安全分析报告:
安全分数
安全分数 51/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
1
用户/设备跟踪器
调研结果
高危
1
中危
45
信息
4
安全
2
关注
2
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: org/telegram/ui/ArticleViewer.java, line(s) 6832,61,62 org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 741,746,34,35
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Service (org.telegram.messenger.GcmPushListenerService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.GoogleVoiceClientService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (org.telegram.messenger.GoogleVoiceClientActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.DefaultIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.VintageIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.AquaIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.PremiumIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.TurboIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.NoxIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.ui.CallsActivity) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.CALL_PHONE [android:exported=true] 发现一个 Activity-Alias被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Activity (org.telegram.ui.ShareActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (org.telegram.ui.ExternalActionActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (org.telegram.ui.ChatsWidgetConfigActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (org.telegram.ui.ContactsWidgetConfigActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (org.telegram.messenger.OpenChatReceiver) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity设置了TaskAffinity属性
(org.telegram.ui.VoIPPermissionActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity设置了TaskAffinity属性
(org.telegram.ui.VoIPFeedbackActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Broadcast Receiver (org.telegram.messenger.SmsReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.AuthenticatorService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.ContactsSyncAdapterService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.BringAppForegroundService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.NotificationsService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.VideoEncodingService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.ImportingService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.LocationSharingService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.MusicPlayerService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.MusicBrowserService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.voip.TelegramConnectionService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_TELECOM_CONNECTION_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (org.telegram.messenger.RefererReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.INSTALL_PACKAGES [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Content Provider (org.telegram.messenger.voip.CallNotificationSoundProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (androidx.sharetarget.ChooserTargetServiceCompat) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_CHOOSER_TARGET_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/github/gzuliyujiang/oaid/DeviceID.java, line(s) 309,310 com/hbisoft/hbrecorder/HBRecorder.java, line(s) 153 com/hbisoft/hbrecorder/ScreenRecordService.java, line(s) 165 com/lxj/xpopup/util/XPopupUtils.java, line(s) 323,346 org/telegram/messenger/AndroidUtilities.java, line(s) 643,2738,642,1886,1918,1928,2690,2691 org/telegram/messenger/EmuDetector.java, line(s) 226 org/telegram/messenger/FilesMigrationService.java, line(s) 101,85,197 org/telegram/messenger/MediaController.java, line(s) 3874,3876 org/telegram/messenger/SharedConfig.java, line(s) 1077 org/telegram/messenger/voip/VoIPController.java, line(s) 207 org/telegram/ui/ChatActivity.java, line(s) 5088,11834,11842 org/telegram/ui/Components/ChatAttachAlertDocumentLayout.java, line(s) 961,1163,1163,1163,1166 org/telegram/ui/Components/voip/VoIPHelper.java, line(s) 776,810
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/tencent/qimei/y/g.java, line(s) 45,42 com/tencent/qimei/y/k.java, line(s) 45,43 org/telegram/ui/ArticleViewer.java, line(s) 6717,6711 org/telegram/ui/Components/BotWebViewContainer.java, line(s) 342,307 org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 720,257 org/telegram/ui/Components/WebPlayerView.java, line(s) 1124,1131 org/telegram/ui/LoginActivity.java, line(s) 1726,3355,1724,3353 org/telegram/ui/WebviewActivity.java, line(s) 229,216
