应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Kickcash v16.1
48
安全评分
安全基线评分
48/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
4
高危
30
中危
5
信息
2
安全
隐私风险评估
8
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
4
中危安全漏洞
30
安全提示信息
5
已通过安全项
2
重点安全关注
2
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/clevertap/android/sdk/inapp/c.java, line(s) 134,11,12 com/clevertap/android/sdk/inapp/f.java, line(s) 87,15,16 com/microsoft/clarity/ro/j.java, line(s) 423,16
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/microsoft/clarity/y6/a.java, line(s) 64
高危安全漏洞 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/swmansion/reanimated/BuildConfig.java, line(s) 3,5
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个8隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 Activity (in.cashback.shopping.kickcash.ui.CustomChromeTab.ChromeCustomActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (in.cashback.shopping.kickcash.BroadcastReciever.RNSmsRetrieverBroadcastReciever) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.phone.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (in.cashback.shopping.kickcash.BroadcastReciever.AppInstallCheckReciever) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.dieam.reactnativepushnotification.modules.RNPushNotificationBootEventReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (in.cashback.shopping.kickcash.Services.AppInstallCheckService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.clevertap.android.sdk.pushnotification.fcm.FcmMessageListenerService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (in.cashback.shopping.kickcash.MyFirebaseMessagingService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (io.invertase.firebase.messaging.ReactNativeFirebaseMessagingReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.clevertap.android.sdk.pushnotification.fcm.CTFirebaseMessagingReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 高优先级 Intent(1000) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 高优先级 Intent(999) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/appsflyer/reactnative/RNAppsFlyerConstants.java, line(s) 31,22 com/microsoft/clarity/b4/d.java, line(s) 36 com/microsoft/clarity/b4/p.java, line(s) 92 com/microsoft/clarity/b4/x.java, line(s) 76 com/microsoft/clarity/n8/g.java, line(s) 94 com/microsoft/clarity/pk/a.java, line(s) 72 com/microsoft/clarity/pq/m2.java, line(s) 80 com/microsoft/clarity/r2/d.java, line(s) 46 com/microsoft/clarity/rk/b.java, line(s) 53 com/microsoft/clarity/rk/r.java, line(s) 158 com/microsoft/clarity/sj/d.java, line(s) 79 com/microsoft/clarity/sk/f.java, line(s) 88 com/microsoft/clarity/tk/s0.java, line(s) 61 com/microsoft/clarity/y3/h.java, line(s) 71 com/pedrouid/crypto/RNSCRandomBytes.java, line(s) 13 com/sudoplz/rninappupdates/SpReactNativeInAppUpdatesModule.java, line(s) 31,32 com/truecaller/android/sdk/PartnerInformation.java, line(s) 16 com/truecaller/android/sdk/TrueException.java, line(s) 17 in/cashback/shopping/kickcash/BuildConfig.java, line(s) 28,20,27,6 io/invertase/firebase/common/TaskExecutorService.java, line(s) 15,16 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingHeadlessService.java, line(s) 10,8 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingSerializer.java, line(s) 19
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/microsoft/clarity/ht/d.java, line(s) 21 com/microsoft/clarity/ht/h.java, line(s) 7 com/microsoft/clarity/ju/d.java, line(s) 4 com/microsoft/clarity/k8/q.java, line(s) 4 com/microsoft/clarity/og/b3.java, line(s) 20 com/microsoft/clarity/pq/c0.java, line(s) 17 com/microsoft/clarity/pq/e0.java, line(s) 4 com/microsoft/clarity/pq/z1.java, line(s) 14 com/microsoft/clarity/qq/h.java, line(s) 46 com/microsoft/clarity/t6/g.java, line(s) 13 com/microsoft/clarity/tl/d.java, line(s) 9 com/microsoft/clarity/ts/a0.java, line(s) 14 com/microsoft/clarity/u7/f.java, line(s) 13 com/microsoft/clarity/uk/i0.java, line(s) 16 com/microsoft/clarity/wq/a.java, line(s) 20 com/microsoft/clarity/xr/a.java, line(s) 3 com/microsoft/clarity/yr/a.java, line(s) 3 com/microsoft/clarity/zb/w0.java, line(s) 58
