应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Kahramaa v15.23.3
63
安全评分
安全基线评分
63/100
低风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用安全状况良好,可正常使用
漏洞与安全项分布
1
高危
12
中危
2
信息
4
安全
隐私风险评估
2
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
1
中危安全漏洞
12
安全提示信息
2
已通过安全项
4
重点安全关注
0
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/qa/kahramaa/kahramaa/base/retrofit/n.java, line(s) 24 com/threatmetrix/TrustDefender/RL/jooooj.java, line(s) 60,141 nb/q.java, line(s) 111
中危安全漏洞 Service (com.firebase.jobdispatcher.GooglePlayReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.permission.BIND_NETWORK_TASK_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: r6/l.java, line(s) 5,6,98,739,1083 r6/o.java, line(s) 4,5,14 w4/m.java, line(s) 4,30 x4/c0.java, line(s) 4,5,91 x4/k.java, line(s) 6,33 x4/u.java, line(s) 4,38 x4/v.java, line(s) 6,7,117,155,210,244,315
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: a6/d3.java, line(s) 7 a6/f0.java, line(s) 7 a6/h1.java, line(s) 8 a6/m1.java, line(s) 7 a6/p.java, line(s) 6 a6/p2.java, line(s) 7 a6/s0.java, line(s) 7 a6/u.java, line(s) 7 a6/v0.java, line(s) 7 a6/z0.java, line(s) 4 com/threatmetrix/TrustDefender/RL/TMXProfilingConnections/fxypxwuvrpbipip/frrrrr.java, line(s) 5 com/threatmetrix/TrustDefender/RL/TMXProfilingConnections/fxypxwuvrpbipip/xxnnxn.java, line(s) 5 com/threatmetrix/TrustDefender/RL/TMXProfilingConnections/syawysbapsqkuvq/frrrrr.java, line(s) 5 com/threatmetrix/TrustDefender/RL/TMXProfilingConnections/syawysbapsqkuvq/xxnnxn.java, line(s) 5 com/threatmetrix/TrustDefender/RL/cqgftcqpargfqcj/frrrrr.java, line(s) 5 com/threatmetrix/TrustDefender/RL/cqgftcqpargfqcj/mumumu.java, line(s) 6 com/threatmetrix/TrustDefender/RL/kdhyraqtpqvhnge/frrrrr.java, line(s) 5 com/threatmetrix/TrustDefender/RL/kdhyraqtpqvhnge/muummm.java, line(s) 6 com/threatmetrix/TrustDefender/RL/otbgvycijjopvme/ittttt.java, line(s) 5 com/threatmetrix/TrustDefender/RL/otbgvycijjopvme/jooojo.java, line(s) 5 com/threatmetrix/TrustDefender/RL/wpltxnstfglwmbh/huuhuu.java, line(s) 5 com/threatmetrix/TrustDefender/RL/wpltxnstfglwmbh/ittttt.java, line(s) 5 da/n.java, line(s) 11 g6/a9.java, line(s) 5 g6/b8.java, line(s) 7 g6/d4.java, line(s) 11 g6/d7.java, line(s) 7 g6/e6.java, line(s) 6 g6/g9.java, line(s) 7 g6/h7.java, line(s) 7 g6/i6.java, line(s) 7 g6/p7.java, line(s) 4 g6/t6.java, line(s) 7 g6/t9.java, line(s) 7 g6/v7.java, line(s) 8 k6/a3.java, line(s) 7 k6/c0.java, line(s) 6 k6/c1.java, line(s) 7 k6/e0.java, line(s) 7 k6/g1.java, line(s) 7 k6/l1.java, line(s) 4 k6/m3.java, line(s) 7 k6/q0.java, line(s) 7 k6/t1.java, line(s) 8 k6/y1.java, line(s) 7 ke/j.java, line(s) 9 l8/b1.java, line(s) 5 l8/c.java, line(s) 6 l8/e0.java, line(s) 8 l8/f.java, line(s) 7 l8/f1.java, line(s) 7 l8/h0.java, line(s) 7 