应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
OVO v3.139.0
47
安全评分
安全基线评分
47/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
6
高危
31
中危
4
信息
3
安全
隐私风险评估
3
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
6
中危安全漏洞
31
安全提示信息
4
已通过安全项
3
重点安全关注
2
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=ovo.id.common.activity.DeepLinkCentralActivity][android:host=https://www.ovo.id] App Link 资产验证 URL(https://www.ovo.id/.well-known/assetlinks.json)未找到或配置不正确。(状态码:404)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=ovo.id.common.activity.DeepLinkCentralActivity][android:host=https://ovo.id] App Link 资产验证 URL(https://ovo.id/.well-known/assetlinks.json)未找到或配置不正确。(状态码:404)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 App 链接 assetlinks.json 文件未找到
[android:name=ovo.id.common.activity.DeepLinkCentralActivity][android:host=http://ovo.id] App Link 资产验证 URL(http://ovo.id/.well-known/assetlinks.json)未找到或配置不正确。(状态码:None)。应用程序链接允许用户通过 Web URL 或电子邮件直接跳转到移动应用。如果 assetlinks.json 文件缺失或主机/域配置错误,恶意应用可劫持此类 URL,导致网络钓鱼攻击,泄露 URI 中的敏感信息(如 PII、OAuth 令牌、魔术链接/重置令牌等)。请务必通过托管 assetlinks.json 文件并在 Activity 的 intent-filter 中设置 [android:autoVerify="true"] 来完成 App Link 域名验证。
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/grab/rtc/messaging/ui/bottomsheet/InAppBottomFragment.java, line(s) 230,9 ovo/id/linkage/ui/presentation/google/GoogleLinkageTncFragment.java, line(s) 112,8
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: o/i/l.java, line(s) 32,32
高危安全漏洞 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/vkey/android/internal/vguard/util/Utility.java, line(s) 674
中危安全漏洞 Activity (ovo.id.common.activity.DeepLinkCentralActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (ovo.id.analytics.appsflyer.SingleInstallBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (ovo.id.common.activity.TrackerCentralActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (ovo.id.common.activity.IntentActionCentralActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (ovo.id.linkage.ui.presentation.google.GoogleLinkageActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.grab.gkyc.sdk.features.edd.ui.EddActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.grab.gkyc.sdk.features.stepshome.ui.StepsHomeActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.grab.gkyc.sdk.features.entry.ui.EntryActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.grab.gkyc.sdk.features.cvp.ui.CVPActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.grab.gkyc.sdk.features.selfie.ui.SelfieActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.grab.gkyc.sdk.features.poi.ui.PoIActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.grab.gkyc.sdk.features.pii.ui.PIIActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.component.secure.HyBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.grab.digibank.sdk.DigibankSDKHostActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/component/secure/C.java, line(s) 39,59,93 com/component/secure/C0260l.java, line(s) 21,23 com/component/secure/C0271o1.java, line(s) 118,118 com/component/secure/C0292w.java, line(s) 75 com/component/secure/C0578l.java, line(s) 21,23 com/component/secure/C0589o1.java, line(s) 119,119 com/component/secure/C0610w.java, line(s) 76 com/component/secure/N.java, line(s) 31
