应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
新暖心缘 v8.1.1
43
安全评分
安全基线评分
43/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
7
高危
25
中危
2
信息
2
安全
隐私风险评估
4
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
7
中危安全漏洞
25
安全提示信息
2
已通过安全项
2
重点安全关注
0
高危安全漏洞 Activity (cn.jpush.android.service.JNotifyActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(28)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 Activity (com.luanxingyuan.app.wxapi.WXEntryActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(28)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 Activity (com.luanxingyuan.app.wxapi.WXPayEntryActivity) 易受 StrandHogg 2.0 攻击
检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(28)升级至 29 及以上,从平台层面修复该漏洞。
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/luanxingyuan/app/activity/WebActivity.java, line(s) 90,89
高危安全漏洞 使用弱加密算法
使用弱加密算法 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: m1/b.java, line(s) 10
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/luanxingyuan/app/manager/ConfigManager.java, line(s) 116 d2/n.java, line(s) 190,241 i6/h3.java, line(s) 86,190 i6/z1.java, line(s) 65,101,161,174 w1/c.java, line(s) 31,70,88,105
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/faceunity/wrappe/repo/FaceBeautySource.java, line(s) 220
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Service (com.luanxingyuan.app.socket.WakeupService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.tencent.tauth.AuthActivity) 未受保护。
存在 intent-filter。 检测到 Activity 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Activity 被显式导出,存在安全风险。
中危安全漏洞 Service (com.luanxingyuan.app.jpush.JpushService) 未受保护。
存在 intent-filter。 检测到 Service 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Service 被显式导出,存在安全风险。
中危安全漏洞 Content Provider (cn.jpush.android.service.DownloadProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity 设置了 TaskAffinity 属性
(cn.jpush.android.service.JNotifyActivity) 设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。
中危安全漏洞 Activity (cn.jpush.android.service.JNotifyActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.luanxingyuan.app.wxapi.WXEntryActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.luanxingyuan.app.wxapi.WXPayEntryActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (cn.jpush.android.service.DaemonService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 高优先级 Intent(1000) - {2} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/luanxingyuan/app/util/SignUtil.java, line(s) 34 com/luanxingyuan/app/util/SystemUtil.java, line(s) 43 com/qiniu/util/Md5.java, line(s) 35,49 com/qiniu/util/StringUtils.java, line(s) 45 d2/p.java, line(s) 21,113 d7/c.java, line(s) 52 i6/j3.java, line(s) 21,109 w6/g.java, line(s) 112
