安全分析报告: One S Launcher v9.2

安全分数


安全分数 46/100

风险评级


等级

  1. A
  2. B
  3. C
  4. F

严重性分布 (%)


隐私风险

8

用户/设备跟踪器


调研结果

高危 7
中危 52
信息 2
安全 2
关注 2

高危 域配置不安全地配置为允许明文流量到达范围内的这些域。 

Scope:
api.launcher.intl.miui.com 
weather.com.cn
1642ghj.com 
f6.market.xiaomi.com 
9daygames.com
172.245.226.223
cloudapp.net

高危 Activity (com.model.s.launcher.Launcher) 的启动模式不是standard模式 

Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。

高危 Activity (com.model.s.ad.billing.UpgradePrimeDialogActivity) 的启动模式不是standard模式 

Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。

高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 

如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7

Files:
com/da/config/view/MediaView.java, line(s) 56,10
com/taboola/android/TBLClassicUnit.java, line(s) 1209,32,33

高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 

应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
a/a.java, line(s) 769,906
b/a.java, line(s) 646
com/ironsource/mediationsdk/utils/IronSourceAES.java, line(s) 71,137
com/lib/request/AESCrypt.java, line(s) 18,28
com/model/s/launcher/CryptoObjectCreator.java, line(s) 46
u/a.java, line(s) 612

高危 已启用远程WebView调试 

已启用远程WebView调试
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing

Files:
com/taboola/android/tblweb/TBLWebUnit.java, line(s) 229,8

高危 应用程序包含隐私跟踪程序 

此应用程序有多个8隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。

中危 Activity (com.model.s.launcher.LauncherSetting) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.model.s.launcher.setting.fragment.SettingsActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.model.s.launcher.setting.pref.ABCGestureAndButtonsPrefActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.model.s.launcher.ShortcutActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.model.s.launcher.setting.sub.HomeReset) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.model.s.launcher.theme.IconThemeApplyActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (com.model.s.notificationtoolbar.OverlayService) 未被保护。 

[android:exported=true]
发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Broadcast Receiver (com.model.s.launcher.InstallShortcutReceiver) 受权限保护,但是应该检查权限的保护级别。 

Permission: com.android.launcher.permission.INSTALL_SHORTCUT</br>protectionLevel: dangerous [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个权限的保护。然而,这个权限的保护级别被设置为危险。这意味着一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Broadcast Receiver (com.model.s.launcher.UninstallShortcutReceiver) 受权限保护,但是应该检查权限的保护级别。 

Permission: com.android.launcher.permission.UNINSTALL_SHORTCUT</br>protectionLevel: dangerous [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个权限的保护。然而,这个权限的保护级别被设置为危险。这意味着一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Broadcast Receiver (com.model.s.launcher.PackageChangedReceiver) 未被保护。 

[android:exported=true]
发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Broadcast Receiver (com.model.s.launcher.SessionCommitReceiver) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.Manifest.permission.INSTALL_PACKAGES [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Content Provider (com.model.s.launcher.graphics.GridCustomizationsProvider) 未被保护。 

[android:exported=true]
发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity设置了TaskAffinity属性 

(com.model.s.launcher.otherappscreateshortcut.AddItemActivity)
如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名

中危 Activity (com.model.s.launcher.otherappscreateshortcut.AddItemActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (com.model.s.launcher.notificationbadge.ShowBadgeListenerService) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.BIND_NOTIFICATION_LISTENER_SERVICE [android:exported=true]
发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Activity (com.model.s.launcher.MineToolboxActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.launcher.theme.store.KKStoreTabHostActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.launcher.theme.store.SimpleStoreActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.launcher.theme.store.ThemeEachCategoryActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.launcher.theme.store.ThemeDownloadActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.launcher.theme.store.ThemeApplyActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity设置了TaskAffinity属性 

(com.model.s.launcher.guide.SetDefaultLauncherActivity)
如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名

中危 Activity (com.model.s.launcher.guide.SetDefaultLauncherActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (com.model.s.launcher.alive.AliveJobService) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Broadcast Receiver (com.model.s.launcher.alive.LauncherBootReceiver) 未被保护。 

[android:exported=true]
发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.android.wallpaperpicker.WallpaperPickerActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.android.wallpaperpicker.WallpaperCropActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (com.tcg.libgdxwallpaper.FireworkLiveWallpaper) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.BIND_WALLPAPER [android:exported=true]
发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Activity (com.launcher.toolboxlib.ToolboxActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.launcher.theme.store.WallpaperEachCategoryActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.launcher.theme.store.WallpaperDetailPagerActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.launcher.theme.store.ThemeDetailActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.launcher.theme.store.ThemePreviewActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (com.launcher.theme.store.ThemeSearchMainActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (com.liveeffectlib.wallpaper.LiveWallpaperServices) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.BIND_WALLPAPER [android:exported=true]
发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Service (com.liveeffectlib.wallpaper.GlLiveWallpaperServices) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.BIND_WALLPAPER [android:exported=true]
发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Service (com.liblauncher.wallpaperwall.service.WallpaperWallServices) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.BIND_WALLPAPER [android:exported=true]
发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Activity (com.liblauncher.launcherguide.HomeReset) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.DUMP [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。 

Permission: android.permission.DUMP [android:exported=true]
发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。

中危 高优先级的Intent (1000) - {1} 个命中 

[android:priority]
通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。

中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞 

不安全的Web视图实现。可能存在WebView任意代码执行漏洞
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5