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: coil/memory/MemoryCache.java, line(s) 66 com/digibank/regional/sdk/account/linking/result/DBActivationResult.java, line(s) 12,16 com/digibank/sdk/regional/add/funds/result/DBAddFundsResult.java, line(s) 12 com/digibank/sdk/regional/mfa/verify/result/DBMFAResult.java, line(s) 13 com/digibank/sdk/superbank/config/entity/SBJsBridgeUserCredentials.java, line(s) 163 com/grab/digibank/sdk/core/tools/experiment/GxsExperimentFlags.java, line(s) 37,58,79,101,142,122,164,353,374,395,416,184,205,226,289,247,268,310,331,17,436 com/rudderstack/android/sdk/core/RudderPreferenceManager.java, line(s) 7,8,9,10,11,12,13,15,16,17 com/rudderstack/android/sdk/core/RudderTraits.java, line(s) 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 com/vkey/android/vguard/VGuardBroadcastReceiver.java, line(s) 39 f4/a0.java, line(s) 129 o/i/SavedStateHandleSupport.java, line(s) 16,17 o/i/a1d.java, line(s) 73 o/i/c3b.java, line(s) 35 o/i/cbh.java, line(s) 35 o/i/cjg.java, line(s) 13 o/i/cn.java, line(s) 33 o/i/dha.java, line(s) 22 o/i/dpi.java, line(s) 65 o/i/dsj.java, line(s) 31 o/i/ehj.java, line(s) 114 o/i/eqi.java, line(s) 106 o/i/f40.java, line(s) 64 o/i/guh.java, line(s) 110 o/i/hs1.java, line(s) 4 o/i/hv2.java, line(s) 36 o/i/ilj.java, line(s) 42 o/i/itj.java, line(s) 130 o/i/j9j.java, line(s) 109 o/i/kmh.java, line(s) 48 o/i/l1j.java, line(s) 102 o/i/l5j.java, line(s) 111 o/i/mba.java, line(s) 158 o/i/mm4.java, line(s) 83 o/i/nzf.java, line(s) 44 o/i/q79.java, line(s) 56 o/i/rkj.java, line(s) 34 o/i/ruj.java, line(s) 28 o/i/rw4.java, line(s) 30 o/i/s1k.java, line(s) 32 o/i/s6h.java, line(s) 149 o/i/smj.java, line(s) 154 o/i/spj.java, line(s) 130 o/i/sw4.java, line(s) 30 o/i/tha.java, line(s) 49 o/i/tuj.java, line(s) 44 o/i/tvj.java, line(s) 73 o/i/u8h.java, line(s) 33 o/i/uu6.java, line(s) 136,42 o/i/vmh.java, line(s) 44 o/i/w9i.java, line(s) 66 o/i/wfj.java, line(s) 142 o/i/wzj.java, line(s) 43 o/i/xhi.java, line(s) 111 o/i/yg6.java, line(s) 7 o/i/z6d.java, line(s) 70,205,911,868 o/i/zu6.java, line(s) 312 ovo/id/billpayment/core/data/entity/response/FormPairValueResponse.java, line(s) 90 ovo/id/linkage/core/data/entity/response/PublicKey.java, line(s) 144 ovo/id/onboarding/auth/data/entity/request/Credentials.java, line(s) 70 ovo/id/onboarding/auth/data/entity/response/PublicKey.java, line(s) 144 ovo/id/rba/data/entity/response/PublicKey.java, line(s) 144 ovo/id/wallet/base/data/entity/response/uicomponent/ItemOneLineDetailResponse.java, line(s) 106 ovo/id/wallet/base/domain/entity/model/uicomponent/ItemOneLineDetails.java, line(s) 77 ovo/id/wallet/checkout/core/data/entity/response/PromoTermsSummaryDescriptionResponse.java, line(s) 68 ovo/id/wallet/topup/core/data/entity/request/InstantTopUpAuthMetadataRequest.java, line(s) 72 ovo/id/webview/domain/model/WebviewStorageData.java, line(s) 68 zendesk/chat/ChatProvidersStorage.java, line(s) 5,6,8,9 zendesk/chat/UserAgentAndClientHeadersInterceptor.java, line(s) 13