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/clevertap/android/sdk/h.java, line(s) 714 com/microsoft/clarity/au/b.java, line(s) 55,57,59,82,102,84,61,72,74,76,78,80,86,63,104,53,88,68,70,65,120,118,100,90,92,94,96,98 com/microsoft/clarity/bu/k.java, line(s) 8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,37,36,38,7,30,31,32,33,34,35 com/microsoft/clarity/bu/y.java, line(s) 27,13,8,9,10,4,11,5,6,7,12,15,14,16 com/microsoft/clarity/cu/g.java, line(s) 132,150 com/microsoft/clarity/fd/a.java, line(s) 50,50 com/microsoft/clarity/xt/e.java, line(s) 235,254,246,199,200,201,202,203,204,315,314,312,313,291,292 com/microsoft/clarity/zn/a.java, line(s) 7,8,9
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 392 com/microsoft/clarity/b9/a.java, line(s) 315 com/microsoft/clarity/l9/a.java, line(s) 43 com/microsoft/clarity/ln/r.java, line(s) 353 com/microsoft/clarity/r3/a.java, line(s) 13,14 com/microsoft/clarity/ro/l.java, line(s) 288 com/microsoft/clarity/zb/w0.java, line(s) 1117,1147,1329 com/poppop/RNReactNativeSharedGroupPreferences/RNReactNativeSharedGroupPreferencesModule.java, line(s) 37,78 com/rnfs/RNFSManager.java, line(s) 561,550,552,555,579 io/invertase/firebase/utils/ReactNativeFirebaseUtilsModule.java, line(s) 112,121,122,123
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/microsoft/clarity/ef/m0.java, line(s) 5,6,86,123,142,151,192,303,320,580 com/microsoft/clarity/ef/t0.java, line(s) 4,5,125 com/microsoft/clarity/ng/p.java, line(s) 4,5,58,81 com/microsoft/clarity/ng/q.java, line(s) 5,6,7,49 com/microsoft/clarity/qk/s3.java, line(s) 6,7,403 com/microsoft/clarity/qk/u2.java, line(s) 5,6,7,8,9,10,11,12,13,55,107 com/microsoft/clarity/w1/c.java, line(s) 6,7,8,9,10,120,229 com/reactnativecommunity/asyncstorage/c.java, line(s) 4,5,6,65
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/appsflyer/internal/AFb1zSDK.java, line(s) 64 com/microsoft/clarity/jn/g0.java, line(s) 227 com/microsoft/clarity/l8/e.java, line(s) 52 com/microsoft/clarity/nn/j.java, line(s) 11 com/microsoft/clarity/sn/b.java, line(s) 18 com/microsoft/clarity/t8/l.java, line(s) 138 com/microsoft/clarity/y6/a.java, line(s) 63
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/cashfree/pg/core/api/ui/BaseCFWebView.java, line(s) 39,34 com/clevertap/android/sdk/inapp/c.java, line(s) 74,69 com/clevertap/android/sdk/inapp/f.java, line(s) 66,61
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/appsflyer/internal/AFb1zSDK.java, line(s) 124 com/microsoft/clarity/bl/b.java, line(s) 53 com/microsoft/clarity/ic/a.java, line(s) 26 com/microsoft/clarity/o9/c.java, line(s) 12
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/microsoft/clarity/b9/a.java, line(s) 89 com/microsoft/clarity/bl/c.java, line(s) 82 com/microsoft/clarity/n1/b.java, line(s) 230 com/microsoft/clarity/q1/y.java, line(s) 62 com/microsoft/clarity/ro/l.java, line(s) 288
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/microsoft/clarity/pe/a.java, line(s) 20,48,48 com/microsoft/clarity/yo/a.java, line(s) 7,7,7,9,7,9,7,7
中危安全漏洞 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/968644343185/namespaces/firebase:fetch?key=AIzaSyAMvUVaYvAMoAMV2uJ08V4q-1jHj_fyeE8 ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"dl_whatsapp_login": "https://wa.me/message/MHXOWWDRPUHBE1",
"homescreen_list": "[{\"key\":\"MoEngage_PO\"},{\"key\":\"categories\"},{\"key\":\"allDayCashback\"},{\"key\":\"billSection\"},{\"key\":\"cpatOffers\"},{\"key\":\"topStores\"},{\"key\":\"banners\"},{\"key\":\"newsPanel\"},{\"key\":\"hotDeals\"},{\"key\":\"customCategories\"},{\"key\":\"videoPlayer\"},{\"key\":\"freshDeals\"},{\"key\":\"footer\"}]",
