应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Barstool v5.21.2
49
安全评分
安全基线评分
49/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
3
高危
34
中危
4
信息
2
安全
隐私风险评估
9
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
3
中危安全漏洞
34
安全提示信息
4
已通过安全项
2
重点安全关注
0
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/adsbynimbus/render/StaticAdController.java, line(s) 235,9 com/adsbynimbus/render/internal/WebViewExtensionsKt.java, line(s) 117,7,8 com/amazon/aps/ads/util/adview/ApsAdViewFetchUtils.java, line(s) 178,197,7 com/barstoolsports/story_view/StoryViewFragment.java, line(s) 1107,20,21
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/onesignal/inAppMessages/internal/display/impl/WebViewManager.java, line(s) 362,5
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个9隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据存在泄露风险
未设置[android:allowBackup]标志 建议将 [android:allowBackup] 显式设置为 false。默认值为 true,允许通过 adb 工具备份应用数据,存在数据泄露风险。
中危安全漏洞 Activity (com.barstoolsports.barstool.ui.main.MainActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.barstoolsports.story_view.StoryViewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.barstoolsports.author.ui.AuthorActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.barstoolsports.brand.ui.BrandActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.barstoolsports.story_view.ExpandedControlsActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.barstoolsports.podcast.PodcastSessionService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (androidx.media.session.MediaButtonReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.onesignal.notifications.receivers.FCMBroadcastReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.onesignal.notifications.activities.NotificationOpenedActivityHMS) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.onesignal.notifications.receivers.NotificationDismissReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.onesignal.notifications.receivers.BootUpReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.onesignal.notifications.receivers.UpgradeReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.onesignal.notifications.activities.NotificationOpenedActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.onesignal.notifications.activities.NotificationOpenedActivityAndroid22AndOlder) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (androidx.compose.ui.tooling.PreviewActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.amazon.aps.ads.activity.ApsInterstitialActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.amazon.device.ads.DTBInterstitialActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 高优先级 Intent(999) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: coil/memory/MemoryCache.java, line(s) 117 coil/memory/MemoryCacheService.java, line(s) 33 coil/request/Parameters.java, line(s) 156 com/adsbynimbus/lineitem/DynamicPrice.java, line(s) 16,23,19,20,21,22 com/amazon/aps/ads/ApsConstants.java, line(s) 10 com/amazon/aps/shared/APSAnalytics.java, line(s) 19 com/amazon/aps/shared/ApsMetrics.java, line(s) 43 com/amazon/device/ads/DTBAdInterstitial.java, line(s) 16 com/amazon/device/ads/DTBAdLoader.java, line(s) 4,5,7,6,8 com/amazon/device/ads/DTBAdRequest.java, line(s) 44 com/amazon/device/ads/DTBMetricsConfiguration.java, line(s) 