line(s) 6,7,91,91 u2/c.java, line(s) 6,7,8,9,10,100,236 y7/a.java, line(s) 5,6,7,123,123
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: al/g.java, line(s) 39 com/NewRelic/agent/android/AndroidAgentImpl.java, line(s) 340 com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 404 com/reactnativecommunity/webview/k.java, line(s) 293 ea/a.java, line(s) 44 io/invertase/firebase/utils/ReactNativeFirebaseUtilsModule.java, line(s) 115,124,125,126 u7/a.java, line(s) 55 v9/a.java, line(s) 335
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/reactnativecommunity/webview/k.java, line(s) 293 jh/c.java, line(s) 85 p2/b0.java, line(s) 70 v9/a.java, line(s) 118
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: a6/g.java, line(s) 14 cn/b.java, line(s) 23 com/NewRelic/agent/android/util/Util.java, line(s) 5 com/appsflyer/internal/AFb1bSDK.java, line(s) 21 com/clevertap/android/sdk/pushnotification/f.java, line(s) 12 com/connectsdk/service/airplay/auth/AirPlayAuth.java, line(s) 24 com/connectsdk/service/airplay/auth/AuthUtils.java, line(s) 11 com/dylanvann/fastimage/FastImageViewModule.java, line(s) 18 com/fancode/video/quickmarkview/k.java, line(s) 4 dj/i.java, line(s) 8 fm/a.java, line(s) 3 ij/b.java, line(s) 12 jl/l.java, line(s) 22 ld/c.java, line(s) 23 xh/d.java, line(s) 7
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: f6/a.java, line(s) 68 in/juspay/hypersdk/security/EncryptionHelper.java, line(s) 124,153 p9/l.java, line(s) 145 z3/g.java, line(s) 48
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/clevertap/android/sdk/inapp/c.java, line(s) 87,82 com/clevertap/android/sdk/inapp/f.java, line(s) 105,100 com/fancode/shop/component/productrail/WebViewActivity.java, line(s) 228,143,192 in/juspay/hypersdk/core/DynamicUI.java, line(s) 136,159,235,134 in/juspay/hypersdk/safe/Godel.java, line(s) 376,657,651 p3/c.java, line(s) 148,141
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: cn/b.java, line(s) 169 dc/a.java, line(s) 28 dj/i.java, line(s) 22 ha/b.java, line(s) 12 jh/b.java, line(s) 56 nd/a.java, line(s) 29
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/clevertap/android/sdk/h.java, line(s) 790 com/connectsdk/discovery/provider/ssdp/SSDPClient.java, line(s) 17 com/connectsdk/service/webos/lgcast/remotecamera/capability/CameraSinkCapability.java, line(s) 21 com/connectsdk/service/webos/lgcast/screenmirroring/ScreenMirroringConfig.java, line(s) 28 com/connectsdk/service/webos/lgcast/screenmirroring/capability/MirroringSinkCapability.java, line(s) 67 jl/l.java, line(s) 445 oj/a.java, line(s) 8,9,12,13,14
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: rk/a.java, line(s) 7,7,7,9,7,9,7,7
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: in/juspay/hypersdk/safe/Godel.java, line(s) 664,651
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/63824514628/namespaces/firebase:fetch?key=AIzaSyBpvzHI_cXg-sl3VPjg0eNYspmt6OEGEfU ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"enableCoupons": "false",
"enableGoogleBilling": "true",
"fc_abtest_match_card_prestate": "PREVIEW",
"fc_bottom_nav_enable_animation": "false",
"fc_button_text": "UPDATE APP NOW",
"fc_cache_clear_days": "3",
"fc_casa_masthead_blur_division_factor": "2",
"fc_casa_masthead_v2_enabled": "false",
"fc_cast_receiver_id": "CB24A10E",
"fc_clip_cutter": "false",
"fc_dai_sdk_type": "IMA_DAI_CORE",
