应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Glean v1.1.34
45
安全评分
安全基线评分
45/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
4
高危
23
中危
4
信息
1
安全
隐私风险评估
5
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
4
中危安全漏洞
23
安全提示信息
4
已通过安全项
1
重点安全关注
0
高危安全漏洞 应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文
应用程序在加密算法中使用ECB模式。ECB模式是已知的弱模式,因为它对相同的明文块[UNK]产生相同的密文 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode Files: co/tryterra/terra/fsl/SensorAsyncTask.java, line(s) 76
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/reactnativecommunity/webview/RNCWebViewManagerImpl.java, line(s) 149,17
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/reactnativecommunity/webview/RNCWebViewManagerImpl.java, line(s) 491,17
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个5隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Service (com.doublesymmetry.trackplayer.service.MusicService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (io.invertase.firebase.messaging.ReactNativeFirebaseMessagingReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.health.platform.client.impl.sdkservice.HealthDataSdkService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (app.notifee.core.NotificationReceiverActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (app.notifee.core.AlarmPermissionBroadcastReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: co/tryterra/terra/ConstantsKt.java, line(s) 20 co/tryterra/terra/healthconnect/models/AthleteData.java, line(s) 62 coil/decode/GifDecoder.java, line(s) 26,27,28,29 coil/decode/VideoFrameDecoder.java, line(s) 26,27,28 coil/memory/MemoryCache.java, line(s) 120 coil/memory/MemoryCacheService.java, line(s) 39 coil/request/Parameters.java, line(s) 158 com/brentvatne/common/api/DRMProps.java, line(s) 19 com/doublesymmetry/trackplayer/module/MusicEvents.java, line(s) 33 com/doublesymmetry/trackplayer/service/MusicService.java, line(s) 94,73,74,78,77,79,80,83,85,86,87,90,91,92,93,89,88,95,96,97,98,100,99,102,101 com/reactnative/ivpusic/imagepicker/PickerModule.java, line(s) 59,62,64 expo/modules/adapters/react/NativeModulesProxy.java, line(s) 21,22,25 expo/modules/easclient/EASClientIDKt.java, line(s) 7 expo/modules/interfaces/permissions/PermissionsResponse.java, line(s) 10,11,12,16,18 expo/modules/systemui/SystemUIModuleKt.java, line(s) 7 expo/modules/updates/UpdatesConfiguration.java, line(s) 23,29,31,33,34,35,37,38,140 expo/modules/updates/UpdatesModule.java, line(s) 459 expo/modules/updates/codesigning/CodeSigningAlgorithmKt.java, line(s) 7,9 expo/modules/updates/codesigning/ExpoProjectInformation.java, line(s) 52 expo/modules/updates/loader/SigningInfo.java, line(s) 52 expo/modules/webbrowser/OpenBrowserOptions.java, line(s) 40 expo/modules/webbrowser/WebBrowserModuleKt.java, line(s) 7,12,11 io/invertase/firebase/common/TaskExecutorService.java, line(s) 14,15 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingHeadlessService.java, line(s) 12,10 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingSerializer.java, line(s) 21 io/invertase/notifee/NotifeeEventSubscriber.java, line(s) 16,24 io/sentry/Baggage.java, line(s) 39 io/sentry/RequestDetailsResolver.java, line(s) 30 io/sentry/SpanDataConvention.java, line(s) 4,5,8,9,15,17,16,20,18 io/sentry/TraceContext.java, line(s) 25 io/sentry/protocol/User.java, line(s) 36