21,22,23 com/amazon/device/ads/DtbConstants.java, line(s) 69,13,19,15,16,17,18,32,72,73,75 com/amazon/device/ads/DtbDeviceData.java, line(s) 23,24,25,26,27,28,29,30,31,32,33,34,35 com/amazon/device/ads/DtbDeviceRegistration.java, line(s) 22,23,24,26,27 com/barstoolsports/core/api/response/UserResponse.java, line(s) 149 com/barstoolsports/core/client/AuthResponse.java, line(s) 79 com/barstoolsports/core/client/Credentials.java, line(s) 51 com/barstoolsports/core/client/PasswordChange.java, line(s) 51 com/barstoolsports/core/client/Registration.java, line(s) 69 com/barstoolsports/core/entity/UserEntity.java, line(s) 125 com/barstoolsports/core/model/ContentLayout.java, line(s) 81 com/barstoolsports/core/model/ContentLayoutSection.java, line(s) 61 com/barstoolsports/core/model/UserModel.java, line(s) 133 com/barstoolsports/core/model/ViralPost.java, line(s) 575 com/barstoolsports/welcome/StartActivity.java, line(s) 15 com/bugsnag/android/DeliveryHeadersKt.java, line(s) 17 com/bugsnag/android/EventFilenameInfo.java, line(s) 118 com/bugsnag/android/ExceptionHandler.java, line(s) 7 com/bugsnag/android/ManifestConfigLoader.java, line(s) 16 com/bugsnag/android/SessionFilenameInfo.java, line(s) 83 com/bugsnag/android/SharedPrefMigrator.java, line(s) 8,9,10,11 com/bugsnag/android/SystemBroadcastReceiver.java, line(s) 21 com/mux/stats/sdk/core/model/CustomerPlayerData.java, line(s) 8 com/mux/stats/sdk/core/model/SessionTag.java, line(s) 13 com/onesignal/core/internal/http/impl/OptionalHeaders.java, line(s) 79 com/onesignal/inAppMessages/internal/display/impl/WebViewManager.java, line(s) 49,50,51,44 com/onesignal/inAppMessages/internal/prompt/InAppMessagePromptTypes.java, line(s) 9,10 com/onesignal/inAppMessages/internal/prompt/impl/InAppMessagePrompt.java, line(s) 38 com/onesignal/notifications/bridges/OneSignalHmsEventBridge.java, line(s) 25,26 com/onesignal/notifications/internal/Notification.java, line(s) 479 com/onesignal/notifications/internal/bundle/impl/NotificationBundleProcessor.java, line(s) 23 com/onesignal/notifications/internal/common/NotificationConstants.java, line(s) 19,13,14,15,16,17 com/onesignal/notifications/internal/common/NotificationHelper.java, line(s) 34 com/onesignal/notifications/receivers/FCMBroadcastReceiver.java, line(s) 21 spotIm/core/Constants.java, line(s) 15 spotIm/core/android/preferences/SharedPreferencesCrypto.java, line(s) 20,25 spotIm/core/android/preferences/SharedPreferencesManager.java, line(s) 170,150 spotIm/core/android/preferences/SharedPreferencesMigrator.java, line(s) 159,197 spotIm/core/data/remote/RemoteMapper.java, line(s) 553 spotIm/core/data/remote/model/ProfileRemote.java, line(s) 287 spotIm/core/data/remote/model/UserRemote.java, line(s) 195,194 spotIm/core/data/remote/model/realtime/RealtimeTypingUserRemote.java, line(s) 69 spotIm/core/data/remote/model/realtime/RealtimeUserRemote.java, line(s) 100 spotIm/core/data/remote/model/requests/StartSSORequest.java, line(s) 57 spotIm/core/domain/model/Comment.java, line(s) 235 spotIm/core/domain/model/Notification.java, line(s) 135 spotIm/core/domain/model/PostReply.java, line(s) 88 spotIm/core/domain/model/User.java, line(s) 103,102 spotIm/core/utils/CloudinaryUploadRequest.java, line(s) 92