l8/n.java, line(s) 7 l8/n1.java, line(s) 7 l8/v.java, line(s) 7 l8/y.java, line(s) 7 l8/z.java, line(s) 6 m1/d.java, line(s) 11 mf/r.java, line(s) 5 r6/u9.java, line(s) 40 t8/a.java, line(s) 18 ue/a.java, line(s) 3 ue/b.java, line(s) 3 ve/a.java, line(s) 3 x0/a1.java, line(s) 5 x0/c.java, line(s) 6 x0/d0.java, line(s) 8 x0/e.java, line(s) 7 x0/e1.java, line(s) 7 x0/g0.java, line(s) 7 x0/m.java, line(s) 7 x0/m1.java, line(s) 7 x0/u.java, line(s) 7 x0/x.java, line(s) 7 x0/y.java, line(s) 6 x8/f.java, line(s) 5 y7/c.java, line(s) 10
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: r6/u9.java, line(s) 133
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/qa/kahramaa/kahramaa/billhistorychart/fragments/BillDetailDynamicFragment.java, line(s) 259 com/qa/kahramaa/kahramaa/certificate/fragments/CustomerCertificateFragmentNew.java, line(s) 264 com/qa/kahramaa/kahramaa/certificate/fragments/CustomerNonLoggedInCertificateFragmentNew.java, line(s) 242 com/qa/kahramaa/kahramaa/certificate/fragments/ServiceConnectionPaymentSuccess.java, line(s) 415 ib/r.java, line(s) 69 jd/a.java, line(s) 94,110 nb/a0.java, line(s) 509 nb/c1.java, line(s) 124 nb/s0.java, line(s) 35
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: h1/d.java, line(s) 97 nb/a0.java, line(s) 509 nb/s0.java, line(s) 35 x9/c.java, line(s) 49
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/qa/kahramaa/kahramaa/partialpayment/fragments/GooglePayUsersDetail.java, line(s) 131 gc/r.java, line(s) 155,155,155
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: aa/o.java, line(s) 84 d9/g.java, line(s) 151 p5/a.java, line(s) 24 x9/b.java, line(s) 43
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.google.android.geo.API_KEY" : "@7F0F0001" "API_KEY_FABRIC" : "fb9320e5869d965fc717c4bbc96174424f91d674" "API_KEY_G_MAP" : "AIzaSyDqeqdDLSYe-UDED9TxKk_SaX7OwpPnwKA" "firebase_database_url" : "https://kahramaa-14fd8.firebaseio.com" "google_api_key" : "AIzaSyAdBg5I0Ld8J9iGX32l1mx6TH3_TEwWo-U" "google_app_id" : "1:588504448995:android:a741ecd69459ad8d" "google_crash_reporting_api_key" : "AIzaSyAdBg5I0Ld8J9iGX32l1mx6TH3_TEwWo-U" "max_limit_reached_api" : "api" "password" : "Password" "reached_api_max_limit" : "reached_api_max_limit" 6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296 4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5 3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151 c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66 115792089210356248762697446949407573529996955224135760342422259061068512044369 b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef 470fa2b4ae81cd56ecbcda9735803434cec591fa 051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00 11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650 6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449 aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7 115792089210356248762697446949407573530086143415290314195533631308867097853951 5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a0/f.java, line(s) 31 a0/n.java, line(s) 43 a6/b.java, line(s) 53 a6/e4.java, line(s) 36 a6/f.java, line(s) 51 a6/g.java, line(s) 17,36 a6/h.java, line(s) 17 a6/i.java, line(s) 29,57 a7/b.java, line(s) 53,45,52,46 a7/f0.java, line(s) 36,52,71,35,51,70,110,111 aa/a0.java, line(s) 34 aa/b0.java, line(s) 37,47,82,78,121,36,36,46,46,81,94,100,103 aa/c.java, line(s) 40,43 aa/c0.java, line(s) 22 aa/e.java, line(s) 103,102,68,90,96,98 aa/f0.java, line(s) 66,66 aa/g0.java, line(s) 41,77,116,40,40,76,135,148,168,175 aa/h.java, line(s) 62,61 aa/k.java, line(s) 30,95,122,131,113,116,134,140,143,29,94,121 aa/k0.java, line(s) 26,25 aa/l0.java, line(s) 78,79,108,109 aa/m0.java, line(s) 53,57,65,74,88,111,128,96,101,119,52,56,64,73,85,110,127 aa/o.java, line(s) 97,92 aa/p.java, line(s) 61,27,30,42,58,47 aa/q.java, line(s) 60,69,59,44,52,66 aa/r.java, line(s) 65,53,81 aa/s.java, line(s) 51,69,93,96,142,158,173,205 aa/z.java, line(s) 35,45,34,44 b3/m.java, line(s) 26,27 b5/a.java, line(s) 114,189 b5/b.java, line(s) 37,52,60,69 bf/c0.java, line(s) 46,45 com/firebase/jobdispatcher/GooglePlayReceiver.java, line(s) 59,63,124,98 com/firebase/jobdispatcher/a.java, line(s) 74,96,68,69,43,47,52,117 com/github/mikephil/charting/charts/BarChart.java, line(s) 43 com/qa/kahramaa/kahramaa/ownershiptransfer/fragment/OwnerShipTransferLog_ViewBinding.java, line(s) 13 com/threatmetrix/TrustDefender/RL/TMXProfilingConnections/fxypxwuvrpbipip/xxnnnn.java, line(s) 249,381,235,248,254,380,409,277,291,334,399 com/threatmetrix/TrustDefender/RL/TMXProfilingConnections/syawysbapsqkuvq/xxnnnn.java, line(s) 254,405,239,253,264,404,444,293,301,354,432 com/threatmetrix/TrustDefender/RL/jjjjoj.java, line(s) 115,172,101,114,162,171,177,210,110,132,186,205 d0/j.java, line(s) 24 d4/a.java, line(s) 201,205,329,335,684 d4/b.java, line(s) 120,301,281,321,369,384,415 d7/g.java, line(s) 34 da/f.java, line(s) 118 dd/f.java, line(s) 22,29 e0/d.java, line(s) 108,113 e0/e.java, line(s) 38 e0/f.java, line(s) 57 e0/g.java, line(s) 44 e0/h.java, line(s) 58,258 e0/m.java, line(s) 87 e5/a.java, line(s) 253,256,305 e6/j.java, line(s) 24 ea/d.java, line(s) 89 ea/g.java, line(s) 50 ea/i.java, line(s) 76 ee/d0.java, line(s) 81 f0/a.java, line(s) 139,148,165,175 f0/i.java, line(s) 27,59,117 f3/b.java, line(s) 16,19 f3/f.java, line(s) 56,51 f3/i.java, line(s) 17,27,41,20,30,42,43,44,48 f3/l.java, line(s) 111,130,134,137,166,182,192,195,198,201,204,110,129,133,136,165,181,191,194,197,200,203 f3/m.java, line(s) 30,31 f3/o.java, line(s) 50,49 f4/j.java, line(s) 11 f5/b.java, line(s) 66,80,55 