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: io/sentry/util/StringUtils.java, line(s) 70
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/RNFetchBlob/RNFetchBlobUtils.java, line(s) 24 expo/modules/asset/AssetModule.java, line(s) 42,66 expo/modules/filesystem/FileSystemModule.java, line(s) 2359 expo/modules/filesystem/next/FileSystemFile.java, line(s) 119
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/RNFetchBlob/RNFetchBlobFS.java, line(s) 180,202,172,173,174,175,176,177,178,179,192,193,200,705 com/RNFetchBlob/Utils/PathResolver.java, line(s) 26 com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 364 com/reactnative/ivpusic/imagepicker/Compression.java, line(s) 40 com/reactnative/ivpusic/imagepicker/PickerModule.java, line(s) 496,735,746 com/reactnativecommunity/webview/RNCWebViewModuleImpl.java, line(s) 460 com/yalantis/ucrop/util/FileUtils.java, line(s) 51 io/invertase/firebase/utils/ReactNativeFirebaseUtilsModule.java, line(s) 112,121,122,123
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: coil/decode/SourceImageSource.java, line(s) 131 com/mrousavy/camera/core/utils/OutputFile.java, line(s) 74 com/reactnative/ivpusic/imagepicker/PickerModule.java, line(s) 739,750 com/reactnativecommunity/webview/RNCWebViewModuleImpl.java, line(s) 460 fr/greweb/reactnativeviewshot/RNViewShotModule.java, line(s) 136,138 org/junit/rules/TemporaryFolder.java, line(s) 41,79 org/mp4parser/boxes/iso14496/part12/MediaDataBox.java, line(s) 70
中危安全漏洞 IP地址泄露
IP地址泄露 Files: expo/modules/updates/codesigning/CertificateChain.java, line(s) 99 expo/modules/updates/codesigning/CertificateChainKt.java, line(s) 7
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: expo/modules/updates/UpdatesUtils.java, line(s) 33
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/mixpanel/android/mpmetrics/MPDbAdapter.java, line(s) 7,8,9,142,150,264,336 com/reactnativecommunity/asyncstorage/AsyncLocalStorageUtil.java, line(s) 6,87 com/reactnativecommunity/asyncstorage/ReactDatabaseSupplier.java, line(s) 4,5,6,43
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息
凭证信息=> "expo.modules.updates.UPDATES_CONFIGURATION_REQUEST_HEADERS_KEY" : "{"expo-channel-name":"production"}"
"com.google.firebase.crashlytics.mapping_file_id" : "00000000000000000000000000000000"
"google_api_key" : "AIzaSyAvBnnYXHC65QqpzQRnRg-R61tFeIaMnmE"
"google_app_id" : "1:789132226355:android:3aef52d0d268d55bcc9846"
"google_crash_reporting_api_key" : "AIzaSyAvBnnYXHC65QqpzQRnRg-R61tFeIaMnmE"
edef8ba9-79d6-4ace-a3c8-27dcd51d21ed
24b2477514809255df232947ce7928c4
85053bf24bba75239b16a601d9387e17
FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF
A2B55680-6F43-11E0-9A3F-0002A5D5C51B
1ddaa4b892e61b0f7010597ddc582ed3
44e91f336617a878939030a5de33f923
472340246d291854f67ce4b51e48fb0b
9c56b6fa301e50355ad7befce1458f0b
9A04F079-9840-4286-AB92-E65BE0885F95
m936PulsatingBoxFU0evQE
-009e4e4095c5a367ebf779ac7fe264f99b42fe96
