应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Uptodown App Store v6.89
50
安全评分
安全基线评分
50/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
4
高危
27
中危
2
信息
3
安全
隐私风险评估
5
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
4
中危安全漏洞
27
安全提示信息
2
已通过安全项
3
重点安全关注
0
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.uptodown.activities.MainActivity][android:host=https://www.uptodown.com] App Link 资产验证 URL(https://www.uptodown.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:404)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=com.uptodown.activities.MainActivity][android:host=https://dw.uptodown.com] App Link 资产验证 URL(https://dw.uptodown.com/.well-known/assetlinks.json)未找到或配置不正确。(状态码:404)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/mbridge/msdk/click/m.java, line(s) 191,15,16 com/mbridge/msdk/mbbanner/common/communication/BannerExpandDialog.java, line(s) 184,15 com/mbridge/msdk/video/bt/module/MBridgeBTWebView.java, line(s) 356,13 com/mbridge/msdk/video/module/MBridgeAlertWebview.java, line(s) 95,6
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个5隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (com.uptodown.tv.ui.activity.TvMainActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.uptodown.core.activities.InstallerActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.uptodown.activities.SearchActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.uptodown.receivers.BootDeviceReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.uptodown.receivers.MyAppUpdatedReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.uptodown.receivers.DownloadNotificationReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.uptodown.receivers.DownloadUpdateNotificationReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.inmobi.cmp.presentation.components.CmpActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (org.matomo.sdk.extra.InstallReferrerReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.mbridge.msdk.foundation.same.broadcast.NetWorkChangeReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 高优先级 Intent(999) - {17} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: A0/b.java, line(s) 75 b0/C0234e.java, line(s) 80 b0/C0333e.java, line(s) 84 b0/w.java, line(s) 120 com/mbridge/msdk/MBridgeConstans.java, line(s) 17,52 com/mbridge/msdk/foundation/download/core/DownloadCommon.java, line(s) 21 com/mbridge/msdk/foundation/download/core/DownloaderReporter.java, line(s) 12 com/mbridge/msdk/foundation/entity/CampaignEx.java, line(s) 39 com/mbridge/msdk/foundation/entity/n.java, line(s) 182 com/mbridge/msdk/newreward/player/MBRewardVideoActivity.java, line(s) 44 com/mbridge/msdk/newreward/player/imodel/IBigTempModel.java, line(s) 10,13 com/mbridge/msdk/newreward/player/imodel/IECModel.java, line(s) 38,47,41,26,20,23,44,33 com/mbridge/msdk/newreward/player/imodel/IMoreOfferModel.java, line(s) 6,9,12,15 com/mbridge/msdk/newreward/player/imodel/IPlayModel.java, line(s) 45,57,74,81,48,36,30,33,68,54,39 com/mbridge/msdk/newreward/player/iview/IBaseWebView.java, line(s) 21,15,18 com/mbridge/msdk/newreward/player/iview/IMetaData.java, line(s) 18 