应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Populife v3.4.0
47
安全评分
安全基线评分
47/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
4
高危
19
中危
1
信息
2
安全
隐私风险评估
1
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
4
中危安全漏洞
19
安全提示信息
1
已通过安全项
2
重点安全关注
5
高危安全漏洞 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/meiqia/core/a.java, line(s) 22,42 com/ttlock/bl/sdk/util/AESUtil.java, line(s) 42,58
高危安全漏洞 使用弱加密算法
使用弱加密算法 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/paypal/android/sdk/eg.java, line(s) 38,54
高危安全漏洞 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: com/populock/manhattan/sdk/util/AESUtil.java, line(s) 40,56
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Service (com.populock.manhattan.sdk.service.BleService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.ttlock.bl.sdk.service.BluetoothLeService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.ttlock.bl.sdk.service.DfuService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.populstay.populife.push.EventPushService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.populstay.populife.activity.MainActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.meiqia.meiqiasdk.activity.MQConversationActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.meiqia.meiqiasdk.activity.MQMessageFormActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.meiqia.meiqiasdk.activity.MQWebViewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/danikula/videocache/HttpProxyCacheServer.java, line(s) 30 com/example/smartlinklib/SmartLinkManipulator.java, line(s) 298,145,155 com/hiflying/smartlink/AbstractSmartLinker.java, line(s) 317,327 com/hiflying/smartlink/v3/SnifferSmartLinkerSendAction.java, line(s) 61,71 com/hiflying/smartlink/v7/MulticastSmartLinkerSendAction.java, line(s) 55 com/paypal/android/sdk/az.java, line(s) 9 redis/clients/jedis/HostAndPort.java, line(s) 60,60
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/danikula/videocache/StorageUtils.java, line(s) 23,40 com/meiqia/core/t2.java, line(s) 269,278 com/meiqia/core/z6.java, line(s) 114,102 com/orhanobut/logger/CsvFormatStrategy.java, line(s) 101 com/paypal/android/sdk/aw.java, line(s) 106,339 com/paypal/android/sdk/ay.java, line(s) 19,31 com/paypal/android/sdk/d.java, line(s) 104 com/populstay/populife/fragment/MainMeFragment.java, line(s) 85 com/populstay/populife/fragment/MainMeFragment00.java, line(s) 130 com/populstay/populife/fragment/MainMeFragment_backup.java, line(s) 139 com/populstay/populife/maintservice/MaintenanceRequestActivity.java, line(s) 626 com/populstay/populife/util/file/FileUtil.java, line(s) 31,32,33,34,77,165,168 com/populstay/populife/util/log/LogToFile.java, line(s) 47 com/yalantis/ucrop/util/FileUtils.java, line(s) 51
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/meiqia/core/MeiQiaService.java, line(s) 17 com/meiqia/core/x3.java, line(s) 7 com/paypal/android/sdk/cm.java, line(s) 8 com/paypal/android/sdk/eb.java, line(s) 5 com/paypal/android/sdk/ey.java, line(s) 5 com/populock/manhattan/sdk/util/StringUtil.java, line(s) 5 com/populstay/populife/util/device/DisplayManager.java, line(s) 18 com/populstay/populife/util/string/StringUtil.java, line(s) 9 com/ttlock/bl/sdk/util/DigitUtil.java, line(s) 17