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: app/notifee/core/AlarmPermissionBroadcastReceiver.java, line(s) 12 app/notifee/core/Logger.java, line(s) 13,17,34,39,22,26,30 app/notifee/core/RebootBroadcastReceiver.java, line(s) 12 app/notifee/core/b.java, line(s) 146 cl/json/RNShareImpl.java, line(s) 230,234,251,256,269,283 cl/json/RNSharePathUtil.java, line(s) 52 cl/json/social/InstagramShare.java, line(s) 33,42 cl/json/social/SingleShareIntent.java, line(s) 27,30,39 co/tryterra/terra/HTTPRequestClient$makeRequest$1.java, line(s) 101,121,123,139,141,146 co/tryterra/terra/TerraManager.java, line(s) 1175,1190,177,655,720,762,827,869,934,976,1041,1063,1105,1177 co/tryterra/terra/backend/TerraClient.java, line(s) 56 co/tryterra/terra/fsl/FSLSensor.java, line(s) 30,53,81,38,83,89,97 co/tryterra/terra/fsl/FSLUtils.java, line(s) 194,80,161,78 co/tryterra/terra/fsl/SensorAsyncTask$readData$1.java, line(s) 215,218,230,132,148,236,250,312 co/tryterra/terra/sensors/StepWorker.java, line(s) 102 com/brentvatne/common/api/BufferingStrategy.java, line(s) 65 com/brentvatne/common/api/Source.java, line(s) 273,286,290,319,247 com/brentvatne/common/toolbox/DebugLog.java, line(s) 51,78,60,42,69,86 com/brentvatne/exoplayer/ExoPlayerView.java, line(s) 161 com/brentvatne/exoplayer/FullScreenPlayerView.java, line(s) 92,93 com/brentvatne/exoplayer/ReactExoplayerView.java, line(s) 1237,1240,1622,1980,1985,1990,1995,2001,2006,703,704,715,735,736,832,873,919,936,661,809,914,957,1445,1456,1830 com/brentvatne/exoplayer/ReactExoplayerViewManager.java, line(s) 338,340 com/brentvatne/exoplayer/VideoPlaybackService.java, line(s) 202,206,339 com/brentvatne/react/ReactNativeVideoManager.java, line(s) 49 com/dooboolab/rniap/PlayUtils.java, line(s) 60,65 com/dooboolab/rniap/PromiseUtlisKt.java, line(s) 17,45 com/dooboolab/rniap/RNIapModule$getPurchaseHistoryByType$1.java, line(s) 60 com/dooboolab/rniap/RNIapModule.java, line(s) 279,136,207,213,231 com/horcrux/svg/Brush.java, line(s) 145,155 com/horcrux/svg/ClipPathView.java, line(s) 33 com/horcrux/svg/FilterView.java, line(s) 93 com/horcrux/svg/ImageView.java, line(s) 135 com/horcrux/svg/LinearGradientView.java, line(s) 71 com/horcrux/svg/PatternView.java, line(s) 82 com/horcrux/svg/RadialGradientView.java, line(s) 83 com/horcrux/svg/SvgViewManager.java, line(s) 243 com/horcrux/svg/UseView.java, line(s) 51,82,97 com/horcrux/svg/VirtualView.java, line(s) 389,315,342,355 com/intercom/reactnative/IntercomEventEmitter.java, line(s) 83,50,51,64,65,86,95 com/intercom/reactnative/IntercomModule.java, line(s) 61,69,83,181,194,206,223,257,289,319,351,364,377,390,403,44,45,54,55,71,72,86,87,90,91,104,122,123,134,147,148,161,184,185,196,197,209,210,226,227,238,239,260,261,280,285,292,293,310,315,323,324,342,347,354,355,367,368,380,381,393,394,406,407 com/intercom/twig/Twig.java, line(s) 106,176 com/learnium/RNDeviceInfo/RNDeviceModule.java, line(s) 212,294,392,397,505,535,622,810,882,886 com/learnium/RNDeviceInfo/RNInstallReferrerClient.java, line(s) 76,82,87,100,27,43,94 com/learnium/RNDeviceInfo/resolver/DeviceIdResolver.java, line(s) 35,41 com/mixpanel/android/mpmetrics/AnalyticsMessages.java, line(s) 394,237,370,416,441,446,448,276,280,407 com/mixpanel/android/mpmetrics/ConfigurationChecker.java, line(s) 24,17,23 com/mixpanel/android/mpmetrics/MPConfig.java, line(s) 182 com/mixpanel/android/mpmetrics/MPDbAdapter.java, line(s) 250,296,325,359,411,414,428,442,84,97 com/mixpanel/android/mpmetrics/MixpanelAPI.java, line(s) 