com/mbridge/msdk/newreward/player/model/BigTemplateModel.java, line(s) 47 com/mbridge/msdk/newreward/player/model/ECTempleModel.java, line(s) 90,123,159,163 com/mbridge/msdk/newreward/player/model/MoreOfferModel.java, line(s) 51,43,39,47 com/mbridge/msdk/newreward/player/model/PlayTempleModel.java, line(s) 165,156,248,204 com/mbridge/msdk/newreward/player/model/WebTemplateModel.java, line(s) 249,170,161,205 com/mbridge/msdk/newreward/player/model/WebViewECModel.java, line(s) 99,134,174 com/mbridge/msdk/newreward/player/view/WebViewTemplate.java, line(s) 373,397,423 com/mbridge/msdk/newreward/player/view/ectemplate/WebViewEC.java, line(s) 155,179,203 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSessionManager.java, line(s) 36 com/mbridge/msdk/video/dynview/moffer/MOfferModel.java, line(s) 119
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: U2/C1262m.java, line(s) 483,492 U2/C2538m.java, line(s) 751,760 U2/y.java, line(s) 249 W1/C0563i.java, line(s) 136 W1/C0564j.java, line(s) 31,37,80,95,104,71,77,90 W1/C0741i.java, line(s) 156 W1/C0742j.java, line(s) 29,35,78,93,102,69,75,88 W1/I.java, line(s) 18 com/mbridge/msdk/foundation/same/report/b/d.java, line(s) 148 com/mbridge/msdk/foundation/tools/ai.java, line(s) 49,60,70 com/uptodown/core/activities/FileExplorerActivity.java, line(s) 352,410,2858,2909,3416
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: S3/b.java, line(s) 20 U3/b.java, line(s) 70 W1/C0560f.java, line(s) 95 W1/C0738f.java, line(s) 97 com/mbridge/msdk/foundation/download/resource/MBResourceManager.java, line(s) 95 com/mbridge/msdk/foundation/tools/ac.java, line(s) 19,34 l2/C1057b.java, line(s) 16 l2/C2151b.java, line(s) 17
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: U2/v.java, line(s) 7,8,1488,1913 Y/M.java, line(s) 6,7,150,185,234,250,523,535,573,683 Y/W.java, line(s) 5,6,160 com/mbridge/msdk/foundation/db/BatchReportDao.java, line(s) 6,79 com/mbridge/msdk/foundation/db/b.java, line(s) 6,84 com/mbridge/msdk/foundation/db/c.java, line(s) 5,56 com/mbridge/msdk/foundation/db/e.java, line(s) 6,123,179,218,330,613,1286 com/mbridge/msdk/foundation/db/g.java, line(s) 4,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91 com/mbridge/msdk/foundation/download/database/DatabaseHelper.java, line(s) 6,91,159,205,280,289 com/mbridge/msdk/newreward/function/d/c.java, line(s) 4,5,22,29,30 com/mbridge/msdk/tracker/b.java, line(s) 4,5,22,36,37,51,52
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: G1/c.java, line(s) 83,84,80
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/mbridge/msdk/playercommon/exoplayer2/util/Util.java, line(s) 175 t0/c.java, line(s) 82
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: H3/AbstractC1893a.java, line(s) 3 H3/C1894b.java, line(s) 3 H3/a.java, line(s) 3 H3/b.java, line(s) 3 com/mbridge/msdk/dycreator/baseview/rewardpopview/MBAcquireRewardPopView.java, line(s) 29 com/mbridge/msdk/playercommon/exoplayer2/source/ShuffleOrder.java, line(s) 4 com/mbridge/msdk/playercommon/exoplayer2/trackselection/RandomTrackSelection.java, line(s) 7 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/CachedContentIndex.java, line(s) 21 com/mbridge/msdk/thrid/okhttp/OkHttpClient.java, line(s) 29 com/mbridge/msdk/thrid/okhttp/internal/ws/RealWebSocket.java, line(s) 26 com/mbridge/msdk/thrid/okhttp/internal/ws/WebSocketWriter.java, line(s) 10 i3/C1914a.java, line(s) 5 i3/a.java, line(s) 4 j$/util/concurrent/ThreadLocalRandom.java, line(s) 16