Files:
com/ironsource/kc.java, line(s) 90,87,89

中危 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
a5/i.java, line(s) 48
c2/b.java, line(s) 4
com/badlogic/gdx/math/MathUtils.java, line(s) 3
com/badlogic/gdx/math/RandomXS128.java, line(s) 3
com/ironsource/w3.java, line(s) 5
com/launcher/theme/store/ThemeEachCategoryActivity.java, line(s) 26
com/model/s/launcher/IconCache.java, line(s) 64
com/model/s/launcher/graphics/IconNormalizer.java, line(s) 18
com/model/s/launcher/theme/ThemeUtil.java, line(s) 50
h1/j.java, line(s) 40
h4/b.java, line(s) 12
h4/f.java, line(s) 23
j$/util/concurrent/ThreadLocalRandom.java, line(s) 10
jb/a.java, line(s) 24
k5/c.java, line(s) 24
l5/b.java, line(s) 18
q9/a.java, line(s) 3
q9/b.java, line(s) 3
r5/b.java, line(s) 19
r9/a.java, line(s) 4
s5/b.java, line(s) 11
t4/j.java, line(s) 12
t5/a.java, line(s) 5
t5/b.java, line(s) 4
t5/b0.java, line(s) 7
t5/c.java, line(s) 5
t5/c0.java, line(s) 5
t5/d0.java, line(s) 5
t5/e0.java, line(s) 3
t5/f.java, line(s) 5
t5/h.java, line(s) 6
t5/o.java, line(s) 4
t5/r.java, line(s) 5
t5/s.java, line(s) 4
t5/t.java, line(s) 3
t5/u.java, line(s) 11
t5/x.java, line(s) 4
t5/z.java, line(s) 7
t8/b.java, line(s) 11
u5/a.java, line(s) 18
v1/b.java, line(s) 16

中危 MD5是已知存在哈希冲突的弱哈希 

MD5是已知存在哈希冲突的弱哈希
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 362
com/ironsource/sdk/utils/SDKUtils.java, line(s) 162

中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
com/ironsource/adapters/admob/AdMobAdapter.java, line(s) 316,172,180,167,66,67,68
com/ironsource/adapters/facebook/FacebookAdapter.java, line(s) 201,210
com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 84,54,53,595,379
com/ironsource/adapters/ironsource/IronSourceLoadParameters.java, line(s) 53,56
com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 75,207,381
com/ironsource/d2.java, line(s) 92
com/ironsource/f7.java, line(s) 62
com/ironsource/mediationsdk/adunit/adapter/utility/AdOptionsPosition.java, line(s) 12
com/ironsource/mediationsdk/c.java, line(s) 155,421
com/ironsource/mediationsdk/p.java, line(s) 1589,1570
com/ironsource/mediationsdk/utils/IronSourceConstants.java, line(s) 94,105
com/model/s/launcher/compat/UserManagerCompatVL.java, line(s) 17
com/model/s/launcher/setting/data/SettingData.java, line(s) 311,312,315,317,462
com/taboola/android/global_components/eventsmanager/events/TBLMobileEvent.java, line(s) 33,34
com/taboola/android/global_components/monitor/TBLAuthentication.java, line(s) 9
com/taboola/android/global_components/monitor/TBLSdkFeature.java, line(s) 8
com/taboola/android/global_components/monitor/TBLSimCodeChange.java, line(s) 9
com/taboola/android/global_components/network/handlers/TBLRealTimeMonitoringHandler.java, line(s) 16
com/taboola/android/global_components/network/handlers/TBLRecommendationsHandler.java, line(s) 23
com/taboola/android/tblweb/TBLWebViewManager.java, line(s) 60,62,64,61,76,69,72,74,67,83
com/taboola/android/utils/TBLSdkDetailsHelper.java, line(s) 81
com/taboola/lightnetwork/utils/SharedPrefUtil.java, line(s) 15
f0/j.java, line(s) 40
i0/f.java, line(s) 37
i0/f0.java, line(s) 82
i0/n0.java, line(s) 90

中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
a/a.java, line(s) 1062,1067
a5/d.java, line(s) 233
b/a.java, line(s) 97,241
com/badlogic/gdx/backends/android/APKExpansionSupport.java, line(s) 14,15
com/badlogic/gdx/backends/android/DefaultAndroidFiles.java, line(s) 79
com/badlogic/gdx/files/FileHandle.java, line(s) 244
com/ironsource/o3.java, line(s) 561,258,430
com/ironsource/sdk/utils/SDKUtils.java, line(s) 245
com/launcher/editlib/EditInfoActivity.java, line(s) 98,98
com/launcher/theme/store/KKStoreTabHostActivity.java, line(s) 50,58
com/launcher/theme/store/NewThemeTabActivity.java, line(s) 170
com/launcher/theme/store/SimpleStoreActivity.java, line(s) 114
com/launcher/theme/store/ThemeApplyActivity.java, line(s) 163
com/launcher/theme/store/ThemePreviewActivity.java, line(s) 118
com/lib/request/PrefUtils.java, line(s) 95,127
com/lib/request/Request.java, line(s) 148,210,323
com/lib/request/interceptor/UnzipInterceptor.java, line(s) 56
com/model/s/launcher/LauncherApplication.java, line(s) 62,72,73,77
com/model/s/launcher/LauncherSetting.java, line(s) 2193,2213
com/model/s/launcher/MemoryDumpActivity.java, line(s) 49
com/model/s/launcher/util/FileUtil.java, line(s) 42,43,53
com/tcg/libgdxwallpaper/FireworkLiveWallpaper.java, line(s) 18
e5/h.java, line(s) 916,1026,921,1031
h4/i.java, line(s) 98
hb/g.java, line(s) 62
k8/e.java, line(s) 36
k8/i.java, line(s) 47
o7/g.java, line(s) 19
o8/c.java, line(s) 158,156
r8/j.java, line(s) 58