"fc_enable_ad_funded": "true",
"fc_enable_api_caching": "true",
"fc_enable_casa_masthead_v2_1": "true",
"fc_enable_cast": "false",
"fc_enable_channels": "true",
"fc_enable_concurrent_stream_limiting": "true",
"fc_enable_conviva_appInsight": "false",
"fc_enable_cronet": "true",
"fc_enable_dai_extension_sdk": "false",
"fc_enable_dream11_analytics": "true",
"fc_enable_fantasy_hub": "true",
"fc_enable_gam_nudge": "true",
"fc_enable_gpu_player": "false",
"fc_enable_graphql_apq": "true",
"fc_enable_ipl_fanzone": "false",
"fc_enable_match_live_tab_animated_bottom_banner": "true",
"fc_enable_match_pip": "false",
"fc_enable_match_pip_ios": "true",
"fc_enable_match_segment": "false",
"fc_enable_native_player_stats": "true",
"fc_enable_new_architecture": "false",
"fc_enable_new_architecture_match_detail_cricket": "true",
"fc_enable_new_architecture_match_detail_cricket_ios": "true",
"fc_enable_new_architecture_match_detail_payments": "true",
"fc_enable_new_architecture_video_detail": "true",
"fc_enable_new_home_page": "true",
"fc_enable_nudges": "true",
"fc_enable_payment_checkout_page": "false",
"fc_enable_performance_sdk": "true",
"fc_enable_player_search": "true",
"fc_enable_qualtrics": "false",
"fc_enable_search": "true",
"fc_enable_sherlog": "true",
"fc_enable_shimmer_animation": "true",
"fc_enable_shop": "true",
"fc_enable_shopify_performance_profiler": "true",
"fc_enable_shorts": "true",
"fc_enable_token_auth": "true",
"fc_enable_video_detail_pip": "false",
"fc_enable_vmax_live": "true",
"fc_enable_vmax_vod": "false",
"fc_enable_water_marking": "true",
"fc_fetch_one_time_pass_ios": "true",
"fc_gam_refresh_interval": "50000",
"fc_gam_targeting_variable": "cust_params=app_version%3D4.8.5%26app_platform%3Dsportsguruand%26state%3Dundefined%26city%3Dundefined%26match_id%3D62038%26tour_id%3D2899%26sport%3Dcricket%26video_id%3D9691%26video_type%3DVOD%26duration%3D714794%26category%3DTOP%20MOMENT",
"fc_image_url": "https://www.fancode.com/skillup-uploads/cms-media/Roland-Garros_Force-Update-Bannerfinal_1.png",
"fc_in_app_review_config": "{\"matchDetail\":true,\"videoDetail\":true,\"daysDelayForFirstPopup\":1,\"daysIntervalOnClose\":3,\"daysIntervalOnNo\":2}",
"fc_masthead_ad_unit_aspect_ratio": "30:25",
"fc_masthead_ad_unit_width": "300",
"fc_match_detail_fetch_status_delay": "{\"isEnabled\":true,\"delay\":15}",
"fc_native_shimmer": "true",
"fc_prefetch_nudge_ad": "PLAYER_SQUAD,MATCH_INFO_STICKY",
"fc_prewarm_webview_delay": "0",
"fc_referral_config": "{\"feature_flag\":true,\"reward_provider_data\":{\"max_reward_amount\":400,\"max_reward_percentage\":30}}",
"fc_search_coachmark_description": "Now search Matches, Fantasy, Updates & Videos here!",
"fc_search_coachmark_title": "Looking for something?",
"fc_search_placeholder_text": "Matches, Updates, Fantasy and Videos",
"fc_search_tooltip_text": "New! Search matches, updates & videos here!",
"fc_should_show_image": "true",
"fc_show_cs_chat_option": "true",
"fc_show_cs_talk_option": "false",
"fc_show_delete_account": "false",
"fc_sponsored_ads_live_score_dark": "",
"fc_sponsored_ads_live_score_light": "",
"fc_static_ad_interval": "3000",
"fc_stories_ad_unit_id": "/22693816480/native_display",
"fc_tv_android_tv_clear_exo_player": "false",
"fc_tv_check_min_decoder_count_drm_only": "true",
"fc_tv_csl_enable": "true",