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/rudderstack/android/sdk/core/EventsDbHelper.java, line(s) 5,6,25 com/vkey/android/internal/vguard/cache/DatabaseHandler.java, line(s) 6,7,134,213 o/i/aad.java, line(s) 3,11 o/i/dad.java, line(s) 5,6,101,195,261,288,332,417,440 o/i/du5.java, line(s) 5,6,7,8,9,68,149 o/i/e9m.java, line(s) 7,8,420 o/i/gie.java, line(s) 5,6,70,71,64,65,66 o/i/p9d.java, line(s) 4,85 o/i/phd.java, line(s) 3,9,10,11,12,13 o/i/pkk.java, line(s) 6,7,618,658 o/i/qhd.java, line(s) 3,9,10,11 o/i/rhd.java, line(s) 3,9 o/i/shd.java, line(s) 3,9,10,11 o/i/thd.java, line(s) 3,9,10,11,12,13 o/i/uhd.java, line(s) 4,5,45
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: o/i/zam.java, line(s) 195 o/i/zy0.java, line(s) 254
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/component/secure/V0.java, line(s) 4 o/i/gcb.java, line(s) 7 o/i/kja.java, line(s) 11 o/i/mx4.java, line(s) 3 o/i/n4h.java, line(s) 14 o/i/nba.java, line(s) 18 o/i/ndk.java, line(s) 3 o/i/odh.java, line(s) 3 o/i/pk3.java, line(s) 16 o/i/qu4.java, line(s) 3 o/i/rpb.java, line(s) 10 o/i/s5d.java, line(s) 13 o/i/snm.java, line(s) 20 o/i/sz9.java, line(s) 4 o/i/ueb.java, line(s) 3 o/i/v2d.java, line(s) 12 o/i/z2.java, line(s) 3 o/i/zam.java, line(s) 35 zendesk/chat/Utils.java, line(s) 3
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/vkey/android/ag.java, line(s) 76,84 com/vkey/android/internal/vguard/util/Utility.java, line(s) 307,308,309,310,651 o/i/efh.java, line(s) 15 o/i/gh0.java, line(s) 51 o/i/hni.java, line(s) 19 o/i/ia1.java, line(s) 32 ovo/id/home/presentation/home/HomeFragment.java, line(s) 1825 ovo/id/user/profile/presentation/editprofile/EditProfileFragment.java, line(s) 537,1010 vkey/android/vos/VosWrapperBase.java, line(s) 451,770,774,884,897
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: o/i/ek6.java, line(s) 252 o/i/gh0.java, line(s) 51 o/i/hk9.java, line(s) 95 o/i/hni.java, line(s) 19 o/i/tob.java, line(s) 156 o/i/vy0.java, line(s) 178 ovo/id/user/helpcenter/presentation/activity/LiveChatImagePickerActivity.java, line(s) 206 ovo/id/user/profile/presentation/editprofile/EditProfileFragment.java, line(s) 1010
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: ovo/id/webview/presentation/base/WebviewFragment.java, line(s) 386,389,392,395,398,401,404,1058,1059
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: o/i/as.java, line(s) 24 o/i/ek6.java, line(s) 305 vkey/android/vos/VosWrapperBase.java, line(s) 652
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: o/i/b5d.java, line(s) 11,11,11,11,11
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "com.google.firebase.crashlytics.mapping_file_id" : "20caf33969fb4a98827d42c22ff3050d" "firebase_database_url" : "https://ovo-staging.firebaseio.com" "google_api_key" : "AIzaSyA3sO15Fw40IbV6QR_1CzLT8N5B9UW-pJU" "google_app_id" : "1:961300801564:android:0dd488da2cbad121" "google_crash_reporting_api_key" : "AIzaSyA3sO15Fw40IbV6QR_1CzLT8N5B9UW-pJU" "library_fastadapter_authorWebsite" : "http://mikepenz.com/" 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 