应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Betterhalf.ai v5.1.1
48
安全评分
安全基线评分
48/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
5
高危
25
中危
5
信息
3
安全
隐私风险评估
7
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
5
中危安全漏洞
25
安全提示信息
5
已通过安全项
3
重点安全关注
0
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/clevertap/android/sdk/inapp/CTInAppBaseFullHtmlFragment.java, line(s) 162,10,11 com/clevertap/android/sdk/inapp/CTInAppBasePartialHtmlFragment.java, line(s) 171,14,15 com/razorpay/B$$W$.java, line(s) 292,297,14,15 com/razorpay/CheckoutActivity.java, line(s) 50,5 com/reactnativecommunity/webview/RNCWebViewManagerImpl.java, line(s) 446,17 in/juspay/hypersdk/core/DynamicUI.java, line(s) 134,364,9 in/juspay/hypersdk/safe/JuspayWebView.java, line(s) 75,9,10
高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: in/juspay/hypersdk/core/AndroidInterface.java, line(s) 798 in/juspay/hypersdk/data/KeyValueStore.java, line(s) 13
高危安全漏洞 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/appsflyer/internal/AFb1tSDK.java, line(s) 2319
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/clevertap/android/sdk/cryption/AESCrypt.java, line(s) 94
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个7隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 Service (com.clevertap.android.sdk.pushnotification.fcm.FcmMessageListenerService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.clevertap.android.sdk.pushnotification.fcm.CTFirebaseMessagingReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (io.invertase.firebase.messaging.ReactNativeFirebaseMessagingReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Content Provider (expo.modules.clipboard.ClipboardFileProvider) 未受保护。
[android:exported=true] 检测到 Content Provider 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.canhub.cropper.CropImageActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (in.juspay.hypersdk.core.CustomtabResult) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.razorpay.RzpTokenReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (app.notifee.core.NotificationReceiverActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (app.notifee.core.AlarmPermissionBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/appsflyer/reactnative/RNAppsFlyerConstants.java, line(s) 31,22 com/clevertap/android/sdk/Constants.java, line(s) 58,19,56,79,87,109,108,106,96,104,110,113,140,209,320,313,20,321,345,59,52,71,356,124,125,141 com/clevertap/android/sdk/inapp/InAppController.java, line(s) 58,62 com/clevertap/android/sdk/inapp/data/InAppResponseAdapter.java, line(s) 27,24 com/clevertap/android/sdk/inapp/store/preference/LegacyInAppStore.java, line(s) 15 com/clevertap/android/sdk/product_config/CTProductConfigConstants.java, line(s) 13 com/clevertap/android/sdk/product_config/DefaultXmlParser.java, line(s) 14 com/razorpay/AnalyticsConstants.java, line(s) 106,120,57 com/razorpay/BaseConstants.java, line(s) 21,28 com/razorpay/OtpElfData.java, line(s) 7 com/reactnativeavoidsoftinput/AvoidSoftInputModuleImpl.java, line(s) 25,27 com/reactnativeavoidsoftinput/events/AvoidSoftInputAppliedOffsetChangedEvent.java, line(s) 10 com/reactnativeavoidsoftinput/events/BaseAvoidSoftInputEvent.java, line(s) 11 com/truecaller/android/sdk/SdkUtils.java, line(s) 26 com/truecaller/android/sdk/common/TrueException.java, line(s) 16 expo/modules/adapters/react/NativeModulesProxy.java, line(s) 32,34,36,40 expo/modules/av/AVManager.java, line(s) 50,51,52,53,43,54,55,47,56,57,58,45,48,49 expo/modules/clipboard/GetImageOptions.java, line(s) 13 expo/modules/constants/ExponentInstallationId.java, line(s) 19 expo/modules/image/records/SourceMap.java, line(s) 142 expo/modules/interfaces/permissions/PermissionsResponse.java, line(s) 9,10,11,15,17 expo/modules/notifications/notifications/ArgumentsNotificationContentBuilder.java, line(s) 16,17,25,19,20,18,21,22,23,24,26,27 expo/modules/notifications/notifications/JSONNotificationContentBuilder.java, line(s) 14,15,16,17,18,23,19,20,21,22,24,25 expo/modules/notifications/notifications/background/BackgroundRemoteNotificationTaskConsumer.java, line(s) 22 expo/modules/notifications/notifications/channels/serializers/NotificationsChannelGroupSerializer.java, line(s) 7,8,9,10,11 expo/modules/notifications/notifications/channels/serializers/NotificationsChannelSerializer.java, line(s) 23,12,7,13,14,15,8,10,16,17,18,19,20,21,9,22,24,11,25 expo/modules/notifications/notifications/presentation/builders/ExpoNotificationBuilder.java, line(s) 23,25,26,27,24 expo/modules/notifications/permissions/NotificationPermissionsModuleKt.java, line(s) 