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/amazon/aps/shared/APSAnalytics.java, line(s) 13 com/amazon/aps/shared/ApsMetrics.java, line(s) 19 com/barstoolsports/core/handler/AuthHandler.java, line(s) 23 com/mux/stats/sdk/core/util/UUID.java, line(s) 3 com/onesignal/common/AndroidUtils.java, line(s) 23 org/jacoco/core/runtime/AbstractRuntime.java, line(s) 3
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/amazon/device/ads/DtbDeviceData.java, line(s) 166 com/bugsnag/android/Deliverable.java, line(s) 27
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: coil/decode/SourceImageSource.java, line(s) 134 com/amazon/device/ads/DTBMetricsConfiguration.java, line(s) 124 com/amazon/device/ads/WebResourceService.java, line(s) 64 spotIm/core/utils/ImagePickerHelper.java, line(s) 56
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: spotIm/core/utils/ImagePickerHelper.java, line(s) 56
中危安全漏洞 IP地址泄露
IP地址泄露 Files: spotIm/core/data/api/interceptor/ErrorHandlingInterceptor.java, line(s) 70
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/onesignal/core/internal/database/impl/OSDatabase.java, line(s) 7,8,9,10,11,503 com/onesignal/session/internal/outcomes/impl/OutcomeTableProvider.java, line(s) 3,4,15,16,17,18,19,20,21,25,32,33,34,35,36,40,47,48,52,59,60,61,62,63,67
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/530817751125/namespaces/firebase:fetch?key=AIzaSyA22QuhFrIds8t3QyrPOUBNNxQ7Y4WvNvk ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"article_ad_unit_display": "show",
"trending_stories_style": "list"
},
"state": "UPDATE",
"templateVersion": "16"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AppLovin广告SDK的=> "applovin.sdk.key" : "hO52kFtMvEo_AoeRzED0_XXfS1B1VQp9GW50yudJO-eUUTOmRBLl3c-2GyTevLNspll_fN5PLTbAHOakoTuHuP" Bugsnag-SDK的=> "com.bugsnag.android.API_KEY" : "27eff0905afa6a358c9e952b2aa12d70" AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-8819633357246975~1737955757" "adapter_notifications_header_author" : "Bloggers" "cast_receiver_app_id" : "519FDD49" "firebase_database_url" : "https://barstool-sports-prod.firebaseio.com" "fragment_all_authors_title" : "Bloggers" "fragment_complete_profile_no_username_title" : "Username" "fragment_complete_profile_username" : "Username" "fragment_log_in_no_password_title" : "Password" "fragment_log_in_password" : "Password" "fragment_sign_up_password" : "Password" "google_api_key" : "AIzaSyA22QuhFrIds8t3QyrPOUBNNxQ7Y4WvNvk" "google_app_id" : "1:530817751125:android:1355b7ada6c051e1" "google_crash_reporting_api_key" : "AIzaSyA22QuhFrIds8t3QyrPOUBNNxQ7Y4WvNvk" "one_signal_app_id" : "4a7fb94e-24c6-4171-98b4-a0335eba6700" "spot_key" : "sp_rnhQMwip" 3ramR4915VrqRb5U5FBcybtsTvSGFJu8 3A83f77bc2-9a89-5581-b63e-c142fddc5eb0 377077bb562fd608a6dc4319a7929150 e4a6d9b7-a1a3-4d7a-8e4b-579e31278d9b c4149bbd89562bb5ec598e733fb38a20 70310d22e0ecc417479cb0ae20079e55 4a7fb94e-24c6-4171-98b4-a0335eba6700 7971256da2f9d61d217f3117d9eb0d9b 3A20c1ffb1-dfb9-5ed3-b60f-d32bc48cd5b 253a187bd5fba8102615ebfd0a1846bf 4C7F8E5E1444F0206E6ED09D91D0A193 d1cb746d190ecadafa3c9c31d016f25c 59ad8368-e778-4afb-9dcd-6bb96a53cd9c 3Ae8013d9b-60d8-5a56-97f3-112f8cd479b7 0a7dc4e12ea0d9c743774b0b174732ba F094E76FB5134245A86375DEF663F6B3 4335355517ec1319a40f7d54abe6a161 3Afdba5db8-618a-5b5f-b60c-0fb656d7c1c5 b15787d7-ca1e-49ea-b62e-3d86b57e02b2 