应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
BulletPrep v1.2.5
61
安全评分
安全基线评分
61/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用安全状况良好,可正常使用
漏洞与安全项分布
0
高危
16
中危
2
信息
3
安全
隐私风险评估
4
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
0
中危安全漏洞
16
安全提示信息
2
已通过安全项
3
重点安全关注
0
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.amazon.device.iap.ResponseReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.amazon.inapp.purchasing.Permission.NOTIFY [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: coil/decode/SvgDecoder.java, line(s) 36 coil/memory/MemoryCache.java, line(s) 123 coil/memory/MemoryCacheService.java, line(s) 42 coil/request/Parameters.java, line(s) 152 com/posthog/PostHogEvent.java, line(s) 161 com/posthog/internal/PostHogBatchEvent.java, line(s) 87 com/revenuecat/purchases/amazon/AmazonBillingKt.java, line(s) 8 com/revenuecat/purchases/amazon/AmazonCacheKt.java, line(s) 8 com/revenuecat/purchases/common/BackendKt.java, line(s) 18,17 com/revenuecat/purchases/common/BackgroundAwareCallbackCacheKey.java, line(s) 66 com/revenuecat/purchases/common/caching/DeviceCache.java, line(s) 114,42,43,44 com/revenuecat/purchases/common/diagnostics/DiagnosticsEntry.java, line(s) 20,23,26,32 com/revenuecat/purchases/common/diagnostics/DiagnosticsHelper.java, line(s) 15 com/revenuecat/purchases/common/diagnostics/DiagnosticsTracker.java, line(s) 32,42,45,48,51,54,57,60 com/revenuecat/purchases/common/offlineentitlements/ProductEntitlementMapping.java, line(s) 20,23,24,25 com/revenuecat/purchases/common/verification/DefaultSignatureVerifier.java, line(s) 12 com/revenuecat/purchases/common/verification/Signature.java, line(s) 93 com/revenuecat/purchases/common/verification/SigningManager.java, line(s) 153 com/revenuecat/purchases/strings/ConfigureStrings.java, line(s) 20 com/revenuecat/purchases/subscriberattributes/SubscriberAttribute.java, line(s) 159 com/revenuecat/purchases/subscriberattributes/SubscriberAttributeKt.java, line(s) 11 com/revenuecat/purchases/ui/revenuecatui/activity/PaywallActivity.java, line(s) 262 expo/modules/adapters/react/NativeModulesProxy.java, line(s) 23,24,26,30 expo/modules/av/AVManager.java, line(s) 51,52,53,54,44,55,56,48,57,58,59,46,49,50 expo/modules/easclient/EASClientIDKt.java, line(s) 7 expo/modules/image/records/SourceMap.java, line(s) 173 expo/modules/interfaces/permissions/PermissionsResponse.java, line(s) 10,11,12,16,18 expo/modules/notifications/notifications/ArgumentsNotificationContentBuilder.java, line(s) 16,17,25,19,20,18,21,22,23,24,26,27 expo/modules/notifications/notifications/background/BackgroundRemoteNotificationTaskConsumer.java, line(s) 22 expo/modules/notifications/notifications/channels/serializers/NotificationsChannelGroupSerializer.java, line(s) 7,8,9,10,11 expo/modules/notifications/notifications/channels/serializers/NotificationsChannelSerializer.java, line(s) 23,12,7,13,14,15,8,10,16,17,18,19,20,21,9,22,24,11,25 expo/modules/notifications/notifications/presentation/builders/ExpoNotificationBuilder.java, line(s) 19,21,22,23,20 expo/modules/notifications/permissions/NotificationPermissionsModuleKt.java, line(s) 8,9,10 expo/modules/notifications/serverregistration/InstallationId.java, line(s) 15 expo/modules/notifications/service/NotificationsService.java, line(s) 56,62,61,69,64,65,66,67,71,70,72,63,74,81,83,55,85 expo/modules/notifications/service/delegates/ExpoPresentationDelegate.java, line(s) 47,49 expo/modules/notifications/tokens/PushTokenModuleKt.java, line(s) 9 expo/modules/taskManager/TaskManagerUtils.java, line(s) 29 expo/modules/updates/UpdatesConfiguration.java, line(s) 