f5/c.java, line(s) 77,94,76,93,140 f5/d.java, line(s) 22 f5/f.java, line(s) 43,56,77,42,55,76,73,107,111 f5/i.java, line(s) 15,12,12 f5/m.java, line(s) 78,77 f5/n.java, line(s) 30 f5/p.java, line(s) 40 f5/q.java, line(s) 31,63,30,62,76,95,123,143,174,77,96,124,144,175,37 f5/t.java, line(s) 28,35,27,34 f5/w.java, line(s) 38,37 f5/x.java, line(s) 47,29,64 g/h.java, line(s) 151 g/k.java, line(s) 63 g/l.java, line(s) 468,485,988,990,992,514,1452,1555,1586,1589,880 g/m.java, line(s) 54 g/u.java, line(s) 186 g/x.java, line(s) 72,86,96 g/z.java, line(s) 35,49,61 g5/d0.java, line(s) 35,38,60 g5/e.java, line(s) 49,107,114 g5/j.java, line(s) 37 g5/k.java, line(s) 31,44 g5/m.java, line(s) 33 g5/u.java, line(s) 49 g5/y.java, line(s) 87,91 g6/a1.java, line(s) 144 g6/a5.java, line(s) 106 g6/g5.java, line(s) 42,47,51 g6/i5.java, line(s) 37,73,30 g6/p5.java, line(s) 21 g6/q5.java, line(s) 24 g6/r5.java, line(s) 24 g6/v1.java, line(s) 193,199 h/a.java, line(s) 54 h0/k.java, line(s) 33 h1/a.java, line(s) 111,182,196,33,47,51,61,92,94,105,108,39,55,65,101,144 h1/d.java, line(s) 54,65,67,100,116,190,218,223,225,237,243,289,293,309,331,91,207,282,297,319,335,350 h8/a.java, line(s) 59,71,138,148,159 i3/i.java, line(s) 87 i3/j.java, line(s) 47,44,118,128 i5/d.java, line(s) 259,457 i5/i0.java, line(s) 56,74 i5/k0.java, line(s) 75,79 i5/n0.java, line(s) 25,40 i5/x.java, line(s) 247,343 i5/z.java, line(s) 44 i7/a.java, line(s) 261 ia/a0.java, line(s) 50,63,75,124,131,42 ia/b0.java, line(s) 80,94,113,121 ia/d0.java, line(s) 27,40,33 ia/i.java, line(s) 43,53 ia/p.java, line(s) 141,93 ia/z.java, line(s) 59 k/g.java, line(s) 142,175,187,197,360 k4/a.java, line(s) 127 k6/c.java, line(s) 23 k6/e.java, line(s) 25 ka/c.java, line(s) 101 ka/g.java, line(s) 33 l0/b.java, line(s) 45 l0/c0.java, line(s) 1093,1022,1092,432 l0/h0.java, line(s) 48,59 l0/o.java, line(s) 31,44,83,147,186,204,227 l0/p0.java, line(s) 135,154,504,516,523,532,51,124 l2/c.java, line(s) 20,30 l3/h.java, line(s) 139,140,150 l5/b.java, line(s) 155,185,275,279,283,289 l5/b1.java, line(s) 43 l5/f.java, line(s) 70 l5/t0.java, line(s) 39,55 l5/u.java, line(s) 87,90,93,96,99,102,113,116,119,122,162,167 l5/x.java, line(s) 16 l5/z0.java, line(s) 39,44 m/e0.java, line(s) 80,167,176,271 m/f1.java, line(s) 26 m/g1.java, line(s) 80,150 m/i.java, line(s) 42,51 m/j.java, line(s) 193 m/j1.java, line(s) 27 m/k.java, line(s) 183 m/n0.java, line(s) 352,184,189,196,257,335 m/p0.java, line(s) 130 m/q0.java, line(s) 46,61,85,107 m/t0.java, line(s) 85,108,183,197 m/u0.java, line(s) 32 m/z.java, line(s) 139,159,164,169 m/z0.java, line(s) 114,129,133 m4/f.java, line(s) 59 n6/b.java, line(s) 25,49,47 o0/b.java, line(s) 159,176,122,161,173 o3/a.java, line(s) 90,89,212,232,275,291,298,312,321,373,410,444 o5/a.java, line(s) 70,89 