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/luanxingyuan/app/activity/YoungModePasswordActivity.java, line(s) 20 com/luanxingyuan/app/util/SignUtil.java, line(s) 7 com/pay/paytypelibrary/OrderInfo.java, line(s) 233 com/pay/paytypelibrary/PayUtil.java, line(s) 114 com/pili/pldroid/player/AVOptions.java, line(s) 12,15 com/unionpay/tsmservice/data/Constant.java, line(s) 195,197 com/unionpay/tsmservice/data/ResultCode.java, line(s) 75,62 com/unionpay/tsmservice/mi/data/Constant.java, line(s) 142,146 com/unionpay/tsmservice/mi/data/ResultCode.java, line(s) 33,30 u2/h.java, line(s) 79 w2/d.java, line(s) 31 w2/p.java, line(s) 95 w2/x.java, line(s) 68 y7/c.java, line(s) 25
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: d2/n0.java, line(s) 3,14,15,16,17,18 d2/w0.java, line(s) 3,31 i6/a2.java, line(s) 4,129,144 i6/d0.java, line(s) 3,31 i6/d2.java, line(s) 3,14 i6/t.java, line(s) 3,14,15,16,17,18 i6/t2.java, line(s) 12,552 io/agora/utils/SqliteWrapper.java, line(s) 3,4,61,107,155,156 s1/a.java, line(s) 5,6,30,75
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/cjt2325/cameralibrary/a.java, line(s) 671 com/faceunity/core/utils/FileUtils.java, line(s) 120 com/luanxingyuan/app/activity/CameraActivity.java, line(s) 100 com/luanxingyuan/app/activity/PostActiveActivity.java, line(s) 882 com/luanxingyuan/app/activity/WebActivity.java, line(s) 161 com/luanxingyuan/app/util/FileUtil.java, line(s) 23,126 com/luanxingyuan/app/util/MyDataCleanManager.java, line(s) 11,63 com/tencent/a/a/a/a/b.java, line(s) 20,22,33,41 com/unionpay/utils/j.java, line(s) 30 com/yalantis/ucrop/util/FileUtils.java, line(s) 70 d2/m.java, line(s) 203,204 i6/g3.java, line(s) 209,210 i6/p.java, line(s) 40 i6/t2.java, line(s) 444,448 io/agora/rtc2/internal/CommonUtility.java, line(s) 408,408 u3/e.java, line(s) 8 w/b.java, line(s) 8 x1/b.java, line(s) 505,719,720 y1/c.java, line(s) 12,24,28
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/luanxingyuan/app/activity/ApplyVerifyHandActivity.java, line(s) 41 com/luanxingyuan/app/fragment/PersonInfoFragment.java, line(s) 47 com/luanxingyuan/app/fragment/PersonInfoOneFragment.java, line(s) 41 com/luanxingyuan/app/fragment/info/InfoFragment.java, line(s) 20 com/luanxingyuan/app/util/permission/CheckPermissionActivity.java, line(s) 14 com/pili/pldroid/player/common/Util.java, line(s) 24 com/qiniu/storage/UpHostHelper.java, line(s) 11 com/tencent/av/TIMAvManager.java, line(s) 25 d2/v1.java, line(s) 7 i6/t2.java, line(s) 33 i6/z0.java, line(s) 9 i8/b.java, line(s) 8 i8/g.java, line(s) 5 i8/v.java, line(s) 8 io/agora/rtc2/internal/AudioFocusManager.java, line(s) 12 io/agora/rtc2/internal/SimpleMediaPlayerSource.java, line(s) 27 io/agora/rtc2/internal/SurfaceEglRendererHelper.java, line(s) 26 k6/x.java, line(s) 17 l1/c.java, line(s) 9 l9/o.java, line(s) 4 t1/k.java, line(s) 33 w0/b.java, line(s) 10 w7/a.java, line(s) 7 w7/c.java, line(s) 7