7,8,9 expo/modules/notifications/serverregistration/InstallationId.java, line(s) 15 expo/modules/notifications/service/NotificationsService.java, line(s) 55,61,60,68,63,64,65,66,70,69,71,62,73,80,82,54,84 expo/modules/notifications/service/delegates/ExpoPresentationDelegate.java, line(s) 40,42 expo/modules/notifications/tokens/PushTokenModuleKt.java, line(s) 8 io/invertase/firebase/common/TaskExecutorService.java, line(s) 14,15 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingHeadlessService.java, line(s) 12,10 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingSerializer.java, line(s) 23 io/invertase/notifee/NotifeeEventSubscriber.java, line(s) 17,25 org/shadow/apache/commons/lang3/SystemUtils.java, line(s) 92,94,74,76
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/canhub/cropper/BitmapUtils.java, line(s) 291 com/canhub/cropper/CropImage.java, line(s) 67 com/reactnativecommunity/webview/RNCWebViewModuleImpl.java, line(s) 462 com/reactnativecompressor/Utils/RealPathUtil.java, line(s) 100 expo/modules/clipboard/ClipboardFileProvider.java, line(s) 264 expo/modules/medialibrary/MediaLibraryUtils.java, line(s) 306 io/invertase/firebase/utils/ReactNativeFirebaseUtilsModule.java, line(s) 112,121,122,123
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/canhub/cropper/BitmapUtils.java, line(s) 291,296,301 com/canhub/cropper/CropImageActivity.java, line(s) 272 com/reactnativecommunity/webview/RNCWebViewModuleImpl.java, line(s) 462
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/clevertap/android/sdk/inapp/CTInAppBaseFullHtmlFragment.java, line(s) 103,98 com/clevertap/android/sdk/inapp/CTInAppBasePartialHtmlFragment.java, line(s) 151,146 com/razorpay/BaseUtils.java, line(s) 224,206 in/juspay/hypersdk/core/DynamicUI.java, line(s) 103,163,286,101 in/juspay/hypersdk/safe/Godel.java, line(s) 341,613,607
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/clevertap/android/sdk/cryption/AESCrypt.java, line(s) 93 expo/modules/filesystem/FileSystemModule.java, line(s) 2751 in/juspay/hypersdk/security/EncryptionHelper.java, line(s) 151,180
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/clevertap/android/sdk/BuildConfig.java, line(s) 7 expo/modules/network/NetworkModule.java, line(s) 284
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/appsflyer/internal/AFb1aSDK.java, line(s) 15 com/clevertap/android/sdk/pushnotification/LaunchPendingIntentFactory.java, line(s) 12 org/shadow/apache/commons/lang3/RandomStringUtils.java, line(s) 3 org/shadow/apache/commons/lang3/RandomUtils.java, line(s) 3
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: in/juspay/hypersdk/safe/Godel.java, line(s) 620,607
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/mixpanel/android/mpmetrics/MPDbAdapter.java, line(s) 7,8,9,142,150,264,336
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 Bugsnag-SDK的=> "com.bugsnag.android.API_KEY" : "ae5ac63c59f9be445071e06af8e14d83" "facebook_app_id" : "312593845822921" "facebook_client_token" : "36b2078508ccd38381075c0326cfae74" "firebase_database_url" : "https://betterhalf-v2.firebaseio.com" "google_api_key" : "AIzaSyDPLJjVwbyBZD1cFw5lxT5p5_Y6zvRmDog" "google_app_id" : "1:466114304962:android:bb8e5638d6acaeb2cf145b" "google_crash_reporting_api_key" : "AIzaSyDPLJjVwbyBZD1cFw5lxT5p5_Y6zvRmDog" 1ddaa4b892e61b0f7010597ddc582ed3 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 9A04F079-9840-4286-AB92-E65BE0885F95 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMTYwIDMzIiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCAxNjAgMzM7IiB4bWw6c3BhY2U9InByZXNlcnZlIj48c3R5bGUgdHlwZT0idGV4dC9jc3MiPi5zdDB7ZmlsbDojMkQyRDJEO308L3N0eWxlPjxnPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik00OS42LDE0LjZjLTAuNCwwLTAuOCwwLjItMSwwLjVjLTAuMiwwLjQtMC40LDAuOS0wLjQsMS41YzAsMC43LDAuMSwxLjIsMC40LDEuNWMwLjIsMC4zLDAuNiwwLjUsMSwwLjVjMC41LDAsMC45LTAuMSwxLjEtMC40YzAuMi0wLjMsMC40LTAuOCwwLjQtMS40di0wLjJjMC0wLjctMC4xLTEuMy0wLjQtMS42QzUwLjUsMTQuNyw1MC4xLDE0LjYsNDkuNiwxNC42eiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni4zLDE3LjNjLTAuMiwwLjEtMC40LDAuNS0wLjcsMS4xYy0wLjMsMC42LTAuMywwLjktMC4yLDFjMC4xLDAuMSwwLjUsMC4yLDEuMSwwLjJjMC4zLDAsMC41LDAsMC43LDBjMC4xLDAsMC4zLDAsMC41LDBjMC4yLDAsMC4zLTAuMSwwLjQtMC4xYzAuMS0wLjEsMC4yLTAuMSwwLjMtMC4yYzAuMS0wLjEsMC4yLTAuMiwwLjItMC40bDAuOC0xLjdsLTEuOCwwQzg2LjksMTcuMSw4Ni41LDE3LjEsODYuMywxNy4zeiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04MC42LDExLjNsLTIuNCwwbC0xLjQsMy4ybDIuNCwwYzAuNywwLDEuMi0wLjEsMS41LTAuM2MwLjMtMC4yLDAuNi0wLjUsMC44LTFsMC40LTAuOGMwLjItMC40LDAuMi0wLjcsMC0wLjlDODEuNiwxMS40LDgxLjIsMTEuMyw4MC42LDExLjN6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTQzLjksMTQuNmMtMC40LDAtMC43LDAuMS0xLDAuNGMtMC4yLDAuMi0wLjQsMC42LTAuNCwxaDIuNmMwLTAuNC0wLjEtMC44LTAuMy0xQzQ0LjYsMTQuNyw0NC4zLDE0LjYsNDMuOSwxNC42eiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0yMC4yLDE0LjZjLTAuNSwwLTAuOSwwLjItMS4xLDAuNWMtMC4zLDAuMy0wLjQsMC44LTAuNCwxLjVjMCwwLjcsMC4xLDEuMiwwLjQsMS41YzAuMywwLjMsMC42LDAuNSwxLjEsMC41YzAuNSwwLDAuOS0wLjIsMS4xLTAuNWMwLjMtMC4zLDAuNC0wLjksMC40LTEuNWMwLTAuNy0wLjEtMS4yLTAuNC0xLjVDMjEuMSwxNC44LDIwLjgsMTQuNiwyMC4yLDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTEwNy40LDEzLjdjLTAuNywwLTEuMiwwLjEtMS42LDAuM2MtMC4zLDAuMi0wLjYsMC41LTAuOCwxbC0xLjUsMy4zYy0wLjIsMC41LTAuMiwwLjgtMC4xLDFjMC4yLDAuMiwwLjYsMC4zLDEuMywwLjNjMC43LDAsMS4zLTAuMSwxLjYtMC4zYzAuMy0wLjIsMC42LTAuNSwwLjgtMWwxLjUtMy4zYzAuMi0wLjUsMC4yLTAuOCwwLjEtMUMxMDguNiwxMy44LDEwOC4yLDEzLjcsMTA3LjQsMTMuN3oiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTUuMywxMy4yYy0wLjMtMC4yLTAuOC0wLjMtMS40LTAuM0gxM3YyLjdoMC43YzAuNywwLDEuMi0wLjEsMS42LTAuM2MwLjMtMC4yLDAuNS0wLjYsMC41LTEuMUMxNS43LDEzLjgsMTUuNiwxMy41LDE1LjMsMTMuMnoiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMzQuMSwxNC42Yy0wLjQsMC0wLjcsMC4xLTEsMC40Yy0wLjIsMC4yLTAuNCwwLjYtMC40LDFoMi42YzAtMC40LTAuMS0wLjgtMC4zLTFDMzQuOCwxNC43LDM0LjUsMTQuNiwzNC4xLDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTU4LjcsMTQuNmMtMC41LDAtMC45LDAuMS0xLjEsMC40Yy0wLjIsMC4zLTAuMywwLjgtMC4zLDEuNmMwLDAuNywwLjEsMS4zLDAuNCwxLjZjMC4yLDAuMywwLjYsMC41LDEuMSwwLjVjMC41LDAsMC44LTAuMiwxLTAuNWMwLjItMC4zLDAuNC0wLjksMC40LTEuNWMwLTAuNy0wLjEtMS4yLTAuNC0xLjVDNTkuNiwxNC44LDU5LjIsMTQuNiw1OC43LDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTE1Ni45LDAuMkgzLjFDMS40LDAuMiwwLDEuNiwwLDMuNHYyNi41QzAsMzEuNiwxLjQsMzMsMy4xLDMzaDE1My43YzEuNywwLDMuMS0xLjQsMy4xLTMuMVYzLjRDMTYwLDEuNiwxNTguNiwwLjIsMTU2LjksMC4yeiBNMTYsMTZjLTAuNSwwLjQtMS4zLDAuNi0yLjIsMC42SDEzdjIuOGgtMVYxMmgyYzEuOSwwLDIuOCwwLjcsMi44LDIuMkMxNi44LDE1LDE2LjUsMTUuNSwxNiwxNnogTTIyLjIsMTguN2MtMC41LDAuNS0xLjEsMC44LTEuOSwwLjhjLTAuNSwwLTEtMC4xLTEuMy0wLjRjLTAuNC0wLjItMC43LTAuNi0wLjktMWMtMC4yLTAuNC0wLjMtMS0wLjMtMS41YzAtMC45LDAuMi0xLjYsMC43LTIuMWMwLjUtMC41LDEuMS0wLjgsMS45LTAuOGMwLjgsMCwxLjQsMC4zLDEuOSwwLjhjMC41LDAuNSwwLjcsMS4yLDAuNywyLjFDMjIuOCwxNy41LDIyLjYsMTguMiwyMi4yLDE4Ljd6IE0yOS42LDE5LjRoLTEuMWwtMS0zLjJjLTAuMS0wLjItMC4xLTAuNS0wLjMtMWMtMC4xLDAuNC0wLjIsMC44LTAuMywxbC0xLDMuMmgtMS4xbC0xLjUtNS42aDEuMWwwLDAuMWMwLjMsMS40LDAuNiwyLjQsMC44LDMuMWMwLjEsMC40LDAuMiwwLjgsMC4yLDFjMC0wLjEsMC4xLTAuMiwwLjEtMC4zYzAuMS0wLjMsMC4yLTAuNSwwLjItMC43bDEtMy4yaDFsMSwzLjJjMC4xLDAuNCwwLjIsMC43LDAuMywxYzAsMCwwLTAuMSwwLTAuMWMwLjEtMC4yLDAuNC0xLjYsMS00bDAtMC4xaDEuMUwyOS42LDE5LjR6IE0zNi40LDE2LjloLTMuN2MwLDAuNiwwLjIsMSwwLjUsMS4zYzAuMywwLjMsMC43LDAuNSwxLjIsMC41YzAuNiwwLDEuMS0wLjEsMS43LTAuNGwwLjEtMC4xdjFsLTAuMSwwYy0wLjMsMC4xLTAuNiwwLjItMC44LDAuM2MtMC4zLDAuMS0wLjYsMC4xLTEsMC4xYy0wLjgsMC0xLjUtMC4zLTItMC44Yy0wLjUtMC41LTAuNy0xLjItMC43LTIuMWMwLTAuOSwwLjItMS42LDAuNy0yLjFjMC40LTAuNSwxLjEtMC44LDEuOC0wLjhjMC43LDAsMS4zLDAuMiwxLjcsMC43YzAuNCwwLjUsMC42LDEuMSwwLjYsMS44VjE2Ljl6IE00MC44LDE0LjdsLTAuMSwwYy0wLjIsMC0wLjQtMC4xLTAuNi0wLjFjLTAuNCwwLTAuOCwwLjItMSwwLjVjLTAuMywwLjMtMC40LDAuOC0wLjQsMS4zdjNoLTF2LTUuNmgwLjlsMC4xLDAuOGMwLjItMC4zLDAuNC0wLjUsMC42LTAuNmMwLjMtMC4yLDAuNi0wLjMsMS0wLjNjMC4yLDAsMC41LDAsMC43LDAuMWwwLjEsMEw0MC44LDE0Ljd6IE00Ni4yLDE2LjloLTMuN2MwLDAuNiwwLjIsMSwwLjUsMS4zYzAuMywwLjMsMC43LDAuNSwxLjIsMC41YzAuNiwwLDEuMS0wLjEsMS43LTAuNGwwLjEtMC4xdjFsLTAuMSwwYy0wLjMsMC4xLTAuNiwwLjItMC44LDAuM2MtMC4zLDAuMS0wLjYsMC4xLTEsMC4xYy0wLjgsMC0xLjUtMC4zLTItMC44Yy0wLjUtMC41LTAuNy0xLjItMC43LTIuMWMwLTAuOSwwLjItMS42LDAuNy0yLjFjMC40LTAuNSwxLjEtMC44LDEuOC0wLjhjMC43LDAsMS4zLDAuMiwxLjcsMC43YzAuNCwwLjUsMC42LDEuMSwwLjYsMS44VjE2Ljl6IE01Mi4xLDE5LjRoLTAuOWwtMC4xLTAuNmMtMC40LDAuNS0xLDAuNy0xLjcsMC43Yy0wLjcsMC0xLjMtMC4zLTEuNy0wLjhjLTAuNC0wLjUtMC42LTEuMi0wLjYtMi4xYzAtMC45LDAuMi0xLjYsMC42LTIuMWMwLjQtMC41LDEtMC44LDEuNy0wLjhjMC43LDAsMS4yLDAuMiwxLjYsMC43bDAtMC4xbDAtMC40bDAtMi4zaDFWMTkuNHogTTYwLjYsMTguN2MtMC40LDAuNS0xLDAuOC0xLjcsMC44Yy0wLjQsMC0wLjctMC4xLTEtMC4yYy0wLjMtMC4xLTAuNS0wLjMtMC43LTAuNUw1NywxOS40aC0wLjh2LTcuOWgxdjJjMCwwLjMsMCwwLjYsMCwwLjljMC40LTAuNCwwLjktMC43LDEuNi0wLjdjMC43LDAsMS4zLDAuMywxLjcsMC44YzAuNCwwLjUsMC42LDEuMiwwLjYsMi4xQzYxLjIsMTcuNSw2MSwxOC4yLDYwLjYsMTguN3ogTTY0LjUsMjAuMWMtMC4yLDAuNi0wLjUsMS4xLTAuOCwxLjNjLTAuMywwLjMtMC43LDAuNC0xLjIsMC40Yy0wLjMsMC0wLjUsMC0wLjgtMC4xbC0wLjEsMHYtMC45bDAuMSwwYzAuMiwwLDAuNCwwLjEsMC42LDAuMWMwLjUsMCwwLjktMC4zLDEuMS0wLjlsMC4zLTAuN2wtMi4yLTUuNWgxLjFsMS4yLDMuMmMwLjIsMC41LDAuMywwLjksMC40LDEuMmMwLTAuMiwwLjEtMC4zLDAuMi0wLjZjMC4xLTAuNCwwLjYtMS43LDEuMy0zLjhsMC0wLjFoMS4xTDY0LjUsMjAuMXogTTgxLjUsMjFsLTMuMiwwbC0xLTQuNmwtMS4zLDBsLTIsNC42TDcxLDIxbDUuMi0xMS43bDUuMywwYzEuNSwwLDIuNiwwLjIsMy4xLDAuNmMwLjUsMC40LDAuNiwxLDAuMiwxLjlsLTAuOSwyLjFjLTAuMywwLjctMC44LDEuMy0xLjUsMS42Yy0wLjcsMC40LTEuNCwwLjYtMi4yLDAuN0w4MS41LDIxeiBNODcuNiwyMWwwLjQtMC44Yy0wLjMsMC4zLTAuNywwLjYtMS4yLDAuN2MtMC40LDAuMi0xLjEsMC4yLTIuMSwwLjJjLTEuMiwwLTEuOS0wLjItMi4xLTAuNWMtMC4yLTAuNC0wLjEtMS4xLDAuNC0yLjNjMC41LTEsMS0xLjgsMS42LTIuMmMwLjYtMC40LDEuNC0wLjYsMi40LTAuNmwzLDBsMC4zLTAuNmMwLjItMC41LDAuMy0wLjksMC4xLTEuMWMtMC4yLTAuMi0wLjctMC4zLTEuNC0wLjNjLTAuNywwLTEuOCwwLjEtMy4yLDAuMmwwLjctMS43YzEuMS0wLjEsMi4yLTAuMiwzLjQtMC4yYzEuNiwwLDIuNiwwLjIsMy4xLDAuNmMwLjUsMC40LDAuNCwxLjItMC4xLDIuM2wtMi43LDZMODcuNiwyMXogTTk5LDIxbC03LjksMGwwLjYtMS40bDYuOS01LjZsLTQuMiwwbDAuOC0xLjdsNy42LDBsLTAuNiwxLjRsLTYuOSw1LjZsNC41LDBMOTksMjF6IE0xMDgsMjAuNGMtMC40LDAuMi0wLjgsMC40LTEuMywwLjVjLTAuNSwwLjEtMC45LDAuMi0xLjMsMC4yYy0wLjQsMC0wLjgsMC0xLjMsMGMtMC41LDAtMC45LDAtMS4zLDBjLTAuMywwLTAuNy0wLjEtMS4xLTAuMmMtMC40LTAuMS0wLjYtMC4zLTAuOC0wLjVjLTAuMi0wLjItMC4yLTAuNS0wLjItMC45YzAtMC40LDAuMS0wLjksMC40LTEuNWwxLjEtMi42YzAuMy0wLjYsMC42LTEuMSwxLTEuNWMwLjQtMC40LDAuOC0wLjgsMS4xLTFjMC40LTAuMiwwLjgtMC40LDEuMy0wLjVjMC41LTAuMSwwLjktMC4yLDEuMy0wLjJjMC40LDAsMC44LDAsMS4zLDBjMC41LDAsMC45LDAsMS4yLDBjMC4zLDAsMC43LDAuMSwxLjEsMC4yYzAuNCwwLjEsMC42LDAuMywwLjgsMC41YzAuMiwwLjIsMC4zLDAuNiwwLjIsMWMwLDAuNC0wLjEsMC45LTAuNCwxLjVMMTEwLDE4Yy0wLjMsMC42LTAuNiwxLTAuOSwxLjVDMTA4LjcsMTkuOSwxMDguMywyMC4yLDEwOCwyMC40eiBNMTA5LjgsMjFsMy45LTguN2wyLjUsMGwtMC43LDEuNWMwLjItMC40LDAuNi0wLjgsMS4zLTEuMmMwLjYtMC40LDEuMi0wLjUsMS44LTAuNWwwLjksMGwtMSwyLjJsLTAuOSwwYy0wLjcsMC0xLjMsMC4xLTEuOCwwLjNjLTAuNSwwLjItMC44LDAuNi0xLjEsMS4xbC0yLjMsNS4yTDEwOS44LDIxeiBNMTI0LjYsMjAuNWMtMC44LDAuNC0xLjgsMC43LTMuMSwwLjdjLTAuOCwwLTEuNC0wLjEtMS43LTAuMmMtMC4zLTAuMS0wLjUtMC40LTAuNC0wLjlsLTIuMSw0LjZsLTIuNiwwbDUuNi0xMi41bDIuNSwwbC0wLjQsMC45YzAuMy0wLjQsMC44LTAuNywxLjMtMC44YzAuNS0wLjIsMS4yLTAuMiwyLjEtMC4yYzAuNywwLDEuMywwLjEsMS43LDAuMmMwLjQsMC4xLDAuNywwLjMsMC44LDAuNmMwLjEsMC4zLDAuMSwwLjYsMC4xLDAuOWMtMC4xLDAuMy0wLjIsMC44LTAuNSwxLjNsLTEuMywyLjlDMTI2LDE5LjIsMTI1LjMsMjAuMSwxMjQuNiwyMC41eiBNMTMxLjgsMjFsMC40LTAuOGMtMC4zLDAuMy0wLjcsMC42LTEuMiwwLjdjLTAuNCwwLjItMS4xLDAuMi0yLjEsMC4yYy0xLjIsMC0xLjktMC4yLTIuMS0wLjVjLTAuMi0wLjQtMC4xLTEuMSwwLjQtMi4zYzAuNS0xLDEtMS44LDEuNi0yLjJjMC42LTAuNCwxLjQtMC42LDIuNC0wLjZsMywwbDAuMy0wLjZjMC4yLTAuNSwwLjMtMC45LDAuMS0xLjFjLTAuMi0wLjItMC43LTAuMy0xLjQtMC4zYy0wLjcsMC0xLjgsMC4xLTMuMiwwLjJsMC43LTEuN2MxLjEtMC4xLDIuMi0wLjIsMy40LTAuMmMxLjYsMCwyLjYsMC4yLDMuMSwwLjZjMC41LDAuNCwwLjQsMS4yLTAuMSwyLjNsLTIuNyw2TDEzMS44LDIxeiBNMTM3LjcsMjQuOGwtMi43LDBsMy4zLTMuOGwwLjQtOC43bDIuOSwwbC0wLjgsNi4ybDQuNS02LjJsMi43LDBMMTM3LjcsMjQuOHoiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTMwLjUsMTcuM2MtMC4yLDAuMS0wLjQsMC41LTAuNywxLjFjLTAuMywwLjYtMC4zLDAuOS0wLjIsMWMwLjEsMC4xLDAuNSwwLjIsMS4xLDAuMmMwLjMsMCwwLjUsMCwwLjcsMGMwLjEsMCwwLjMsMCwwLjUsMGMwLjIsMCwwLjMtMC4xLDAuNC0wLjFjMC4xLTAuMSwwLjItMC4xLDAuMy0wLjJjMC4xLTAuMSwwLjItMC4yLDAuMi0wLjRsMC44LTEuN2wtMS44LDBDMTMxLjEsMTcuMSwxMzAuNywxNy4xLDEzMC41LDE3LjN6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTEyMy45LDEzLjdjLTAuNywwLTEuMywwLjEtMS42LDAuM2MtMC4zLDAuMi0wLjYsMC41LTAuOCwxbC0xLjQsMy4yYy0wLjIsMC41LTAuMywwLjktMC4xLDFjMC4xLDAuMiwwLjYsMC4zLDEuNCwwLjNjMC44LDAsMS4zLTAuMSwxLjYtMC4zYzAuMy0wLjIsMC42LTAuNSwwLjgtMWwxLjQtMy4yYzAuMy0wLjYsMC4zLTAuOSwwLjItMS4xQzEyNS4zLDEzLjgsMTI0LjgsMTMuNywxMjMuOSwxMy43eiIvPjwvZz48L3N2Zz4= 24b2477514809255df232947ce7928c4 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIHdpZHRoPSIxMnB4IiBoZWlnaHQ9IjE1cHgiIHZpZXdCb3g9IjAgMCAxMiAxNSIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4gICAgICAgIDx0aXRsZT5pYy1sb2NrLTI0cHhAMng8L3RpdGxlPiAgICA8ZGVzYz5DcmVhdGVkIHdpdGggU2tldGNoLjwvZGVzYz4gICAgPGRlZnM+PC9kZWZzPiAgICA8ZyBpZD0iUGFnZS0xIiBzdHJva2U9Im5vbmUiIHN0cm9rZS13aWR0aD0iMSIgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4gICAgICAgIDxnIGlkPSI1LjQiIHRyYW5zZm9ybT0idHJhbnNsYXRlKC0yNi4wMDAwMDAsIC01OTYuMDAwMDAwKSI+ICAgICAgICAgICAgPGcgaWQ9Ikdyb3VwLTciIHRyYW5zZm9ybT0idHJhbnNsYXRlKDE2LjAwMDAwMCwgNTg4LjAwMDAwMCkiPiAgICAgICAgICAgICAgICA8ZyBpZD0iaWMtbG9jay0yNHB4IiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg4LjAwMDAwMCwgOC4wMDAwMDApIj4gICAgICAgICAgICAgICAgICAgIDxwb2x5Z29uIGlkPSJTaGFwZSIgcG9pbnRzPSIwIDAgMTYgMCAxNiAxNiAwIDE2Ij48L3BvbHlnb24+ICAgICAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMTIsNS4zMzMzMzMzMyBMMTEuMzMzMzMzMyw1LjMzMzMzMzMzIEwxMS4zMzMzMzMzLDQgQzExLjMzMzMzMzMsMi4xNiA5Ljg0LDAuNjY2NjY2NjY3IDgsMC42NjY2NjY2NjcgQzYuMTYsMC42NjY2NjY2NjcgNC42NjY2NjY2NywyLjE2IDQuNjY2NjY2NjcsNCBMNC42NjY2NjY2Nyw1LjMzMzMzMzMzIEw0LDUuMzMzMzMzMzMgQzMuMjY2NjY2NjcsNS4zMzMzMzMzMyAyLjY2NjY2NjY3LDUuOTMzMzMzMzMgMi42NjY2NjY2Nyw2LjY2NjY2NjY3IEwyLjY2NjY2NjY3LDEzLjMzMzMzMzMgQzIuNjY2NjY2NjcsMTQuMDY2NjY2NyAzLjI2NjY2NjY3LDE0LjY2NjY2NjcgNCwxNC42NjY2NjY3IEwxMiwxNC42NjY2NjY3IEMxMi43MzMzMzMzLDE0LjY2NjY2NjcgMTMuMzMzMzMzMywxNC4wNjY2NjY3IDEzLjMzMzMzMzMsMTMuMzMzMzMzMyBMMTMuMzMzMzMzMyw2LjY2NjY2NjY3IEMxMy4zMzMzMzMzLDUuOTMzMzMzMzMgMTIuNzMzMzMzMyw1LjMzMzMzMzMzIDEyLDUuMzMzMzMzMzMgWiBNOCwxMS4zMzMzMzMzIEM3LjI2NjY2NjY3LDExLjMzMzMzMzMgNi42NjY2NjY2NywxMC43MzMzMzMzIDYuNjY2NjY2NjcsMTAgQzYuNjY2NjY2NjcsOS4yNjY2NjY2NyA3LjI2NjY2NjY3LDguNjY2NjY2NjcgOCw4LjY2NjY2NjY3IEM4LjczMzMzMzMzLDguNjY2NjY2NjcgOS4zMzMzMzMzMyw5LjI2NjY2NjY3IDkuMzMzMzMzMzMsMTAgQzkuMzMzMzMzMzMsMTAuNzMzMzMzMyA4LjczMzMzMzMzLDExLjMzMzMzMzMgOCwxMS4zMzMzMzMzIFogTTEwLjA2NjY2NjcsNS4zMzMzMzMzMyBMNS45MzMzMzMzMyw1LjMzMzMzMzMzIEw1LjkzMzMzMzMzLDQgQzUuOTMzMzMzMzMsMi44NiA2Ljg2LDEuOTMzMzMzMzMgOCwxLjkzMzMzMzMzIEM5LjE0LDEuOTMzMzMzMzMgMTAuMDY2NjY2NywyLjg2IDEwLjA2NjY2NjcsNCBMMTAuMDY2NjY2Nyw1LjMzMzMzMzM PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIHdpZHRoPSIxNHB4IiBoZWlnaHQ9IjE0cHgiIHZpZXdCb3g9IjAgMCAxNCAxNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4gICAgICAgIDx0aXRsZT5Hcm91cCA2PC90aXRsZT4gICAgPGRlc2M+Q3JlYXRlZCB3aXRoIFNrZXRjaC48L2Rlc2M+ICAgIDxkZWZzPjwvZGVmcz4gICAgPGcgaWQ9IlBhZ2UtMSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+ICAgICAgICA8ZyBpZD0iNS4xIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMjUuMDAwMDAwLCAtNTI1LjAwMDAwMCkiPiAgICAgICAgICAgIDxnIGlkPSJHcm91cC02IiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgyNC4wMDAwMDAsIDUyNC4wMDAwMDApIj4gICAgICAgICAgICAgICAgPHBvbHlnb24gaWQ9IlNoYXBlIiBwb2ludHM9IjAgMCAxNiAwIDE2IDE2IDAgMTYiPjwvcG9seWdvbj4gICAgICAgICAgICAgICAgPHBhdGggZD0iTTEzLjMzMzMzMzMsMS4zMzMzMzMzMyBDMTQuMDY2NjY2NywxLjMzMzMzMzMzIDE0LjY2NjY2NjcsMS45MzMzMzMzMyAxNC42NjY2NjY3LDIuNjY2NjY2NjcgTDE0LjY2NjY2NjcsMTAuNjY2NjY2NyBDMTQuNjY2NjY2NywxMS40IDE0LjA2NjY2NjcsMTIgMTMuMzMzMzMzMywxMiBMNCwxMiBMMS4zMzMzMzMzMywxNC42NjY2NjY3IEwxLjMzMzMzMzMzLDIuNjY2NjY2NjcgQzEuMzMzMzMzMzMsMS45MzMzMzMzMyAxLjkzMzMzMzMzLDEuMzMzMzMzMzMgMi42NjY2NjY2NywxLjMzMzMzMzMzIEwxMy4zMzMzMzMzLDEuMzMzMzMzMzMgWiBNNS4zMzMzMzMzMyw3LjMzMzMzMzMzIEM1LjcwMTUyMzE3LDcuMzMzMzMzMzMgNiw3LjAzNDg1NjUgNiw2LjY2NjY2NjY3IEM2LDYuMjk4NDc2ODMgNS43MDE1MjMxNyw2IDUuMzMzMzMzMzMsNiBDNC45NjUxNDM1LDYgNC42NjY2NjY2Nyw2LjI5ODQ3NjgzIDQuNjY2NjY2NjcsNi42NjY2NjY2NyBDNC42NjY2NjY2Nyw3LjAzNDg1NjUgNC45NjUxNDM1LDcuMzMzMzMzMzMgNS4zMzMzMzMzMyw3LjMzMzMzMzMzIFogTTgsNy4zMzMzMzMzMyBDOC4zNjgxODk4Myw3LjMzMzMzMzMzIDguNjY2NjY2NjcsNy4wMzQ4NTY1IDguNjY2NjY2NjcsNi42NjY2NjY2NyBDOC42NjY2NjY2Nyw2LjI5ODQ3NjgzIDguMzY4MTg5ODMsNiA4LDYgQzcuNjMxODEwMTcsNiA3LjMzMzMzMzMzLDYuMjk4NDc2ODMgNy4zMzMzMzMzMyw2LjY2NjY2NjY3IEM3LjMzMzMzMzMzLDcuMDM0ODU2NSA3LjYzMTgxMDE3LDcuMzMzMzMzMzMgOCw3LjMzMzMzMzMzIFogTTEwLjY2NjY2NjcsNy4zMzMzMzMzMyBDMTEuMDM0ODU2NSw3LjMzMzMzMzMzIDExLjMzMzMzMzMsNy4wMzQ4NTY1IDExLjMzMzMzMzMsNi42NjY2NjY2NyBDMTEuMzMzMzMzMyw2LjI5ODQ3NjgzIDExLjAzNDg1NjUsNiAxMC42NjY2NjY3LDYgQzEwLjI5ODQ3NjgsNiAxMCw2LjI5ODQ3NjgzIDEwLDYuNjY2NjY2NjcgQzEwLDcuMDM0ODU2NSAxMC4yOTg0NzY4LDcuMzMzMzMzMzMgMTAuNjY2NjY2Nyw3LjMzMzMzMzMzIFoiIGlkPSJDb21iaW5lZC1TaGFwZSIgZmlsbD0iI0ZGRkZGRiIgZmlsbC1ydWxlPSJub256ZXJvIj48L3BhdGg+ICAgICAgICAgICAgPC9nPiAgICAgICAgPC9nPiAgICA8L2c+PC9zdmc+ 0ac1169ae6cead75264c725febd8e8d941f25e31 FBA3AF4E7757D9016E953FB3EE4671CA2BD9AF725F9A53D52ED4A38EAAA08901 9b8f518b086098de3d77736f9458a3d2f6f95a37 c56fb7d591ba6704df047fd98f535372fea00211 df6b721c8b4d3b6eb44c861d4415007e5a35fc95 85053bf24bba75239b16a601d9387e17 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 E3F9E1E0CF99D0E56A055BA65E241B3399F7CEA524326B0CDD6EC1327ED0FDC1 cc2751449a350f668590264ed76692694a80308a a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc FFE391E0EA186D0734ED601E4E70E3224B7309D48E2075BAC46D8C667EAE7212 8a03e08e354a73ac49509c8b708fbe15aee2fb2a A2B55680-6F43-11E0-9A3F-0002A5D5C51B PHN2ZyBmaWxsPSIjRkZGRkZGIiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4gICAgPHBhdGggZD0iTTguNTkgMTYuMzRsNC41OC00LjU5LTQuNTgtNC41OUwxMCA1Ljc1bDYgNi02IDZ6Ii8+ICAgIDxwYXRoIGQ9Ik0wLS4yNWgyNHYyNEgweiIgZmlsbD0ibm9uZSIvPjwvc3ZnPg== 3BAF59A2E5331C30675FAB35FF5FFF0D116142D3D4664F1C3CB804068B40614F