中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 

应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2

Files:
com/ironsource/a3.java, line(s) 5,6,60,65
com/ironsource/b3.java, line(s) 6,7,21,93,122,155
com/model/s/launcher/IconCache.java, line(s) 15,16,17,229,230,235,241,242,249,250
com/model/s/launcher/LauncherProvider$DatabaseHelper.java, line(s) 19,20,77,78,81,82,208,209,268,269,314,315,328,329,427,428,62,257
com/model/s/launcher/WidgetPreviewLoader.java, line(s) 13,69
com/model/s/launcher/data/DrawerResortManager.java, line(s) 7,8,38,46
com/model/s/launcher/data/DrawerSortByFavoriteManager$FavoriteSortDBHelper.java, line(s) 4,5,14,15,20,22
com/model/s/launcher/data/FontDBHelper.java, line(s) 5,6,17
com/model/s/launcher/util/SQLiteCacheHelper.java, line(s) 6,7,8,9,33,44
w/b.java, line(s) 4,5,32,35,45

中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件 

应用程序创建临时文件。敏感信息永远不应该被写进临时文件


Files:
com/badlogic/gdx/files/FileHandle.java, line(s) 133,148
com/badlogic/gdx/utils/SharedLibraryLoader.java, line(s) 110,159
y/a.java, line(s) 45,49

中危 SHA-1是已知存在哈希冲突的弱哈希 

SHA-1是已知存在哈希冲突的弱哈希
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
u/a.java, line(s) 458
ya/b.java, line(s) 37

中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 

可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6

Files:
com/ironsource/od.java, line(s) 31,33
com/model/s/launcher/guide/PrimeGuideActivity.java, line(s) 116,66,99