1330,1332,1334,1336,1346,1349,1352,1355,1359,152,353,367,374,385,510,539,606,806,822,846,858,868,886,898,910,924,948,962,976,990,1015,1029,1100,1120,1132,1142,1160,1172,1186,1200,1214,1224,1282,1301,1322,659,723,344,442,516,545,583,592,796,799,828,874,1148 com/mixpanel/android/mpmetrics/PersistentIdentity.java, line(s) 77,101,115,139,172,175,324,326,338,341,369,372,406,408,440,448,454,478,480,487,497,499,517,519,529,531,539,542,557,559,437,491,95 com/mixpanel/android/mpmetrics/ResourceReader.java, line(s) 93,98,111,110 com/mixpanel/android/mpmetrics/SessionMetadata.java, line(s) 48 com/mixpanel/android/util/HttpService.java, line(s) 36,39,43,55 com/mixpanel/android/util/MPLog.java, line(s) 36,42,72,78,48,54,24,30,60,66 com/mrousavy/camera/core/CameraDeviceDetails.java, line(s) 255,259,265,273 com/mrousavy/camera/core/CameraSession.java, line(s) 106,250,288,296 com/mrousavy/camera/core/CameraSession_ConfigurationKt.java, line(s) 45,48,56,107,111,123,126,128,202,219,247,262,270 com/mrousavy/camera/core/CameraSession_VideoKt.java, line(s) 102,104,42,69,73,77,81,86,96,110 com/mrousavy/camera/core/CodeScannerPipeline.java, line(s) 110,124 com/mrousavy/camera/core/MetadataProvider.java, line(s) 49,53,71,78,84,90 com/mrousavy/camera/core/OrientationManager.java, line(s) 143,148,155 com/mrousavy/camera/core/extensions/ImageCapture_takePictureKt.java, line(s) 37,69 com/mrousavy/camera/core/types/PixelFormat.java, line(s) 103 com/mrousavy/camera/core/utils/CamcorderProfileUtils.java, line(s) 151,184,217 com/mrousavy/camera/frameprocessors/FrameProcessorPluginRegistry.java, line(s) 18,22,25,28 com/mrousavy/camera/frameprocessors/VisionCameraProxy.java, line(s) 51,58 com/mrousavy/camera/react/CameraDevicesManager$initialize$1.java, line(s) 54,58,78,86,103 com/mrousavy/camera/react/CameraDevicesManager.java, line(s) 90,101 com/mrousavy/camera/react/CameraView$update$1.java, line(s) 66 com/mrousavy/camera/react/CameraView.java, line(s) 376,387,397,454 com/mrousavy/camera/react/CameraViewModule.java, line(s) 240,256,268,282,78,102 com/mrousavy/camera/react/CameraView_EventsKt.java, line(s) 99,32,38,44,50,56,63,75,87,122 com/mrousavy/camera/react/CameraView_TakeSnapshotKt.java, line(s) 26,40 com/reactcommunity/rndatetimepicker/Common.java, line(s) 134 com/reactcommunity/rndatetimepicker/MinuteIntervalSnappableTimePickerDialog.java, line(s) 112,178 com/reactnative/ivpusic/imagepicker/Compression.java, line(s) 42,87,89,98 com/reactnative/ivpusic/imagepicker/PickerModule.java, line(s) 516 com/reactnative/ivpusic/imagepicker/ResultCollector.java, line(s) 66,74,39,45 com/reactnativecommunity/asyncstorage/AsyncLocalStorageUtil.java, line(s) 82,89,91 com/reactnativecommunity/asyncstorage/AsyncStorageExpoMigration.java, line(s) 26,32,38,40,46,48 com/reactnativecommunity/asyncstorage/AsyncStorageModule.java, line(s) 118,158,172,186,204,209,214,253,258,274,303,317,331,345,356,361,377,398,426 com/reactnativecommunity/asyncstorage/ReactDatabaseSupplier.java, line(s) 92,95 com/reactnativecommunity/cameraroll/CameraRollModule.java, line(s) 455,469,508,524,543,582,602,616 com/reactnativecommunity/webview/RNCWebView.java, line(s) 354 com/reactnativecommunity/webview/RNCWebViewClient.java, line(s) 99,188,88,104,133,190 com/reactnativecommunity/webview/RNCWebViewManagerImpl.java, line(s) 178,191 com/reactnativecommunity/webview/RNCWebViewModuleImpl.java, line(s) 