"fc_tv_csl_text": "{\"title\":\"Screen limit reached (4+ devices)\",\"description\":\"Stop playing on any other device to watch here\"}",
"fc_tv_dai_extension": "false",
"fc_tv_enable_conviva_app_tracker": "true",
"fc_tv_enable_csai": "false",
"fc_tv_enable_in_app_purchase": "false",
"fc_tv_enable_mobile_num_login": "true",
"fc_tv_enable_ssai": "false",
"fc_tv_enable_ssai_v1": "false",
"fc_tv_enable_vmax_csai": "false",
"fc_tv_enable_watermark": "true",
"fc_tv_force_update": "{\"amazon\":{\"min_version\":1,\"update_title\":\"Fancode's latest version is here\",\"update_msg\":\"Update app from amazon store.\"},\"jio\":{\"min_version\":1,\"update_title\":\"Fancode's latest version is here\",\"update_msg\":\"Update app from jio beta store.\"},\"android\":{\"min_version\":1,\"update_title\":\"Fancode's latest version is here\",\"update_msg\":\"Update app from google play store.\"}}",
"fc_tv_livestream_decoding_error_threshold": "3",
"fc_tv_min_decoder_instance": "2",
"fc_tv_min_version_code": "1",
"fc_tv_recommend_sync_interval": "5",
"fc_tv_release_player_exception_handler": "true",
"fc_tv_test_flag": "false",
"fc_tv_update_text": "This version of app is no longer supported, update the app to continue",
"fc_tv_use_minimum_bitrate_index": "2",
"fc_tv_use_minimum_bitrate_index_vod": "3",
"fc_tv_video_info_debounce_duration": "7000",
"fc_tv_vmax_seek_to_near_live_offset": "5",
"fc_tv_vmax_tag_ids": "{\"tag_ids\":[{\"tag_id\":\"d15d0360\",\"tag_type\":\"REGULAR\"},{\"tag_id\":\"a65a33f6\",\"tag_type\":\"REGULAR\"},{\"tag_id\":\"c69dba13\",\"tag_type\":\"REGULAR\"}]}",
"fc_video_player_preference": "FANCODE",
"fc_video_preroll_vasttags": "[]",
"fc_your_folllowing_segment": "false",
"sg_current_version_code": "10960434",
"sg_force_update_header": "Mandatory Update Required",
"sg_force_update_message": "<div><p style=\"text-align: center;\">Watch Tennis on FanCode! All matches. All courts - switch instantly between multiple live matches!</p></div>",
"sg_minimum_valid_version": "10960376",
"sg_optional_update_header": "Tennis is on FanCode Now!",
"sg_optional_update_message": "<div><p style=\"text-align: center;\">All matches. All courts - Switch instantly between multiple live matches! Update the app now for the full tennis experience.</p></div>",
"sg_show_update": "true",
"sg_show_update_info": "true",
"sg_store_url": "https://play.google.com/store/apps/details?id=com.dream11sportsguru",
"sg_update_info_header": "Upgrade to latest version!",
"sg_update_info_message": "<div> <ul> <li>Cricket's newest format is here! 100 balls, unlimited entertainment, only on our latest version.</li> </ul> </div>",
"test_key": "test v1"
},
"state": "UPDATE",
"templateVersion": "1367"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "@7F12002B" "CodePushDeploymentKey" : "gb-H36qJzrT8QA2uH3cIP9g5RfptE1tae-RUbg" "androidCodePushDeploymentKey" : "D_qsvpqWTbioCOLGxQZBK8K-9w4OE1tae-RUbg" "appsFlyerKey" : "Uhfbf8QfppgjTC8SsobCdR" "apptimizeKey" : "AxyPbbUcFsBavSkenjECG2sqbEGperg" "brightCoveAccountId" : "6008340455001" "brightCovePolicyKey" : "BCpkADawqM2HRDvtLxjif_KyjnhHtg7RS8advAhVCOHvDc2kHo9587NU_BE0VXSDoAaRCarG8hBlBqtrLvKXUh2SRVSAURawe8BPjFcVjCdfRgBqR6kdwzsf6LT0ojMErgEMKusg7um0tBFz" "bugfenderSdkKey" : "nj1VN1MfM00Adx4hl1mGGkUfobn9PFCn" "cast_receiver_app_id" : "1qt2hMZwBh" "clevertap_token" : "22b-4b0" "com.google.firebase.crashlytics.mapping_file_id" : "8cc8573902234c64ab05b7b74ca