23,28,30,32,33,34,36,37,178 expo/modules/updates/UpdatesModule.java, line(s) 558 expo/modules/updates/codesigning/CodeSigningAlgorithmKt.java, line(s) 8,10 expo/modules/updates/codesigning/ExpoProjectInformation.java, line(s) 61 expo/modules/updates/db/BuildData.java, line(s) 21 expo/modules/updates/loader/SigningInfo.java, line(s) 61 expo/modules/updates/manifest/ManifestMetadata.java, line(s) 25,26,27 expo/modules/webbrowser/OpenBrowserOptions.java, line(s) 40 expo/modules/webbrowser/WebBrowserModuleKt.java, line(s) 7,12,11 io/branch/referral/Branch.java, line(s) 51 io/branch/referral/BranchPreinstall.java, line(s) 18,17 io/branch/referral/PrefHelper.java, line(s) 32 io/branch/referral/ServerRequest.java, line(s) 21,22 io/branch/referral/ServerRequestQueue.java, line(s) 26 io/branch/referral/UniversalResourceAnalyser.java, line(s) 15,14,17 io/branch/referral/validators/DeepLinkRoutingValidator.java, line(s) 22,19,25,24 io/branch/referral/validators/LinkingValidatorConstants.java, line(s) 5,13 io/branch/referral/validators/LinkingValidatorDialog.java, line(s) 168
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/amazon/device/drm/LicensingService.java, line(s) 10,11,15 com/amazon/device/iap/PurchasingService.java, line(s) 17,18 expo/modules/network/NetworkModule.java, line(s) 379 expo/modules/updates/codesigning/CertificateChain.java, line(s) 100 expo/modules/updates/codesigning/CertificateChainKt.java, line(s) 8
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/amazon/a/a/o/b/a.java, line(s) 72 com/revenuecat/purchases/common/UtilsKt.java, line(s) 25
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/amazon/a/a/b/b.java, line(s) 18 com/amazon/a/a/i/b.java, line(s) 7 com/amazon/a/a/l/c.java, line(s) 8 com/posthog/vendor/uuid/TimeBasedEpochGenerator.java, line(s) 6 expo/modules/updates/UpdatesUtils.java, line(s) 37
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: expo/modules/asset/AssetModule.java, line(s) 41,65 expo/modules/filesystem/FileSystemModule.java, line(s) 2478
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 399
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: coil/decode/SourceImageSource.java, line(s) 135
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/reactnativecommunity/asyncstorage/AsyncLocalStorageUtil.java, line(s) 6,92 com/reactnativecommunity/asyncstorage/ReactDatabaseSupplier.java, line(s) 4,5,6,47
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个4隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息
凭证信息=> "expo.modules.updates.UPDATES_CONFIGURATION_REQUEST_HEADERS_KEY" : "{"expo-channel-name":"main"}"
凭证信息=> "io.branch.sdk.BranchKey" : "key_live_pDk8O7alrcKLILmv0YRbUgdkvBjSnv1T"
凭证信息=> "expo.modules.taskManager.oneAppId" : "true"
"facebook_app_id" : "629862569518121"
"facebook_client_token" : "8f9aec042a0c8d45fc640a76f5a1ca9a"
"google_api_key" : "AIzaSyCTDQFjnmKJlbJZ6yoIF5CgOgygfXKmrHA"
"google_app_id" : "1:827541967838:android:cfa69fcc9cec7d2972034f"
"google_crash_reporting_api_key" : "AIzaSyCTDQFjnmKJlbJZ6yoIF5CgOgygfXKmrHA"
2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3
df6b721c8b4d3b6eb44c861d4415007e5a35fc95
472340246d291854f67ce4b51e48fb0b
44e91f336617a878939030a5de33f923
9b8f518b086098de3d77736f9458a3d2f6f95a37
cc2751449a350f668590264ed76692694a80308a
UC1upXWg5QVmyOSwozp755xLqquBKjjU+di6U8QhMlM=
a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc
c56fb7d591ba6704df047fd98f535372fea00211
8a3c4b262d721acd49a4bf97d5213199c86fa2b9