中危 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-3333351908196087~6394846131"
友盟统计的=> "UMENG_CHANNEL" : "googleplay"
友盟统计的=> "UMENG_APPKEY" : "5c6b7112f1f556145300087d"
6ce1d5a5c8c86c76fba8e2f91d51e9bc64d236058a1bc5dbeafbffb73bcbd6e0
bbb39450acad7c6f9972cac101043a8d6ce599b9fe77832310c4e4486c3db62b
2215209153b33ad01deb80c1bdbb6bbeb873d227fcf4d306d1294da1eb0cb812
e8d8dbe881ffc5e474f557d70030f2519ea1e587bb6e94bce806906da0b430c9
376c21021b2800b444ae9214a5b251460c04490611dadf1585987e12ce0b6c21
52a74ae3a18de3335d4dd38c5e3d492ef5e90f99d6a18b308a55dc49c65b2da4
90d4874ed05a73738dae79fcd7138eb975ff61e0
4957751df3ad5a6954cfd868ed8f1e3a13bf2fcd15601b55c807134644e94574
a9aa41c77f240f438384e281dd01fdb3d9aa7fb2881d4810fa4ba20713fcfd49
778555daab4a5e0ead751cf45366200c93662d2f4bb7ecf5fe2d774906acc1a5
c1958009c7d582dd3c95d7827787e463bc33ffb9e605b3a44b7a53d1e28df198
7197a39376918d849008c03c3e5fa205c5399d749f160d2c2c537c229c852cd1
df2b722f53e22476ad77d0517b24f14af2489d0ec359b323a4ffc43058403e01
85026e0729d8bbf1bccc6269f9cf7ab9772b90ad5753ac29b6fa6ea96c9f977a
baa0d06e00b28b527c5f84f73213da12d420f3d9b858101da6ac49a614b71190
5b0307b74e96de861cd3fe6fb734d5ca914740e9308eaadad505ce654e2c73ad
eb25709fe1f996997985d8335012b85238395bde49e0e74d8b2f4fab38312c8e
7608fa0fa18cdf9a3fc377c32849d300f060b8c31acdf78a6bbd1c4cc77628fa
1ff00acf4d101b7d3a85ccbbbb832bf4a412e63b48c8877b1ee88c9f6840548b
0f8b6eedac0128b2ed3b5709662b496665f4b94994ea722011bcb05854dba1a1
a9d6328bb85a51275fbaac352afc49738a108da1162fac197ae66e0049247f2e
a9d5eaa6f5b73f27bb4b1f623a149293e9b10a132cea57f3d23021160e86ebb3
0c050a0a00dea283e931b42bf81a5ebd13b1da8a005b3d574586541e7d6080dc
2605f3ee718aef90f2569a596b000f7ae64572697bc99a440437ab0d9fb890ba
0656ab3f363fc9ff34b6d5253151e7afae74ffceed7c01763d6ef09bdfc6c7e6
ecbab80833a2f822e1262ced36ca7e7d84e033586d75f5e2f8091f2e8dc81a75
b8c5df6a3342d5f87d7db08263f9549c276b74ad01d70dbf12ff8a5da20d2eb8
d52915a2594ff3f5e41445278ebdafa0683df56fb41cdfaab9644ecba67210ef
PGh0bWw+PGhlYWQ+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEiPgogICAgPHN0eWxlPgogICAgICAgIC5jb250YWluZXIgewogICAgICAgICAgICBmbGV4LWRpcmVjdGlvbjogY29sdW1uOwogICAgICAgIH0KCiAgICAgICAgLmZsZXgtY29udGFpbmVyIHsKICAgICAgICAgICAgZGlzcGxheTogZmxleDsKICAgICAgICAgICAgYWxpZ24taXRlbXM6IGNlbnRlcjsKICAgICAgICAgICAgZmxleC1kaXJlY3Rpb246IGNvbHVtbjsKICAgICAgICAgICAganVzdGlmeS1jb250ZW50OiBmbGV4LWVuZDsKICAgICAgICB9CgogICAgICAgIC5sb2FkaW5nIHsKICAgICAgICAgICAganVzdGlmeS1jb250ZW50OiBzdGFydDsKICAgICAgICB9CgogICAgICAgIC5sZHMtZWxsaXBzaXMgewogICAgICAgICAgICBkaXNwbGF5OiBpbmxpbmUtYmxvY2s7CiAgICAgICAgICAgIHBvc2l0aW9uOiByZWxhdGl2ZTsKICAgICAgICAgICAgd2lkdGg6IDgwcHg7CiAgICAgICAgICAgIGhlaWdodDogODBweDsKICAgICAgICB9CgogICAgICAgIC5sZHMtZWxsaXBzaXMgZGl2IHsKICAgICAgICAgICAgcG9zaXRpb246IGFic29sdXRlOwogICAgICAgICAgICB0b3A6IDMzcHg7CiAgICAgICAgICAgIHdpZHRoOiAxM3B4OwogICAgICAgICAgICBoZWlnaHQ6IDEzcHg7CiAgICAgICAgICAgIGJvcmRlci1yYWRpdXM6IDUwJTsKICAgICAgICAgICAgYmFja2dyb3VuZDogI0E3QTdBNzsKICAgICAgICAgICAgYW5pbWF0aW9uLXRpbWluZy1mdW5jdGlvbjogY3ViaWMtYmV6aWVyKDAsIDEsIDEsIDApOwogICAgICAgIH0KCiAgICAgICAgLmxkcy1lbGxpcHNpcyBkaXY6bnRoLWNoaWxkKDEpIHsKICAgICAgICAgICAgbGVmdDogOHB4OwogICAgICAgICAgICBhbmltYXRpb246IGxkcy1lbGxpcHNpczEgMC42cyBpbmZpbml0ZTsKICAgICAgICB9CgogICAgICAgIC5sZHMtZWxsaXBzaXMgZGl2Om50aC1jaGlsZCgyKSB7CiAgICAgICAgICAgIGxlZnQ6IDhweDsKICAgICAgICAgICAgYW5pbWF0aW9uOiBsZHMtZWxsaXBzaXMyIDAuNnMgaW5maW5pdGU7CiAgICAgICAgfQoKICAgICAgICAubGRzLWVsbGlwc2lzIGRpdjpudGgtY2hpbGQoMykgewogICAgICAgICAgICBsZWZ0OiAzMnB4OwogICAgICAgICAgICBhbmltYXRpb246IGxkcy1lbGxpcHNpczIgMC42cyBpbmZpbml0ZTsKICAgICAgICB9CgogICAgICAgIC5sZHMtZWxsaXBzaXMgZGl2Om50aC1jaGlsZCg0KSB7CiAgICAgICAgICAgIGxlZnQ6IDU2cHg7CiAgICAgICAgICAgIGFuaW1hdGlvbjogbGRzLWVsbGlwc2lzMyAwLjZzIGluZmluaXRlOwogICAgICAgIH0KCiAgICAgICAgQGtleWZyYW1lcyBsZHMtZWxsaXBzaXMxIHsKICAgICAgICAgICAgMCUgewogICAgICAgICAgICAgICAgdHJhbnNmb3JtOiBzY2FsZSgwKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgMTAwJSB7CiAgICAgICAgICAgICAgICB0cmFuc2Zvcm06IHNjYWxlKDEpOwogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBAa2V5ZnJhbWVzIGxkcy1lbGxpcHNpczMgewogICAgICAgICAgICAwJSB7CiAgICAgICAgICAgICAgICB0cmFuc2Zvcm06IHNjYWxlKDEpOwogICAgICAgICAgICB9CgogICAgICAgICAgICAxMDAlIHsKICAgICAgICAgICAgICAgIHRyYW5zZm9ybTogc2NhbGUoMCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIEBrZXlmcmFtZXMgbGRzLWVsbGlwc2lzMiB7CiAgICAgICAgICAgIDAlIHsKICAgICAgICAgICAgICAgIHRyYW5zZm9ybTogdHJhbnNsYXRlKDAsIDApOwogICAgICAgICAgICB9CgogICAgICAgICAgICAxMDAlIHsKICAgICAgICAgICAgICAgIHRyYW5zZm9ybTogdHJhbnNsYXRlKDI0cHgsIDApOwogICAgICAgICAgICB9CiAgICAgICAgfQogICAgPC9zdHlsZT4KPC9oZWFkPgoKPGJvZHk+CiAgICA8ZGl2IGlkPSJsb2FkaW5nX3dyYXBwZXIiIHN0eWxlPSJkaXNwbGF5OiBmbGV4O2ZsZXgtZGlyZWN0aW9uOiBjb2x1bW47anVzdGlmeS1jb250ZW50OiBzcGFjZS1iZXR3ZWVuO2hlaWdodDogMTAwJTsiPgo8ZGl2IGNsYXNzPSJjb250YWluZXIgZmxleC1jb250YWluZXIiIHN0eWxlPSIKICAgIGZsZXg6IDE7CiI+CiAgICAgICAgPGRpdiBjbGFzcz0iZmxleC1jb250YWluZXIiIHN0eWxlPSIKICAgIGZsZXg6IDE7CiI+CiAgICAgICAgICAgIDxzdmcgd2lkdGg9IjIzNiIgaGVpZ2h0PSI0NCIgdmlld0JveD0iMCAwIDIzNiA0NCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik0zNy44MDYzIDMwLjI4NTRWMTAuNDI4NUwyMC42MTI5IDAuNVY4LjExNjM2TDI3LjM1MDggMTIuMDA5NUMyNy41OTQ1IDEyLjE0NTUgMjcuNjAwMiAxMi41MjUyIDI3LjM1MDggMTIuNjYxMkwxOS4zNDM1IDE3LjI4NTVDMTkuMDk5OCAxNy40MjcxIDE4LjgxNjQgMTcuNDE1OCAxOC41ODk4IDE3LjI4NTVMMTAuNTc2OCAxMi42NjEyQzEwLjMzMzEgMTIuNTI1MiAxMC4zMjc0IDEyLjE0NTUgMTAuNTc2OCAxMi4wMDk1TDE3LjMxNDcgOC4xMjIwMlYwLjUwNTY2OEwwLjExNTY0NiAxMC40Mjg1VjMwLjI4NTRWMzAuMTk0N1YzMC4yODU0TDYuNzExOTMgMjYuNDc3MlYxOC42OTY1QzYuNzA2MjYgMTguNDE4OCA3LjAzNDk0IDE4LjIyMDUgNy4yNzg2MiAxOC4zNzM1TDE1LjI4NiAyMi45OTc3QzE1LjUyOTYgMjMuMTM5NCAxNS42NjU2IDIzLjM4ODcgMTUuNjY1NiAyMy42NDk0VjMyLjg5NzlDMTUuNjcxMyAzMy4xNzU1IDE1LjM0ODMgMzMuMzczOSAxNS4xMDQ2IDMzLjIyNjVMOC4zNjY2NyAyOS4zMzM0TDEuNzcwMzggMzMuMTQxNUwxOC45Njk1IDQzLjA3TDM2LjE2ODUgMzMuMTQxNUwyOS41NjA5IDI5LjMzMzRMMjIuODIyOSAzMy4yMjY1QzIyLjU4NDkgMzMuMzY4MiAyMi4yNTA2IDMzLjE4NjkgMjIuMjU2MyAzMi44OTc5VjIzLjY0OTRDMjIuMjU2MyAyMy4zNzE3IDIyLjQwOTMgMjMuMTI4MSAyMi42MzU5IDIyLjk5NzdMMzAuNjQzMyAxOC4zNzM1QzMwLjg4MTMgMTguMjI2MiAzMS4yMTU2IDE4LjQxMzIgMzEuMjEgMTguNzAyMlYyNi40ODI5TDM3LjgwNjMgMzAuMjg1NFoiIGZpbGw9IiM0RDRENEQiPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik0xNS4wOTkgMzMuMjI2Mkw4LjM2MTA2IDI5LjMzM0wxLjc2NDc4IDMzLjE0MTJMMTguOTYzOCA0My4wNjk2VjIxLjMwODZMMC4xMTU3MDcgMTAuNDI4MVYzMC4yODVWMzAuMTk0NFYzMC4yODVMNi43MTE5OSAyNi40NzY5VjE4LjY5NjJDNi43MDYzMiAxOC40MTg1IDcuMDM1IDE4LjIyMDEgNy4yNzg2OCAxOC4zNzMxTDE1LjI4NiAyMi45OTc0QzE1LjUyOTcgMjMuMTM5IDE1LjY2NTcgMjMuMzg4NCAxNS42NjU3IDIzLjY0OTFWMzIuODk3NUMxNS42NzE0IDMzLjE3NTIgMTUuMzQyNyAzMy4zNzM1IDE1LjA5OSAzMy4yMjYyWiIgZmlsbD0iIzRDNEM0QyI+PC9wYXRoPgogICAgICAgICAgICAgICAgPHBhdGggZD0iTTE4Ljk2MzcgNDMuMDY5NkwzNi4xNjI4IDMzLjE0MTJMMjkuNTYwOSAyOS4zMzNMMjIuODIyOSAzMy4yMjYyQzIyLjU4NDkgMzMuMzY3OCAyMi4yNTA1IDMzLjE4NjUgMjIuMjU2MiAzMi44OTc1VjIzLjY0OTFDMjIuMjU2MiAyMy4zNzE0IDIyLjQwOTIgMjMuMTI3NyAyMi42MzU5IDIyLjk5NzRMMzAuNjQzMiAxOC4zNzMxQzMwLjg4MTIgMTguMjI1OCAzMS4yMTU2IDE4LjQxMjggMzEuMjA5OSAxOC43MDE4VjI2LjQ4MjVMMzcuODA2MiAzMC4yOTA3VjEwLjQyODFMMTguOTYzNyAyMS4zMDg2VjQzLjA2OTZaIiBmaWxsPSJibGFjayI+PC9wYXRoPgogICAgICAgICAgICAgICAgPHBhdGggZD0iTTIwLjYxMjkgMC41VjguMTE2MzZMMjcuMzUwOCAxMi4wMDk1QzI3LjU5NDUgMTIuMTQ1NSAyNy42MDAyIDEyLjUyNTIgMjcuMzUwOCAxMi42NjEyTDE5LjM0MzUgMTcuMjg1NUMxOS4wOTk4IDE3LjQyNzEgMTguODE2NCAxNy40MTU4IDE4LjU4OTggMTcuMjg1NUwxMC41NzY4IDEyLjY2MTJDMTAuMzMzMSAxMi41MjUyIDEwLjMyNzQgMTIuMTQ1NSAxMC41NzY4IDEyLjAwOTVMMTcuMzE0NyA4LjEyMjAyVjAuNTA1NjY4TDAuMTE1NjQ2IDEwLjQyODVMMTguOTYzOCAyMS4zMDlMMzcuODExOSAxMC40Mjg1TDIwLjYxMjkgMC41WiIgZmlsbD0iIzgwODA4MCI+PC9wYXRoPgogICAgICAgICAgICAgICAgPHBhdGggZD0iTTU5LjY3NDYgMjMuODUyN0M1OS42NzQ2IDI1Ljg1MzIgNTguNTU4MiAyNy4yODEyIDU2LjIxNzggMjcuMjgxMkM1My43MyAyNy4yODEyIDUyLjcwNDMgMjUuOTM4MiA1Mi43MDQzIDIzLjkzNzdWMTEuNzA4NUg0Ny42NDk0VjIzLjc2NzdDNDcuNjQ5NCAyOC41MzkzIDUwLjUwNTUgMzEuMzM4NyA1Ni4yMjM0IDMxLjMzODdDNjEuOTA3NCAzMS4zMzg3IDY0Ljc0MDggMjguNDgyNiA2NC43NDA4IDIzLjc2NzdWMTEuNzA4NUg1OS42ODU5VjIzLjg1MjdINTkuNjc0NloiIGZpbGw9ImJsYWNrIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8cGF0aCBkPSJNNzYuNDcxOSAxNS45MDc4Qzc0LjQ0MzIgMTUuOTA3OCA3My4wNDM1IDE2Ljc2MzUgNzEuOTU1NCAxOC4zMzlINzEuODcwNFYxNi4zMzg1SDY3LjM4MjJWMzAuOTY0OUg3Mi4wNDA0VjIyLjg3ODJDNzIuMDQwNCAyMS4wNzYxIDczLjA3MTggMTkuNzg5NyA3NC42MTMyIDE5Ljc4OTdDNzYuMTI2MyAxOS43ODk3IDc2Ljg5NyAyMC44NDk0IDc2Ljg5NyAyMi4zOTA4VjMwLjk2NDlIODEuNTU1MlYyMS40NTAxQzgxLjU2MDggMTguMTkxNiA3OS42NzM3IDE1LjkwNzggNzYuNDcxOSAxNS45MDc4WiIgZmlsbD0iYmxhY2siPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik04OC42MjE2IDEwLjUzNjlIODMuOTYzNFYxNC4zMTFIODguNjIxNlYxMC41MzY5WiIgZmlsbD0iYmxhY2siPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik04OC42MjE1IDE2LjMzOTVIODMuOTYzM1YzMC45NzE1SDg4LjYyMTVWMTYuMzM5NVoiIGZpbGw9ImJsYWNrIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8cGF0aCBkPSJNOTYuODIxNyAxMS43MDg1SDkyLjI3NjhWMTYuMzM4NEg5MC4zMzNWMjAuMTEyNkg5Mi4yNzY4VjI3LjExMTJDOTIuMjc2OCAzMC4yNTY0IDk0LjIyMDYgMzEuMTQwNCA5Ni45MzUgMzEuMTQwNEM5OC4xOTMxIDMxLjE0MDQgOTkuMDc3MSAzMS4wMjcxIDk5LjQ3OTQgMzAuOTEzN1YyNy41MTM2Qzk5LjMwOTQgMjcuNTEzNiA5OC44NTA0IDI3LjU0MTkgOTguNDQ4MSAyNy41NDE5Qzk3LjQ1MDcgMjcuNTQxOSA5Ni44MjE3IDI3LjI1ODYgOTYuODIxNyAyNi4xMTM4VjIwLjExMjZIOTkuNDc5NFYxNi4zMzg0SDk2LjgyMTdWMTEuNzA4NVoiIGZpbGw9ImJsYWNrIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMTA5LjM5MSAyMi41NjY1QzEwOC45MzIgMjMuOTk0NiAxMDguNTM1IDI1LjkzODMgMTA4LjUzNSAyNS45MzgzSDEwOC40NzlDMTA4LjQ3OSAyNS45MzgzIDEwOC4wMTkgMjMuOTk0NiAxMDcuNTY2IDIyLjU2NjVMMTA1LjU5NCAxNi4zMzg2SDEwMC42ODFMMTA0Ljk5MyAyNy41OTg4QzEwNS41OTQgMjkuMTQwMiAxMDUuODc3IDMwLjAwMTUgMTA1Ljg3NyAzMC42MjQ5QzEwNS44NzcgMzEuNjIyMyAxMDUuMzMzIDMyLjE2NjMgMTAzLjk2MiAzMi4xNjYzSDEwMi4zNjRWMzUuNzkzMUgxMDUuMzlDMTA4LjMzMSAzNS43OTMxIDEwOS43MzEgMzQuNTkxNyAxMTAuOTA0IDMxLjE2MzNMMTE1Ljk1OSAxNi4zMzI5SDExMS4zMDFMMTA5LjM5MSAyMi41NjY1WiIgZmlsbD0iYmxhY2siPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik0xMjIuNzI1IDMxLjE4MDZWMTIuNjA0MUgxMjUuNTI4VjI4Ljc2NzhIMTMzLjk0NVYzMS4xODA2SDEyMi43MjVaIiBmaWxsPSJibGFjayI+PC9wYXRoPgogICAgICAgICAgICAgICAgPHBhdGggZD0iTTE0Mi45MyAzMS40NjE4QzE0MS41NTcgMzEuNDYxOCAxNDAuMzc1IDMxLjE2ODUgMTM5LjM4MyAzMC41ODE5QzEzOC4zOTcgMjkuOTg5MyAxMzcuNjM1IDI5LjE1NzkgMTM3LjA5NyAyOC4wODc1QzEzNi41NjUgMjcuMDExMiAxMzYuMjk5IDI1Ljc1MDQgMTM2LjI5OSAyNC4zMDUxQzEzNi4yOTkgMjIuODc4IDEzNi41NjUgMjEuNjIwMiAxMzcuMDk3IDIwLjUzMThDMTM3LjYzNSAxOS40NDMzIDEzOC4zODUgMTguNTkzNyAxMzkuMzQ3IDE3Ljk4M0MxNDAuMzE0IDE3LjM3MjIgMTQxLjQ0NSAxNy4wNjY4IDE0Mi43MzkgMTcuMDY2OEMxNDMuNTI1IDE3LjA2NjggMTQ0LjI4NyAxNy4xOTY4IDE0NS4wMjUgMTcuNDU2OUMxNDUuNzYzIDE3LjcxNjkgMTQ2LjQyNSAxOC4xMjUxIDE0Ny4wMTEgMTguNjgxNEMxNDcuNTk4IDE5LjIzNzcgMTQ4LjA2MSAxOS45NjAzIDE0OC4zOTkgMjAuODQ5M0MxNDguNzM4IDIxLjczMjEgMTQ4LjkwNyAyMi44MDU1IDE0OC45MDcgMjQuMDY5M1YyNS4wMzA4SDEzNy44MzJWMjIuOTk5SDE0Ni4yNDlDMTQ2LjI0OSAyMi4yODU0IDE0Ni4xMDQgMjEuNjUzNSAxNDUuODE0IDIxLjEwMzJDMTQ1LjUyNCAyMC41NDY5IDE0NS4xMTYgMjAuMTA4NSAxNDQuNTkgMTkuNzg4QzE0NC4wNjkgMTkuNDY3NSAxNDMuNDU5IDE5LjMwNzMgMTQyLjc1NyAxOS4zMDczQzE0MS45OTUgMTkuMzA3MyAxNDEuMzMgMTkuNDk0NyAxNDAuNzYyIDE5Ljg2OTZDMTQwLjE5OSAyMC4yMzg1IDEzOS43NjQgMjAuNzIyMyAxMzkuNDU2IDIxLjMyMDlDMTM5LjE1MyAyMS45MTM1IDEzOS4wMDIgMjIuNTU3NSAxMzkuMDAyIDIzLjI1MjlWMjQuODQwM0MxMzkuMDAyIDI1Ljc3MTUgMTM5LjE2NSAyNi41NjM3IDEzOS40OTIgMjcuMjE2OEMxMzkuODI0IDI3Ljg2OTkgMTQwLjI4NyAyOC4zNjg3IDE0MC44OCAyOC43MTM0QzE0MS40NzIgMjkuMDUyIDE0Mi4xNjUgMjkuMjIxNCAxNDIuOTU3IDI5LjIyMTRDMTQzLjQ3MSAyOS4yMjE0IDE0My45MzkgMjkuMTQ4OCAxNDQuMzYzIDI5LjAwMzdDMTQ0Ljc4NiAyOC44NTI1IDE0NS4xNTIgMjguNjI4OCAxNDUuNDYgMjguMzMyNUMxNDUuNzY5IDI4LjAzNjEgMTQ2LjAwNSAyNy42NzAzIDE0Ni4xNjggMjcuMjM0OUwxNDguNzM1IDI3LjY5NzVDMTQ4LjUyOSAyOC40NTM0IDE0OC4xNiAyOS4xMTU1IDE0Ny42MjggMjkuNjg0QzE0Ny4xMDIgMzAuMjQ2MyAxNDYuNDQgMzAuNjg0NyAxNDUuNjQyIDMwLjk5OTJDMTQ0Ljg1IDMxLjMwNzYgMTQzLjk0NiAzMS40NjE4IDE0Mi45MyAzMS40NjE4WiIgZmlsbD0iYmxhY2siPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik0xNjMuNDM2IDE3LjI0ODJMMTU4LjM4MyAzMS4xODA2SDE1NS40ODFMMTUwLjQyIDE3LjI0ODJIMTUzLjMzMUwxNTYuODYgMjcuOTY5NkgxNTcuMDA1TDE2MC41MjQgMTcuMjQ4MkgxNjMuNDM2WiIgZmlsbD0iYmxhY2siPjwvcGF0aD4KICAgICAgICAgICAgICAgIDxwYXRoIGQ9Ik0xNzEuNTE1IDMxLjQ2MThDMTcwLjE0MyAzMS40NjE4IDE2OC45NiAzMS4xNjg1IDE2Ny45NjkgMzAuNTgxOUMxNjYuOTgzIDI5Ljk4OTMgMTY2LjIyMSAyOS4xNTc5IDE2NS42ODMgMjguMDg3NUMxNjUuMTUxIDI3LjAxMTIgMTY0Ljg4NSAyNS43NTA0IDE2NC44ODUgMjQuMzA1MUMxNjQuODg1IDIyLjg3OCAxNjUuMTUxIDIxLjYyMDIgMTY1