46652" "convivaCustomerKey" : "03ee8899ec5746450ac4ba94c3ee35e0e666064f" "facebook_app_id" : "2037001953278515" "facebook_client_token" : "03c596a98cf27350e4b2d3676240d1d1" "firebaseDomainLink" : "https://fancode.page.link" "firebase_database_url" : "https://dream11-sportsguru.firebaseio.com" "githubPATToken" : "null" "google_api_key" : "AIzaSyBpvzHI_cXg-sl3VPjg0eNYspmt6OEGEfU" "google_app_id" : "1:63824514628:android:4b17395770475255" "google_crash_reporting_api_key" : "AIzaSyBpvzHI_cXg-sl3VPjg0eNYspmt6OEGEfU" "iosCodePushDeploymentKey" : "OUR7crH4OhpB2cMPqElzohLcLGCaE1tae-RUbg" "pluggerApiKey" : "1087da0d-bd59-49ce-8a4e-2b78bc2c51ec" "segmentAndroidWriteKey" : "gdnqKQI5JAMRnRxuR9imU8Q5TT5JSX77" "segmentiOSWriteKey" : "GSWydQSRxrmedcIhMhliKLXGdYLcyoC5" "shaKey" : "QVJX3l76TiaDzkA9PSo27qNw+i9aC8aAnG/xk1ws0Iw=" "sonyLivAccountId" : "6101136441001" "sonyLivPolicyKey" : "BCpkADawqM1_Q5FTCkgjhaxegrmiGQPLHwAMGZvKCFd0ftOHHMmwsek1Q2SVg8rGtA867bKReU16ny7JMdsytvZbasOhs_uygfuSvzA8HMZVfiGbbyH3KqPKRinkaHUOQWjmi7WqLJIP6U98" "vmaxAccountId" : "209806" "vmaxAccountIdAndroid" : "fancode" "vmaxSecretKey" : "RDLSgAgm0Q1lMctwwCVV5eqQ6iAX7VaQVwKoj2xmLE4=" 16a09e667f3bcc908b2fb1366ea957d3e3adec17512775099da2f590b0667322a b0a00e4a271beec478e42fad0618432fa7d7fb3d99004d2b0bdfc14f8024832b 8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 eyJhY2NfaWQiOjUzODYsImFwcF9pZCI6MTAwODgsImluc19pZCI6MTcwNjJ9 FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF e973d14c97f1c647a41b0aff5c0c1a26 27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 36134250956749795798585127919587881956611106672985015071877198253568414405109 FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112316 eyJhY2NfaWQiOjUzODYsImFwcF9pZCI6MTAwODksImluc19pZCI6MTcwNjF9 OUR7crH4OhpB2cMPqElzohLcLGCaE1tae AAd94919a9778a4cbac26430aac5d6804cb513fcf0- 41058363725152142129326129780047268409114441015993725554835256314039467401291 1093849038073734274511112390766805569936207598951683748994586394495953116150735016013708737573759623248592132296706313309438452531591012912142327488478985984 470fa2b4ae81cd56ecbcda9735803434cec591fa 03ee8899ec5746450ac4ba94c3ee35e0e666064f AAff74abc9f690a837ed73e5126db41264f275120d- 5729d378399e64829052a93084543128 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 115792089237316195423570985008687907853269984665640564039457584007908834671663 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057148 f4fa13c62ca91137b06ccd5fe823e061 2661740802050217063228768716723360960729859168756973147706671368418802944996427808491545080627771902352094241225065558662157113545570916814161637315895999846 1087179135105457859072065649059069760280540086975817629066444682366896187793570736574549981488868217843627094867924800342887096064844227836735667168319981288765377499806385489913341488724152562880918438701129530606139552645689583147 3757180025770020463545507224491183603594455134769762486694567779615544477440556316691234405012945539562144444537289428522585666729196580810124344277578376784 54f8d8492ed7fc0507e9846f928ba539d4ced904 609e9261adde5ec941a9657d61252d2e440a4c99d7036b92aae1c40928e4d0b9 FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF c56fb7d591ba6704df047fd98f535372fea00211 KyjnhHtg7RS8advAhVCOHvDc2kHo9587NU 125617018995153554710546479714086468244499594888726646874671447258204721048803 zrfvEa3YrxfOaAs38UpJkiiqlsFVgwXEJF