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/amazon/a/a/g/d.java, line(s) 27,32,37 com/amazon/a/a/o/c.java, line(s) 26,36,42,48,54 com/amazon/c/a/a/d.java, line(s) 107,111 com/amazon/device/drm/LicensingService.java, line(s) 15 com/amazon/device/drm/a/d/c.java, line(s) 58,70 com/amazon/device/iap/PurchasingService.java, line(s) 28 com/amazon/device/iap/internal/c/e.java, line(s) 169,251,278,286,347,355,390,402,454,492,214,405,414 com/amazon/device/simplesignin/BroadcastHandler.java, line(s) 17 com/amazon/device/simplesignin/SimpleSignInService.java, line(s) 16 com/amazon/device/simplesignin/a/a/c/b.java, line(s) 47 com/amazon/device/simplesignin/a/c.java, line(s) 96 com/amazon/device/simplesignin/a/c/b.java, line(s) 132,47,75,95,114,135,149,170,187,212,256,259,32,53,82,181,206,240 com/caverock/androidsvg/CSSParser.java, line(s) 990,359 com/caverock/androidsvg/SVG.java, line(s) 360 com/caverock/androidsvg/SVGAndroidRenderer.java, line(s) 116,345,1280,168,173,341 com/caverock/androidsvg/SVGImageView.java, line(s) 113,120,146,164,186,216 com/caverock/androidsvg/SVGParser.java, line(s) 616,640,660,956,530,645,2924,2960,2977 com/caverock/androidsvg/SimpleAssetResolver.java, line(s) 42,56,71 com/github/penfeizhou/animation/FrameAnimationDrawable.java, line(s) 245 com/github/penfeizhou/animation/apng/decode/APNGDecoder.java, line(s) 87 com/github/penfeizhou/animation/decode/FrameSeqDecoder.java, line(s) 195,248,345,477,244,281,292,294,341 com/horcrux/svg/Brush.java, line(s) 135,146 com/horcrux/svg/ClipPathView.java, line(s) 33 com/horcrux/svg/ImageView.java, line(s) 132 com/horcrux/svg/LinearGradientView.java, line(s) 70 com/horcrux/svg/PatternView.java, line(s) 81 com/horcrux/svg/RadialGradientView.java, line(s) 82 com/horcrux/svg/UseView.java, line(s) 51,82,97 com/horcrux/svg/VirtualView.java, line(s) 392,327,360,364 com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 252,329,427,432,541,593,686,869 com/learnium/RNDeviceInfo/RNInstallReferrerClient.java, line(s) 76,82,87,100,27,43,94 com/learnium/RNDeviceInfo/resolver/DeviceIdResolver.java, line(s) 35,41 com/pairip/licensecheck/LicenseActivity.java, line(s) 93,71 com/pairip/licensecheck/LicenseClient.java, line(s) 77,90,121,138,168,196,187,112 com/posthog/internal/PostHogPrintLogger.java, line(s) 21 com/reactcommunity/rndatetimepicker/Common.java, line(s) 133 com/reactcommunity/rndatetimepicker/MinuteIntervalSnappableTimePickerDialog.java, line(s) 108,174 com/reactnativecommunity/asyncstorage/AsyncLocalStorageUtil.java, line(s) 82,87,94,96 com/reactnativecommunity/asyncstorage/AsyncStorageExpoMigration.java, line(s) 27,33,39,41,47,49 com/reactnativecommunity/asyncstorage/AsyncStorageModule.java, line(s) 119,159,173,187,205,210,215,254,259,275,304,318,332,346,357,362,378,399,427 com/reactnativecommunity/asyncstorage/ReactDatabaseSupplier.java, line(s) 96,99 com/reactnativegooglesignin/PromiseWrapper.java, line(s) 37,51,62 com/reactnativegooglesignin/RNGoogleSigninModule.java, line(s) 83 com/reactnativemmkv/MmkvModule.java, line(s) 38,27,33,35 com/revenuecat/purchases/common/DefaultLogHandler.java, line(s) 22,44,46,29,15,36 com/revenuecat/purchases/hybridcommon/CommonKt.java, line(s) 1114,1107 com/revenuecat/purchases/hybridcommon/mappers/PurchasesPeriod.java, line(s) 36,41 com/revenuecat/purchases/react/RNPurchasesModule.java, line(s) 394 com/revenuecat/purchases/react/ui/RNPaywallsModule.java, line(s) 47 com/revenuecat/purchases/ui/revenuecatui/helpers/Logger.java, line(s) 39,18,24,34,29 com/swmansion/gesturehandler/react/RNGestureHandlerModule.java, line(s) 701 com/swmansion/gesturehandler/react/RNGestureHandlerRootHelper.java, line(s) 51,65 com/swmansion/gesturehandler/react/RNGestureHandlerRootView.java, line(s) 