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/example/smartlinklib/SmartLinkManipulator.java, line(s) 44 com/populock/manhattan/sdk/constant/LockUrls.java, line(s) 14 com/populock/manhattan/sdk/entity/LockData.java, line(s) 187 com/populstay/populife/activity/ActivateDeviceActivity.java, line(s) 30 com/populstay/populife/activity/AddDeviceSuccessActivity.java, line(s) 46 com/populstay/populife/activity/ChangeLanguageActivity.java, line(s) 22 com/populstay/populife/activity/EkeyPeriodModifyActivity.java, line(s) 34 com/populstay/populife/activity/FingerprintIcCardAddConfigActivity.java, line(s) 36 com/populstay/populife/activity/IcCardBluetoothAddActivity.java, line(s) 52 com/populstay/populife/activity/LockAddGuideActivity.java, line(s) 29 com/populstay/populife/activity/LockAutoLockingActivity.java, line(s) 28 com/populstay/populife/activity/LockManagePasswordActivity.java, line(s) 55 com/populstay/populife/activity/LockOperateRecordActivity.java, line(s) 45 com/populstay/populife/activity/LockSendEkeyActivity.java, line(s) 55 com/populstay/populife/activity/LockSendPasscodeActivity.java, line(s) 35 com/populstay/populife/activity/LockTimeActivity.java, line(s) 27 com/populstay/populife/activity/ModifyAdminPasscodeActivity.java, line(s) 30 com/populstay/populife/activity/ModifyCommonPasscodeActivity.java, line(s) 40 com/populstay/populife/activity/PasscodeDetailActivity.java, line(s) 57 com/populstay/populife/activity/SignActivity.java, line(s) 61 com/populstay/populife/constant/Constant.java, line(s) 8 com/populstay/populife/entity/Key.java, line(s) 434 com/populstay/populife/entity/LockOperateRecord.java, line(s) 15,20 com/populstay/populife/entity/LockUser.java, line(s) 152 com/populstay/populife/fragment/LockSendPasscodeFragment.java, line(s) 59 com/populstay/populife/keypwdmanage/KeyPwdConstant.java, line(s) 39 com/populstay/populife/keypwdmanage/KeyPwdListFragment.java, line(s) 71,72 com/populstay/populife/keypwdmanage/KeyPwdManageActivity.java, line(s) 50 com/populstay/populife/keypwdmanage/KeyPwdTypeSelectActivity.java, line(s) 17 com/populstay/populife/util/storage/PeachPreference.java, line(s) 26 com/ttlock/bl/sdk/api/TTLockAPI.java, line(s) 493 com/ttlock/bl/sdk/constant/LogOperate.java, line(s) 127 com/ttlock/bl/sdk/entity/HotelData.java, line(s) 8,9 com/ttlock/bl/sdk/entity/LockData.java, line(s) 31
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/danikula/videocache/sourcestorage/DatabaseSourceInfoStorage.java, line(s) 6,7,28 com/meiqia/core/v2.java, line(s) 4,5,13,14,15,16,17,22,23,24,25,37,44,50,53,56,59,60 com/meiqia/core/w2.java, line(s) 6,62,255
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/danikula/videocache/ProxyCacheUtils.java, line(s) 73 com/meiqia/core/f.java, line(s) 12 com/populstay/populife/util/Utils.java, line(s) 146 com/populstay/populife/util/string/MD5.java, line(s) 9,18,44,66 com/ttlock/bl/sdk/util/DigitUtil.java, line(s) 324 redis/clients/util/Hashing.java, line(s) 19