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/mbridge/msdk/foundation/webview/BrowserView.java, line(s) 168,165 com/mbridge/msdk/mbsignalcommon/base/BaseWebView.java, line(s) 86,83 com/mbridge/msdk/newreward/player/view/hybrid/MBWebView.java, line(s) 50,47
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: t0/b.java, line(s) 53
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "com.google.firebase.crashlytics.mapping_file_id" : "c23a3151cf7b4976ace8682c2a7baf6f" "dyStrategy.privateAddress" : "privateAddress" "google_api_key" : "AIzaSyBaooNElLxTgeKdljNdrXJQg5-mA_U1Lko" "google_app_id" : "1:171380306104:android:4e827fc7c388aeec79c44d" "google_crash_reporting_api_key" : "AIzaSyBaooNElLxTgeKdljNdrXJQg5-mA_U1Lko" "more_info_author" : "Author" "username_edit_change" : "Change" "more_info_author" : "Autor" "recuperar_pass" : "Passwortwiederherstellung" "more_info_author" : "Autor" "more_info_author" : "Autor" "username_edit_change" : "Cambiar" "more_info_author" : "Pencipta" "username_edit_change" : "Ubah" "more_info_author" : "Autor" "username_edit_change" : "Alterar" "more_info_author" : "Auteur" "username_edit_change" : "Changement" "more_info_author" : "Yazar" "more_info_author" : "Autore" "username_edit_change" : "Cambia" 936dcbdd57fe235fd7cf61c2e93da3c4 LdxThdi1WBKUL75ULBPwJ7JgY7K0DkeAWrfXYN== 0000016742C00BDA259000000168CE0F13200000016588840DCE7118A0002FBF1C31C3275D78 h7KsLkfPW+xUhoPwJ7JgY7K0DkeAWrfXYN== HkzwDFeD4QuyLdx5igfZYcu9xTM9NN== 7e5347690cfae30d311f1b31465c33f6 DFKwWgtuDkKwLZPwD+z8H+N/xj26Vjcdx5KyVj5GxVN= 470fa2b4ae81cd56ecbcda9735803434cec591fa eyJ2YWx1ZSI6IjRhOTRiN2I1MTk1NGVkNGMyMjZjZGM1MGMxZDE5Yjk2MTY4MzY5OTE1NCJ9 DFeuWkH0W+xUhoPwJ7JgY7K0DkeAWrfXYN== LdxThdi1WBKUL75ULBPBD+QqJk2MWrfXYN== DFKwWgtuDkKwLZPwD+z8H+N/xj26Vjcdx5KanjKnxVN= 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 h7KsLkfPW+xUhoPBD+QqJk2MWrfXYN== DFK/HrQgJ+zQW+xUhoPwJ7JgY7K0DkeAWrfXYN== Y7c14Z2TDbv/Y+xgHFeXDrcshBPUYFT= DFKwWgtuDkKwLZPwD+z8H+N/xjQZxVfV+T2SZVe6V2xS5c5n 92762936dcbdd57fe235fd7cf61c2e93da3c4 DkP3hrKuHoPMH+zwL+fALkK/WQc5x5zH+TcincKNNVfWNVJcVM== DkPtYdQTLkfAW+xUhoPwJ7JgY7K0DkeAWrfXYN== DFK/HrQgJ+zQW+xUhoPBD+QqJk2MWrfXYN== DFKwWgtuDkKwLZPwD+z8H+N/xjK+n3eyNVx6ZVPn5jcincKZx5f5ncN= 822b9ca12b534ebcf426632221d951bfc60eb08f9f0cf2839c321b0685c2e8a4
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: B1/C.java, line(s) 85,87 B1/C0578h.java, line(s) 26 B1/C0967h.java, line(s) 32 B1/E.java, line(s) 72,89,158,162,175,192,201,251,254,275,105,281 B1/H.java, line(s) 47,61,35,54 B1/l.java, line(s) 54,61 B1/y.java, line(s) 131,84,262 C/a.java, line(s) 116,156 C/d.java, line(s) 23,41,50,60 C1/C0594a.java, line(s) 97,103,122,126 C1/C1003a.java, line(s) 113,118,137,141 C2/b.java, line(s) 37,52 D1/C0824c.java, line(s) 113 D1/C1644c.java, line(s) 132,429,448,158,324,413 D1/f.java, line(s) 39 G/g.java, line(s) 36 G0/AbstractC1838a.java, line(s) 55,74,73,32,49 