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/carrotsearch/randomizedtesting/Xoroshiro128PlusRandom.java, line(s) 3 com/tencent/qimei/j/a.java, line(s) 9 com/tencent/qimei/s/e.java, line(s) 3 com/tencent/qmsp/sdk/f/c.java, line(s) 6 j$/util/concurrent/ThreadLocalRandom.java, line(s) 18 org/telegram/messenger/Utilities.java, line(s) 17 org/telegram/ui/Components/AudioVisualizerDrawable.java, line(s) 6 org/telegram/ui/Components/AvatarsDrawable.java, line(s) 11 org/telegram/ui/Components/BlobDrawable.java, line(s) 7 org/telegram/ui/Components/CircleBezierDrawable.java, line(s) 7 org/telegram/ui/Components/FlickerLoadingView.java, line(s) 12 org/telegram/ui/Components/GroupCallPipButton.java, line(s) 17 org/telegram/ui/Components/LineBlobDrawable.java, line(s) 6 org/telegram/ui/Components/SharedMediaFastScrollTooltip.java, line(s) 15 org/telegram/ui/EmojiAnimationsOverlay.java, line(s) 10 q/rorbin/badgeview/BadgeAnimator.java, line(s) 12
中危 IP地址泄露
IP地址泄露 Files: com/tencent/qimei/c/c.java, line(s) 121 com/tencent/qimei/upload/BuildConfig.java, line(s) 13 cos/MyCOSService.java, line(s) 405,462,386,443,379,436,355,412,392,449,384,441,382,439,377,434,385,442,388,445,393,450,396,453,398,455,359,416,407,464,378,435,354,411,408,465,373,430,371,428,403,460,391,448,402,459,381,438,400,457,404,461,356,413,293,515,357,414,395,452,358,415,390,447,366,423,370,427,364,421,389,446,387,444,369,426,365,422,406,463,376,433,362,419,380,437,399,456,361,418,401,458,372,429,367,424,409,466,394,451,363,420,397,454,360,417,375,432,383,440,368,425,374,431 org/telegram/messenger/EmuDetector.java, line(s) 19
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: org/telegram/messenger/BuildVars.java, line(s) 135 org/telegram/messenger/ImageReceiver.java, line(s) 512 org/telegram/messenger/MediaDataController.java, line(s) 222,228,227 org/telegram/messenger/voip/Instance.java, line(s) 230,202,212 org/telegram/ui/Adapters/MentionsAdapter.java, line(s) 672 org/telegram/ui/ArticleViewer.java, line(s) 3510 org/telegram/ui/ChannelCreateActivity.java, line(s) 192 org/telegram/ui/DataAutoDownloadActivity.java, line(s) 76,91,84 org/telegram/ui/PremiumPreviewFragment.java, line(s) 1626,1568 org/telegram/ui/TopicsFragment.java, line(s) 2884,2877
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/github/gzuliyujiang/oaid/impl/OppoImpl.java, line(s) 75 com/tencent/qmsp/oaid2/h0.java, line(s) 72 com/tencent/qmsp/sdk/g/g/e.java, line(s) 74 org/telegram/messenger/Utilities.java, line(s) 335,349 org/telegram/ui/PassportActivity.java, line(s) 2105
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/tencent/qimei/j/a.java, line(s) 29 com/tencent/qmsp/oaid2/l.java, line(s) 78 com/tencent/qmsp/sdk/a/c.java, line(s) 42,107 com/tencent/qmsp/sdk/g/b/c.java, line(s) 71 org/telegram/messenger/MessagesController.java, line(s) 5623 org/telegram/messenger/Utilities.java, line(s) 480
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/tencent/qimei/y/g.java, line(s) 43,42 com/tencent/qimei/y/k.java, line(s) 38,43 org/telegram/ui/JMTBaiduMapActivity.java, line(s) 80,75 org/telegram/ui/JMTMapPreviewActivity.java, line(s) 68,62
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: org/telegram/ui/Components/Paint/Slice.java, line(s) 22
中危 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 openinstall统计的=> "com.openinstall.APP_KEY" : "dgu1wq" 谷歌地图的=> "com.google.android.maps.v2.API_KEY" : "AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k" "LoginPassword" : "Senha" "UsernameLinkActive" : "active" "UseProxySecret" : "Sleutel" "TypePrivateGroup" : "Privat" "UseProxySecret" : "Segreto " "LoginPassword" : "Wachtwoord" "firebase_database_url" : "https://tmessages2.firebaseio.com" "PasswordCode" : "Codice" "AutodownloadPrivateChats" : "Chats" "TypePrivateGroup" : "pribadi" "PasswordOn" : "On" "CancelPasswordResetYes" : "Ya" "EncryptionKey" : "Encryptiesleutel" "PaymentPasswordEmailTitle" : "Herstel-e-mailadres" "NotificationHiddenChatUserName" : "Utente" "RestorePasswordNoEmailTitle" : "Desculpe" "TypePrivate" : "Privado" "RestorePasswordNoEmailTitle" : "Spiacenti" "CancelPasswordResetNo" : "NO" "JMTUsername" : "Username" "UsernameLinkActive" : "positif" "CancelPasswordResetYes" : "YES" "LoginPassword" : "Passwort" "UseProxyPassword" : "Passwort" "CheckPasswordPerfect" : "sempurna!" "NotificationHiddenChatUserName" : "User" "TypePrivateGroup" : "Private" "Username" : "Benutzername" "PasswordOn" : "Aan" "PasswordOn" : "Ativada" "google_crash_reporting_api_key" : "AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k" "NotificationHiddenChatUserName" : "Pengguna" "PaymentPasswordTitle" : "Senha" "UseProxySecret" : "Secret" "PasswordOn" : "Ein" "YourPasswordSuccess" : "Fatto!" "UsernameProfileLinkActive" : "positif" "TypePrivateGroup" : "Privato" "YourPasswordSuccess" : "Success!" "YourPasswordSuccess" : "Gelukt!" "UseProxySecret" : "Segredo" "PasswordOff" : "Aus" "PasswordRecovery" : "Wachtwoordherstel" "AbortPasswordMenu" : "Interromper" "PasswordOff" : "Uit" "CancelPasswordResetNo" : "TIDAK" "ChannelPrivate" : "privat" "ReportSpamUser" : "BLOQUEAR" "UseProxyUsername" : "Username" "PaymentPasswordTitle" : "Wachtwoord" "PasscodePassword" : "Password