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: app/notifee/core/AlarmPermissionBroadcastReceiver.java, line(s) 12 app/notifee/core/Logger.java, line(s) 13,17,34,39,22,26,30 app/notifee/core/RebootBroadcastReceiver.java, line(s) 12 app/notifee/core/b.java, line(s) 131 com/appsflyer/internal/AFb1tSDK.java, line(s) 1129,267 com/appsflyer/internal/AFf1iSDK.java, line(s) 156,161 com/appsflyer/internal/AFf1jSDK.java, line(s) 54 com/appsflyer/internal/AFf1tSDK.java, line(s) 40 com/appsflyer/internal/AFg1dSDK.java, line(s) 83,91,106,95,101,99 com/appsflyer/internal/AFg1lSDK.java, line(s) 327 com/appsflyer/reactnative/RNAppsFlyerModule.java, line(s) 137,648,705,709 com/appsflyer/share/LinkGenerator.java, line(s) 171 com/canhub/cropper/BitmapUtils.java, line(s) 295,261,334 com/canhub/cropper/CropImageActivity.java, line(s) 562 com/canhub/cropper/CropOverlayView.java, line(s) 1117 com/cardreader/card_reader_lib/CardTask.java, line(s) 49,52,101,103,105,110,114,118,121,151,179,181,196,200,235 com/cardreader/card_reader_lib/xutils/EmvTerminal.java, line(s) 21 com/caverock/androidsvg/CSSParser.java, line(s) 992,359 com/caverock/androidsvg/SVG.java, line(s) 342 com/caverock/androidsvg/SVGAndroidRenderer.java, line(s) 113,346,1281,169,174,342 com/caverock/androidsvg/SVGImageView.java, line(s) 113,120,146,164,186,216 com/caverock/androidsvg/SVGParser.java, line(s) 616,640,660,956,530,645,2924,2960,2977 com/caverock/androidsvg/SimpleAssetResolver.java, line(s) 41,55,70 com/clevertap/android/sdk/Logger.java, line(s) 11,17,23,29,88,96,99,107,114,35,41,47,53,121,128,135,142,59,65,71,77,149,157,160,168,175 com/clevertap/android/sdk/displayunits/CTDisplayUnitType.java, line(s) 36 com/clevertap/android/sdk/product_config/DefaultXmlParser.java, line(s) 30,36,53,67 com/clevertap/android/sdk/response/CleverTapResponse.java, line(s) 11 com/clevertap/react/CleverTapApplication.java, line(s) 25,52,54 com/clevertap/react/CleverTapModule.java, line(s) 1369,155,248,276,286,685,695,705,715,821,961,971,981,991,1017,1024,1051,1216,1361,1373,1421,1472,1478,1481,1570,1576,1587,1596,1599,1609,1645,1795,1808,203,212,221,230,239,258,267,302,1058,1288,1415,1520,1729 com/clevertap/react/CleverTapUtils.java, line(s) 37 com/coremedia/iso/boxes/sampleentry/AudioSampleEntry.java, line(s) 194 com/dooboolab/rniap/PlayUtils.java, line(s) 62,67 com/dooboolab/rniap/PromiseUtlisKt.java, line(s) 20,45 com/dooboolab/rniap/RNIapModule$getPurchaseHistoryByType$1.java, line(s) 61 com/dooboolab/rniap/RNIapModule.java, line(s) 289,142,213,223,241 com/faizal/OtpVerify/AppSignatureHelper.java, line(s) 47,36,50 com/faizal/OtpVerify/OtpBroadcastReceiver.java, line(s) 42,49 com/faizal/OtpVerify/OtpVerifyModule.java, line(s) 135,178,89,101,147,153,159,166 com/github/penfeizhou/animation/FrameAnimationDrawable.java, line(s) 239 com/github/penfeizhou/animation/apng/decode/APNGDecoder.java, line(s) 87 com/github/penfeizhou/animation/decode/FrameSeqDecoder.java, line(s) 191,246,343,480,242,279,290,292,339 com/horcrux/svg/Brush.java, line(s) 135,146 com/horcrux/svg/ClipPathView.java, line(s) 33 com/horcrux/svg/ImageView.java, line(s) 172 com/horcrux/svg/LinearGradientView.java, line(s) 110 com/horcrux/svg/PatternView.java, line(s) 121 com/horcrux/svg/RadialGradientView.java, line(s) 142 com/horcrux/svg/UseView.java, line(s) 91,122,137 com/horcrux/svg/VirtualView.java, line(s) 388,314,352,356 com/imagepicker/ImageMetadata.java, line(s) 34 com/imagepicker/Metadata.java, line(s) 31 com/mixpanel/android/mpmetrics/AnalyticsMessages.java, line(s) 394,237,370,416,441,446,448,276,280,407 com/mixpanel/android/mpmetrics/ConfigurationChecker.java, line(s) 24,17,23 com/mixpanel/android/mpmetrics/MPConfig.java, line(s) 183 com/mixpanel/android/mpmetrics/MPDbAdapter.java, line(s) 250,296,325,359,411,414,428,442,84,97 com/mixpanel/android/mpmetrics/MixpanelAPI.java, line(s) 1330,1332,1334,1336,1346,1349,1352,1355,1359,152,353,367,374,385,510,539,606,806,822,846,858,868,886,898,910,924,948,962,976,990,1015,1029,1100,1120,1132,1142,1160,1172,1186,1200,1214,1224,1282,1301,1322,659,723,344,442,516,545,583,592,796,799,828,874,1148 com/mixpanel/android/mpmetrics/PersistentIdentity.java, line(s) 77,101,115,139,172,175,324,326,338,341,369,372,404,406,437,443,449,474,476,483,493,495,513,515,525,527,535,538,553,555,434,487,95 com/mixpanel/android/mpmetrics/ResourceReader.java, line(s) 93,98,111,110 com/mixpanel/android/mpmetrics/SessionMetadata.java, line(s) 48 com/mixpanel/android/util/HttpService.java, line(s) 35,38,42,54 com/mixpanel/android/util/MPLog.java, line(s) 36,42,72,78,48,54,24,30,60,66 com/naman14/androidlame/Mp3AudioRecorder.java, line(s) 85,87,90,98,100,104,106,132,134,137,149,150,152,155,159,163,168,171 com/naman14/androidlame/Mp3Player.java, line(s) 25 com/razorpay/AppSignatureHelper.java, line(s) 36,48 com/razorpay/BaseUtils.java, line(s) 713,600 com/razorpay/F_$o_.java, line(s) 159 com/razorpay/J$_M_.java, line(s) 86 com/razorpay/OpinionatedSoln.java, line(s) 261 com/razorpay/OtpElfData.java, line(s) 31 com/razorpay/SmsReceiver.java, line(s) 41,37 com/razorpay/b.java, line(s) 33 com/razorpay/d__1_.java, line(s) 7 