"homescreen_list_ios": "[\n {\n \"key\": \"MoEngage_PO\"\n },\n {\n \"key\": \"categories\"\n },\n {\n \"key\": \"allDayCashback\"\n },\n {\n \"key\": \"billSection\"\n },\n {\n \"key\": \"topStores\"\n },\n {\n \"key\": \"banners\"\n },\n {\n \"key\": \"newsPanel\"\n },\n {\n \"key\": \"hotDeals\"\n },\n {\n \"key\": \"customCategories\"\n },\n {\n \"key\": \"videoPlayer\"\n },\n {\n \"key\": \"freshDeals\"\n },\n {\n \"key\": \"footer\"\n }\n]",
"homescreen_list_ios_stage": "[\n {\n \"key\": \"MoEngage_PO\"\n },\n {\n \"key\": \"categories\"\n },\n {\n \"key\": \"allDayCashback\"\n },\n {\n \"key\": \"billSection\"\n },\n {\n \"key\": \"topStores\"\n },\n {\n \"key\": \"banners\"\n },\n {\n \"key\": \"newsPanel\"\n },\n {\n \"key\": \"hotDeals\"\n },\n {\n \"key\": \"customCategories\"\n },\n {\n \"key\": \"videoPlayer\"\n },\n {\n \"key\": \"freshDeals\"\n },\n {\n \"key\": \"footer\"\n }\n]",
"homescreen_list_stage": "[{\"key\":\"MoEngage\"},{\"key\":\"categories\"},{\"key\":\"allDayCashback\"},{\"key\":\"cpatOffers\"},{\"key\":\"billSection\"},{\"key\":\"topStores\"},{\"key\":\"banners\"},{\"key\":\"newsPanel\"},{\"key\":\"hotDeals\"},{\"key\":\"customCategories\"},{\"key\":\"videoPlayer\"},{\"key\":\"freshDeals\"},{\"key\":\"footer\"}]",
"privacy_ios": "https://kickcash.in/v1/privacy_policy",
"privacy_policy": "https://kickcash.in/privacy_policy",
"t_and_c": "https://kickcash.in/terms_service",
"terms_ios": "https://kickcash.in/v1/terms_service",
"theme_color": "red"
},
"state": "UPDATE",
"templateVersion": "35"
}
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.truecaller.android.sdk.PartnerKey" : "@7F100152" "APPSFLYER_APP_ID" : "6447547028" "APPSFLYER_DEV_KEY" : "QvaX3mADRSpPiQCWKjxwC" "ARTIFACT_ACCESS_TOKEN" : "vcnVsydHeybxxQAonhqD" "CLEVERTAP_ACCOUNT_TOKEN" : "065-c20" "CPAT_API_URL" : "https://app-api.kickcash.in" "CodePushDeploymentKey" : "UvSyNNx8CnDyEnHV-OH7hchn48W6fOGvNHygk" "DEFAULT_API_URL" : "https://app-api.kickcash.in/" "FACEBOOK_APP_ID" : "394340329313873" "FACEBOOK_CLIENT_TOKEN" : "632e963040fec27344325dbfdf9b4cce" "MOENGAGE_KEY" : "55X6A8UM5LJ247YU6SPRDKNW" "PARTNER_KEY_LIVE" : "60374406a461e74c02e4978d" "PARTNER_KEY_STAGE" : "609bb6682737d4d278dfcb83" "SECRET_KEY" : "d544a5f8055030e8f992d5997a802249184e8bf1025a5b069162491ea6095379" "TRUECALLER_KEY" : "2XXj382f6192fb2854108b10b5f6d9c606523" "VIDEO_API_LIVE" : "https://video-api.kickcash.in" "VIDEO_API_STAGE" : "http://stage-video-api.kickcash.in" "firebase_database_url" : "https://kickcash-f3358.firebaseio.com" "google_api_key" : "AIzaSyAMvUVaYvAMoAMV2uJ08V4q-1jHj_fyeE8" "google_app_id" : "1:968644343185:android:2ffef132af8ff8fda51630" "google_crash_reporting_api_key" : "AIzaSyAMvUVaYvAMoAMV2uJ08V4q-1jHj_fyeE8" "truecaller_key" : "2XXj382f6192fb2854108b10b5f6d9c606523" 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 115792089210356248762697446949407573530086143415290314195533631308867097853951 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057148 60374406a461e74c02e4978d 8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 2661740802050217063228768716723360960729859168756973147706671368418802944996427808491545080627771902352094241225065558662157113545570916814161637315895999846 3757180025770020463545507224491183603594455134769762486694567779615544477440556316691234405012945539562144444537289428522585666729196580810124344277578376784 6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449 0ac1169ae6cead75264c725febd8e8d941f25e31 27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 36134250956749795798585127919587881956611106672985015071877198253568414405109 FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112316 48439561293906451759052585252797914202762949526041747995844080717082404635286 9b8f518b086098de3d77736f9458a3d2f6f95a37 c56fb7d591ba6704df047fd98f535372fea00211 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151 41058363725152142129326129780047268409114441015993725554835256314039467401291 609bb6682737d4d278dfcb83 1093849038073734274511112390766805569936207598951683748994586394495953116150735016013708737573759623248592132296706313309438452531591012912142327488478985984 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 