o6/k.java, line(s) 22,77,72,80,94,41 p0/g.java, line(s) 59,68 p0/i.java, line(s) 18,17 p5/i.java, line(s) 33,32,26 p5/j.java, line(s) 49,56 q3/i.java, line(s) 40,41 q6/a.java, line(s) 29,40 q8/b.java, line(s) 610,630,636,609,616,650,582,588 q8/e.java, line(s) 67,203,228,124 r2/a.java, line(s) 245 r4/k.java, line(s) 32 r6/o5.java, line(s) 147 r6/q4.java, line(s) 234 r6/u9.java, line(s) 492,984 retrofit/Platform.java, line(s) 133 retrofit/android/AndroidLog.java, line(s) 30 s0/a.java, line(s) 340 s1/a.java, line(s) 33 s2/a.java, line(s) 65,95,107,64,94,106 s2/d.java, line(s) 178,205,177,204 s3/a.java, line(s) 26,25 s5/h.java, line(s) 25 s7/e.java, line(s) 869,879,341 t1/s.java, line(s) 16,25,27 t1/t.java, line(s) 81,105 t1/u.java, line(s) 26 t1/v.java, line(s) 26,48 t1/w.java, line(s) 21 t2/a.java, line(s) 534,533 t3/b.java, line(s) 45,62,53,89,44,61 t3/e.java, line(s) 56,55 t3/h.java, line(s) 54,53,41 t3/i.java, line(s) 29,33 u3/c.java, line(s) 76 u3/e.java, line(s) 83 u4/a.java, line(s) 11,18,10,17 u7/f.java, line(s) 56,30,29,55 u7/g.java, line(s) 35,34 u7/i.java, line(s) 38,39 v2/a.java, line(s) 36,50,37,51 v2/f.java, line(s) 100,97 v6/a.java, line(s) 102,125,200,273,279,111,119,132,217 v7/g.java, line(s) 23,31,32 v7/n.java, line(s) 42,41 v9/d.java, line(s) 177,334 w2/a.java, line(s) 79,78,124,129,136,150,155,196,202,208,181 w2/b.java, line(s) 131 w2/g.java, line(s) 59,42,58,71,90,91 w4/d.java, line(s) 93,92 w4/g.java, line(s) 28,63 x2/c.java, line(s) 61,145,157,206,56,72,79,100,107,114,144,156,188,201,208,77,105,123,177,189 x4/g.java, line(s) 66 x4/s.java, line(s) 98 x4/v.java, line(s) 366,365 x6/a.java, line(s) 79,148,228,125,174,243,352,373,295 x6/b.java, line(s) 45 x8/h.java, line(s) 47,48 x8/j.java, line(s) 86 x9/b.java, line(s) 36,47 y2/d.java, line(s) 44,100,111,45,101,112 y2/i.java, line(s) 45,32 y9/c.java, line(s) 236,243,88,93,226,228 z2/a.java, line(s) 98,97
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://kahramaa-14fd8.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/qa/kahramaa/kahramaa/base/retrofit/WebServiceFactoryV2.java, line(s) 121,120,37,61,88,113,119,119 com/qa/kahramaa/kahramaa/partialpayment/fragments/GooglePayUsersDetail.java, line(s) 500,523,528,454
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: d9/g.java, line(s) 142,142,143 u7/i.java, line(s) 51
已通过安全项 此应用程序使用Safety Net API。
此应用程序使用Safety Net API。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#safetynet Files: com/threatmetrix/TrustDefender/RL/huuuuu.java, line(s) 53,54 com/threatmetrix/TrustDefender/RL/uuhuhu.java, line(s) 53,54
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/588504448995/namespaces/firebase:fetch?key=AIzaSyAdBg5I0Ld8J9iGX32l1mx6TH3_TEwWo-U ) 已禁用。响应内容如下所示: 响应码是 403
综合安全基线评分总结
Kahramaa v15.23.3
Android APK
63
综合安全评分
低风险