a5c71f6aff54eb34c826d952c285eaf0650b4259c83ae598962681a6429b63f6 546f286b16a375d80fffdd3493f1f582 3A027b554c-3bae-5aee-9292-bd862b2af199 f7e70640994d19bfd49bb8bafe2e6ec5 3A0aadff19-7be4-5f66-8004-be9ed469d010 c682b8144a8dd52bc1ad63 F6F72C5294952751C0259B7F412E143B 7ef26ded-1eb2-4dc0-b9dc-25d9346122fe feeeb723abf46e5e0db49a49c6af4e30 43cf53544f60fd4e647182b903095b43 a5746487c9abda1592c9af498193eb63 e9026ffd475a1a3691e6b2ce637a9b92aab1073ebf53a67c5f2583be8a804ecb c0c295e2318d6168a22f19b4284f77db
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/alexvasilkov/gestures/animation/ViewPositionAnimator.java, line(s) 103,131,142,156,164,172,180,187,194,201,248,304,333,412,426,470,513 com/alexvasilkov/gestures/internal/Fps.java, line(s) 30,37,39 com/alexvasilkov/gestures/transition/ViewsCoordinator.java, line(s) 56,98,114,145 com/alexvasilkov/gestures/transition/ViewsTransitionAnimator.java, line(s) 37,52,63,111,141,188,198 com/amazon/aps/ads/ApsAdController.java, line(s) 79,104,129,154,179,204,229,254,316,319 com/amazon/aps/ads/ApsLog.java, line(s) 40,60,20,50 com/amazon/aps/ads/activity/ApsInterstitialActivity.java, line(s) 85,136,223,225 com/amazon/aps/ads/util/ApsAdExtensionsKt.java, line(s) 23,29,35 com/amazon/aps/ads/util/ApsUtils.java, line(s) 71,74 com/amazon/aps/shared/APSAnalytics.java, line(s) 87,70,79,85,92,132,138,147 com/amazon/aps/shared/ApsMetrics.java, line(s) 181,208,221,234,288,251 com/amazon/aps/shared/analytics/APSEvent.java, line(s) 56,84,162 com/amazon/aps/shared/util/APSNetworkManager.java, line(s) 41,172,174,180,44,75,78,84,101,111,118,124,150,157,186,192,215,221 com/amazon/aps/shared/util/ApsAsyncUtil.java, line(s) 34,37,63,96,114,151,166 com/amazon/device/ads/AdRegistration.java, line(s) 153,285,299,548,570,591,229,240,265,266,268,269,279,280,282,169 com/amazon/device/ads/DTBAdMRAIDController.java, line(s) 152,304,321,379,513,516,537,540,551,554,560,692 com/amazon/device/ads/DTBAdMRAIDExpandedController.java, line(s) 52 com/amazon/device/ads/DTBAdMRAIDInterstitialController.java, line(s) 45,68,110 com/amazon/device/ads/DTBAdNetworkInfo.java, line(s) 25 com/amazon/device/ads/DTBAdRequest.java, line(s) 259,261,559,567,574,581,613,825,827,837,226,461,583,706,841,340,578,604,692,695,763,103,139,229,545 com/amazon/device/ads/DTBAdResponse.java, line(s) 282,397 com/amazon/device/ads/DTBAdUtil.java, line(s) 117,219,224,229,251,259,264,267,270,273,295,298,367,370 com/amazon/device/ads/DTBInterstitialActivity.java, line(s) 95 com/amazon/device/ads/DTBMetricReport.java, line(s) 94 com/amazon/device/ads/DTBMetricsConfiguration.java, line(s) 235,247,126,138,161,179,194,211,223,261,279,307 com/amazon/device/ads/DTBMetricsProcessor.java, line(s) 104,108,109,112,118,115,117,121,126 com/amazon/device/ads/DTBTimeTrace.java, line(s) 66,34,58,69,82,92,112 com/amazon/device/ads/DtbAdRequestParamsBuilder.java, line(s) 145,103,183 com/amazon/device/ads/DtbAdvertisingInfo.java, line(s) 11,27,34,37,50,49 com/amazon/device/ads/DtbCommonUtils.java, line(s) 53,121,193,196,199,202,205,208,220,223,226,229,232,235,302,264 com/amazon/device/ads/DtbDebugProperties.java, line(s) 42,65,70,73,76,82,88,94,108,190 com/amazon/device/ads/DtbDeviceData.java, line(s) 52,57,72,88,152,154,180 com/amazon/device/ads/DtbDeviceRegistration.java, line(s) 