df6b721c8b4d3b6eb44c861d4415007e5a35fc95 aXNccyhcZHs2LDh9KXwoXGR7Niw4fSlcc2lzfGlzXHMoXGR7NH0p 115792089210356248762697446949407573529996955224135760342422259061068512044369 470fa2b4ae81cd56ecbcda9735803434cec591fa d544a5f8055030e8f992d5997a802249184e8bf1025a5b069162491ea6095379 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 cc2751449a350f668590264ed76692694a80308a a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc 382f6192fb2854108b10b5f6d9c606523 FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 8a03e08e354a73ac49509c8b708fbe15aee2fb2a 632e963040fec27344325dbfdf9b4cce 26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 115792089210356248762697446949407573530086143415290314195533631308867097853948 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/appsflyer/AFLogger.java, line(s) 31,62,80,78,95,104,38 com/appsflyer/internal/AFa1dSDK.java, line(s) 942 com/appsflyer/internal/AFd1fSDK.java, line(s) 26,28,29 com/appsflyer/internal/AFd1kSDK.java, line(s) 32,40 com/appsflyer/internal/AFd1nSDK.java, line(s) 79,100,120,122,137,145 com/appsflyer/internal/AFd1oSDK.java, line(s) 29 com/appsflyer/internal/AFd1pSDK.java, line(s) 15 com/appsflyer/internal/AFd1sSDK.java, line(s) 33,86 com/appsflyer/internal/AFd1tSDK.java, line(s) 97,95,148,93,137 com/appsflyer/internal/AFd1uSDK.java, line(s) 89,121,34 com/appsflyer/internal/AFe1kSDK.java, line(s) 21,50,53,54 com/appsflyer/internal/AFe1uSDK.java, line(s) 150,161,162,167,180,183,194,266,286,294,297,301,346,347,352,356,364,370 com/appsflyer/internal/AFf1bSDK.java, line(s) 49,155,161,182,50,156,164,169,174 com/appsflyer/reactnative/RNAppsFlyerModule.java, line(s) 68,96,460,467 com/brentvatne/react/a.java, line(s) 516 com/cashfree/pg/core/hidden/nfc/NfcCardReader.java, line(s) 35,52 com/cashfree/pg/core/hidden/nfc/parser/EmvParser.java, line(s) 209 com/cashfree/pg/core/hidden/nfc/utils/EnumUtils.java, line(s) 18 com/clevertap/android/pushtemplates/a.java, line(s) 9,19,25 com/clevertap/android/pushtemplates/d.java, line(s) 350 com/clevertap/android/sdk/v.java, line(s) 16,22,28,34,111,118,121,128,48,54,60,134,140,66,72,78,84,91,98,105,147,150 com/clevertap/react/CleverTapModule.java, line(s) 1426,112,232,280,286,289,467,568,574,588,594,597,622,636,681,694,814,824,1297,1317,1327,1418,1473,1614,1624,1634,1644,1654,1664,1690,1697,1724,1915,226,551,758,767,776,785,794,834,843,1390,1731,1846,1947 com/clevertap/react/a.java, line(s) 167 com/dieam/reactnativepushnotification/modules/RNPushNotification.java, line(s) 49,97 com/dieam/reactnativepushnotification/modules/RNPushNotificationActions.java, line(s) 62 com/dieam/reactnativepushnotification/modules/RNPushNotificationBootEventReceiver.java, line(s) 33,15,25,28 com/dieam/reactnativepushnotification/modules/RNPushNotificationPublisher.java, line(s) 24,18,29 com/ibits/react_native_in_app_review/AppReviewModule.java, line(s) 98,103,108,113,119,124,129,132,135,144,148 com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 200,260,565,571,631,759,787,793,953,969 com/learnium/RNDeviceInfo/a.java, line(s) 26,32,38,43,50,83,99 com/lugg/RNCConfig/RNCConfigModule.java, line(s) 30,34 com/masteratul/exceptionhandler/DefaultErrorScreen.java, line(s) 75,86 com/microsoft/clarity/a3/h.java, line(s) 42,51 com/microsoft/clarity/a3/o.java, line(s) 25,28,37 com/microsoft/clarity/a4/c.java, line(s) 102,101 com/microsoft/clarity/a4/e.java, line(s) 58,57 com/microsoft/clarity/a5/a.java, line(s) 25,32,39,50 com/microsoft/clarity/af/a.java, line(s) 15,22,29,14,21,28,42,43,49,50 com/microsoft/clarity/ag/b.java, line(s) 57,68 com/microsoft/clarity/an/b.java, line(s) 23 com/microsoft/clarity/an/f.java, line(s) 26 com/microsoft/clarity/b2/b.java, line(s) 29 com/microsoft/clarity/b4/h.java, line(s) 610,359,374,609,467 com/microsoft/clarity/b4/i.java, line(s) 50,51 com/microsoft/clarity/b4/k.java, line(s) 14,191 com/microsoft/clarity/b4/q.java, line(s) 97 com/microsoft/clarity/b4/z.java, line(s) 54,55 com/microsoft/clarity/b7/b.java, line(s) 39 