300,305,329,334,210,235,237,253 com/swmansion/gesturehandler/react/RNGestureHandlerModule.java, line(s) 701 com/swmansion/gesturehandler/react/RNGestureHandlerRootHelper.java, line(s) 47,65 com/swmansion/gesturehandler/react/RNGestureHandlerRootView.java, line(s) 34 com/swmansion/reanimated/NativeMethodsHelper.java, line(s) 47 com/swmansion/reanimated/ReanimatedModule.java, line(s) 142 com/swmansion/reanimated/ReanimatedUIManagerFactory.java, line(s) 20 com/swmansion/reanimated/keyboard/WindowsInsetsManager.java, line(s) 42,61,81,116 com/swmansion/reanimated/layoutReanimation/AnimationsManager.java, line(s) 202,216 com/swmansion/reanimated/layoutReanimation/ReanimatedNativeHierarchyManager.java, line(s) 39 com/swmansion/reanimated/layoutReanimation/ScreensHelper.java, line(s) 20 com/swmansion/reanimated/layoutReanimation/SharedTransitionManager.java, line(s) 124 com/swmansion/reanimated/layoutReanimation/TabNavigatorObserver.java, line(s) 34,54,111 com/swmansion/reanimated/nativeProxy/NativeProxyCommon.java, line(s) 190 com/swmansion/reanimated/sensor/ReanimatedSensorContainer.java, line(s) 35 com/swmansion/rnscreens/InsetsObserverProxy.java, line(s) 54 com/swmansion/rnscreens/ScreenStackHeaderConfigViewManager.java, line(s) 193 com/swmansion/rnscreens/ScreensModule.java, line(s) 41,96,44 com/swmansion/rnscreens/SearchBarManager.java, line(s) 120 com/swmansion/rnscreens/utils/ScreenDummyLayoutHelper.java, line(s) 159,60,286 com/th3rdwave/safeareacontext/SafeAreaView.java, line(s) 106 com/yalantis/ucrop/UCropActivity.java, line(s) 153 com/yalantis/ucrop/task/BitmapCropTask.java, line(s) 113 com/yalantis/ucrop/task/BitmapLoadTask.java, line(s) 122,151,196,83,86,128,137,144 com/yalantis/ucrop/util/BitmapLoadUtils.java, line(s) 103,51,82 com/yalantis/ucrop/util/EglUtils.java, line(s) 23 com/yalantis/ucrop/util/FileUtils.java, line(s) 59 com/yalantis/ucrop/util/ImageHeaderParser.java, line(s) 54,61,72,80,112,122,134,149,163,169,173,178,184,188,291,53,60,71,79,111,121,133,148,162,168,172,177,183,187 com/yalantis/ucrop/view/TransformImageView.java, line(s) 214,231,123,78 com/zoontek/rnbootsplash/RNBootSplashModule.java, line(s) 48 com/zoontek/rnpermissions/RNPermissionsModuleImpl.java, line(s) 337,333 eightbitlab/com/blurview/BlurView.java, line(s) 64 expo/modules/ExpoModulesPackage.java, line(s) 39 expo/modules/adapters/react/services/UIManagerModuleWrapper.java, line(s) 103 expo/modules/apploader/AppLoaderProvider.java, line(s) 23 expo/modules/constants/ConstantsService.java, line(s) 145 expo/modules/core/logging/OSLogHandler.java, line(s) 38,48,53,42,46,29,31 expo/modules/devlauncher/helpers/DevLauncherInstallationIDHelper.java, line(s) 56,72 expo/modules/devlauncher/launcher/configurators/DevLauncherExpoActivityConfigurator.java, line(s) 170,184 expo/modules/devmenu/devtools/DevMenuDevToolsDelegate$openJSInspector$1$1.java, line(s) 61 expo/modules/devmenu/react/DevMenuPackagerCommandHandlersSwapper$swapCurrentCommandHandlers$1.java, line(s) 60 expo/modules/devmenu/react/DevMenuPackagerCommandHandlersSwapper.java, line(s) 40 expo/modules/devmenu/react/DevMenuShakeDetectorListenerSwapper.java, line(s) 31 expo/modules/devmenu/websockets/DevMenuCommandHandlersProvider.java, line(s) 123 expo/modules/fetch/ExpoFetchModule.java, line(s) 