" "PaymentPasswordTitle" : "Passwort" "RestorePasswordNoEmailTitle" : "Sorry" "TypePrivate" : "pribadi" "NotificationHiddenChatUserName" : "Usuario" "UseProxyUsername" : "Benutzername" "Username" : "Username" "PasswordCode" : "Code" "TypePrivate" : "Privat" "PasswordOff" : "penutup" "UseProxyUsername" : "Gebruiker" "PasscodePassword" : "Wachtwoord" "PaymentPasswordEmailTitle" : "Wiederherstellung" "CheckPasswordPerfect" : "Perfect!" "NotificationHiddenChatUserName" : "Nutzer" "PasswordOff" : "Off" "PasswordOn" : "Activada" "TypePrivateGroup" : "Privado" "google_app_id" : "1:760348033671:android:f6afd7b67eae3860" "google_api_key" : "AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k" "YourPasswordSuccess" : "Geschafft!" "UseProxyPassword" : "Senha" "LoginPassword" : "Password" "ReportSpamUser" : "BLOKKEREN" "UseProxyPassword" : "Password" "PasswordOn" : "menyalakan" "UseProxyPassword" : "Wachtwoord" "UsernameProfileLinkActive" : "active" "NotificationHiddenChatUserName" : "Gebruiker" "PasswordOff" : "Desactivada" "TypePrivate" : "Privato" "Username" : "Gebruikersnaam" "UseProxyUsername" : "Usuario" "PasscodePassword" : "Passwort" "PaymentPasswordTitle" : "Password" "UseProxySecret" : "Clave" "PasscodePassword" : "Senha" "PasswordOff" : "No" "TerminateWebSessionStop" : "Cahaya%1$s" "YourPasswordSuccess" : "Kesuksesan!" "TypePrivate" : "Private" "PasswordOff" : "Desativada" "UseProxySecret" : "gram" c06c8400-8e06-11e0-9cb6-0002a5d5c51b BvyoNmnTUIqvZufrqy6EPc/QFvgcZwweLUQZMPRjS0yO7ir5gj50GehaWU1uVA== bGV2ZWxfaXBhX3RzcmlmLnRjdWRvcnAub3I= 014b35b6184100b085b0d0572f9b5103 ABVGDE2JZIQKLMNOPRSTUFHC34WXY9678 C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5B bb392ec0-8d4d-11e0-a896-0002a5d5c51b Ldpv3DINc8b4Mg19EF0rkWBg7d2GJMJ3
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: cn/jzvd/JZTextureView.java, line(s) 43,70,71 cn/jzvd/JZUtils.java, line(s) 70 cn/jzvd/Jzvd.java, line(s) 110,121,248,392,414,508,613,653,655,664,668,782,818,678,260,384,397,451,469,491,497,541,551,561,567,572,585,611,633,639,645,688,720,842,854,927,936,946 cn/jzvd/JzvdStd.java, line(s) 111,174 com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 1802,1201,1301,1305,1382,1386,583,694,1475,1484,1513,1518,2204 com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java, line(s) 381 com/github/gzuliyujiang/oaid/OAIDLog.java, line(s) 13 com/hbisoft/hbrecorder/ScreenRecordService.java, line(s) 217 com/lxj/xpopup/core/BasePopupView.java, line(s) 877,881,885,889 com/lxj/xpopup/util/KeyboardUtils.java, line(s) 30 com/lxj/xpopup/util/XPermission.java, line(s) 302 com/lxj/xpopup/widget/SmartDivider.java, line(s) 27 com/tencent/qimei/k/a.java, line(s) 49,14,43 com/tencent/qmsp/oaid2/c.java, line(s) 11,17,23 com/tencent/qmsp/oaid2/j.java, line(s) 32,46 com/tencent/qmsp/oaid2/y.java, line(s) 15 com/tencent/qmsp/sdk/base/c.java, line(s) 11,21,27 com/tencent/qmsp/sdk/f/g.java, line(s) 11,21,27,33 com/tencent/qmsp/sdk/g/b/a.java, line(s) 36,54 com/tencent/qmsp/sdk/g/b/b.java, line(s) 38,47,41 com/tencent/qmsp/sdk/g/e/d.java, line(s) 20 io/nlopez/smartlocation/utils/LoggerFactory.java, line(s) 49,64,69,54,59 org/telegram/PhoneFormat/PhoneFormat.java, line(s) 111,116,137,144,154,162,212 org/telegram/SQLite/SQLiteCursor.java, line(s) 98,103 org/telegram/SQLite/SQLiteDatabase.java, line(s) 60,77 org/telegram/SQLite/SQLitePreparedStatement.java, line(s) 104,112 org/telegram/messenger/AndroidUtilities.java, line(s) 1797,1934,1959,1964,2562,2696,2703,332,388,471,569,607,933,970,1197,1228,1347,1363,1531,1540,1696,1760,1789,1845,1864,1930,1967,1976,2075,2079,2206,2222,2233,2282,2299,2303,2404,2530,2545,2660,2682,2740,2832,2998,3010,3054,4050,4068,4295,4305,4313,4353,4369,4575,4584,4632 org/telegram/messenger/AnimatedFileDrawableStream.java, line(s) 54,113 org/telegram/messenger/ApplicationLoader.java, line(s) 184,207,232,233,251,376,558,140,386,426,443,457,481,526,550 org/telegram/messenger/AuthTokensHelper.java, line(s) 69 org/telegram/messenger/BillingController.java, line(s) 227,310,314,332,113 org/telegram/messenger/ChatObject.java, line(s) 289,297,487,867,879,903,911,1054,1063,1076,1086,1171 org/telegram/messenger/ChatThemeController.java, line(s) 66,150,296,363,395 org/telegram/messenger/ContactsController.java, line(s) 536,553,569,821,917,926,950,1095,1100,1131,1195,1218,1744,1886,183,192,684,709,872,1429,1437,1681,1685,1694,1981,2582,2614 org/telegram/messenger/ContactsRemoteViewsFactory.java, line(s) 163 org/telegram/messenger/ContactsSyncAdapterService.java, line(s) 49,30 org/telegram/messenger/DatabaseMigrationHelper.java, line(s) 1225,1335,551,604,650,674,698,722,769,985,1239,1243 org/telegram/messenger/DispatchQueue.java, line(s) 52,63,76,89 org/telegram/messenger/DispatchQueuePoolBackground.java, line(s) 122 org/telegram/messenger/DocumentObject.java, line(s) 96 org/telegram/messenger/DownloadController.java, line(s) 