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/hiflying/smartlink/v7/MulticastSmartLinkerSendAction.java, line(s) 114 com/paypal/android/sdk/dh.java, line(s) 24
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/sun/jna/Native.java, line(s) 834
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "common_question_group_keyboard" : "Tastierino" "pwd_type_name_cyclic" : "Cyclique" "country_turkey_name" : "Turquia" "pwd_type_name_clear" : "Effacer" "country_turkey_number" : "90" "wifi_pwd" : "WiFi-Passwort" "pwd_type_name_cyclic" : "Ciclico" "lock_type_keybox" : "Keybox" "pwd_type_name_one_time" : "One-time" "pwd_type_name_permanent" : "Permanent" "key_created_time" : "Creato" "ic_card_keyboard_command_add" : "*85#" "pwd_type_name_clear" : "Clear" "key_status" : "Status" "pwd_type_name_custom" : "Custom" "key_created_time" : "Created" "key_status" : "Statut" "password_detail" : "Kenncode-Details" "common_question_group_keyboard" : "Clavier" "pwd_type_name_custom" : "Benutzerdefiniert" "pwd_type_name_cyclic" : "Cyclic" "common_question_group_keyboard" : "Teclado" "key_status" : "Estado" "key_created_time" : "Creada" "ic_card_keyboard_command_clear" : "*69#" "pwd_type_name_custom" : "Personalizado" "fingerprint_user_name" : "Benutzername" "country_turkey_name" : "Turki" "admin_password" : "Administratorkenncode" "pwd_type_name_time_limited" : "Time-limited" "country_turkey_name" : "Turkey" "pwd_type_name_permanent" : "Dauerhaft" "country_turkey_code" : "tr" "key_pwd_status_invalid" : "Invalid" "pwd_type_name_clear" : "Limpiar" "key_pwd_status_not_activated" : "Pendiente" "common_question_group_keyboard" : "Keypad" "common_question_group_password" : "Password" "country_turkey_name" : "Turcja" "country_turkey_name" : "Turquie" "mq_auth_code" : "CAPTCHA" "pwd_type_name_permanent" : "Permanente" "key_pwd_status_not_activated" : "Pending" "key_created_time" : "Erstellt" "share_key_through_sms_link" : "SMS-Link" "password" : "Password" "key_pwd_status_invalid" : "Invalido" "pwd_type_name_one_time" : "Einmalig" "key_pwd_status_not_activated" : "Ausstehend" "common_question_group_password" : "Passwort" "key_pwd_status_invalid" : "Invalide" "pwd_type_name_custom" : "Personalizzato" "share_key_through_account" : "Populife-Konto" "key_status" : "Stato" "pwd_type_name_cyclic" : "Zyklisch" "pwd_type_name_clear" : "Cancella" "common_question_group_keyboard" : "Tastatur" "password" : "Passwort" ae9801332af752b9d267531885ad6f39 6e400003-b5a3-f393-e0a9-e50e24dcca9e Ir6u2LUVVdyLKonwTtdFw9qhBaMb4NZuZHKS0bGxdZlRAB3 6e400001-b5a3-f393-e0a9-e50e24dcca9e 6e400001-b5a3-f393-e0a9-e50e24dcca1e EOTHbvqh0vwM2ldM2QIXbjVw0hZNuZEJLqdWmfTBLLSvGfqgyy9GKvjGybIxyGMd7gHXCXVtymqFQHS