2283ff9759a9d2b8bd76542446d0e2ea 115792089210356248762697446949407573530086143415290314195533631308867097853951 115792089237316195423570985008687907853269984665640564039457584007908834671663 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057148 5e709d74-9b05-4070-ba84-5dd22c63560a 8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 54c6db00-6bde-4ff2-9f7e-e7fdbbd9b19a 39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 c55ff0c3-a0b4-416c-9292-90036fb2b216 eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6Im5iQkEyaFJIVkRSWWZnTVp1ZDhPMkpIdXJnaEppRXBuNmVIX08zSVN4QTQiLCJ5IjoiSEdEQ3JGdlhjaUw5YlJYRkx5eVREeHVJSmRzRURibkpOVVplcmNQV3kyMCJ9 eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6InJPTW90TE9kN1AyLWc1eXN5TU56aDYzaEhjM19Nbk1CSUhQeGJhYlB4NlEiLCJ5IjoibXhncEZpQ0ZOTU54OS1BSENuSUxyWHgwNFhfUE92bGRneUU5S08tVzBqTSJ9 2661740802050217063228768716723360960729859168756973147706671368418802944996427808491545080627771902352094241225065558662157113545570916814161637315895999846 117845cc-b841-4a59-a294-a286b65e698a 8eff7445-b0c5-4c76-9435-901f5441f033 c96f6543fe39b95ad8dd0f10c2cc4514 3757180025770020463545507224491183603594455134769762486694567779615544477440556316691234405012945539562144444537289428522585666729196580810124344277578376784 6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449 a41ad40816ef4065f804046da95d5724 eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6ImR2Z1RoR2pQWEM0Wk9RRkdReEpMTExaV3dXUVd5VTBibjdsUHFGaFNWVVUiLCJ5IjoiZ2JzWkJ3S09nR1c2MllxX3d3b2hpc1BveDNMMkFWMzBoejZnTFFCemxNUSJ9 ccbd6684-098d-4347-b62c-58214288c901 c15a3f17-c16d-42bf-907b-af542da8ea19 27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 36134250956749795798585127919587881956611106672985015071877198253568414405109 FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 3c174d8c-8623-4810-a496-dd871f6913bb b5ef75c8-9c06-49d4-870c-0eccb52712ea 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112316 8fceaf70fe751a93c71f316c0a122ef2 eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IkY1bmN6MlUwR21aSkRBU1pfOGRjMlRjOFVDUlR5aVhlcjhDQlN2QjJuUXciLCJ5Ijoia1dTcTdzektnTWZlQVlfaE5FSEFCeDN3OFZLZkZyV05UTWJLazlLR3RHUSJ9 48439561293906451759052585252797914202762949526041747995844080717082404635286 MEQCIGhFLTMbOOM3BWxBNvpLem+stmms1Q4l4lgRMnhJAabzAiA6PqRRIvWuvpxF5VLpcyWr/R+7QHXBJn1i4gQApYEXYA== sha256/KHM8GXaKk1YkDUB1KGuvHpbl7NFGkqXBfr0Y6GYjh2E= 41058363725152142129326129780047268409114441015993725554835256314039467401291 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151 eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IjBFQUZfVF9fT1laZy1NQ1N2OVJXYndZRHB0MHRvQlQ4dEF0YXF1VkVqV1EiLCJ5IjoiNUU3T0xyZGZVcVo4MVJEVW9XRm9wY3NEM3hEZFl0SDNHa0haa090QzNpayJ9 1093849038073734274511112390766805569936207598951683748994586394495953116150735016013708737573759623248592132296706313309438452531591012912142327488478985984 55066263022277343669578718895168534326250603453777594175500187360389116729240 d672f224-6f91-45a8-870e-7cf3a97ebc93 b2da6c1e-b2e4-4162-82b7-ce43ebf8b211 e4c84ed3-26c1-457b-ac8c-25a45c9e2acd sha256/Fa+T4pdpqFteS8qr9MVhtQZTX5Prw44hcIgO7COHHGE= 