1077,1159,1251,1303,1375,1427,1485,1490 org/telegram/messenger/Emoji.java, line(s) 156,166,438,704,716 org/telegram/messenger/EmuInputDevicesDetector.java, line(s) 57 org/telegram/messenger/FeedRemoteViewsFactory.java, line(s) 139 org/telegram/messenger/FileLoadOperation.java, line(s) 825,1100,1102,1150,1303,1305,1391,1471,1587,1610,1632,1636,603,612,673,946,956,966,976,987,1011,1017,1025,1031,1039,1045,1053,1060,1069 org/telegram/messenger/FileLoader.java, line(s) 1602,162,992,1406,1414,1422,1431 org/telegram/messenger/FileLog.java, line(s) 100,101,102,103,135,136,137,394,249,274,421 org/telegram/messenger/FilePathDatabase.java, line(s) 64,74,120,190,224,293,87,140,199,229,291,295,327,343,356,388,425,496 org/telegram/messenger/FileRefController.java, line(s) 693,816,918 org/telegram/messenger/FileStreamLoadOperation.java, line(s) 159 org/telegram/messenger/FileUploadOperation.java, line(s) 113,137,205 org/telegram/messenger/FilesMigrationService.java, line(s) 108,143,148,163,167 org/telegram/messenger/FingerprintController.java, line(s) 32,47,68,73,86,111,129 org/telegram/messenger/GcmPushListenerService.java, line(s) 13,29 org/telegram/messenger/ImageLoader.java, line(s) 1508,311,341,353,372,410,429,450,743,761,1323,1592,1607,1674,1682,1692,2306,2318,2343,2408,2414,2489 org/telegram/messenger/ImageReceiver.java, line(s) 1286,1422,1460,1520,1571,1628 org/telegram/messenger/ImportingService.java, line(s) 38,75 org/telegram/messenger/KeepAliveJob.java, line(s) 28,42,48,65,77 org/telegram/messenger/LanguageDetector.java, line(s) 39,45,51 org/telegram/messenger/LinkifyPort.java, line(s) 42 org/telegram/messenger/LiteMode.java, line(s) 148,161 org/telegram/messenger/LocaleController.java, line(s) 707,1098,1146,1167,2624,2640,2650,2653,2687,2701,2761,2834,2873,2894,2909,2923,2939,2955,3868,544,549,872,1029,1035,1041,1052,1198,1247,1339,1387,2015,2116,2141,2157,2173,2192,2214,2230,2259,2308,2450,2466,2490,2532,2542,2709,2764,3824,3844 org/telegram/messenger/LocationController.java, line(s) 339,415,781,843,928,993,1084 org/telegram/messenger/LocationSharingService.java, line(s) 160 org/telegram/messenger/MediaController.java, line(s) 971,1528,1616,1653,1671,1687,1699,1709,3493,3505,3631,3664,3678,714,854,862,921,926,931,936,954,980,989,1109,1125,1203,1220,1269,1280,1353,1510,1940,1950,1983,2106,2332,2346,2729,2735,2842,2978,3038,3088,3145,3331,3371,3486,3529,3539,3596,3654,3681,3751,3754,3925,3956,3993,4001,4009,4039,4078,4086,4098,4155,4178,4186,4192,4200,4219,4230,4236,4242,4261,4271,4411,4490,4586,4602,4608 org/telegram/messenger/MediaDataController.java, line(s) 4684,622,857,942,1027,1188,1287,1433,1490,1556,1812,1934,1989,2357,2580,2668,3172,3298,3458,3595,3811,4820,4865,5078,5189,5260,5290,5433,5536,5694,5769,5786,5966,6111,6272,6435,7032,7133,7356,7406,7459,7507,7542,7806,7882,7998,8235,8477,8589 org/telegram/messenger/MessageObject.java, line(s) 626,1012,1167,1390,2812,2909,3001,3007 org/telegram/messenger/MessagesController.java, line(s) 5047,7117,7158,7163,7204,7216,7226,7249,7255,7262,7279,7291,9071,9080,10107,10686,10948,11210,11424,11476,11527,11533,11544,13460,13475,13631,13640,13653,13719,13728,13740,14095,921,967,2050,2066,2093,2663,3411,3960,4763,6048,8323,8365,8416,10967,11340,11451,12263,12289,12357,12377,13788,14324,14472,14561,15147,15952,16134,16287 org/telegram/messenger/MessagesStorage.java, line(s) 416,422,702,707,448,456,466,473,529,539,547,730,845,855,858,861,6041 org/telegram/messenger/MusicBrowserService.java, line(s) 202,284,333,460 org/telegram/messenger/MusicPlayerService.java, line(s) 191,426 org/telegram/messenger/NativeLoader.java, line(s) 46,54 org/telegram/messenger/NotificationBadge.java, line(s) 203,490 org/telegram/messenger/NotificationCenter.java, line(s) 1312 org/telegram/messenger/NotificationImageProvider.java, line(s) 113 org/telegram/messenger/NotificationsController.java, line(s) 253,400,456,1375,1442,1457,1501,1516,1563,228,233,240,264,300,375,397,405,1140,1155,1227,1296,1313,1326,1354,1358,1367,1381,1439,1454,1463,1498,1513,1523,1571,1635,1797,1859,1894,1898,1907,1792 org/telegram/messenger/NotificationsDisabledReceiver.java, line(s) 32,36,49,58,72,86 org/telegram/messenger/OpenChatReceiver.java, line(s) 34 org/telegram/messenger/PushListenerController.java, line(s) 126,140,146,150,283,286,313,78,84,305,332 org/telegram/messenger/ScreenReceiver.java, line(s) 13,19 org/telegram/messenger/SecretChatHelper.java, line(s) 699,774,797,889,1080,1213,1463,1492,1536,1553 org/telegram/messenger/SendMessagesHelper.java, line(s) 779,3421,3427,3442,3452,3466,4242,5378,5398,5406,5412,823,828,837,1586,1603,1993,2835,4575,4642,4706,4896,5215 org/telegram/messenger/SharedConfig.java, line(s) 1192,361,441,456,482,496,650,946,1099 org/telegram/messenger/SmsReceiver.java, line(s) 47 org/telegram/messenger/SvgHelper.java, line(s) 455,474,487,500,513,528,542,558,1619 