com/microsoft/clarity/ba/f.java, line(s) 12 com/microsoft/clarity/bg/h.java, line(s) 18 com/microsoft/clarity/bg/q.java, line(s) 17,16 com/microsoft/clarity/bg/r.java, line(s) 58,66,38,47 com/microsoft/clarity/bl/b.java, line(s) 57,74 com/microsoft/clarity/c4/i.java, line(s) 101,141,102,142 com/microsoft/clarity/c4/k.java, line(s) 95,135,145,157,60,94,104,124,134,144,156,177,184,66,105,178,185,125 com/microsoft/clarity/cj/e.java, line(s) 168,241,245,257 com/microsoft/clarity/cl/c.java, line(s) 91,94,116,124,125,145,147 com/microsoft/clarity/cn/a.java, line(s) 32,35,36,40 com/microsoft/clarity/d/d.java, line(s) 391,395 com/microsoft/clarity/d0/h.java, line(s) 28 com/microsoft/clarity/d0/i2.java, line(s) 65 com/microsoft/clarity/d4/e.java, line(s) 43,49,77,87,101,44,78,50,90,102 com/microsoft/clarity/d4/i.java, line(s) 108,92 com/microsoft/clarity/dc/c.java, line(s) 103 com/microsoft/clarity/dk/e.java, line(s) 180 com/microsoft/clarity/dq/s.java, line(s) 66,77,78,89,110,151,191,379,55,96,140,180,382,386,690,706 com/microsoft/clarity/e4/a.java, line(s) 232,229 com/microsoft/clarity/et/e.java, line(s) 50,50,70 com/microsoft/clarity/f/g.java, line(s) 177 com/microsoft/clarity/f4/c.java, line(s) 17,16 com/microsoft/clarity/f4/d.java, line(s) 47,46 com/microsoft/clarity/f4/f.java, line(s) 152,151 com/microsoft/clarity/f4/s.java, line(s) 25,28 com/microsoft/clarity/f4/t.java, line(s) 35,34 com/microsoft/clarity/f8/a.java, line(s) 57,59,71 com/microsoft/clarity/fl/p.java, line(s) 101,44,92,93,100,45,70 com/microsoft/clarity/g0/c.java, line(s) 60 com/microsoft/clarity/g0/d.java, line(s) 66 com/microsoft/clarity/gi/i.java, line(s) 30,21,37,44,29,36,43,50,51,57,58 com/microsoft/clarity/h0/c.java, line(s) 515,520 com/microsoft/clarity/h0/c0.java, line(s) 97 com/microsoft/clarity/h0/e.java, line(s) 79 com/microsoft/clarity/h0/f.java, line(s) 37,73 com/microsoft/clarity/h0/k.java, line(s) 49,108 com/microsoft/clarity/h1/a.java, line(s) 29 com/microsoft/clarity/h4/l.java, line(s) 76,77 com/microsoft/clarity/hp/i.java, line(s) 96,156 com/microsoft/clarity/hp/j.java, line(s) 72 com/microsoft/clarity/i2/k.java, line(s) 22,29,36,43,50,57,64,71,78 com/microsoft/clarity/i4/e.java, line(s) 15,16 com/microsoft/clarity/i4/h0.java, line(s) 111,116,161,170,177,112,117,162,171,178,179,180,184 com/microsoft/clarity/i4/k0.java, line(s) 148,145 com/microsoft/clarity/i4/n.java, line(s) 172,179,271,281,293,305,323,333,336,339,342,345,359,364,171,178,270,280,292,304,322,332,335,338,341,344,358,363 com/microsoft/clarity/i4/u.java, line(s) 83,101,82,100,165,233,267,166,234,340 com/microsoft/clarity/i4/v.java, line(s) 34,40,35,41 com/microsoft/clarity/i4/z.java, line(s) 74,107,113,119,125,131,138,144,152,108,114,120,126,132,139,145,153,75 com/microsoft/clarity/ic/c.java, line(s) 99 com/microsoft/clarity/ii/z.java, line(s) 21,30,37,29,36,43,44,50,51 com/microsoft/clarity/il/c.java, line(s) 62 com/microsoft/clarity/iq/c.java, line(s) 81 com/microsoft/clarity/iq/j.java, line(s) 22,38,50,25,41,56 com/microsoft/clarity/iq/l.java, line(s) 57 com/microsoft/clarity/iq/m.java, line(s) 71,46 com/microsoft/clarity/j8/a.java, line(s) 218 com/microsoft/clarity/j8/b.java, line(s) 21,36,45,54 com/microsoft/clarity/j8/k.java, line(s) 163,390,408,178,209,319,334,373,377,381,385,395,184,192,231,237,247,278,146,150,204 com/microsoft/clarity/j8/l.java, line(s) 110,128,146 com/microsoft/clarity/jc/q.java, line(s) 202 com/microsoft/clarity/jc/v.java, line(s) 512 com/microsoft/clarity/jf/a.java, line(s) 23,41,50,60 com/microsoft/clarity/jh/b.java, line(s) 441 com/microsoft/clarity/k/f.java, line(s) 117,150,231 com/microsoft/clarity/k8/c0.java, line(s) 378 com/microsoft/clarity/k8/f.java, line(s) 294,299,304 com/microsoft/clarity/k8/k0.java, line(s) 50,135 com/microsoft/clarity/k8/n.java, line(s) 105 com/microsoft/clarity/k8/y0.java, line(s) 287,391,394,399 com/microsoft/clarity/kf/i.java, line(s) 131 com/microsoft/clarity/kf/k.java, line(s) 27,22 com/microsoft/clarity/ks/c.java, line(s) 