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/faceunity/wrappe/authpack.java, line(s) 12 com/faceunity/wrappe/authpack_old.java, line(s) 12 com/qiniu/storage/persistent/FileRecorder.java, line(s) 19 com/qiniu/util/Auth.java, line(s) 100 com/qiniu/util/Etag.java, line(s) 52,75 com/unionpay/utils/UPUtils.java, line(s) 16 com/unionpay/utils/b.java, line(s) 116 d2/j.java, line(s) 124 i6/c3.java, line(s) 196 s6/a.java, line(s) 38 v1/a.java, line(s) 82 w1/b.java, line(s) 11 w1/c.java, line(s) 30,87
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/luanxingyuan/app/activity/CommonWebViewActivity.java, line(s) 182,170 com/luanxingyuan/app/activity/KeFuWebViewActivity.java, line(s) 92,96 com/luanxingyuan/app/activity/PayInnerWebViewActivity.java, line(s) 163,167 com/luanxingyuan/app/fragment/WebFragment.java, line(s) 95,109 com/unionpay/WebViewJavascriptBridge.java, line(s) 32,29 i6/y2.java, line(s) 115,114
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: m0/b.java, line(s) 135
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/luanxingyuan/app/ttt/QiNiuChecker.java, line(s) 223 com/luanxingyuan/app/util/ComprehensiveSecurityDetector.java, line(s) 95,101 com/luanxingyuan/app/util/IpUtils.java, line(s) 44,86,149 com/qiniu/qplayer/mediaEngine/MediaPlayer.java, line(s) 1436 t1/k.java, line(s) 40,40 w6/h.java, line(s) 113,146,178 w6/i.java, line(s) 122
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/luanxingyuan/app/activity/CommonWebViewActivity.java, line(s) 179,170 com/luanxingyuan/app/fragment/WebFragment.java, line(s) 99,109 com/pay/paytypelibrary/activity/WebViewActivity.java, line(s) 142,141
中危安全漏洞 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/luanxingyuan/app/util/ComprehensiveSecurityDetector.java, line(s) 20
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个4隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 高德地图的=> "com.amap.api.v2.apikey" : "879a97ceb585d9435ea7fa6b1eb8d055" 极光推送的=> "JPUSH_CHANNEL" : "1d44a9b45315bf8b18406631" openinstall统计的=> "com.openinstall.APP_KEY" : "ffjqs7" 极光推送的=> "JPUSH_APPKEY" : "13900277c357d3568d9f53fc" b2e8bd171989cb2c3c13bd89b4c1067a 668319f11506def6208d6afe320dfd52 9a571aa113ad987d626c0457828962e6 EYW5kcm9pZC5wZXJtaXNzaW9uLldSSVRFX1NFQ1VSRV9TRVRUSU5HUw== 53E53D46011A6BBAEA4FAE5442E659E0577CDD336F930C28635C322FB3F51C3C63F7FBAC9EAE448DFA2E5E5D716C4807 a1f5886b7153004c5c99559f5261676f IaHR0cDovL2xvZ3MuYW1hcC5jb20vd3MvbG9nL3VwbG9hZD9wcm9kdWN0PSVzJnR5cGU9JXMmcGxhdGZvcm09JXMmY2hhbm5lbD0lcyZzaWduPSVz 