0f528e7a-a049-451f-bac1-4c2973411bad 115792089210356248762697446949407573529996955224135760342422259061068512044369 CG8DbD1SF3AIZFM2CDUlACkHYA0oVSdJLCVzWS19DwA E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 16064ed5-fbe3-4c47-b280-6bc8510a6fc8 28a61200-7d6d-4419-947a-173ff81cf7db sha256/DlNzVLt+um5Slj0Jen7VC6jcB+fJat8a5vXbTjjJabI= bb476b058a6bce67b3504d04795ea224 E6ku7XB4klsxIdCKgtMsfDVAilWf1Ku7 FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 sha256/lB0M7GIY4gmdxL3QW+2B0+ULlQsli2aA09z1PLtuuuM= eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IjFzbm1mdWE2SXNUM3VIUnpOZy1IUmVZZkdpV0ZXSUdIMF90c2FmTGw3WU0iLCJ5IjoiWWdtMXV6b241d2ZIUzdWQjBnUDFVZTVDY1JHZFRVS1drdFZmWjlyOEhMRSJ9 ba6ce397-94ce-42fb-bcaf-82563c259090 115792089237316195423570985008687907852837564279074904382605163141518161494337 32670510020758816978083085130507043184471273380659243275938904335757337482424 sha256/Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA= sha256/Psd4CJODnyyrufDcQ8yOb8bAHvf7c5QFZFM6eTjPPCk= 0c1fc047-1163-48ce-a493-808ba4feca89 ba397a25be907332a2b6a5264102110d8 26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 1860963185fe7a53c60d5c534d3b9fb6 115792089210356248762697446949407573530086143415290314195533631308867097853948 sha256/tVcH2xp4mkq3ZJt0pkstxAqCvfnNHq8HlpV1QQCbtu0= 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F sha256/BdLml08YYuUnvo+O13E3jkHvDoYkaTiOTcEyJliiuGc=
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: co/hyperverge/crashguard/services/CrashIntentService.java, line(s) 124,121 com/appsflyer/internal/AFa1cSDK.java, line(s) 46,199,47,155,200 com/appsflyer/internal/AFa1fSDK.java, line(s) 148 com/appsflyer/internal/AFa1sSDK.java, line(s) 49,66,69 com/appsflyer/internal/AFb1nSDK.java, line(s) 215 com/appsflyer/internal/AFb1zSDK.java, line(s) 190,220,1271,1300 com/appsflyer/internal/AFc1eSDK.java, line(s) 41 com/appsflyer/internal/AFc1gSDK.java, line(s) 119,117,164,115,153 com/appsflyer/internal/AFc1vSDK.java, line(s) 333 com/appsflyer/internal/AFd1cSDK.java, line(s) 50,54,55 com/appsflyer/internal/AFd1dSDK.java, line(s) 53 com/appsflyer/internal/AFd1nSDK.java, line(s) 19 com/appsflyer/internal/AFd1qSDK.java, line(s) 30,41 com/appsflyer/internal/AFd1rSDK.java, line(s) 33 com/appsflyer/internal/AFd1vSDK.java, line(s) 45,53,60,81,161 com/appsflyer/internal/AFd1ySDK.java, line(s) 16 com/appsflyer/internal/AFd1zSDK.java, line(s) 76 com/appsflyer/share/CrossPromotionHelper.java, line(s) 47 com/appsflyer/share/LinkGenerator.java, line(s) 224 com/grab/rtc/inbox/db/InboxDatabase.java, line(s) 77,79 o/i/a0a.java, line(s) 123,158,164,280,290,312,320 o/i/am4.java, line(s) 18 o/i/ap0.java, line(s) 25 o/i/bfh.java, line(s) 240 o/i/c0n.java, line(s) 21 o/i/c19.java, line(s) 10 o/i/ctm.java, line(s) 38,80,123 o/i/d19.java, line(s) 8 o/i/d2f.java, line(s) 509 o/i/dad.java, line(s) 114 o/i/dl0.java, line(s) 126 o/i/dog.java, line(s) 87 o/i/etm.java, line(s) 13 o/i/eum.java, line(s) 24 o/i/ez9.java, line(s) 34 o/i/f5e.java, line(s) 68 o/i/fd6.java, line(s) 239 o/i/fzm.java, line(s) 34 o/i/g6d.java, line(s) 78 o/i/gne.java, line(s) 44,45 o/i/gx0.java, line(s) 105,110,115 