57,77,54 com/microsoft/clarity/l/c.java, line(s) 269 com/microsoft/clarity/l1/d.java, line(s) 74 com/microsoft/clarity/l8/d.java, line(s) 25,79 com/microsoft/clarity/l8/g.java, line(s) 80 com/microsoft/clarity/l8/i0.java, line(s) 170,189,267 com/microsoft/clarity/l8/n.java, line(s) 224 com/microsoft/clarity/l8/s.java, line(s) 643 com/microsoft/clarity/lj/g.java, line(s) 27,34,37,46,84 com/microsoft/clarity/lj/o.java, line(s) 49 com/microsoft/clarity/lo/d.java, line(s) 126,132,138,140,146,148 com/microsoft/clarity/m0/e.java, line(s) 29,33,37 com/microsoft/clarity/m0/g.java, line(s) 28 com/microsoft/clarity/m1/a.java, line(s) 155,160,167,171,187,197 com/microsoft/clarity/m4/a.java, line(s) 73,78,83,92,74,79,84,93 com/microsoft/clarity/m4/d.java, line(s) 23,24 com/microsoft/clarity/m4/j.java, line(s) 38,41 com/microsoft/clarity/n0/d.java, line(s) 59 com/microsoft/clarity/n1/a.java, line(s) 182,218,262,264,62,69,71,77,204,206,212,215,251,35,65,73,80,91,99,110,171,185 com/microsoft/clarity/n1/b.java, line(s) 51,62,64,100,137,139,158,180,231,247,274,286,290,292,297,133,141,168,184,199,224,282 com/microsoft/clarity/ne/a.java, line(s) 12 com/microsoft/clarity/ng/e.java, line(s) 56,63,72 com/microsoft/clarity/ng/k1.java, line(s) 27,45,55,68,42,54,67 com/microsoft/clarity/ng/t0.java, line(s) 29 com/microsoft/clarity/nj/f.java, line(s) 28,38,15,48,58,68 com/microsoft/clarity/nl/c.java, line(s) 23,27,31,35 com/microsoft/clarity/o4/e.java, line(s) 31,30,53,71,54,72 com/microsoft/clarity/o4/f.java, line(s) 14,13 com/microsoft/clarity/o4/o.java, line(s) 140,141 com/microsoft/clarity/o4/q.java, line(s) 254,255,266 com/microsoft/clarity/o4/s.java, line(s) 94,95 com/microsoft/clarity/o4/t.java, line(s) 179,186,180,187 com/microsoft/clarity/o8/l.java, line(s) 149,159,167,252,301,312,333,355 com/microsoft/clarity/og/b1.java, line(s) 19 com/microsoft/clarity/og/b3.java, line(s) 70,56,67,76,89,95,199,210 com/microsoft/clarity/og/g4.java, line(s) 15 com/microsoft/clarity/og/h4.java, line(s) 18 com/microsoft/clarity/og/i4.java, line(s) 15 com/microsoft/clarity/og/r3.java, line(s) 98 com/microsoft/clarity/og/v0.java, line(s) 20,29,19,28 com/microsoft/clarity/og/x1.java, line(s) 57 com/microsoft/clarity/og/z3.java, line(s) 51 com/microsoft/clarity/oh/d.java, line(s) 148,181 com/microsoft/clarity/op/k.java, line(s) 117 com/microsoft/clarity/oq/a.java, line(s) 110,190,193,197 com/microsoft/clarity/p3/e.java, line(s) 14,40,29 com/microsoft/clarity/p4/d.java, line(s) 28,35,46,51,27,34,39,45,50,40 com/microsoft/clarity/p8/e.java, line(s) 51 com/microsoft/clarity/p8/f.java, line(s) 161,185 com/microsoft/clarity/ph/b.java, line(s) 59 com/microsoft/clarity/q0/a.java, line(s) 61 com/microsoft/clarity/q1/o.java, line(s) 505,537,666,668 com/microsoft/clarity/q1/r.java, line(s) 76,172 com/microsoft/clarity/q1/u.java, line(s) 320 com/microsoft/clarity/q1/y.java, line(s) 137,140,145 com/microsoft/clarity/qe/a.java, line(s) 27 com/microsoft/clarity/qf/e.java, line(s) 32 com/microsoft/clarity/qj/l.java, line(s) 159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177 com/microsoft/clarity/r0/t.java, line(s) 235 com/microsoft/clarity/r3/b.java, line(s) 116,99,103,63,122,126,141 com/microsoft/clarity/r8/a.java, line(s) 175 com/microsoft/clarity/rf/a.java, line(s) 64,77,53 com/microsoft/clarity/rf/b.java, line(s) 75,88,113,165,180,276,73,87,112,160,179,271,109,125,137,187,208,249 com/microsoft/clarity/rf/e.java, line(s) 15,12 com/microsoft/clarity/rf/n.java, line(s) 35,73,139,31,71,86,134,184,212,241,274,87,185,213,242,275,43,174 com/microsoft/clarity/rf/o.java, line(s) 24 com/microsoft/clarity/rf/q.java, line(s) 31,45,23,37 com/microsoft/clarity/rf/t.java, line(s) 46,41 com/microsoft/clarity/rf/u.java, line(s) 47,30,67 com/microsoft/clarity/rh/g.java, line(s) 263 com/microsoft/clarity/ro/f.java, line(s) 142,125,144 com/microsoft/clarity/ro/j.java, line(s) 198,211 com/microsoft/clarity/ro/l.java, line(s) 359,364,406,411,250,254,264,479 com/microsoft/clarity/s1/a.java, line(s) 