75,118,300,128,330,70,95,98,125,179,182,221,224,284,288,310,317 com/amazon/device/ads/DtbFireOSServiceAdapter.java, line(s) 24,26,36,39 com/amazon/device/ads/DtbGeoLocation.java, line(s) 25,138,144,149,152,156,159,171,174 com/amazon/device/ads/DtbGooglePlayServices.java, line(s) 25 com/amazon/device/ads/DtbHttpClient.java, line(s) 86,126,127,140,151,167,170,200 com/amazon/device/ads/DtbLog.java, line(s) 87,94,102,109,117,124,132,140,147,154,16,57,64,72,79 com/amazon/device/ads/DtbMetrics.java, line(s) 97,147,154,159,161,170,173,176,182,185,189 com/amazon/device/ads/DtbOmSdkSessionManager.java, line(s) 107,265,141,151,172,195 com/amazon/device/ads/DtbPackageNativeData.java, line(s) 37,53 com/amazon/device/ads/DtbSharedPreferences.java, line(s) 102,109,466,436 com/amazon/device/ads/DtbThreadService.java, line(s) 22,30 com/amazon/device/ads/WebResourceService.java, line(s) 56 com/barstoolsports/ads/nimbus/DynamicPriceManager$auction$4.java, line(s) 127 com/barstoolsports/ads/nimbus/NimbusAdsProviderKt.java, line(s) 22 com/barstoolsports/barstool/app/BarstoolApplication$initSpotIm$1.java, line(s) 93 com/barstoolsports/barstool/app/BarstoolApplication.java, line(s) 321 com/barstoolsports/components/MediaPauseReceiver.java, line(s) 34,36,39 com/barstoolsports/core/handler/NoOpBreadcrumbHandler.java, line(s) 20,26 com/barstoolsports/core/model/Story.java, line(s) 796 com/barstoolsports/data/network/ResultCall.java, line(s) 41 com/barstoolsports/podcast/PodcastSessionService.java, line(s) 111 com/barstoolsports/videoservice/BarstoolVideoService.java, line(s) 170 com/bugsnag/android/DebugLogger.java, line(s) 45,50,15,20,35,40,25,30 com/bugsnag/android/ExceptionHandler.java, line(s) 66 com/iab/omid/library/adsbynimbus/publisher/b.java, line(s) 30,32 com/iab/omid/library/adsbynimbus/utils/d.java, line(s) 18,11,25 com/iab/omid/library/amazon/publisher/b.java, line(s) 30,32 com/iab/omid/library/amazon/utils/d.java, line(s) 18,11,25 com/mux/stats/sdk/muxstats/MuxDataSdk.java, line(s) 1003,991,999,1005,1007,1023,995 com/onesignal/debug/internal/logging/Logging.java, line(s) 181,191,208,184,178,187 com/onesignal/notifications/internal/badges/impl/shortcutbadger/ShortcutBadger.java, line(s) 62,122,132,59,93,100,121,106 dagger/android/AndroidInjection.java, line(s) 30,29 nl/adaptivity/xmlutil/core/KtXmlReader.java, line(s) 683 spotIm/core/utils/logger/OWLogger.java, line(s) 45,49,53,55,60
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: spotIm/core/android/preferences/SharedPreferencesManager.java, line(s) 61,61 spotIm/core/android/preferences/SharedPreferencesMigrator.java, line(s) 41,41
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: spotIm/core/utils/ContextExtentionsKt.java, line(s) 6,158,160
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://barstool-sports-prod.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/barstoolsports/data/network/RetrofitModule.java, line(s) 44,54,65,44,54,65 com/barstoolsports/whoami/dagger/WhoAmIModule.java, line(s) 67,67 spotIm/core/data/remote/di/NetworkModule.java, line(s) 107,117,107,117 spotIm/core/utils/CloudinaryFactory.java, line(s) 31,31
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/bugsnag/android/RootDetector.java, line(s) 33,33,33
综合安全基线评分总结
Barstool v5.21.2
Android APK
49
综合安全评分
中风险