eyJhY2NfaWQiOjUzODYsImFwcF9pZCI6MTAwODksImluc19pZCI6MTY2ODl9 cc2751449a350f668590264ed76692694a80308a 20ace91c04a6cd74d19e7d032677516ba334a272ee5d470e64aaad0eeec66617 a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc B3EEABB8EE11C2BE770B684D95219ECB 21766174458617435773191008891802753781907668374255538511144643224689886235383840957210909013086056401571399717235807266581649606472148410291413364152197364477180887395655483738115072677402235101762521901569820740293149529620419333266262073471054548368736039519702486226506248861060256971802984953561121442680157668000761429988222457090413873973970171927093992114751765168063614761119615476233422096442783117971236371647333871414335895773474667308967050807005509320424799678417036867928316761272274230314067548291133582479583061439577559347101961771406173684378522703483495337037655006751328447510550299250924469288819 32670510020758816978083085130507043184471273380659243275938904335757337482424 167609434410335061345139523764350090260135525329813904557420930309800865859473551531551523800013916573891864789934747039010546328480848979516637673776605610374669426214776197828492691384519453218253702788022233205683635831626913357154941914129985489522629902540768368409482248290641036967659389658897350067939 39269fe6dd8e7d143588f05619875fb9feea6acec90d4d83dacc2c85ee589438 26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 zclaiuQxsbgMVeFnfCu77MyQYginWMZwFAKVYn66nHQ RDLSgAgm0Q1lMctwwCVV5eqQ6iAX7VaQVwKoj2xmLE4= FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF n6uU8wPBqzMdqFpPcubedIOmh4nNa2sNkfvMkbR4Pk/YupsDpic56dMxX0Twvg6SiaKGjv8NO9Lcv 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 AIzaSyCuwbYo4hc4tFQ1csKTVJfJkzcYV0BZ0KU 115792089210356248762697446949407573530086143415290314195533631308867097853951 7ffe72f9bf956c4c5e754a70eabb02ddb547a30c8470646e05ae1250d17563cb uygfuSvzA8HMZVfiGbbyH3KqPKRinkaHUOQWjmi7WqLJIP6U98 48439561293906451759052585252797914202762949526041747995844080717082404635286 7ef2e3f2ec15407caa5b33a862017f5bd0e39cbb8c64c75ea36574fa8b658dfc 150f76c0a3967a2728b4b922d7a81fa8a72f5f50258715fd4ddc32cb8509c7ef 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151 55066263022277343669578718895168534326250603453777594175500187360389116729240 115792089210356248762697446949407573529996955224135760342422259061068512044369 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 058868b3669b858cee038c731c7141443193060f65213d94f8f1d277d6b507b0 115792089237316195423570985008687907852837564279074904382605163141518161494337 AxyPbbUcFsBavSkenjECG2sqbEGperg FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF eyJhY2NfaWQiOjUzODYsImFwcF9pZCI6MTAwODgsImluc19pZCI6MTA2NDB9 b93ba5b1-6af0-47bf-a418-d1be2bd2a372 39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 a3785913ca4deb75abd841414d0a700098e879777940c78c73fe6f2bee6c0352 eyJhY2NfaWQiOjUzODYsImFwcF9pZCI6MTAwODgsImluc19pZCI6MTY2OTB9 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2At7fSUHuMw6bm/z3Q+X4oY9KpDa1s06 6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449 1087da0d-bd59-49ce-8a4e-2b78bc2c51ec b956059a88e9dfb420dc5fb101fd3156 9b8f518b086098de3d77736f9458a3d2f6f95a37 BE0VXSDoAaRCarG8hBlBqtrLvKXUh2SRVSAURawe8BPjFcVjCdfRgBqR6kdwzsf6LT0ojMErgEMKusg7um0tBFz df6b721c8b4d3b6eb44c861d4415007e5a35fc95 11144252439149533417835749556168991736939157778924947037200268358613863350040339017097790259154750906072491181606044774215413467851989724116331597513345603 