org/telegram/messenger/TopicsController.java, line(s) 108,134,161,1025 org/telegram/messenger/TranslateController.java, line(s) 367,372,377,396,1096,1139 org/telegram/messenger/UserConfig.java, line(s) 244 org/telegram/messenger/UserNameResolver.java, line(s) 36 org/telegram/messenger/Utilities.java, line(s) 111,339,355,384,397,408,420,439,456,487 org/telegram/messenger/VideoEditedInfo.java, line(s) 410 org/telegram/messenger/VideoEncodingService.java, line(s) 36,92,54 org/telegram/messenger/XiaomiUtilities.java, line(s) 45 org/telegram/messenger/browser/Browser.java, line(s) 86,101 org/telegram/messenger/camera/CameraController.java, line(s) 168,203,550,567,586,185,220,261,349,364,369,421,438,464,476,508,540,593,622,683,693,717,746,749,808,813,819,824,832,855 org/telegram/messenger/camera/CameraSession.java, line(s) 198,202,133,192,247,265,322,335,351,356,448 org/telegram/messenger/camera/CameraView.java, line(s) 450,830,1112,1142,1256,1286,1435,1499,1615,838,846,855,868,879,886,905,923,941,950,1004,1014,1235,1468,1539,1548,1558,1566,1679,1757,1762,1770 org/telegram/messenger/ringtone/RingtoneDataStore.java, line(s) 49,367 org/telegram/messenger/secretmedia/ExtendedDefaultDataSource.java, line(s) 194 org/telegram/messenger/support/JobIntentService.java, line(s) 135 org/telegram/messenger/support/customtabsclient/shared/CustomTabsHelper.java, line(s) 70 org/telegram/messenger/support/fingerprint/FingerprintManagerCompatApi23.java, line(s) 38,51,60 org/telegram/messenger/utils/BitmapsCache.java, line(s) 311 org/telegram/messenger/utils/CopyUtilities.java, line(s) 91 org/telegram/messenger/video/AudioRecoder.java, line(s) 62 org/telegram/messenger/video/MediaCodecVideoConvertor.java, line(s) 61 org/telegram/messenger/video/TextureRenderer.java, line(s) 82,84,205 org/telegram/messenger/voip/AudioRecordJNI.java, line(s) 245,64,77,93,112,136,178,210,236,108,218,61,74,90 org/telegram/messenger/voip/AudioTrackJNI.java, line(s) 37,60,114,124,122,31 org/telegram/messenger/voip/Instance.java, line(s) 98 org/telegram/messenger/voip/JNIUtilities.java, line(s) 93 org/telegram/messenger/voip/NativeInstance.java, line(s) 142,276,306 org/telegram/messenger/voip/TelegramConnectionService.java, line(s) 33,70,50,60,18,26 org/telegram/messenger/voip/VideoCapturerDevice.java, line(s) 420 org/telegram/messenger/voip/VoIPServerConfig.java, line(s) 19 org/telegram/messenger/voip/VoIPService.java, line(s) 1246,1701,1958,2079,3083,3099,3119,3224,3451,3858,3874,3911,3918,3925,4045,4060,4190,4233,4374,4411,4418,4426,4542,4600,4758,4982,4993,5021,5033,5040,342,381,389,564,813,874,1165,1219,1244,1267,1304,1749,1992,3018,3257,3444,3567,3621,3689,3706,3768,3849,3931,4101,4113,4156,4257,4266,4312,4342,4384,4564,4594,4897,4908,880,903,1260,1300,1765,3757 org/telegram/tgnet/ConnectionsManager.java, line(s) 373,430,440,442,524,623,631,647,663,666,678,751,776,934,940,943,394,420,452,681,760,821,833,851,949,989,412 org/telegram/tgnet/NativeByteBuffer.java, line(s) 132,133,148,149,175,176,191,192,212,213,222,223,231,232,268,269,305,306,317,318,355,405,406,424,440,441,455,456,469,470,506,507,537,538,574,575,591,592 org/telegram/tgnet/SerializedData.java, line(s) 70,79,88,97,116,117,140,141,170,171,186,187,202,203,218,219,255,256,267,268,304,305,316,317,327,328,357,384,401,402,417,418,459,460,494,495,511,512,527,528,545,546,566,567 org/telegram/tgnet/TLClassStore.java, line(s) 50 org/telegram/tgnet/TLRPC$ChatPhoto.java, line(s) 101 org/telegram/tgnet/TLRPC$TL_chatPhoto.java, line(s) 39 org/telegram/tgnet/TLRPC$TL_userProfilePhoto.java, line(s) 36 org/telegram/tgnet/TLRPC$UserProfilePhoto.java, line(s) 61 org/telegram/ui/ActionBar/ActionBarLayout.java, line(s) 1303,1160,1164,1834,2648 org/telegram/ui/ActionBar/ActionBarPopupWindow.java, line(s) 177,580,680 org/telegram/ui/ActionBar/AlertDialog.java, line(s) 908,1194 org/telegram/ui/ActionBar/BaseFragment.java, line(s) 283,295,321,336,468,563,575,619,633 org/telegram/ui/ActionBar/BottomSheet.java, line(s) 842,1448,1583,1607 org/telegram/ui/ActionBar/DrawerLayoutContainer.java, line(s) 492 org/telegram/ui/ActionBar/EmojiThemes.java, line(s) 403,472 org/telegram/ui/ActionBar/Theme.java, line(s) 5131,5180,2091,2683,2699,2763,2902,2950,3166,3174,3537,4592,4599,4653,4740,4763,5578,5599,5613,5732,5744,7493,7535,7730,7757,5423 org/telegram/ui/ActionBar/ThemeDescription.java, line(s) 787 org/telegram/ui/ActionIntroActivity.java, line(s) 779,849,935 org/telegram/ui/Adapters/ContactsAdapter.java, line(s) 109 org/telegram/ui/Adapters/DialogsAdapter.java, line(s) 350 org/telegram/ui/Adapters/DialogsSearchAdapter.java, line(s) 747,790,837,863 org/telegram/ui/Adapters/SearchAdapter.java, line(s) 114,135,487 org/telegram/ui/Adapters/SearchAdapterHelper.java, line(s) 334,520,578 org/telegram/ui/ArticleViewer.java, line(s) 1333,4441,4490,4509,4655,4664,4686,4699,6692,6702,6803,6826,6853,9080,9453 