192 expo/modules/fetch/NativeResponse.java, line(s) 171 expo/modules/filesystem/FileSystemModule$downloadResumableTask$2.java, line(s) 106 expo/modules/filesystem/FileSystemModule.java, line(s) 1272,1405,1530,1925 expo/modules/systemui/singletons/SystemUI.java, line(s) 42 expo/modules/updates/UpdatesUtils.java, line(s) 156,159,181,184 expo/modules/updates/codesigning/CodeSigningConfiguration.java, line(s) 103 expo/modules/updates/db/Converters.java, line(s) 85 expo/modules/updates/db/DatabaseHolder.java, line(s) 24 expo/modules/updates/db/Reaper.java, line(s) 30,38,43,47,56,60 expo/modules/updates/loader/FileDownloader.java, line(s) 502 expo/modules/updates/loader/LoaderFiles.java, line(s) 68,89 expo/modules/updates/manifest/EmbeddedManifestUtils.java, line(s) 57 expo/modules/updates/manifest/EmbeddedUpdate.java, line(s) 236 expo/modules/updates/manifest/ExpoUpdatesUpdate.java, line(s) 302,398,460 expo/modules/updates/manifest/ManifestMetadata.java, line(s) 40 expo/modules/updates/manifest/ResponseHeaderData.java, line(s) 165,168 expo/modules/updates/selectionpolicy/SelectionPolicies.java, line(s) 54 fr/greweb/reactnativeviewshot/RNViewShotModule.java, line(s) 118,76 fr/greweb/reactnativeviewshot/ViewShot.java, line(s) 130,154,320 io/invertase/firebase/app/ReactNativeFirebaseApp.java, line(s) 16 io/invertase/firebase/app/ReactNativeFirebaseAppModule.java, line(s) 52 io/invertase/firebase/common/RCTConvertFirebase.java, line(s) 115 io/invertase/firebase/common/ReactNativeFirebaseEventEmitter.java, line(s) 130 io/invertase/firebase/common/SharedUtils.java, line(s) 90,269,327,127 io/invertase/firebase/crashlytics/ReactNativeFirebaseCrashlyticsInitProvider.java, line(s) 20,23,26,28,39,42,45,47,58,61,64,66,78,75 io/invertase/firebase/crashlytics/ReactNativeFirebaseCrashlyticsModule.java, line(s) 60,63,78,152,161 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingModule.java, line(s) 80 io/invertase/firebase/messaging/ReactNativeFirebaseMessagingReceiver.java, line(s) 21,26,46 io/invertase/firebase/utils/ReactNativeFirebaseUtilsModule.java, line(s) 69 io/invertase/notifee/HeadlessTask.java, line(s) 129,143,183,145,169,194,201,57,78,83,100,135 io/invertase/notifee/NotifeeReactUtils.java, line(s) 88,103 io/sentry/SystemOutLogger.java, line(s) 14,22,31 io/sentry/transport/StdoutTransport.java, line(s) 40 junit/runner/BaseTestRunner.java, line(s) 149 junit/runner/Version.java, line(s) 12 junit/textui/TestRunner.java, line(s) 88,112,137 org/greenrobot/eventbus/Logger.java, line(s) 32,37 timber/log/Timber.java, line(s) 389,408
安全提示信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: co/tryterra/terra/healthconnect/ScheduleMimic.java, line(s) 62,62
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/reactnativecommunity/clipboard/ClipboardModule.java, line(s) 4,103 expo/modules/devmenu/modules/DevMenuInternalModule.java, line(s) 5,366,397,367,398
安全提示信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/reactnativecommunity/clipboard/ClipboardModule.java, line(s) 30,244,244,4
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/789132226355/namespaces/firebase:fetch?key=AIzaSyAvBnnYXHC65QqpzQRnRg-R61tFeIaMnmE ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
综合安全基线评分总结
Glean v1.1.34
Android APK
45
综合安全评分
中风险