35 com/swmansion/reanimated/NativeMethodsHelper.java, line(s) 46 com/swmansion/reanimated/ReanimatedModule.java, line(s) 146 com/swmansion/reanimated/ReanimatedUIManagerFactory.java, line(s) 20 com/swmansion/reanimated/layoutReanimation/AnimationsManager.java, line(s) 204,218 com/swmansion/reanimated/layoutReanimation/ReanimatedNativeHierarchyManager.java, line(s) 37 com/swmansion/reanimated/layoutReanimation/SharedTransitionManager.java, line(s) 126 com/swmansion/reanimated/nativeProxy/NativeProxyCommon.java, line(s) 188 com/swmansion/reanimated/sensor/ReanimatedSensorContainer.java, line(s) 35 com/swmansion/rnscreens/ScreenStackHeaderConfigViewManager.java, line(s) 177 com/swmansion/rnscreens/ScreensModule.java, line(s) 45,91,48 com/th3rdwave/safeareacontext/SafeAreaView.java, line(s) 106 curtains/internal/WindowManagerSpy.java, line(s) 25,88 curtains/internal/WindowSpy.java, line(s) 26,45 eightbitlab/com/blurview/BlurView.java, line(s) 64 expo/modules/ExpoModulesPackage.java, line(s) 39 expo/modules/adapters/react/services/UIManagerModuleWrapper.java, line(s) 82 expo/modules/apploader/AppLoaderProvider.java, line(s) 23 expo/modules/av/player/PlayerData.java, line(s) 217,233,195,215 expo/modules/av/player/SimpleExoPlayerData.java, line(s) 310 expo/modules/av/video/MediaController.java, line(s) 354 expo/modules/constants/ConstantsService.java, line(s) 145 expo/modules/core/logging/OSLogHandler.java, line(s) 39,49,54,43,47,30,32 expo/modules/devlauncher/helpers/DevLauncherInstallationIDHelper.java, line(s) 57,73 expo/modules/devlauncher/launcher/configurators/DevLauncherExpoActivityConfigurator.java, line(s) 170,184 expo/modules/devmenu/devtools/DevMenuDevToolsDelegate$openJSInspector$1$1.java, line(s) 62 expo/modules/devmenu/extensions/DevMenuExtension.java, line(s) 78,85 expo/modules/devmenu/react/DevMenuPackagerCommandHandlersSwapper$swapCurrentCommandHandlers$1.java, line(s) 60 expo/modules/devmenu/react/DevMenuPackagerCommandHandlersSwapper.java, line(s) 41 expo/modules/devmenu/react/DevMenuShakeDetectorListenerSwapper.java, line(s) 27 expo/modules/devmenu/websockets/DevMenuCommandHandlersProvider.java, line(s) 124 expo/modules/filesystem/FileSystemModule$downloadResumableTask$2.java, line(s) 105 expo/modules/filesystem/FileSystemModule.java, line(s) 1439,1553,1658,2040 expo/modules/image/ExpoImageView.java, line(s) 275 expo/modules/image/ImageViewWrapperTarget.java, line(s) 165 expo/modules/image/ThumbnailRequestCoordinatorExtensionKt.java, line(s) 23 expo/modules/image/events/GlideRequestListener.java, line(s) 49 expo/modules/localization/LocalizationModule.java, line(s) 304 expo/modules/mailcomposer/MailIntentBuilder.java, line(s) 119 expo/modules/network/NetworkModule.java, line(s) 342 expo/modules/notifications/badge/BadgeHelper.java, line(s) 50 expo/modules/notifications/notifications/ArgumentsNotificationContentBuilder.java, line(s) 63,110 expo/modules/notifications/notifications/background/BackgroundRemoteNotificationTaskConsumer.java, line(s) 84,95 expo/modules/notifications/notifications/model/NotificationContent.java, line(s) 151 expo/modules/notifications/notifications/presentation/builders/CategoryAwareNotificationBuilder.java, line(s) 48 expo/modules/notifications/notifications/presentation/builders/ChannelAwareNotificationBuilder.java, line(s) 35,44 expo/modules/notifications/notifications/presentation/builders/ExpoNotificationBuilder.java, line(s) 48,95,108,124 expo/modules/notifications/serverregistration/InstallationId.java, line(s) 45,57,72 expo/modules/notifications/service/NotificationsService.java, line(s) 