1486998185923128292816507353619409521152457662596380074614818966810244974827752411420380336514078832314731499938313197533147998565301020797040787428051479639316928015998415709101293902971072960487527411068082311763171549170528008620813391411445907584912865222076100726050255271567749213905330659264908657221124284665444825474741087704974475795505492821585749417639344967192301749033325359286273431675492866492416941152646940908101472416714421046022696100064262587 IClSU5E7LL2lvdK1xx++gBwKHTNAILtTnHhlL6diMGs= eyJhY2NfaWQiOjUzODYsImFwcF9pZCI6MTAwODksImluc19pZCI6MTA2NDF9 389C9738-A761-44DE-8A66-1668CFD67DA1 E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 Q5FTCkgjhaxegrmiGQPLHwAMGZvKCFd0ftOHHMmwsek1Q2SVg8rGtA867bKReU16ny7JMdsytvZbasOhs s4RFQ5BzglOI5HBzESd6ruJSmqEJIOXm2fS4Ed9 QVJX3l76TiaDzkA9PSo27qNw+i9aC8aAnG/xk1ws0Iw= FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 115792089210356248762697446949407573530086143415290314195533631308867097853948 d67afc830dab717fd163bfcb0b8b88423e9a1a3b z56avqY0KmXjpFjJWh0QezrgibZKzorWnIk4Ue3RUlQ= 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F
安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/reactnativecommunity/clipboard/ClipboardModule.java, line(s) 30,33,4 in/juspay/hypersdk/core/ClipboardListener.java, line(s) 15,5
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a0/d.java, line(s) 61 a8/c.java, line(s) 274 an/f.java, line(s) 60,66 b5/c.java, line(s) 117 b5/e.java, line(s) 66 bj/a.java, line(s) 32,35,36,40 com/NewRelic/agent/android/AndroidAgentImpl.java, line(s) 646,453,462,454,650,653 com/NewRelic/agent/android/NewRelic.java, line(s) 392,381 com/NewRelic/agent/android/SavedState.java, line(s) 571,563,567 com/NewRelic/agent/android/aei/AEITraceReporter.java, line(s) 70,71,110,108 com/NewRelic/agent/android/agentdata/AgentDataController.java, line(s) 133 com/NewRelic/agent/android/analytics/AnalyticsControllerImpl.java, line(s) 397,233,243,251,621,649,662,692,721,174,108,166,214,218,613 com/NewRelic/agent/android/analytics/EventManagerImpl.java, line(s) 71,69 com/NewRelic/agent/android/crash/UncaughtExceptionHandler.java, line(s) 85,86 com/NewRelic/agent/android/harvest/Harvest.java, line(s) 56,307,310 com/NewRelic/agent/android/hybrid/data/DataController.java, line(s) 107 com/NewRelic/agent/android/instrumentation/LogInstrumentation.java, line(s) 22,67,31,76,40,85,49,92,58,101 com/NewRelic/agent/android/instrumentation/io/CountingInputStream.java, line(s) 283 com/NewRelic/agent/android/logging/AndroidAgentLog.java, line(s) 12,19,26,67,38,53,60 com/NewRelic/agent/android/logging/ConsoleAgentLog.java, line(s) 9 com/NewRelic/agent/android/logging/LogForwarder.java, line(s) 64,67 com/NewRelic/agent/android/logging/LogReporter.java, line(s) 168,171,173 com/NewRelic/agent/android/logging/LogReporting.java, line(s) 157,142,150,152,146 com/NewRelic/agent/android/logging/Logger.java, line(s) 61,46,54,56,50 com/NewRelic/agent/android/ndk/AgentNDK.java, line(s) 426 com/NewRelic/agent/android/rum/AppApplicationLifeCycle.java, line(s) 95,108 com/NewRelic/agent/android/sample/Sampler.java, line(s) 103,104,242,249 com/NewRelic/agent/android/stores/SharedPrefsAnalyticsAttributeStore.java, line(s) 57 com/NewRelic/agent/android/tracing/ActivityTrace.java, line(s) 202,223 com/NewRelic/agent/android/tracing/TraceMachine.java, line(s) 