0000000023456789abcdef12123456786789abcd F13160D440C7D0229DA95450F66AF92154AC84DF088F8CA3100B2E8131D57F3DC67124D4C466056E7A3DFBE035E1B9A4B9DA4DB68AE65A43EDFD92F5C60EF0C9 WYW5kcm9pZC5wZXJtaXNzaW9uLlJFQURfUEhPTkVfU1RBVEU= 92a864886f70d010101050003818d0030818902818100c42e6236d5054ffccaa FB923EE67A8B4032DAA517DD8CD7A26FF7C25B0C3663F92A0B61251C4FFFA858DF169D61321C3E7919CB67DF8EFEC827 08eb9b5c67474d027fa03ce35109b11604083ab6bb4df2c46240f879f fe643c382e5c3b3962141f1a2e815a78 d9255940da7b6cd07483f4b4243fd1825b2705 b1ff56cef0e21c87260c63ce3ca868bf5974c14 0f060355040713085368616e676861693117 Las1ioyJvaLihw3cY6Ywn2rrxRtur7NXiMrioFxy 64c2f89fdffa16729c9779f99562bc189d2ce4722ba0faedb11aa22d0d9db228fda aa8130e0-66fc-11e0-bad0-0002a5d5c51b bb392ec0-8d4d-11e0-a896-0002a5d5c51b 89504e470d0a1a0a0000000d49484452000000210000003c0806000000e8acd32a000000097048597300000b1300000b1301009a9c1800000a4d6943435050686f746f73686f70204943432070726f66696c65000078da9d53775893f7163edff7650f5642d8f0b1976c81002223ac08c81059a21092006184101240c585880a561415119c4855c482d50a489d88e2a028b867418a885a8b555c38ee1fdca7b57d7aefededfbd7fbbce79ce7fcce79cf0f8011122691e6a26a003952853c3ad81f8f4f48c4c9bd80021548e0042010e6cbc26705c50000f00379787e74b03ffc01af6f00020070d52e2412c7e1ff83ba50265700209100e02212e70b01905200c82e54c81400c81800b053b3640a009400006c797c422200aa0d00ecf4493e0500d8a993dc1700d8a21ca908008d0100992847240240bb00605581522c02c0c200a0ac40222e04c0ae018059b632470280bd0500768e58900f4060008099422ccc0020380200431e13cd03204c03a030d2bfe0a95f7085b8480100c0cb95cd974bd23314b895d01a77f2f0e0e221e2c26cb142611729106609e4229c979b231348e7034cce0c00001af9d1c1fe383f90e7e6e4e1e666e76ceff4c5a2fe6bf06f223e21f1dffebc8c020400104ecfefda5fe5e5d60370c701b075bf6ba95b00da560068dff95d33db09a05a0ad07af98b7938fc401e9ea150c83c1d1c0a0b0bed2562a1bd30e38b3eff33e16fe08b7ef6fc401efedb7af000719a4099adc0a383fd71616e76ae528ee7cb0442316ef7e723fec7857ffd8e29d1e234b15c2c158af15889b850224dc779b952914421c995e212e97f32f11f96fd0993770d00ac864fc04eb607b5cb6cc07eee01028b0e58d27600407ef32d8c1a0b91001067343279f7000093bff98f402b0100cd97a4e30000bce8185ca894174cc608000044a0812ab041070cc114acc00e9cc11dbcc01702610644400c24c03c104206e4801c0aa11896411954c03ad804b5b0031aa0119ae110b4c131380de7e0125c81eb70170660189ec218bc86090441c8081361213a8811628ed822ce0817998e04226148349280a420e988145122c5c872a402a9426a915d4823f22d7214398d5c40fa90dbc820328afc8abc47319481b25103d4027540b9a81f1a8ac6a073d174340f5d8096a26bd11ab41e3d80b6a2a7d14be87574007d8a8e6380d1310e668cd9615c8c87456089581a26c71663e55835568f35631d583776151bc09e61ef0824028b8013ec085e8410c26c82909047584c5843a825ec23b412ba085709838431c2272293a84fb4257a12f9c478623ab1905846ac26ee211e219e255e270e135