org/telegram/ui/BasePermissionsActivity.java, line(s) 100 org/telegram/ui/BubbleActivity.java, line(s) 286,290,81 org/telegram/ui/CacheControlActivity.java, line(s) 312,434,540,547,891,1366,1419 org/telegram/ui/CameraScanActivity.java, line(s) 737,748,996 org/telegram/ui/Cells/AboutLinkCell.java, line(s) 233,305,526 org/telegram/ui/Cells/AudioPlayerCell.java, line(s) 87,98 org/telegram/ui/Cells/BotHelpCell.java, line(s) 179 org/telegram/ui/Cells/ChatActionCell.java, line(s) 435,814,819 org/telegram/ui/Cells/ChatMessageCell.java, line(s) 3412,4034,4148,4176 org/telegram/ui/Cells/DialogCell.java, line(s) 778,885,1902 org/telegram/ui/Cells/DialogMeUrlCell.java, line(s) 210,225,307 org/telegram/ui/Cells/DrawerActionCell.java, line(s) 99,108 org/telegram/ui/Cells/DrawerProfileCell.java, line(s) 446 org/telegram/ui/Cells/SettingsSuggestionCell.java, line(s) 127 org/telegram/ui/Cells/SharedAudioCell.java, line(s) 173,206 org/telegram/ui/Cells/TextSelectionHelper.java, line(s) 1057,1058 org/telegram/ui/Cells/ThemesHorizontalListCell.java, line(s) 329 org/telegram/ui/ChangeBioActivity.java, line(s) 258,269 org/telegram/ui/ChangeUsernameActivity.java, line(s) 137,1486,1500,1509,1518 org/telegram/ui/ChannelAdminLogActivity.java, line(s) 1005,1031,389,1776,2474,2483,2492,2501,2510,2519,2528,2537,388,388,392 org/telegram/ui/ChannelCreateActivity.java, line(s) 1193,1332,1346 org/telegram/ui/ChatActivity.java, line(s) 3868,3898,3925,12272,16546,17875,17892,17909,17928,17952,17969,2770,4047,4465,8107,8588,8771,8822,10627,10637,11442,11758,14212,14974,15719,17217,17869,17886,17903,17920,17946,17963,17980,18834,19223,19242,19272,5136,5140,11846 org/telegram/ui/ChatEditActivity.java, line(s) 912 org/telegram/ui/ChatRightsEditActivity.java, line(s) 948,975 org/telegram/ui/ChatUsersActivity.java, line(s) 2126 org/telegram/ui/Components/AlertsCreator.java, line(s) 206,237,284,317,1135,1187,1202,2100,4828,4885,5593 org/telegram/ui/Components/AnimatedEmojiDrawable.java, line(s) 724,240,272 org/telegram/ui/Components/AvatarDrawable.java, line(s) 463 org/telegram/ui/Components/BlockingUpdateView.java, line(s) 274,278 org/telegram/ui/Components/BlurBehindDrawable.java, line(s) 139,391 org/telegram/ui/Components/BotWebViewContainer.java, line(s) 242,693,1028,1038,1048,1095,1122 org/telegram/ui/Components/BotWebViewMenuContainer.java, line(s) 861 org/telegram/ui/Components/BotWebViewSheet.java, line(s) 912 org/telegram/ui/Components/ChatActivityEnterView.java, line(s) 2557,3407,3478,4478,6572,6590,6602,6661,7306,7326,7545,7593 org/telegram/ui/Components/ChatAttachAlertAudioLayout.java, line(s) 603 org/telegram/ui/Components/ChatAttachAlertBotWebViewLayout.java, line(s) 553 org/telegram/ui/Components/ChatAttachAlertDocumentLayout.java, line(s) 203,694,957,964 org/telegram/ui/Components/ChatAttachAlertLocationLayout.java, line(s) 112,130,412,435,453,461 org/telegram/ui/Components/ChatAttachAlertPhotoLayout.java, line(s) 3226,3665,3679 org/telegram/ui/Components/ChatAvatarContainer.java, line(s) 683 org/telegram/ui/Components/ChatThemeBottomSheet.java, line(s) 1154,1332 org/telegram/ui/Components/ClippingImageView.java, line(s) 232 org/telegram/ui/Components/Crop/CropView.java, line(s) 1157,963,1105 org/telegram/ui/Components/EditTextBoldCursor.java, line(s) 344,588,765,839,848 org/telegram/ui/Components/EditTextCaption.java, line(s) 282,413,440,481,547 org/telegram/ui/Components/EditTextEmoji.java, line(s) 142,715,743 org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 223,355,383,397,419,462,535,542,732,751,765,847,873,943 org/telegram/ui/Components/EmojiColorPickerWindow.java, line(s) 442 org/telegram/ui/Components/EmojiPacksAlert.java, line(s) 829,1304,1706 org/telegram/ui/Components/EmojiView.java, line(s) 1268,1704,2035,5889,7161 org/telegram/ui/Components/FilterGLThread.java, line(s) 107,180,213,220,229,240,251,258,334,439 org/telegram/ui/Components/FilterShaders.java, line(s) 948,949 org/telegram/ui/Components/ForegroundDetector.java, line(s) 82,119,89,126 org/telegram/ui/Components/ForwardingPreviewView.java, line(s) 739 org/telegram/ui/Components/GroupCallPipAlertView.java, line(s) 196 org/telegram/ui/Components/GroupVoipInviteAlert.java, line(s) 377 org/telegram/ui/Components/ImageUpdater.java, line(s) 635,668,706,738,999,1006 org/telegram/ui/Components/InstantCameraView.java, line(s) 586,598,604,1036,1110,1138,1147,1154,1318,1323,1566,1587,1855,2166,526,578,786,894,1141,1151,1181,1194,1226,1238,1331,1338,1347,1358,1369,1399,1426,1431,1437,1446,1500,1669,1674,1682,1919,1942,1951,1962,1970,2089,2138,2236 org/telegram/ui/Components/JoinCallAlert.java, line(s) 223,287 org/telegram/ui/Components/LetterDrawable.java, line(s) 113 org/telegram/ui/Components/LinkActionView.java, line(s) 222,240 org/telegram/ui/Components/MotionBackgroundDrawable.java, line(s) 317,538 org/telegram/ui/Components/Paint/RenderView.java, line(s) 