G0/a.java, line(s) 56,75,74,33,50 I/A.java, line(s) 29,36,28,35 I/AbstractC0072b.java, line(s) 36,49,137,140 I/AbstractC0340b.java, line(s) 37,50,138,141 I/C0073c.java, line(s) 91,104,125,173,188,291,90,103,124,172,187,290,121,141,153,200,241 I/C0341c.java, line(s) 94,107,128,176,191,294,93,106,127,175,190,293,124,144,156,203,244 I/D.java, line(s) 49,48 I/E.java, line(s) 26 I/k.java, line(s) 16,13,13 I/x.java, line(s) 35,75,137,34,74,88,136,181,208,233,260,89,182,209,234,261,42,171 I/y.java, line(s) 23 I0/C1897a.java, line(s) 84,88 I0/a.java, line(s) 83,87 J/AbstractC0090l.java, line(s) 33,45,83 J/AbstractC0358l.java, line(s) 36,102,48,86,121,130,134,143,149,152,157 J/C0085g.java, line(s) 114,159,166 J/C0091m.java, line(s) 42,125 J/C0353g.java, line(s) 115,160,167 J/C0359m.java, line(s) 43,126 J/D.java, line(s) 70,88,92,118,122,53 J/I.java, line(s) 54,57,35 J/N.java, line(s) 53,55,49 J/q.java, line(s) 25 J/z.java, line(s) 48 J0/C2073a.java, line(s) 127,197,209,279,222,294 J0/a.java, line(s) 127,197,209,283,222,298 L/x.java, line(s) 49 M/A.java, line(s) 96,99,102,105,108,111,119,122,125,128,161,169 M/AbstractBinderC0097a.java, line(s) 18 M/AbstractBinderC0597a.java, line(s) 18 M/AbstractC0099c.java, line(s) 199,217,389,395,399,405 M/AbstractC0599c.java, line(s) 199,217,389,395,399,405 M/D.java, line(s) 27 M/Y.java, line(s) 34 M/b0.java, line(s) 91 M/c0.java, line(s) 28 M/d0.java, line(s) 36 M/f0.java, line(s) 37,53 M/l0.java, line(s) 49,54 M/p0.java, line(s) 44 N/f.java, line(s) 103 P0/C1129f.java, line(s) 246,192,196,209 P0/C2309f.java, line(s) 264,210,214,227 Q/b.java, line(s) 58,69 R/C0858k.java, line(s) 36,65,72,75,88,91,94,97,100 R/C2357k.java, line(s) 36,65,72,75,88,91,94,97,100 R/f.java, line(s) 17 R/o.java, line(s) 19,16 R/p.java, line(s) 146,154,85,95,127,136 S0/C1208g.java, line(s) 26,33,36,45,83 S0/C2441g.java, line(s) 29,36,39,48,86 S0/o.java, line(s) 101 U0/c.java, line(s) 88,91,113,121,122,142,144 V0/g.java, line(s) 28,38,15,48,58,68 V1/c.java, line(s) 32,34 W1/AbstractC1278d.java, line(s) 18,11 W1/AbstractC2582d.java, line(s) 18,11 Y0/C1393x.java, line(s) 127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145 Y0/C2740x.java, line(s) 145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163 c4/d.java, line(s) 84 com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 643,208,212,391,395,463,788,796,816,820,1525,1748,2112 com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java, line(s) 120 com/mbridge/msdk/dycreator/a/a.java, line(s) 142,143,144,148,156,158,258,273,328 com/mbridge/msdk/dycreator/baseview/MBScrollView.java, line(s) 160 com/mbridge/msdk/dycreator/baseview/extview/MBExtAcquireRewardPopView.java, line(s) 198 com/mbridge/msdk/dycreator/baseview/extview/MBExtFeedBackView.java, line(s) 242 com/mbridge/msdk/dycreator/baseview/extview/MBExtMBridgeBaitClickView.java, line(s) 200 com/mbridge/msdk/dycreator/baseview/extview/MBExtMBridgeTextView.java, line(s) 252 com/mbridge/msdk/dycreator/bus/BackgroundPoster.java, line(s) 47 com/mbridge/msdk/dycreator/bus/EventBus.java, line(s) 163,489,491,495,244,334,389 com/mbridge/msdk/dycreator/e/g.java, line(s) 11 