f9348240ec992e44e0a21259032490b496b48db482da453a43ed210699c4c26eb906dc9dee408b280ac209791b7900f904f92fbc9c3e4b7143ac588e24c09a22452a494124a35653fe504a59f324299a0aa51cda99ed408aa883a9f5a496da076502f5387a91334759a25cd9b1643cba42da3d5d09a696769f7682fe974ba09dd831e4597d097d26be807e9e7e983f4770c0d860d83c7486228196b197b19a718b7192f994ca605d39799c85430d7321b9967980f986f55582af62a7c1591ca12953a9556957e95e7aa545573553fd579aa0b54ab550fab5e567da64655b350e3a909d416abd5a91d55bba936aece5277528f50cf515fa3be5ffd82fa630db2868546a08648a35463b7c6198d2116c63265f15842d6725603eb2c6b984d625bb2f9ec4c7605fb1b762f7b4c534373aa66ac6691669de671cd010ec6b1e0f039d99c4ace21ce0dce7b2d032d3f2db1d66aad66ad7ead37da7adabeda62ed72ed16edebdaef75709d409d2c9df53a6d3af77509ba36ba51ba85badb75cfea3ed363eb79e909f5caf50ee9ddd147f56df4a3f517eaefd6efd11f373034083690196c313863f0cc9063e86b9869b8d1f084e1a811cb68ba91c468a3d149a327b826ee8767e33578173e66ac6f1c62ac34de65dc6b3c61626932dba4c4a4c5e4be29cd946b9a66bad1b4d374ccccc82cdcacd8acc9ec8e39d59c6b9e61bed9bcdbfc8d85a5459cc54a8b368bc796da967ccb05964d96f7ac98563e567956f556d7ac49d65ceb2ceb6dd6576c501b579b0c9b3a9bcbb6a8ad9badc4769b6ddf14e2148f29d229f5536eda31ecfcec0aec9aec06ed39f661f625f66df6cf1dcc1c121dd63b743b7c727475cc766c70bceba4e134c3a9c4a9c3e957671b67a1739df33517a64b90cb1297769717536da78aa76e9f7acb95e51aeebad2b5d3f5a39bbb9bdcadd96dd4ddcc3dc57dabfb4d2e9b1bc95dc33def41f4f0f758e271cce39da79ba7c2f390e72f5e765e595efbbd1e4fb39c269ed6306dc8dbc45be0bdcb7b603a3e3d65facee9033ec63e029f7a9f87bea6be22df3dbe237ed67e997e07fc9efb3bfacbfd8ff8bfe179f216f14e056001c101e501bd811a81b3036b031f049904a50735058d05bb062f0c3e15420c090d591f72936fc017f21bf96333dc672c9ad115ca089d155a1bfa30cc264c1ed6118e86cf08df107e6fa6f94ce9ccb60888e0476c88b81f69199917f97d14292a32aa2eea51b453747174f72cd6ace459fb67bd8ef18fa98cb93bdb6ab6727667ac6a6c526c63ec9bb880b8aab8817887f845f1971274132409ed89e4c4d8c43d89e37302e76c9a339ce49a54967463aee5dca2b917e6e9cecb9e773c593559907c3885981297b23fe5832042502f184fe5a76e4d1d13f2849b854f45bea28da251b1b7b84a3c92e69d5695f638dd3b7d43fa68864f4675c633094f522b79911992b923f34d5644d6deaccfd971d92d39949c949ca3520d6996b42bd730b728b74f662b2b930de479e66dca1b9387caf7e423f973f3db156c854cd1a3b452ae500e164c2fa82b785b185b78b848bd485ad433df66feeaf9230b82167cbd90b050b8b0b3d8b87859f1e022bf45bb16238b5317772e315d52ba647869f0d27dcb68cbb296fd50e2585255f26a79dcf28e5283d2a5a5432b82573495a994c9cb6eaef45ab9631561956455ef6a97d55b567f2a17955fac70aca8aef8b046b8e6e2574e5fd57cf5796ddadade4ab7caedeb48eba4eb6eacf759bfaf4abd6a41d5d086f00dad1bf18de51b5f6d4ade74a17a6af58ecdb4cdcacd03356135ed5bccb6acdbf2a136a3f67a9d7f5dcb56fdadabb7bed926dad6bfdd777bf30e831d153bdeef94ecbcb52b78576bbd457df56ed2ee82dd8f1a621bbabfe67eddb847774fc59e8f7ba57b07f645efeb6a746f6cdcafbfbfb2096d52368d1e483a70e59b806fda9bed9a77b5705a2a0ec241e5c127dfa67c7be350e8a1cec3dcc3cddf997fb7f508eb48792bd23abf75ac2da36da03da1bdefe88ca39d1d5e1d47beb7ff7eef31e36375c7358f579ea09d283df1f9e48293e3a764a79e9d4e3f3dd499dc79f74cfc996b5d515dbd6743cf9e3f1774ee4cb75ff7c9f3dee78f5df0bc70f422f762db25b74bad3dae3d477e70fde148af5b6feb65f7cbed573cae74f44deb3bd1efd37ffa6ac0d573d7f8d72e5d9f79bdefc6ec1bb76e26dd1cb825baf5f876f6ed17770aee4cdc5d7a8f78affcbedafdea07fa0fea7fb4feb165c06de0f860c060cfc3590fef0e09879efe94ffd387e1d247cc47d52346238d8f9d1f1f1b0d1abdf264ce93e1a7b2a713cfca7e56ff79eb73abe7dffde2fb4bcf58fcd8f00bf98bcfbfae79a9f372efaba9af3ac723c71fbcce793df1a6fcadcedb7defb8efbadfc7bd1f9928fc40fe50f3d1fa63c7a7d04ff73ee77cfefc2ff784f3fb25d29f33000000206348524d00007a25000080830000f9ff000080e9000075300000ea6000003a980000176f925fc546000002744944415478dabcd9c96b145110c7f1d734b6c9b8ef8a0b2e410cfe77826741100441c48324a006040f8a08828a8a102689c11d238a3b8a0b060feaf7e8e979e9816178f57a7b5587390df47c86ee7e55f52b0738c3cf3ae01af00f580226bdf7ce1af010f0439fbe25622db03802f0c02f2bc41a602100f0c094056215302f00ee0063da881ed01700f78071c069227ac0ac00b85f7eef3411bdf2874280d9618016621cb82b00faa3000dc4caf2610b01e6cb87d469220ae0b60058285f53a78928809b0260b13c299d26a2006e0880475580148802b82e009ed4017445ac28ab6108f014585ff75a6d11397055003c073636b95e1b440e5c11002f804d4dff5453440e5c16004bc09636b7b60922072e0980576d014d10393023005e035bbbbce6751019704100bc01b6753decaa1019705e00bc0576a438f263880c981200ef819da90a9f84c8807302e003b02b65f90f2132e0ac00f804ec4edd0485106704c067608f462b388a382d00be007bb51ae261c42901f015d8a739160c104705c037e080f6703440fc0900be03131623e200f137342302872d114784dbb10c4c5a211c704c80fc040e59211c705c80fc000e5a211c704280a83da852ed3869f9cac6aa68ecf0da6f85303bc6eb7456ea05ad6e7ba75adaeb36bab126e763d726a749cb9f01d31aed5ed3e127d6f8be6bdbf8b6190333e0626404d86e81483e0c758906928d855d4392d880fcb22e24455c5415156cb640740e4d524688b1f8e819b0c102d13a48d388956391e2e310442b602f805b75c355cd55432c667e50aea3d4110e18ab08dc575b20aa560f7340cf6a11175bc24c5bae24a575d4b2f57236b4989bb3460c569433c0ef1234e1bd77ff070038285c304da61b3c0000000049454e44ae426082 b1fdf62b0f540fca5458b063af9354925a6c3505a18ff164b6b195f6e517eaee1fb783 1NWVc5eQD0SwXAjio3GWhLT4v7 239CE372F804D4BE4EAFFD183668379BDF274440E6F246AB16BBE6F5D1D30DEACFBBF0C942485727FF12288228760A9E 6X8Y4XdM2Vhvn0KfzcEatGnWaNU= c06c8400-8e06-11e0-9cb6-0002a5d5c51b f6e5061793111300f06035504031308556e696f6e50617930819f300d060 D75BB2802E61738A9A03BF014F927D9A 8cc1d6ed5e1b2cc00489215aec3fc2eac008e767b0215981cb5e EYW5kcm9pZC5wZXJtaXNzaW9uLkFDQ0VTU19DT0FSU0VfTE9DQVRJT04= WY29tLmFtYXAuYXBpLmFpdW5ldC5OZXRSZXVlc3RQYXJhbQ 