391,398,407,418,429,436,455,614 org/telegram/ui/Components/Paint/Shader.java, line(s) 19,27,82,92 org/telegram/ui/Components/Paint/ShapeDetector.java, line(s) 232,293,606 org/telegram/ui/Components/Paint/Slice.java, line(s) 24,54,88 org/telegram/ui/Components/Paint/Utils.java, line(s) 12 org/telegram/ui/Components/Paint/Views/LPhotoPaintView.java, line(s) 1702,1709,1727,1979,3611,3639 org/telegram/ui/Components/PasscodeView.java, line(s) 176,293,1207,1217,1247,1300,1315,1340,1360,1381,1391 org/telegram/ui/Components/PathAnimator.java, line(s) 101 org/telegram/ui/Components/PhonebookShareAlert.java, line(s) 304,362,775 org/telegram/ui/Components/PhotoViewerCaptionEnterView.java, line(s) 183,547,859,880,905,938,1057 org/telegram/ui/Components/PhotoViewerWebView.java, line(s) 404,581,706 org/telegram/ui/Components/PipRoundVideoView.java, line(s) 266 org/telegram/ui/Components/Premium/GLIcon/GLIconTextureView.java, line(s) 393,400,437 org/telegram/ui/Components/Premium/PremiumAppIconsPreviewView.java, line(s) 40 org/telegram/ui/Components/Premium/PremiumNotAvailableBottomSheet.java, line(s) 68 org/telegram/ui/Components/ProfileGalleryView.java, line(s) 475 org/telegram/ui/Components/ProximitySheet.java, line(s) 564 org/telegram/ui/Components/QRCodeBottomSheet.java, line(s) 164 org/telegram/ui/Components/RLottieDrawable.java, line(s) 368,406,528,662,700,822,902,988,1026,1148,1370,1408,1530,1913 org/telegram/ui/Components/RadioButton.java, line(s) 48,153 org/telegram/ui/Components/RecyclerListView.java, line(s) 904,1162,1176,2169,2175 org/telegram/ui/Components/SeekBar.java, line(s) 345,357 org/telegram/ui/Components/SeekBarView.java, line(s) 503 org/telegram/ui/Components/ShareAlert.java, line(s) 2368 org/telegram/ui/Components/SharedMediaLayout.java, line(s) 1942,4144 org/telegram/ui/Components/SizeNotifierFrameLayout.java, line(s) 670 org/telegram/ui/Components/SlotsDrawable.java, line(s) 70,176 org/telegram/ui/Components/StaticLayoutEx.java, line(s) 99 org/telegram/ui/Components/StickerCategoriesListView.java, line(s) 926 org/telegram/ui/Components/StickersAlert.java, line(s) 1279,1390,1596 org/telegram/ui/Components/TermsOfServiceView.java, line(s) 172 org/telegram/ui/Components/ThemeEditorView.java, line(s) 99,108,1107,1331,1446 org/telegram/ui/Components/TimerDrawable.java, line(s) 124 org/telegram/ui/Components/TranscribeButton.java, line(s) 636,703 org/telegram/ui/Components/UndoView.java, line(s) 124 org/telegram/ui/Components/VideoPlayerSeekBar.java, line(s) 337 org/telegram/ui/Components/VideoTimelinePlayView.java, line(s) 340,410,441 org/telegram/ui/Components/VideoTimelineView.java, line(s) 274,344,376 org/telegram/ui/Components/WallpaperUpdater.java, line(s) 106,109,133,159 org/telegram/ui/Components/WebPlayerView.java, line(s) 461,385,441,512,570,619,680,734,1073,1335,1383,1727,1735,1743,1751,1759,1765,1789 org/telegram/ui/Components/voip/VoIPHelper.java, line(s) 108,177,401,803 org/telegram/ui/Components/voip/VoIPPiPView.java, line(s) 371,631 org/telegram/ui/ContactAddActivity.java, line(s) 302 org/telegram/ui/ContactsActivity.java, line(s) 271,374,400,472,617,647 org/telegram/ui/ContentPreviewViewer.java, line(s) 1195,1265,1441 org/telegram/ui/CountrySelectActivity.java, line(s) 297,443,454 org/telegram/ui/DeviceUtils.java, line(s) 50 org/telegram/ui/DialogsActivity.java, line(s) 2135,2148,2154,2162,2689,4452,7013,8289 org/telegram/ui/EmojiAnimationsOverlay.java, line(s) 787 org/telegram/ui/ExternalActionActivity.java, line(s) 614,618,100,421,467 org/telegram/ui/FilterChatlistActivity.java, line(s) 1495 org/telegram/ui/FilterCreateActivity.java, line(s) 777,1260 org/telegram/ui/FilteredSearchView.java, line(s) 1075 org/telegram/ui/FiltersSetupActivity.java, line(s) 861 org/telegram/ui/GroupCallActivity.java, line(s) 1143,1289 org/telegram/ui/GroupCreateActivity.java, line(s) 819 org/telegram/ui/GroupCreateFinalActivity.java, line(s) 193 org/telegram/ui/GroupInviteActivity.java, line(s) 143,158 org/telegram/ui/GroupStickersActivity.java, line(s) 647 org/telegram/ui/IdenticonActivity.java, line(s) 71 org/telegram/ui/InviteContactsActivity.java, line(s) 591,634,808,834 org/telegram/ui/LanguageSelectActivity.java, line(s) 245,279 org/telegram/ui/LaunchActivity.java, line(s) 764,1130,1142,4409,5188,5216,5306,5319,5328,5338,5342,5363,5375,392,723,780,1870,1913,2216,2223,2313,2337,2342,2352,2449,2502,2508,2563,2650,2742,2786,2793,3188,3215,3315,3356,3448,3465,3482,3503,3531,3599,3625,3652,3685,3926,3941,3955,3974,4292,4612,4619,5248,5325,5483,5564,5638 org/telegram/ui/LocationActivity.java, line(s) 442,450,556,1564,1631,1638,1750,1976,2019,2046,2071,2201,2276,2624,2654,2677,2782,2890,2961,2975,2998,3007 org/telegram/ui/LoginActivity.java, line(s) 1349,1437,1533,1539,1544,1548,1565,1571,2019,2028,2040,2313,2330,2535,2848,2857,2869,2967,2988,3055,3129,3146,3539,3593,3603,3701,3709,8133,8181,534,613,1276,1538,1570,1987,2816,3518,3915,4278,4359,5548,5887,8335 