495,496 com/NewRelic/agent/android/util/AgentBuildOptionsReporter.java, line(s) 7,8 com/clevertap/android/pushtemplates/d.java, line(s) 357 com/connectsdk/notification/MediaNotificationManager.java, line(s) 107 com/connectsdk/service/NetcastTVService.java, line(s) 718,2077 com/connectsdk/service/netcast/NetcastPOSTRequestParser.java, line(s) 41 com/connectsdk/service/webos/WebOSTVMouseSocketConnection.java, line(s) 167,169 com/connectsdk/service/webos/WebOSTVServiceSocketClient.java, line(s) 316,362,452,727,357 com/devicehelper/RNDeviceHelperModule.java, line(s) 266,308,321,327 com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 211,271,582,645,773,802,808,970,986 com/sudoplz/rninappupdates/SpReactNativeInAppUpdatesModule.java, line(s) 57,213 d/d.java, line(s) 412,416 d0/w.java, line(s) 268 d5/i.java, line(s) 113,153 d5/k.java, line(s) 90,125,135,156,166,177,189,210,217 de/a.java, line(s) 17,24,31,45,52 e5/e.java, line(s) 48,58,72,78,109 e5/i.java, line(s) 111 ek/c.java, line(s) 53,177 f5/a.java, line(s) 174 g0/f.java, line(s) 144 g5/c.java, line(s) 19 g5/d.java, line(s) 49 g5/g.java, line(s) 114 g5/t.java, line(s) 85 g5/u.java, line(s) 78,83,96,112 g5/v.java, line(s) 38 g9/d.java, line(s) 43,61,81,98 i5/l.java, line(s) 82 ig/g.java, line(s) 18 io/invertase/firebase/common/ReactNativeFirebaseEventEmitter.java, line(s) 33 kf/s.java, line(s) 32,39,46,53,60 m5/a.java, line(s) 84,89,94,103 m5/d.java, line(s) 25 m5/j.java, line(s) 43 n2/b.java, line(s) 44 o5/d.java, line(s) 36,43,48,54,59,64 p/d.java, line(s) 211 p2/b0.java, line(s) 145,148,153 p2/q.java, line(s) 524,556,686,688 p2/t.java, line(s) 84,182 p2/w.java, line(s) 359 p9/l.java, line(s) 123 q5/d.java, line(s) 58,99 q5/k.java, line(s) 61,102 qf/i.java, line(s) 32,39,46,53,60 r2/a.java, line(s) 110 t0/b.java, line(s) 129,150,144 t2/j.java, line(s) 81,67,71 t4/b.java, line(s) 103 t4/e.java, line(s) 484 u/a.java, line(s) 96,99 u2/d.java, line(s) 236 u5/a.java, line(s) 68 v0/a.java, line(s) 30 v2/a.java, line(s) 94 x2/a.java, line(s) 76 x4/b.java, line(s) 401 y0/a.java, line(s) 169,174,181,185,201,211 y2/m0.java, line(s) 45 y4/d.java, line(s) 79,106 y4/e.java, line(s) 527,548,566 z0/a.java, line(s) 24 z4/a.java, line(s) 93
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: fd/b.java, line(s) 238 n9/j.java, line(s) 113,113 t9/b.java, line(s) 99,99
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/clevertap/android/sdk/inbox/f.java, line(s) 4,44 com/reactnativecommunity/clipboard/ClipboardModule.java, line(s) 4,267
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://dream11-sportsguru.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: b7/d.java, line(s) 138,137,138,136,130,130 g9/b.java, line(s) 37,37,37 in/juspay/hypersdk/security/HyperSSLSocketFactory.java, line(s) 66,65,67,64,64 p8/b.java, line(s) 134,133,132,132 qc/d.java, line(s) 409,408,407,407 t8/c.java, line(s) 135,133,132,132
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: in/juspay/hypersdk/data/SessionInfo.java, line(s) 123,127 kf/c.java, line(s) 23 lg/i.java, line(s) 295,295,296 qf/v.java, line(s) 23 rk/b.java, line(s) 222
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (firebase-settings.crashlytics.com) 通信。
{'ip': '180.163.150.34', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
综合安全基线评分总结
FanCode v7.24.0
Android APK
48
综合安全评分
中风险