com/mbridge/msdk/foundation/same/report/b/b.java, line(s) 76 com/mbridge/msdk/foundation/same/report/b/d.java, line(s) 67 com/mbridge/msdk/foundation/same/report/d.java, line(s) 77 com/mbridge/msdk/foundation/same/report/l.java, line(s) 35 com/mbridge/msdk/foundation/tools/ac.java, line(s) 21 com/mbridge/msdk/foundation/tools/af.java, line(s) 35,84,42,63,49,56,77,91 com/mbridge/msdk/playercommon/exoplayer2/DefaultRenderersFactory.java, line(s) 67,74,78,89,94,98,130 com/mbridge/msdk/playercommon/exoplayer2/ExoPlayerImpl.java, line(s) 130,499,600 com/mbridge/msdk/playercommon/exoplayer2/ExoPlayerImplInternal.java, line(s) 641,826,1066,1071,1076,1139 com/mbridge/msdk/playercommon/exoplayer2/MediaPeriodHolder.java, line(s) 172 com/mbridge/msdk/playercommon/exoplayer2/SimpleExoPlayer.java, line(s) 262,797 com/mbridge/msdk/playercommon/exoplayer2/audio/DefaultAudioSink.java, line(s) 632,183,192,201,663 com/mbridge/msdk/playercommon/exoplayer2/drm/ClearKeyUtil.java, line(s) 44 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSession.java, line(s) 192,332 com/mbridge/msdk/playercommon/exoplayer2/drm/DefaultDrmSessionManager.java, line(s) 221 com/mbridge/msdk/playercommon/exoplayer2/extractor/mkv/MatroskaExtractor.java, line(s) 485 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp3/VbriSeeker.java, line(s) 65 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp3/XingSeeker.java, line(s) 43 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/FragmentedMp4Extractor.java, line(s) 261,991 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/MetadataUtil.java, line(s) 170,58,65,71,192,236,248,258 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/PsshAtomUtil.java, line(s) 44,69 com/mbridge/msdk/playercommon/exoplayer2/extractor/mp4/TrackEncryptionBox.java, line(s) 64 com/mbridge/msdk/playercommon/exoplayer2/extractor/ogg/VorbisUtil.java, line(s) 210 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/AdtsReader.java, line(s) 106 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/H265Reader.java, line(s) 252 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/Id3Reader.java, line(s) 32 com/mbridge/msdk/playercommon/exoplayer2/extractor/ts/PesReader.java, line(s) 57,110,113 com/mbridge/msdk/playercommon/exoplayer2/extractor/wav/WavHeaderReader.java, line(s) 50,77,89,100 com/mbridge/msdk/playercommon/exoplayer2/mediacodec/MediaCodecInfo.java, line(s) 90,94,48 com/mbridge/msdk/playercommon/exoplayer2/mediacodec/MediaCodecUtil.java, line(s) 455,272,281,290,297,300,333,355,360,368,377 com/mbridge/msdk/playercommon/exoplayer2/metadata/id3/Id3Decoder.java, line(s) 193,198,207,218,438 com/mbridge/msdk/playercommon/exoplayer2/offline/DownloadManager.java, line(s) 305,442 com/mbridge/msdk/playercommon/exoplayer2/offline/DownloadService.java, line(s) 152 com/mbridge/msdk/playercommon/exoplayer2/source/chunk/BaseMediaChunkOutput.java, line(s) 49 com/mbridge/msdk/playercommon/exoplayer2/source/chunk/ChunkSampleStream.java, line(s) 534 com/mbridge/msdk/playercommon/exoplayer2/source/chunk/ChunkedTrackBlacklistUtil.java, line(s) 33,36 com/mbridge/msdk/playercommon/exoplayer2/text/cea/Cea708Decoder.java, line(s) 952,513,517,521,622,800,811,852,864,887,901 