com/reactnativeavoidsoftinput/ReactNativeAvoidSoftInputLogger.java, line(s) 20 com/reactnativecommunity/cameraroll/CameraRollModule.java, line(s) 470,484,523,539,558,585,604,632 com/reactnativecommunity/webview/RNCWebView.java, line(s) 352 com/reactnativecommunity/webview/RNCWebViewClient.java, line(s) 96,169,85,101,129,171 com/reactnativecommunity/webview/RNCWebViewManagerImpl.java, line(s) 139,152 com/reactnativecommunity/webview/RNCWebViewModuleImpl.java, line(s) 302,307,331,336,210,238,241,255 com/reactnativecompressor/Audio/AudioExtractor.java, line(s) 68,74 com/reactnativecompressor/Utils/Downloader.java, line(s) 81 com/reactnativecompressor/Utils/MediaCache.java, line(s) 24,41,44,48,51,60,62,65,76,79,83 com/reactnativecompressor/Utils/Uploader.java, line(s) 120 com/reactnativecompressor/Utils/Utils.java, line(s) 143,153,193,99,106 com/reactnativecompressor/Video/VideoCompressor/utils/CompressorUtils.java, line(s) 140,71,147 com/reactnativecompressor/Video/VideoCompressor/utils/StreamableVideo.java, line(s) 70 com/reactnativecompressor/Video/VideoMain.java, line(s) 45 com/reactnativemmkv/MmkvModule.java, line(s) 38,27,33,35 com/sparkfabrik/rnidfaaaid/ReactNativeIdfaAaidModule.java, line(s) 37 com/swmansion/gesturehandler/react/RNGestureHandlerModule.java, line(s) 658 com/swmansion/gesturehandler/react/RNGestureHandlerRootHelper.java, line(s) 44,62 com/swmansion/gesturehandler/react/RNGestureHandlerRootView.java, line(s) 34 com/swmansion/reanimated/NativeMethodsHelper.java, line(s) 46 com/swmansion/reanimated/ReanimatedModule.java, line(s) 100 com/swmansion/reanimated/ReanimatedUIManagerFactory.java, line(s) 20 com/swmansion/reanimated/layoutReanimation/AnimationsManager.java, line(s) 200,214 com/swmansion/reanimated/layoutReanimation/ReanimatedNativeHierarchyManager.java, line(s) 37 com/swmansion/reanimated/layoutReanimation/SharedTransitionManager.java, line(s) 91 com/swmansion/reanimated/nativeProxy/NativeProxyCommon.java, line(s) 188 com/swmansion/reanimated/sensor/ReanimatedSensorContainer.java, line(s) 35 com/swmansion/rnscreens/ScreenStackHeaderConfigViewManager.java, line(s) 178 com/th3rdwave/safeareacontext/SafeAreaView.java, line(s) 106 com/unistyles/UnistylesModule.java, line(s) 313,366,218 com/zoontek/rnpermissions/RNPermissionsModuleImpl.java, line(s) 224 expo/modules/ExpoModulesPackage.java, line(s) 39 expo/modules/adapters/react/services/UIManagerModuleWrapper.java, line(s) 80 expo/modules/apploader/AppLoaderProvider.java, line(s) 24 expo/modules/av/player/PlayerData.java, line(s) 194,218,171,191 expo/modules/av/player/SimpleExoPlayerData.java, line(s) 310 expo/modules/av/video/MediaController.java, line(s) 354 expo/modules/cellular/CellularModule.java, line(s) 86 expo/modules/clipboard/ClipboardModule.java, line(s) 441 expo/modules/constants/ConstantsService.java, line(s) 94,151 expo/modules/constants/ExponentInstallationId.java, line(s) 80,109 expo/modules/core/logging/OSLogHandler.java, line(s) 32,42,47,36,40,23,25 expo/modules/devlauncher/helpers/DevLauncherInstallationIDHelper.java, line(s) 56,72 expo/modules/devlauncher/launcher/configurators/DevLauncherExpoActivityConfigurator.java, line(s) 168,182 expo/modules/devmenu/devtools/DevMenuDevToolsDelegate$openJSInspector$1$1.java, line(s) 61 expo/modules/devmenu/extensions/DevMenuExtension.java, line(s) 74,81 expo/modules/devmenu/react/DevMenuPackagerCommandHandlersSwapper$swapCurrentCommandHandlers$1.java, line(s) 58 expo/modules/devmenu/react/DevMenuPackagerCommandHandlersSwapper.java, line(s) 37 expo/modules/devmenu/react/DevMenuShakeDetectorListenerSwapper.java, line(s) 23 expo/modules/devmenu/websockets/DevMenuCommandHandlersProvider.java, line(s) 124 expo/modules/filesystem/FileSystemModule$definition$1$17$1$1.java, line(s) 30 expo/modules/filesystem/FileSystemModule$definition$1$18$1.java, line(s) 31 expo/modules/filesystem/FileSystemModule$definition$1$19$4.java, line(s) 39 expo/modules/filesystem/FileSystemModule$downloadResumableTask$2.java, line(s) 106 expo/modules/filesystem/FileSystemModule.java, line(s) 2291 expo/modules/image/ExpoImageView.java, line(s) 267 expo/modules/image/ImageViewWrapperTarget.java, line(s) 137 expo/modules/image/ThumbnailRequestCoordinatorExtensionKt.java, line(s) 24 expo/modules/image/events/GlideRequestListener.java, line(s) 48 expo/modules/imagepicker/ImagePickerUtilsKt.java, line(s) 145,169 expo/modules/medialibrary/MediaLibraryModule.java, line(s) 1392 expo/modules/medialibrary/MediaLibraryUtils.java, line(s) 319 expo/modules/medialibrary/assets/AssetUtilsKt.java, line(s) 293,295,297,108,241 