1001a3e74c601e3beb1b7ae4f9ab2872a0aaf1dbc2cba89c7528cd a9a9d23668a1a7ea93de9b21d67e436a 15060355040a130e4368696e6120556e696f6e50617931173015060355040b130e4 3634385a3078310b300906035504061302383631 47fc765bed664890a46ce00762927c26 AYW5kcm9pZC5wZXJtaXNzaW9uLkFDQ0VTU19ORVRXT1JLX1NUQVRF 536C79B93ACFBEA950AE365D8CE1AEF91FEA9535 54aa526e7a37d8ba2311a1d3d2ab79b3fbeaf3ebb9e7da9e7cdd9be1ae5a53595f47 b6cbad6cbd5ed0d209afc69ad3b7a617efaae9b3c47eabe0be42d924936fa78c8001b1fd74b079e5ff9690061dacfa4768e981a526b9ca77156ca36251cf2f906d105481374998a7e6e6e18f75ca98b8ed2eaf86ff402c874cca0a263053f22237858206867d210020daa38c48b20cc9dfd82b44a51aeb5db459b22794e2d649 11300f060355040813085368616e67686169311130 6e696f6e5061793111300f06035504031308556e696f6e5061 f6e50617931173015060355040b130e4368696e6120556e696 D2FF99A88BEB04683D89470D4FA72B1749DA456AB0D0F1A476477CE5A6874F53A9106423D905F9D808C0FCE8E7F1E04AC642F01FE41D0C7D933971F45CBA72B7 AKIDVtY2LTN3UpwqWzFH5i8B0ax61iBQR4Xn AF2228680EDC323FBA035362EB7E1E38A0C33E1CF6F6FB805EE553A230CBA754CD9552EB9B546542CBE619E8293151BE WYW5kcm9pZC5wZXJtaXNzaW9uLkFDQ0VTU19XSUZJX1NUQVRF EImtleSI6IiVzIiwicGxhdGZvcm0iOiJhbmRyb2lkIiwiZGl1IjoiJXMiLCJwa2ciOiIlcyIsIm1vZGVsIjoiJXMiLCJhcHBuYW1lIjoiJXMiLCJhcHB2ZXJzaW9uIjoiJXMiLCJzeXN2ZXJzaW9uIjoiJXMiLA= e94ddc285669ec06b8a405dd4341eac4ea7030203010001300d06092a864886f70d010105050003818 3015060355040a130e4368696e6120556e696 ADgAIwBbAA8AagAIAHIAEwCFAD8AxABDAQcAIQEoADgBYAA8AZwAnwI7APADKwAHAzIADAM+AA9LWVc1a2NtOXBaQzV2Y3k1VFpYSjJhV05sVFdGdVlXZGxjZ1FaMlYwVTJWeWRtbGpaUUljR2h2Ym1VVWFYQm9iMjVsYzNWaWFXNW1id01ZMjl0TG1GdVpISnZhV1F1YVc1MFpYSnVZV3d1ZEdWc1pYQm9iMjU1TGtsVVpXeGxjR2h2Ym5ra1UzUjFZZ1FZMjl0TG1GdVpISnZhV1F1YVc1MFpYSnVZV3d1ZEdWc1pYQm9iMjU1TGtsUWFHOXVaVk4xWWtsdVptOGtVM1IxWWdHVkZKQlRsTkJRMVJKVDA1ZloyVjBSR1YyYVdObFNXUT1FWTI5dExtRnVaSEp2YVdRdWFXNTBaWEp1WVd3dWRHVnNaWEJvYjI1NUxrbFVaV3hsY0dodmJua0lZMjl0TG1GdVpISnZhV1F1YVc1MFpYSnVZV3d1ZEdWc1pYQm9iMjU1TGtsUWFHOXVaVk4xWWtsdVptOEVJbXRsZVNJNklpVnpJaXdpY0d4aGRHWnZjbTBpT2lKaGJtUnliMmxrSWl3aVpHbDFJam9pSlhNaUxDSndhMmNpT2lJbGN5SXNJbTF2WkdWc0lqb2lKWE1pTENKaGNIQnVZVzFsSWpvaUpYTWlMQ0poY0hCMlpYSnphVzl1SWpvaUpYTWlMQ0p6ZVhOMlpYSnphVzl1SWpvaUpYTWlMQUdJbXRsZVNJNklpVnpJaXdpY0d4aGRHWnZjbTBpT2lKaGJtUnliMmxrSWl3aVpHbDFJam9pSlhNaUxDSnRZV01pT2lJbGN5SXNJblJwWkNJNklpVnpJaXdpZFcxcFpIUWlPaUlsY3lJc0ltMWhiblZtWVdOMGRYSmxJam9pSlhNaUxDSmtaWFpwWTJVaU9pSWxjeUlzSW5OcGJTSTZJaVZ6SWl3aWNHdG5Jam9pSlhNaUxDSnRiMlJsYkNJNklpVnpJaXdpWVhCd2RtVnljMmx2YmlJNklpVnpJaXdpWVhCd2JtRnRaU0k2SWlWeklnPUlZV2xrUFFNZkhObGNtbGhiRDBRWVc1a2NtOXBaRjlwWkE= 861693111300f060355040713085368616e67686169311730 256b0f26bb2a9506be6cfdb84028ae08