eyAiY29uZl92ZXJzaW9uIjogIjMuMCIsImFzeW5jX3VwZGF0ZV90aW1lX2ludGVydmFsIjogMzYwMCwgImZvcmNlZF9mdWxsX3VwZGF0ZV90aW1lX2ludGVydmFsIjogMTgwMCwgImNvbmZfcmVmcmVzaF90aW1lX2ludGVydmFsIjogODY0MDAsICJhbmRyb2lkX2FwcHNfdG9fY2hlY2siOiBbICJjb20uZWJheS5jbGFzc2lmaWVkcy9jb20uZWJheS5hcHAuTWFpblRhYkFjdGl2aXR5IiwgImNvbS5lYmF5Lm1vYmlsZS9jb20uZWJheS5tb2JpbGUuYWN0aXZpdGllcy5lQmF5IiwgImNvbS5lYmF5LnJlZGxhc2VyL2NvbS5lYmF5LnJlZGxhc2VyLlNjYW5uZWRJdGVtc0FjdGl2aXR5IiwgImNvbS5taWxvLmFuZHJvaWQvY29tLm1pbG8uYW5kcm9pZC5hY3Rpdml0eS5Ib21lQWN0aXZpdHkiLCAiY29tLnBheXBhbC5hbmRyb2lkLnAycG1vYmlsZS9jb20ucGF5cGFsLmFuZHJvaWQucDJwbW9iaWxlLmFjdGl2aXR5LlNlbmRNb25leUFjdGl2aXR5IiwgImNvbS5yZW50L2NvbS5yZW50LmFjdGl2aXRpZXMuc2Vzc2lvbi5BY3Rpdml0eUhvbWUiLCAiY29tLnN0dWJodWIvY29tLnN0dWJodWIuQWJvdXQiLCAiY29tLnVsb2NhdGUvY29tLnVsb2NhdGUuYWN0aXZpdGllcy5TZXR0aW5ncyIsICJjb20ubm9zaHVmb3UuYW5kcm9pZC5zdS9jb20ubm9zaHVmb3UuYW5kcm9pZC5zdS5TdSIsICJzdGVyaWNzb24uYnVzeWJveC9zdGVyaWNzb24uYnVzeWJveC5BY3Rpdml0eS5NYWluQWN0aXZpdHkiLCAib3JnLnByb3h5ZHJvaWQvb3JnLnByb3h5ZHJvaWQuUHJveHlEcm9pZCIsICJjb20uYWVkLmRyb2lkdnBuL2NvbS5hZWQuZHJvaWR2cG4uTWFpbkdVSSIsICJuZXQub3BlbnZwbi5vcGVudnBuL25ldC5vcGVudnBuLm9wZW52cG4uT3BlblZQTkNsaWVudCIsICJjb20ucGhvbmVhcHBzOTkuYWFiaXByb3h5L2NvbS5waG9uZWFwcHM5OS5hYWJpcHJveHkuT3Jib3QiLCAiY29tLmV2YW5oZS5wcm94eW1hbmFnZXIucHJvL2NvbS5ldmFuaGUucHJveHltYW5hZ2VyLk1haW5BY3Rpdml0eSIsICJjb20uZXZhbmhlLnByb3h5bWFuYWdlci9jb20uZXZhbmhlLnByb3h5bWFuYWdlci5NYWluQWN0aXZpdHkiLCAiY29tLmFuZHJvbW8uZGV2MzA5MzYuYXBwNzYxOTgvY29tLmFuZHJvbW8uZGV2MzA5MzYuYXBwNzYxOTguQW5kcm9tb0Rhc2hib2FyZEFjdGl2aXR5IiwgImNvbS5tZ3JhbmphLmF1dG9wcm94eV9saXRlL2NvbS5tZ3JhbmphLmF1dG9wcm94eV9saXRlLlByb3h5TGlzdEFjdGl2aXR5IiwgImNvbS52cG5vbmVjbGljay5hbmRyb2lkL2NvbS52cG5vbmVjbGljay5hbmRyb2lkLk1haW5BY3Rpdml0eSIsICJuZXQuaGlkZW1hbi9uZXQuaGlkZW1hbi5TdGFydGVyQWN0aXZpdHkiLCAiY29tLmRvZW50ZXIuYW5kcm9pZC52cG4uZml2ZXZwbi9jb20uZG9lbnRlci5hbmRyb2lkLnZwbi5maXZldnBuLkZpdmVWcG4iLCAiY29tLnRpZ2VydnBucy5hbmRyb2lkL2NvbS50aWdlcnZwbnMuYW5kcm9pZC5NYWluQWN0aXZpdHkiLCAiY29tLnBhbmRhcG93LnZwbi9jb20ucGFuZGFwb3cudnBuLlBhbmRhUG93IiwgImNvbS5leHByZXNzdnBuLnZwbi9jb20uZXhwcmVzc3Zwbi52cG4uTWFpbkFjdGl2aXR5IiwgImNvbS5sb25kb250cnVzdG1lZGlhLnZwbi9jb20ubG9uZG9udHJ1c3RtZWRpYS52cG4uVnBuU2VydmljZUFjdGl2aXR5IiwgImZyLm1lbGVjb20uVlBOUFBUUC52MTAxL2ZyLm1lbGVjb20uVlBOUFBUUC52MTAxLlNwbGFzaFNjcmVlbiIsICJjb20uY2hlY2twb2ludC5WUE4vY29tLmNoZWNrcG9pbnQuVlBOLk1haW5IYW5kbGVyIiwgImNvbS50dW5uZWxiZWFyLmFuZHJvaWQvY29tLnR1bm5lbGJlYXIuYW5kcm9pZC5UYmVhck1haW5BY3Rpdml0eSIsICJkZS5ibGlua3Qub3BlbnZwbi9kZS5ibGlua3Qub3BlbnZwbi5NYWluQWN0aXZpdHkiLCAib3JnLmFqZWplLmZha2Vsb2NhdGlvbi9vcmcuYWplamUuZmFrZWxvY2F0aW9uLkZha2UiLCAiY29tLmxleGEuZmFrZWdwcy9jb20ubGV4YS5mYWtlZ3BzLlBpY2tQb2ludCIsICJjb20uZm9yZ290dGVucHJvamVjdHMubW9ja2xvY2F0aW9ucy9jb20uZm9yZ290dGVucHJvamVjdHMubW9ja2xvY2F0aW9ucy5NYWluIiwgImtyLndvb3QwcGlhLmdwcy9rci53b290MHBpYS5ncHMuQ2F0Y2hNZUlmVUNhbiIsICJjb20ubXkuZmFrZS5sb2NhdGlvbi9jb20ubXkuZmFrZS5sb2NhdGlvbi5jb20ubXkuZmFrZS5sb2NhdGlvbiIsICJqcC5uZXRhcnQuYXJzdGFsa2luZy9qcC5uZXRhcnQuYXJzdGFsa2luZy5NeVByZWZlcmVuY2VBY3Rpdml0eSIsICJsb2NhdGlvblBsYXkuR1BTQ2hlYXRGcmVlL2xvY2F0aW9uUGxheS5HUFNDaGVhdEZyZWUuQWN0aXZpdHlTbWFydExvY2F0aW9uIiwgIm9yZy5nb29kZXYubGF0aXR1ZGUvb3JnLmdvb2Rldi5sYXRpdHVkZS5MYXRpdHVkZUFjdGl2aXR5IiwgImNvbS5zY2hlZmZzYmxlbmQuZGV2aWNlc3Bvb2YvY29tLnNjaGVmZnNibGVuZC5kZXZpY2VzcG9vZi5EZXZpY2VTcG9vZkFjdGl2aXR5IiwgImNvbS5wcm94eUJyb3dzZXIvY29tLnByb3h5QnJvd3Nlci5OZXdQcm94eUJyb3dzZXJBY3Rpdml0eSIsICJjb20uaWNlY29sZGFwcHMucHJveHlzZXJ2ZXJwcm8vY29tLmljZWNvbGRhcHBzLnByb3h5c2VydmVycHJvLnZpZXdTdGFydCIsICJob3RzcG90c2hpZWxkLmFuZHJvaWQudnBuL2NvbS5hbmNob3JmcmVlLnVpLkhvdFNwb3RTaGllbGQiLCAiY29tLmRvZW50ZXIub25ldnBuL2NvbS5kb2VudGVyLm9uZXZwbi5WcG5TZXR0aW5ncyIsICJjb20ueWVzdnBuLmVuL2NvbS55ZXN2cG4uTWFpblRhYiIsICJjb20ub2ZmaWNld3l6ZS5wbHV0b3Zwbi9jb20ub2ZmaWNld3l6ZS5wbHV0b3Zwbi5Ib21lQWN0aXZpdHkiLCAib3JnLmFqZWplLmxvY2F0aW9uc3Bvb2ZlcnByby9vcmcuYWplamUubG9jYXRpb25zcG9vZmVycHJvLkZha2UiLCAibG9jYXRpb25QbGF5LkdQU0NoZWF0L2xvY2F0aW9uUGxheS5HUFNDaGVhdC5BY3Rpdml0eVNtYXJ0TG9jYXRpb24iIF0sICJsb2NhdGlvbl9taW5fYWNjdXJhY3kiOiA1MDAsICJsb2NhdGlvbl9tYXhfY2FjaGVfYWdlIjogMTgwMCwgInNlbmRfb25fYXBwX3N0YXJ0IjogMSwgImVuZHBvaW50X3VybCI6ICJodHRwczovL3N2Y3MucGF5cGFsLmNvbS9BY2Nlc3NDb250cm9sL0xvZ1Jpc2tNZXRhZGF0YSIsICJpbnRlcm5hbF9jYWNoZV9tYXhfYWdlIjogMzAsICJjb21wX3RpbWVvdXQiOiA2MDAgfQ== 6e400002-b5a3-f393-e0a9-e50e24dcca9e 6e400002-b5a3-f393-e0a9-e50e24dcca1e 6bzXGvSlP76ZiHOudKaAvoxrW8Cg5pA6EjIPpiz4zlw EJhi9jOPswug9TDOv93qg4Y28xIlqPDpAoqd7biDLpeGCPvORHjP1Fh4CbFPgKMGCHejdDwe9w1uDWnjPCp1lkaFBjVmjvjpFtnr6z1YeBbmfZYqa9faQT AQaN46hZ5LzGV5wNVKJCQdQ2tzIzBibTOYZCBHCE8bocEdhY 6e400003-b5a3-f393-e0a9-e50e24dcca1e 0c6bb86ed382d6a0d2e28afa9d024a10e7a129b5
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: cn/ittiger/player/PlayerManager.java, line(s) 216 cn/ittiger/player/media/EventLogger.java, line(s) 116,121,126,140,143,154,160,163,167,177,180,186,196,204,209,213,217,219,224,226,231,236,241,246,251,261,266,271,276,281,291,296,301,323,326,329,332,335,338,340,343,131,315 cn/ittiger/player/util/Utils.java, line(s) 109,113 com/contrarywind/view/WheelView.java, line(s) 326 com/example/smartlinklib/SmartLinkManipulator.java, line(s) 72,101,112,123,160,233,281,294,315,249,260 com/gcssloop/widget/ArcSeekBar.java, line(s) 444,454 com/github/barteksc/pdfviewer/PDFView.java, line(s) 338,571,726,735 com/hiflying/commons/log/HFLog.java, line(s) 35,37,42,89,91,96,53,55,60,17,19,24,71,73,78 com/hiflying/smartlink/AbstractSmartLinker.java, line(s) 181,241,287,194,238 com/hiflying/smartlink/AbstractSmartLinkerActivity.java, line(s) 114,125,138 com/hiflying/smartlink/AbstractSmartLinkerFragment.java, line(s) 136,147,160 com/hiflying/smartlink/v3/SnifferSmartLinker.java, line(s) 32 com/hiflying/smartlink/v7/MulticastSmartLinker.java, line(s) 42 com/meiqia/core/MQManager.java, line(s) 224 com/meiqia/core/n3.java, line(s) 22,35 com/meiqia/core/w2.java, line(s) 116,135,181,225,327,347 com/meiqia/core/x2.java, line(s) 8,14 com/paypal/android/sdk/a.java, line(s) 54 com/paypal/android/sdk/ax.java, line(s) 113 com/paypal/android/sdk/ci.java, line(s) 14,25 com/paypal/android/sdk/cm.java, line(s) 68,79,156,160 com/paypal/android/sdk/cq.java, line(s) 49,82,45,62,74 com/paypal/android/sdk/cw.java, line(s) 55,56,57 com/paypal/android/sdk/d.java, line(s) 131,135 com/paypal/android/sdk/e.java, line(s) 30 