org/telegram/ui/ManageLinksActivity.java, line(s) 1035,1050 org/telegram/ui/NewContactBottomSheet.java, line(s) 319 org/telegram/ui/NotificationsCustomSettingsActivity.java, line(s) 506 org/telegram/ui/NotificationsSettingsActivity.java, line(s) 295 org/telegram/ui/NotificationsSoundActivity.java, line(s) 536,944 org/telegram/ui/PasscodeActivity.java, line(s) 621,796 org/telegram/ui/PassportActivity.java, line(s) 833,2109,2463,2764,2868,3616,5095,5481,5540,5736,5754,5918,6664,6782 org/telegram/ui/PaymentFormActivity.java, line(s) 322,518,1255,1472,1556,1565,1713,1720,1996,2268 org/telegram/ui/PeopleNearbyActivity.java, line(s) 615,544,779 org/telegram/ui/PhotoCropActivity.java, line(s) 194,199 org/telegram/ui/PhotoViewer.java, line(s) 7559,7567,14100,725,3213,3221,3323,3599,4560,4572,6290,6705,6736,7075,7129,7832,7922,7929,8302,8323,8718,8832,8845,8860,8889,9126,9136,9402,9410,11212,12333,12716,12732,12743,12752,12870,12992,14379 org/telegram/ui/PopupNotificationActivity.java, line(s) 486,1115 org/telegram/ui/PremiumPreviewFragment.java, line(s) 1571,1586,1601,1628 org/telegram/ui/PrivacyControlActivity.java, line(s) 1110 org/telegram/ui/PrivacySettingsActivity.java, line(s) 298,530,633 org/telegram/ui/ProfileActivity.java, line(s) 991,1561,2875,2893,3488,4037,5301,5513,5526,5541,5629,5649,7969,8067,9509 org/telegram/ui/ProfileNotificationsActivity.java, line(s) 294 org/telegram/ui/RestrictedLanguagesSelectActivity.java, line(s) 515,527,550 org/telegram/ui/SecretMediaViewer.java, line(s) 467,473,515,554,885,1031,1161 org/telegram/ui/SelectAnimatedEmojiDialog.java, line(s) 758,828,2960 org/telegram/ui/SessionsActivity.java, line(s) 538,564,1428,1523 org/telegram/ui/ShareActivity.java, line(s) 77,100 org/telegram/ui/StickersActivity.java, line(s) 1072,1094,1480 org/telegram/ui/ThemeActivity.java, line(s) 1515,1527,1615,1620 org/telegram/ui/ThemePreviewActivity.java, line(s) 1567 org/telegram/ui/ThemeSetUrlActivity.java, line(s) 116,134,471,487,723,734 org/telegram/ui/TopicsFragment.java, line(s) 3553,1246 org/telegram/ui/TwoStepVerificationActivity.java, line(s) 176,778 org/telegram/ui/TwoStepVerificationSetupActivity.java, line(s) 1189,1580,1604 org/telegram/ui/VoIPFragment.java, line(s) 899,1514,1725 org/telegram/ui/VoIPPermissionActivity.java, line(s) 34 org/telegram/ui/WallpapersListActivity.java, line(s) 1216 org/telegram/ui/WebviewActivity.java, line(s) 108,158,245,255,408 org/webrtc/AndroidVideoDecoder.java, line(s) 436 org/webrtc/EglRenderer.java, line(s) 207,507 org/webrtc/GlGenericDrawer.java, line(s) 328 org/webrtc/GlShader.java, line(s) 97 org/webrtc/HardwareVideoEncoderFactory.java, line(s) 125 org/webrtc/MediaCodecUtils.java, line(s) 55 org/webrtc/ScreenCapturerAndroid.java, line(s) 85,147 org/webrtc/TextureBufferImpl.java, line(s) 120 org/webrtc/YuvConverter.java, line(s) 116,142 org/webrtc/voiceengine/WebRtcAudioRecord.java, line(s) 161,355,396 org/webrtc/voiceengine/WebRtcAudioTrack.java, line(s) 266,375 repeackage/com/qiku/id/QikuIdmanager.java, line(s) 24
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: org/telegram/messenger/AndroidUtilities.java, line(s) 10,2654,2657 org/telegram/ui/ChangeUsernameActivity.java, line(s) 7,132 org/telegram/ui/ChatActivity.java, line(s) 14,15714 org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 10,845 org/telegram/ui/Components/InviteMembersBottomSheet.java, line(s) 12,1169 org/telegram/ui/Components/LinkActionView.java, line(s) 6,215 org/telegram/ui/Components/PhonebookShareAlert.java, line(s) 8,357,379 org/telegram/ui/Components/ShareAlert.java, line(s) 11,2352 org/telegram/ui/GroupInviteActivity.java, line(s) 4,139 org/telegram/ui/ManageLinksActivity.java, line(s) 4,1031 org/telegram/ui/PrivacyControlActivity.java, line(s) 4,1681 org/telegram/ui/ProfileActivity.java, line(s) 12,5298,5519 org/telegram/ui/SessionBottomSheet.java, line(s) 5,301 org/telegram/ui/StickersActivity.java, line(s) 5,1091 org/telegram/ui/ThemeSetUrlActivity.java, line(s) 4,111
信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: org/telegram/ui/ProxySettingsActivity.java, line(s) 64,96,115,5
信息 应用与Firebase数据库通信
该应用与位于 https://tmessages2.firebaseio.com 的 Firebase 数据库进行通信
安全 此应用程序使用Safety Net API。
此应用程序使用Safety Net API。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#safetynet Files: org/telegram/ui/LoginActivity.java, line(s) 76
安全 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/760348033671/namespaces/firebase:fetch?key=AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k ) 已禁用。响应内容如下所示: 响应码是 403
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ip.jmtim.cn) 通信。
{'ip': '221.228.32.13', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (tun-cos-1258344701.file.myqcloud.com) 通信。
{'ip': '180.97.228.88', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}