com/mbridge/msdk/playercommon/exoplayer2/text/cea/CeaUtil.java, line(s) 27 com/mbridge/msdk/playercommon/exoplayer2/text/dvb/DvbParser.java, line(s) 576 com/mbridge/msdk/playercommon/exoplayer2/text/ssa/SsaDecoder.java, line(s) 35,40,45,54 com/mbridge/msdk/playercommon/exoplayer2/text/subrip/SubripDecoder.java, line(s) 45,73,76 com/mbridge/msdk/playercommon/exoplayer2/text/ttml/TtmlDecoder.java, line(s) 351,86,97,113,259,265,274,279,306,310,362 com/mbridge/msdk/playercommon/exoplayer2/text/webvtt/WebvttCue.java, line(s) 69 com/mbridge/msdk/playercommon/exoplayer2/text/webvtt/WebvttCueParser.java, line(s) 121,252,255,355,384,428 com/mbridge/msdk/playercommon/exoplayer2/upstream/DefaultDataSource.java, line(s) 71 com/mbridge/msdk/playercommon/exoplayer2/upstream/DefaultHttpDataSource.java, line(s) 62,77,99,96 com/mbridge/msdk/playercommon/exoplayer2/upstream/Loader.java, line(s) 130,180,186,198 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/CachedRegionTracker.java, line(s) 137 com/mbridge/msdk/playercommon/exoplayer2/upstream/cache/SimpleCache.java, line(s) 85 com/mbridge/msdk/playercommon/exoplayer2/util/AtomicFile.java, line(s) 36,94 com/mbridge/msdk/playercommon/exoplayer2/util/EventLogger.java, line(s) 133,137 com/mbridge/msdk/playercommon/exoplayer2/video/DummySurface.java, line(s) 86,92 com/mbridge/msdk/playercommon/exoplayer2/video/MediaCodecVideoRenderer.java, line(s) 794,376,382,605 com/mbridge/msdk/tracker/b.java, line(s) 25,40,55 com/mbridge/msdk/tracker/c.java, line(s) 33,48,66,87,106,128,155,176,190,210,226,250,279,304,317,334,352,376,394 com/mbridge/msdk/tracker/j.java, line(s) 30 com/mbridge/msdk/tracker/k.java, line(s) 52,59,253,266,276 com/mbridge/msdk/tracker/m.java, line(s) 137,35,63,70,119,167 com/mbridge/msdk/tracker/n.java, line(s) 39,62,95,121 com/mbridge/msdk/tracker/network/ae.java, line(s) 51,55,82 com/mbridge/msdk/tracker/p.java, line(s) 33 com/mbridge/msdk/tracker/r.java, line(s) 39,152,162,277,291,307,50,60,121,168,173,185 com/mbridge/msdk/tracker/w.java, line(s) 98,101,104 com/mbridge/msdk/tracker/y.java, line(s) 132 com/mbridge/msdk/video/module/MBridgeBaseView.java, line(s) 158,170 com/mbridge/msdk/widget/FeedbackRadioGroup.java, line(s) 60 com/uptodown/gcm/MyFirebaseMessagingService.java, line(s) 266 p/a.java, line(s) 45,50,37 t0/b.java, line(s) 57,74 u/AbstractC0881a.java, line(s) 15,22,29,14,21,28,42,43,49,50 u/AbstractC2511a.java, line(s) 15,22,29,14,21,28,42,43,49,50 x1/a.java, line(s) 119,117,113,124
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/uptodown/activities/preferences/AdvancedPreferencesActivity.java, line(s) 7,176,200,177,201
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: Y0/AbstractC1380j.java, line(s) 290,290,291 Y0/AbstractC2727j.java, line(s) 292,292,293
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/mbridge/msdk/thrid/okhttp/internal/Util.java, line(s) 406,405,404,404
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/171380306104/namespaces/firebase:fetch?key=AIzaSyBaooNElLxTgeKdljNdrXJQg5-mA_U1Lko ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
综合安全基线评分总结
Uptodown App Store v6.89
Android APK
50
综合安全评分
中风险