com/paypal/android/sdk/eg.java, line(s) 26 com/paypal/android/sdk/eh.java, line(s) 30 com/paypal/android/sdk/ek.java, line(s) 149 com/paypal/android/sdk/em.java, line(s) 24 com/paypal/android/sdk/er.java, line(s) 20 com/paypal/android/sdk/gc.java, line(s) 26,37 com/paypal/android/sdk/gl.java, line(s) 43 com/paypal/android/sdk/payments/PayPalAuthorization.java, line(s) 59 com/paypal/android/sdk/payments/PayPalConfiguration.java, line(s) 64,92 com/paypal/android/sdk/payments/PayPalFuturePaymentActivity.java, line(s) 41,48,52,97,99 com/paypal/android/sdk/payments/PayPalItem.java, line(s) 28,155 com/paypal/android/sdk/payments/PayPalPayment.java, line(s) 75,82,258 com/paypal/android/sdk/payments/PayPalPaymentDetails.java, line(s) 83 com/paypal/android/sdk/payments/PayPalProfileSharingActivity.java, line(s) 67,69 com/paypal/android/sdk/payments/PayPalService.java, line(s) 183,249,255,454 com/paypal/android/sdk/payments/PaymentActivity.java, line(s) 42,49,54,102,104 com/paypal/android/sdk/payments/PaymentConfirmActivity.java, line(s) 350,130,281 com/paypal/android/sdk/payments/PaymentConfirmation.java, line(s) 62 com/paypal/android/sdk/payments/ProofOfPayment.java, line(s) 86 com/paypal/android/sdk/payments/ShippingAddress.java, line(s) 41,131 com/paypal/android/sdk/payments/bu.java, line(s) 39,49,56 com/paypal/android/sdk/payments/ca.java, line(s) 19 com/paypal/android/sdk/payments/cg.java, line(s) 116,238,252,275,289,304,331 com/paypal/android/sdk/payments/d.java, line(s) 181 com/paypal/android/sdk/payments/m.java, line(s) 393,167 com/paypal/android/sdk/payments/z.java, line(s) 25,32,16 com/populock/manhattan/sdk/service/BleService.java, line(s) 333,181,190,214 com/populock/manhattan/sdk/util/AESUtil.java, line(s) 61,67 com/populstay/populife/activity/FoundDeviceActivity.java, line(s) 87 com/populstay/populife/activity/GatewayAddActivity.java, line(s) 92 com/populstay/populife/app/CrashHandler.java, line(s) 90,170,71,151,164,172,79 com/populstay/populife/app/MyApplication.java, line(s) 732,889 com/populstay/populife/base/BaseApplication.java, line(s) 56,122,129 com/populstay/populife/pay/paypal/PayPalHelper.java, line(s) 151,181,98,104,113,114,120,134,138,147,148,161,167,177,178 com/populstay/populife/util/locale/LanguageUtil.java, line(s) 84,129 com/populstay/populife/util/locale/LocalManageUtils.java, line(s) 135 com/populstay/populife/util/log/LogToFile.java, line(s) 53 com/populstay/populife/util/net/NetworkUtil.java, line(s) 20,23,26 com/populstay/populife/util/string/MD5.java, line(s) 35 com/rilixtech/widget/countrycodepicker/CountryCodeDialog.java, line(s) 108,111 com/rilixtech/widget/countrycodepicker/CountryCodePicker.java, line(s) 227,699,866,881,616,628,833,845 com/rilixtech/widget/countrycodepicker/ex/CountryCodeActivity.java, line(s) 93,96 com/scaf/android/client/CodecUtils.java, line(s) 19 com/shockwave/pdfium/PdfiumCore.java, line(s) 69,206,210,240,244 com/sun/jna/Native.java, line(s) 263,659,713,670,675,681,697,702,708,724,728,749,755,784,807,818,839,1355,1358,1359 com/sun/jna/Structure.java, line(s) 