expo/modules/network/NetworkModule.java, line(s) 247 expo/modules/notifications/badge/BadgeHelper.java, line(s) 49 expo/modules/notifications/notifications/ArgumentsNotificationContentBuilder.java, line(s) 63,110 expo/modules/notifications/notifications/JSONNotificationContentBuilder.java, line(s) 143,146,158,178,127 expo/modules/notifications/notifications/background/BackgroundRemoteNotificationTaskConsumer.java, line(s) 79,90 expo/modules/notifications/notifications/presentation/ExpoNotificationPresentationEffectsManager.java, line(s) 38,56 expo/modules/notifications/notifications/presentation/builders/CategoryAwareNotificationBuilder.java, line(s) 48 expo/modules/notifications/notifications/presentation/builders/ChannelAwareNotificationBuilder.java, line(s) 31,40 expo/modules/notifications/notifications/presentation/builders/ExpoNotificationBuilder.java, line(s) 95,145,157,172 expo/modules/notifications/serverregistration/InstallationId.java, line(s) 45,57,72 expo/modules/notifications/service/NotificationsService.java, line(s) 363,507,535 expo/modules/notifications/service/delegates/ExpoHandlingDelegate.java, line(s) 107 expo/modules/notifications/service/delegates/ExpoNotificationLifecycleListener.java, line(s) 26,36 expo/modules/notifications/service/delegates/ExpoPresentationDelegate.java, line(s) 216,79,82,85,200 expo/modules/notifications/service/delegates/ExpoSchedulingDelegate.java, line(s) 92,118,122,126,57 expo/modules/splashscreen/singletons/SplashScreen.java, line(s) 115,161,202 expo/modules/truecaller/TruecallerModule.java, line(s) 209,86 expo/modules/videothumbnails/VideoThumbnailsModule.java, line(s) 181 in/juspay/hyper/core/JuspayLogger.java, line(s) 11,17,23,29,35 in/juspay/hypersdk/core/AndroidInterface.java, line(s) 116,123,843 io/invertase/firebase/app/ReactNativeFirebaseApp.java, line(s) 16 io/invertase/firebase/app/ReactNativeFirebaseAppModule.java, line(s) 52 io/invertase/firebase/common/RCTConvertFirebase.java, line(s) 114 io/invertase/firebase/common/ReactNativeFirebaseEventEmitter.java, line(s) 130 io/invertase/firebase/common/SharedUtils.java, line(s) 84,263,321,121 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingModule.java, line(s) 80 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingReceiver.java, line(s) 21,42 io/invertase/firebase/utils/ReactNativeFirebaseUtilsModule.java, line(s) 69 io/invertase/notifee/NotifeeReactUtils.java, line(s) 192,207 javazoom/jl/converter/jlc.java, line(s) 26,59,62,66,75,89,90,91,92,93,94 javazoom/jl/player/PlayerApplet.java, line(s) 33,49,93,103,114 javazoom/jl/player/advanced/jlap.java, line(s) 21,31,32,33,66,71 javazoom/jl/player/jlp.java, line(s) 23,68,69,70,71,72,77 org/greenrobot/eventbus/Logger.java, line(s) 32,37 org/shadow/apache/commons/lang3/SystemUtils.java, line(s) 211
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/truecaller/android/sdk/common/callVerification/RequestPermissionHandler.java, line(s) 213,213 expo/modules/adapters/react/permissions/PermissionsService.java, line(s) 108,108 expo/modules/constants/ExponentInstallationId.java, line(s) 29,29 expo/modules/devlauncher/launcher/DevLauncherRecentlyOpenedAppsRegistry.java, line(s) 27,27 expo/modules/notifications/service/delegates/SharedPreferencesNotificationsStore.java, line(s) 29,29
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/clevertap/android/sdk/inbox/CTInboxButtonClickListener.java, line(s) 4,74 com/razorpay/RzpAssist.java, line(s) 5,286 expo/modules/clipboard/ClipboardModule.java, line(s) 5,190,233 expo/modules/devmenu/modules/DevMenuInternalModule.java, line(s) 5,265,289,266,290 in/juspay/hypersdk/core/JBridge.java, line(s) 7,313
安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: expo/modules/clipboard/ClipboardModule.java, line(s) 393,395,402,5
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://betterhalf-v2.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/clevertap/android/sdk/network/http/UrlConnectionHttpClient.java, line(s) 191,189,191,188,182,182 com/truecaller/android/sdk/common/network/RestAdapter.java, line(s) 18,18 in/juspay/hypersdk/security/HyperSSLSocketFactory.java, line(s) 61,60,62,59,59
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: expo/modules/device/DeviceModule.java, line(s) 135,135 in/juspay/hypersdk/data/SessionInfo.java, line(s) 122,126
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/466114304962/namespaces/firebase:fetch?key=AIzaSyDPLJjVwbyBZD1cFw5lxT5p5_Y6zvRmDog ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
综合安全基线评分总结
Betterhalf.ai v5.1.1
Android APK
48
综合安全评分
中风险