106 com/microsoft/clarity/s4/d.java, line(s) 43,84,85,44 com/microsoft/clarity/s4/k.java, line(s) 45,86,87,46 com/microsoft/clarity/sa/d.java, line(s) 12 com/microsoft/clarity/sn/h.java, line(s) 57,51,67,73,79 com/microsoft/clarity/t8/f.java, line(s) 185 com/microsoft/clarity/t8/i.java, line(s) 110,127 com/microsoft/clarity/t8/l.java, line(s) 83,116 com/microsoft/clarity/u/d.java, line(s) 186 com/microsoft/clarity/u0/f.java, line(s) 139 com/microsoft/clarity/u4/b.java, line(s) 20 com/microsoft/clarity/uf/b0.java, line(s) 43 com/microsoft/clarity/ug/a.java, line(s) 53,72,71,30,47 com/microsoft/clarity/uk/x.java, line(s) 44,46 com/microsoft/clarity/us/c.java, line(s) 460 com/microsoft/clarity/v0/j.java, line(s) 35,34 com/microsoft/clarity/v1/j.java, line(s) 75,61,65 com/microsoft/clarity/v3/b.java, line(s) 302 com/microsoft/clarity/w1/d.java, line(s) 199 com/microsoft/clarity/w3/d.java, line(s) 73,100,72,99 com/microsoft/clarity/w3/e.java, line(s) 515,536,554,514,535,553 com/microsoft/clarity/w4/a.java, line(s) 61,62 com/microsoft/clarity/w8/a.java, line(s) 95 com/microsoft/clarity/we/k.java, line(s) 31,60,67,70,83,86,89,92,95 com/microsoft/clarity/wf/h0.java, line(s) 29 com/microsoft/clarity/wf/l0.java, line(s) 43,48 com/microsoft/clarity/wf/r.java, line(s) 99,102,105,108,111,114,125,128,131,134,166,171 com/microsoft/clarity/wf/v.java, line(s) 32 com/microsoft/clarity/wi/a.java, line(s) 41,51,68,77,87 com/microsoft/clarity/wi/b.java, line(s) 61,72 com/microsoft/clarity/wi/c.java, line(s) 93 com/microsoft/clarity/wk/b.java, line(s) 94,52,114 com/microsoft/clarity/x0/c.java, line(s) 86 com/microsoft/clarity/x1/a.java, line(s) 87 com/microsoft/clarity/x3/a.java, line(s) 82,81 com/microsoft/clarity/xg/a.java, line(s) 100,165,171,240,187,254 com/microsoft/clarity/y7/b.java, line(s) 11 com/microsoft/clarity/yh/s.java, line(s) 30,21,37,44,29,36,43,50,51,57,58 com/microsoft/clarity/yl/i.java, line(s) 76 com/microsoft/clarity/z/a.java, line(s) 95,98 com/microsoft/clarity/z2/a.java, line(s) 209,219,246,250,269,273 com/microsoft/clarity/z2/d.java, line(s) 40 com/microsoft/clarity/z3/b.java, line(s) 47,46 com/microsoft/clarity/z3/h.java, line(s) 68,79,189,65,78,188,192,198,205,202,206 com/microsoft/clarity/z3/i.java, line(s) 48,47 com/microsoft/clarity/zb/b0.java, line(s) 158 com/microsoft/clarity/zb/e0.java, line(s) 44 com/microsoft/clarity/zb/k.java, line(s) 186,115 com/microsoft/clarity/zb/l0.java, line(s) 122 com/microsoft/clarity/zb/n0.java, line(s) 101 com/microsoft/clarity/zb/w0.java, line(s) 672,692,718 com/microsoft/clarity/zb/x0.java, line(s) 121 com/microsoft/clarity/zf/a.java, line(s) 42,47,34 com/microsoft/clarity/zg/h.java, line(s) 50 com/microsoft/clarity/zo/a.java, line(s) 16,17,39 com/microsoft/codepush/react/e.java, line(s) 246,250 com/reactcommunity/rndatetimepicker/a.java, line(s) 42 com/reactnativecashfreepgapi/CashfreePgApiModule.java, line(s) 73,100,117,134,173 com/reactnativecommunity/cookies/CookieManagerModule.java, line(s) 336,349 com/reactnativedocumentpicker/RNDocumentPickerModule.java, line(s) 70 com/sensors/RNSensor.java, line(s) 52,91 com/sudoplz/rninappupdates/SpReactNativeInAppUpdatesModule.java, line(s) 55,196 com/swmansion/gesturehandler/react/RNGestureHandlerModule.java, line(s) 909 com/swmansion/reanimated/NativeMethodsHelper.java, line(s) 86 com/swmansion/reanimated/NativeProxy.java, line(s) 226 com/swmansion/reanimated/ReanimatedJSIModulePackage.java, line(s) 17 com/swmansion/reanimated/ReanimatedModule.java, line(s) 156 com/swmansion/reanimated/layoutReanimation/AnimationsManager.java, line(s) 358,374 com/swmansion/reanimated/layoutReanimation/ReanimatedNativeHierarchyManager.java, line(s) 39 com/swmansion/reanimated/nodes/DebugNode.java, line(s) 21 com/swmansion/reanimated/sensor/ReanimatedSensorContainer.java, line(s) 32 com/swmansion/rnscreens/ScreenStackHeaderConfigViewManager.java, line(s) 38 com/swmansion/rnscreens/ScreensModule.java, line(s) 53,64,56 