1138 com/ttlock/bl/sdk/service/BluetoothLeService.java, line(s) 574,581,251,260,284,674,713,681,696,906 com/ttlock/bl/sdk/util/AESUtil.java, line(s) 63,69 com/ttlock/bl/sdk/util/LogUtil.java, line(s) 36,63,90,72,81 com/ttlock/gateway/sdk/util/LogUtil.java, line(s) 36,63,90,72,81 com/wang/avi/AVLoadingIndicatorView.java, line(s) 205 com/yalantis/ucrop/UCropActivity.java, line(s) 145 com/yalantis/ucrop/task/BitmapCropTask.java, line(s) 113 com/yalantis/ucrop/task/BitmapLoadTask.java, line(s) 130,170,213,93,136,150,157 com/yalantis/ucrop/util/BitmapLoadUtils.java, line(s) 102,50,81 com/yalantis/ucrop/util/EglUtils.java, line(s) 27 com/yalantis/ucrop/util/FileUtils.java, line(s) 59 com/yalantis/ucrop/util/ImageHeaderParser.java, line(s) 55,62,73,81,113,123,135,149,163,169,173,178,184,188,291,54,61,72,80,112,122,134,148,162,168,172,177,183,187 com/yalantis/ucrop/view/TransformImageView.java, line(s) 217,234,124,78 me/yokeyword/fragmentation/TransactionDelegate.java, line(s) 285,462,263,277 me/yokeyword/fragmentation/debug/DebugStackDelegate.java, line(s) 130 me/yokeyword/fragmentation/exception/AfterSaveStateTransactionWarning.java, line(s) 8 moe/feng/support/biometricprompt/BiometricPromptApi23Impl.java, line(s) 134 moe/feng/support/biometricprompt/BiometricPromptCompat.java, line(s) 91,103 no/nordicsemi/android/dfu/BaseDfuImpl.java, line(s) 446,450,461,358,390,455 no/nordicsemi/android/dfu/DfuBaseService.java, line(s) 622,626,637,631 org/greenrobot/eventbus/BackgroundPoster.java, line(s) 40 org/greenrobot/eventbus/EventBus.java, line(s) 290,429,431,440,172 org/greenrobot/eventbus/util/AsyncExecutor.java, line(s) 98 org/greenrobot/eventbus/util/ErrorDialogConfig.java, line(s) 34 org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 185 org/greenrobot/eventbus/util/ExceptionToResourceMapping.java, line(s) 26
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/paypal/android/sdk/bq.java, line(s) 62,29,61,57,60,60 com/paypal/android/sdk/ce.java, line(s) 46,68,45,67,63,44,44,66,66 com/populock/manhattan/sdk/net/RestCreator.java, line(s) 12,12 com/populstay/populife/net/RestCreator.java, line(s) 14,14
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/paypal/android/sdk/at.java, line(s) 10 com/paypal/android/sdk/az.java, line(s) 9,9
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (eco-push-api-client.meiqia.com) 通信。
{'ip': '114.117.133.42', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (new-api.meiqia.com) 通信。
{'ip': '114.117.133.42', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (item.taobao.com) 通信。
{'ip': '122.225.217.184', 'country_short': 'CN', 'country_long': '中国', 'region': '广东', 'city': '深圳', 'latitude': '22.545673', 'longitude': '114.068108'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (edge-api2.meiqia.com) 通信。
{'ip': '114.117.133.42', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.ttlock.com.cn) 通信。
{'ip': '47.114.147.192', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}
综合安全基线评分总结
Populife v3.4.0
Android APK
47
综合安全评分
中风险