o/i/idf.java, line(s) 70,89 o/i/ix7.java, line(s) 90 o/i/k33.java, line(s) 214,254,407 o/i/k63.java, line(s) 67 o/i/kak.java, line(s) 35,52 o/i/kgg.java, line(s) 936 o/i/ki3.java, line(s) 276 o/i/l33.java, line(s) 130 o/i/l7l.java, line(s) 193 o/i/l8e.java, line(s) 18 o/i/lh5.java, line(s) 72 o/i/lxg.java, line(s) 90,99 o/i/lxm.java, line(s) 14 o/i/m39.java, line(s) 149,183 o/i/mdf.java, line(s) 59 o/i/mem.java, line(s) 30,36,42 o/i/mi3.java, line(s) 27,57 o/i/n39.java, line(s) 85,88,95,138,145,159,176,186,189 o/i/npm.java, line(s) 54 o/i/nt4.java, line(s) 79 o/i/nvb.java, line(s) 78 o/i/nw4.java, line(s) 45 o/i/o84.java, line(s) 111 o/i/os8.java, line(s) 244 o/i/ps6.java, line(s) 121,125 o/i/psf.java, line(s) 92 o/i/rbf.java, line(s) 18 o/i/rc9.java, line(s) 69 o/i/rp3.java, line(s) 52,55 o/i/ru6.java, line(s) 102,170,175,181 o/i/vfe.java, line(s) 53,65 o/i/vhk.java, line(s) 42,55,76 o/i/vje.java, line(s) 77 o/i/x1d.java, line(s) 74,79,87,101 o/i/xzl.java, line(s) 48 o/i/y09.java, line(s) 31 o/i/yc6.java, line(s) 19 o/i/z09.java, line(s) 81 o/i/zo.java, line(s) 63 ovo/id/fcm/OvoMessagingService.java, line(s) 476 zendesk/chat/ChatLog.java, line(s) 264,264,265,253,253 zendesk/chat/ChatStateStore.java, line(s) 29,42 zendesk/chat/DeliveryStatusMonitor.java, line(s) 17 zendesk/chat/DnConverterUtils.java, line(s) 267 zendesk/chat/DnModels.java, line(s) 396,396,396
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/component/secure/M1.java, line(s) 18,18 o/i/och.java, line(s) 84,84 o/i/pk6.java, line(s) 105,105 o/i/tef.java, line(s) 25 o/i/xo2.java, line(s) 92,92
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/vkey/android/secure/keyboard/VKSecureEditText.java, line(s) 6,1126 o/i/gl.java, line(s) 5,21,374 o/i/snm.java, line(s) 4,102 o/i/vu4.java, line(s) 4,26 o/i/xhh.java, line(s) 4,19,33 o/i/yra.java, line(s) 4,30
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://ovo-staging.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: co/hyperverge/crashguard/services/CrashIntentService.java, line(s) 171,166 com/vkey/android/cx.java, line(s) 38,37,36,36 com/vkey/android/cy.java, line(s) 36,35,34,34 o/i/afh.java, line(s) 47,47,47,47,47,47,47,47,47,47,47,47,47,27,49 o/i/cm6.java, line(s) 25,25 o/i/cx.java, line(s) 55,49,61 o/i/iff.java, line(s) 34,33,59,32,32 o/i/qg1.java, line(s) 22,11 o/i/x2d.java, line(s) 50,50 o/i/x5i.java, line(s) 89,97,36,28 o/i/y2d.java, line(s) 26,26 zendesk/chat/BaseModule.java, line(s) 62,62 zendesk/chat/ChatVisitorClient.java, line(s) 81,81
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: o/i/b5d.java, line(s) 10,10,10,10,10,10 o/i/ctm.java, line(s) 55
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/961300801564/namespaces/firebase:fetch?key=AIzaSyA3sO15Fw40IbV6QR_1CzLT8N5B9UW-pJU ) 已禁用。响应内容如下所示: 响应码是 403
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (app-measurement.com) 通信。
{'ip': '180.163.150.161', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (pagead2.googlesyndication.com) 通信。
{'ip': '18.239.69.84', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
综合安全基线评分总结
OVO v3.139.0
Android APK
47
综合安全评分
中风险