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a3/c.java, line(s) 15 a3/d.java, line(s) 38 a3/g.java, line(s) 99 a3/t.java, line(s) 68 a3/u.java, line(s) 64,71,87,105 a3/v.java, line(s) 37 c3/a.java, line(s) 73 com/faceunity/core/utils/FULogger.java, line(s) 64,70,76,79,80 com/luanxingyuan/app/util/CodeUtil.java, line(s) 45,76 com/scwang/smartrefresh/layout/SmartRefreshLayout.java, line(s) 1173 com/tencent/av/NetworkUtil.java, line(s) 31,39,43 com/tencent/av/PingUtil.java, line(s) 46,72,98,103,66,202,204 com/tencent/av/TIMAvManager.java, line(s) 584,801,812,396,502,592,593,639,695,829,830,862,918,973,402,458,518,722,424 com/tencent/timint/TIMIntManager.java, line(s) 121,126,136 com/unionpay/utils/j.java, line(s) 19,25,21,17,23 com/yalantis/ucrop/util/ImageHeaderParser.java, line(s) 170,182,192,210,213,230,233,249,267,269,282,293,298,307 d3/b0.java, line(s) 135,138,181,188,193 d3/d.java, line(s) 15 d3/f0.java, line(s) 202,207,250,303 d3/l.java, line(s) 174,183,273,285,295,313,333,335,353,358,365,371,387,390 d3/n.java, line(s) 109,130,218,304,346 d3/o.java, line(s) 44,53 d3/s.java, line(s) 75,101,105,109,113,117,123 h3/a.java, line(s) 80,87,94,105 h3/d.java, line(s) 21 h3/j.java, line(s) 40 h9/c.java, line(s) 48,48,68 j3/d.java, line(s) 54,59,62,70,77,80 l3/k.java, line(s) 15 m3/d.java, line(s) 53,96 m3/k.java, line(s) 56,99 o9/e.java, line(s) 135 q3/a.java, line(s) 63 s2/b.java, line(s) 298 t2/d.java, line(s) 75,108 t2/e.java, line(s) 525,549,568 v2/c.java, line(s) 105 v2/e.java, line(s) 54 w2/h.java, line(s) 302,316,612 w2/i.java, line(s) 51 w2/k.java, line(s) 14 w2/z.java, line(s) 66,83,125 x2/i.java, line(s) 110,153 x2/j.java, line(s) 79,126,138,161,170,183,197,216,225 y2/e.java, line(s) 44,54,80,94 y2/i.java, line(s) 107 y8/d.java, line(s) 407 z2/a.java, line(s) 170
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: cat/ereza/customactivityoncrash/activity/DefaultErrorActivity.java, line(s) 6,82 com/luanxingyuan/app/activity/ActorVerifyingActivity.java, line(s) 4,32 com/luanxingyuan/app/activity/ShareActivity.java, line(s) 6,374 com/luanxingyuan/app/dialog/v.java, line(s) 8,149 com/luanxingyuan/app/fragment/MineFragment.java, line(s) 6,646 com/luanxingyuan/app/util/CodeUtil.java, line(s) 5,22 com/luanxingyuan/app/util/share/ShareCopyUrl.java, line(s) 5,20
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/luanxingyuan/app/util/ComprehensiveSecurityDetector.java, line(s) 70,39,39,39,39,39,39 com/unionpay/UPPayAssistEx.java, line(s) 201
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/unionpay/a/b.java, line(s) 29,28,27,27 d2/k1.java, line(s) 442,304 g9/d.java, line(s) 105,104,103 g9/e.java, line(s) 124,114,123,136,122,122 g9/j.java, line(s) 107,106,105,105 g9/k.java, line(s) 228,216,227,226,226 i6/q0.java, line(s) 157,224
综合安全基线评分总结
新暖心缘 v8.1.1
Android APK
43
综合安全评分
中风险