com/swmansion/rnscreens/SearchBarManager.java, line(s) 36 eightbitlab/com/blurview/a.java, line(s) 82 fr/bamlab/rnimageresizer/ImageResizerModule.java, line(s) 91 in/cashback/shopping/kickcash/BroadcastReciever/AppInstallCheckReciever.java, line(s) 31,33,51,53,61,73,82,92,24,44 in/cashback/shopping/kickcash/MainActivity.java, line(s) 63 in/cashback/shopping/kickcash/Modules/EmulatorDetectionModule.java, line(s) 20,21,22,23,24,25,26,27,28 in/cashback/shopping/kickcash/Modules/FraudDetectionModule.java, line(s) 27,37 in/cashback/shopping/kickcash/Modules/InstalledApplicationModule.java, line(s) 76 in/cashback/shopping/kickcash/Modules/OpenOtherAppModule.java, line(s) 44,122,152 in/cashback/shopping/kickcash/Modules/TrueCallerModule.java, line(s) 41 in/cashback/shopping/kickcash/MyFirebaseMessagingService.java, line(s) 13 in/cashback/shopping/kickcash/Services/OverlayService.java, line(s) 164,166,252,383,387,393,409,157 in/cashback/shopping/kickcash/Utils/InAppAlarmReceiver.java, line(s) 20,21,25 in/cashback/shopping/kickcash/d.java, line(s) 102,215 io/invertase/firebase/app/ReactNativeFirebaseApp.java, line(s) 20 io/invertase/firebase/common/RCTConvertFirebase.java, line(s) 71 io/invertase/firebase/common/ReactNativeFirebaseEventEmitter.java, line(s) 34 io/invertase/firebase/common/SharedUtils.java, line(s) 94,287,333,112 io/invertase/firebase/crashlytics/ReactNativeFirebaseCrashlyticsInitProvider.java, line(s) 20,23,26,28,39,42,45,47,58,61,64,66,78,75 io/invertase/firebase/crashlytics/ReactNativeFirebaseCrashlyticsModule.java, line(s) 83,75,86,130,139 io/invertase/firebase/dynamiclinks/ReactNativeFirebaseDynamicLinksModule.java, line(s) 213,228,255 io/invertase/firebase/firestore/ReactNativeFirebaseFirestoreSerialize.java, line(s) 185 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingModule.java, line(s) 176 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingReceiver.java, line(s) 21,42 io/invertase/firebase/utils/ReactNativeFirebaseUtilsModule.java, line(s) 98
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/microsoft/clarity/jc/v.java, line(s) 242,242 com/microsoft/clarity/k8/o0.java, line(s) 30,30 com/microsoft/clarity/k8/y0.java, line(s) 209,209 com/microsoft/clarity/models/DynamicConfig.java, line(s) 91,91 com/microsoft/clarity/r8/j.java, line(s) 107,107 com/microsoft/clarity/rp/h.java, line(s) 111,111 com/microsoft/clarity/x8/b.java, line(s) 94,94
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/clevertap/android/sdk/inbox/f.java, line(s) 4,36 com/reactnativecommunity/clipboard/ClipboardModule.java, line(s) 4,256
安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/reactnativecommunity/clipboard/ClipboardModule.java, line(s) 29,32,4
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://kickcash-f3358.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/microsoft/clarity/c5/c.java, line(s) 27,11,15,15,15,15,15,15 com/microsoft/clarity/gi/w.java, line(s) 23 com/microsoft/clarity/ii/j.java, line(s) 33 com/microsoft/clarity/qj/g.java, line(s) 315,315,316 com/microsoft/clarity/re/b.java, line(s) 21,9,9,9,9,9,9 com/microsoft/clarity/yh/c.java, line(s) 23 com/microsoft/clarity/yo/b.java, line(s) 225
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/cashfree/pg/network/j.java, line(s) 27,26,24,24 com/microsoft/clarity/dt/c.java, line(s) 109,107,106 com/microsoft/clarity/dt/d.java, line(s) 127,115,125,135,124,124,126 com/microsoft/clarity/dt/i.java, line(s) 109,107,106,106 com/microsoft/clarity/dt/j.java, line(s) 246,232,244,243,243 com/microsoft/clarity/jq/e.java, line(s) 20,26,20,26 com/microsoft/clarity/s7/d.java, line(s) 117,115,117,114,108,108 com/microsoft/clarity/up/c.java, line(s) 13,13
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app-measurement.com) 通信。
{'ip': '180.163.150.161', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (firebase-settings.crashlytics.com) 通信。
{'ip': '180.163.150.34', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
综合安全基线评分总结
Kickcash v16.1
Android APK
48
综合安全评分
中风险