364,505,533 expo/modules/notifications/service/delegates/ExpoHandlingDelegate.java, line(s) 111 expo/modules/notifications/service/delegates/ExpoNotificationLifecycleListener.java, line(s) 28,40 expo/modules/notifications/service/delegates/ExpoPresentationDelegate.java, line(s) 231,93,96,99,215 expo/modules/notifications/service/delegates/ExpoSchedulingDelegate.java, line(s) 93,119,123,127,58 expo/modules/securestore/SecureStoreModule.java, line(s) 330 expo/modules/splashscreen/singletons/SplashScreen.java, line(s) 115,159,198 expo/modules/taskManager/TaskManagerInternalModule.java, line(s) 174 expo/modules/taskManager/TaskManagerModule.java, line(s) 140 expo/modules/taskManager/TaskManagerUtils.java, line(s) 50,62,89,110,121 expo/modules/taskManager/TaskService.java, line(s) 327,457,463,98,107,166,224,241,260,278,365,243,257,460 expo/modules/taskManager/Utils.java, line(s) 36 expo/modules/updates/DisabledUpdatesController.java, line(s) 125 expo/modules/updates/EnabledUpdatesController.java, line(s) 148,186 expo/modules/updates/UpdatesDevLauncherController.java, line(s) 315 expo/modules/updates/UpdatesModule$definition$1$7$1.java, line(s) 28 expo/modules/updates/UpdatesUtils.java, line(s) 150,153,175,178,299 expo/modules/updates/codesigning/CodeSigningConfiguration.java, line(s) 104 expo/modules/updates/db/Converters.java, line(s) 88 expo/modules/updates/db/DatabaseHolder.java, line(s) 25 expo/modules/updates/db/Reaper.java, line(s) 31,39,44,48,57,61 expo/modules/updates/errorrecovery/ErrorRecovery.java, line(s) 154,186 expo/modules/updates/launcher/NoDatabaseLauncher.java, line(s) 91,115 expo/modules/updates/loader/FileDownloader.java, line(s) 696 expo/modules/updates/loader/Loader.java, line(s) 251,272,275,299,382 expo/modules/updates/loader/LoaderFiles.java, line(s) 67,88 expo/modules/updates/loader/LoaderTask$launchRemoteUpdateInBackground$1$1.java, line(s) 53,177 expo/modules/updates/loader/LoaderTask.java, line(s) 355,462 expo/modules/updates/loader/RemoteLoader.java, line(s) 139 expo/modules/updates/manifest/EmbeddedManifestUtils.java, line(s) 44 expo/modules/updates/manifest/EmbeddedUpdate.java, line(s) 247 expo/modules/updates/manifest/ExpoUpdatesUpdate.java, line(s) 309,405,462 expo/modules/updates/manifest/ManifestMetadata.java, line(s) 44 expo/modules/updates/manifest/ResponseHeaderData.java, line(s) 166,169 expo/modules/updates/procedures/RelaunchProcedure$run$1.java, line(s) 63 expo/modules/updates/selectionpolicy/SelectionPolicies.java, line(s) 50 io/branch/referral/BranchJsonConfig.java, line(s) 52,54,77,89,101,116,128,144,156,172,188,204 io/branch/referral/BranchLogger.java, line(s) 141,92,124,171,156,108 io/branch/referral/validators/IntegrationValidator.java, line(s) 105,109,113,128,129,131 io/branch/rnbranch/RNBranchModule.java, line(s) 131,142,148,163,168,181,209,214,221,228,328,335,561,580,605,611,883,979,981,997,175,582,989,738,138,657,695,868,871,886,952,1151
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: expo/modules/devmenu/modules/DevMenuInternalModule.java, line(s) 5,404,430,405,431 io/branch/referral/ShareLinkManager.java, line(s) 5,337
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/amazon/a/a/o/b/a.java, line(s) 44,42,41,41
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: expo/modules/device/DeviceModule.java, line(s) 238,238
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/827541967838/namespaces/firebase:fetch?key=AIzaSyCTDQFjnmKJlbJZ6yoIF5CgOgygfXKmrHA ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
综合安全基线评分总结
BulletPrep v1.2.5
Android APK
61
综合安全评分
低风险