LjY4MyAyMC41MzE4QzE2Ni4yMjEgMTkuNDQzMyAxNjYuOTcxIDE4LjU5MzcgMTY3LjkzMiAxNy45ODNDMTY4LjkgMTcuMzcyMiAxNzAuMDMxIDE3LjA2NjggMTcxLjMyNSAxNy4wNjY4QzE3Mi4xMTEgMTcuMDY2OCAxNzIuODczIDE3LjE5NjggMTczLjYxMSAxNy40NTY5QzE3NC4zNDggMTcuNzE2OSAxNzUuMDEgMTguMTI1MSAxNzUuNTk3IDE4LjY4MTRDMTc2LjE4NCAxOS4yMzc3IDE3Ni42NDYgMTkuOTYwMyAxNzYuOTg1IDIwLjg0OTNDMTc3LjMyMyAyMS43MzIxIDE3Ny40OTMgMjIuODA1NSAxNzcuNDkzIDI0LjA2OTNWMjUuMDMwOEgxNjYuNDE4VjIyLjk5OUgxNzQuODM1QzE3NC44MzUgMjIuMjg1NCAxNzQuNjkgMjEuNjUzNSAxNzQuNCAyMS4xMDMyQzE3NC4xMDkgMjAuNTQ2OSAxNzMuNzAxIDIwLjEwODUgMTczLjE3NSAxOS43ODhDMTcyLjY1NSAxOS40Njc1IDE3Mi4wNDQgMTkuMzA3MyAxNzEuMzQzIDE5LjMwNzNDMTcwLjU4MSAxOS4zMDczIDE2OS45MTYgMTkuNDk0NyAxNjkuMzQ3IDE5Ljg2OTZDMTY4Ljc4NSAyMC4yMzg1IDE2OC4zNSAyMC43MjIzIDE2OC4wNDEgMjEuMzIwOUMxNjcuNzM5IDIxLjkxMzUgMTY3LjU4OCAyMi41NTc1IDE2Ny41ODggMjMuMjUyOVYyNC44NDAzQzE2Ny41ODggMjUuNzcxNSAxNjcuNzUxIDI2LjU2MzcgMTY4LjA3OCAyNy4yMTY4QzE2OC40MSAyNy44Njk5IDE2OC44NzMgMjguMzY4NyAxNjkuNDY1IDI4LjcxMzRDMTcwLjA1OCAyOS4wNTIgMTcwLjc1IDI5LjIyMTQgMTcxLjU0MyAyOS4yMjE0QzE3Mi4wNTcgMjkuMjIxNCAxNzIuNTI1IDI5LjE0ODggMTcyLjk0OCAyOS4wMDM3QzE3My4zNzIgMjguODUyNSAxNzMuNzM4IDI4LjYyODggMTc0LjA0NiAyOC4zMzI1QzE3NC4zNTQgMjguMDM2MSAxNzQuNTkgMjcuNjcwMyAxNzQuNzUzIDI3LjIzNDlMMTc3LjMyIDI3LjY5NzVDMTc3LjExNSAyOC40NTM0IDE3Ni43NDYgMjkuMTE1NSAxNzYuMjE0IDI5LjY4NEMxNzUuNjg4IDMwLjI0NjMgMTc1LjAyNiAzMC42ODQ3IDE3NC4yMjcgMzAuOTk5MkMxNzMuNDM1IDMxLjMwNzYgMTcyLjUzMSAzMS40NjE4IDE3MS41MTUgMzEuNDYxOFoiIGZpbGw9ImJsYWNrIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMTgzLjIxNCAxMi42MDQxVjMxLjE4MDZIMTgwLjUwMlYxMi42MDQxSDE4My4yMTRaIiBmaWxsPSJibGFjayI+PC9wYXRoPgogICAgICAgICAgICAgICAgPHBhdGggZD0iTTE4Ny4wOCAzMS4xODA2VjEyLjYwNDFIMTkzLjcwMkMxOTUuMTQ3IDEyLjYwNDEgMTk2LjM0NCAxMi44NjcyIDE5Ny4yOTQgMTMuMzkzM0MxOTguMjQzIDEzLjkxOTQgMTk4Ljk1NCAxNC42MzkgMTk5LjQyNSAxNS41NTIxQzE5OS44OTcgMTYuNDU5MSAyMDAuMTMzIDE3LjQ4MTEgMjAwLjEzMyAxOC42MTc5QzIwMC4xMzMgMTkuNzYwOCAxOTkuODk0IDIwLjc4ODggMTk5LjQxNiAyMS43MDE5QzE5OC45NDUgMjIuNjA4OSAxOTguMjMxIDIzLjMyODUgMTk3LjI3NiAyMy44NjA3QzE5Ni4zMjYgMjQuMzg2OCAxOTUuMTMyIDI0LjY0OTggMTkzLjY5MyAyNC42NDk4SDE4OS4xMzlWMjIuMjczM0gxOTMuNDM5QzE5NC4zNTIgMjIuMjczMyAxOTUuMDkzIDIyLjExNjEgMTk1LjY2MSAyMS44MDE3QzE5Ni4yMjkgMjEuNDgxMiAxOTYuNjQ3IDIxLjA0NTggMTk2LjkxMyAyMC40OTU1QzE5Ny4xNzkgMTkuOTQ1MiAxOTcuMzEyIDE5LjMxOTQgMTk3LjMxMiAxOC42MTc5QzE5Ny4zMTIgMTcuOTE2NCAxOTcuMTc5IDE3LjI5MzYgMTk2LjkxMyAxNi43NDk0QzE5Ni42NDcgMTYuMjA1MSAxOTYuMjI2IDE1Ljc3ODggMTk1LjY1MiAxNS40NzA0QzE5NS4wODQgMTUuMTYyIDE5NC4zMzQgMTUuMDA3OCAxOTMuNDAyIDE1LjAwNzhIMTg5Ljg4M1YzMS4xODA2SDE4Ny4wOFoiIGZpbGw9ImJsYWNrIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMjA1LjkxMyAxMi42MDQxVjMxLjE4MDZIMjAzLjIwMVYxMi42MDQxSDIwNS45MTNaIiBmaWxsPSJibGFjayI+PC9wYXRoPgogICAgICAgICAgICAgICAgPHBhdGggZD0iTTIxMy42MTYgMzEuNDg5QzIxMi43MzMgMzEuNDg5IDIxMS45MzUgMzEuMzI1NyAyMTEuMjIxIDMwLjk5OTJDMjEwLjUwOCAzMC42NjY2IDIwOS45NDMgMzAuMTg1OSAyMDkuNTI1IDI5LjU1N0MyMDkuMTE0IDI4LjkyODEgMjA4LjkwOSAyOC4xNTcxIDIwOC45MDkgMjcuMjQ0QzIwOC45MDkgMjYuNDU3OSAyMDkuMDYgMjUuODEwOCAyMDkuMzYyIDI1LjMwMjlDMjA5LjY2NCAyNC43OTQ5IDIxMC4wNzMgMjQuMzkyOCAyMTAuNTg3IDI0LjA5NjVDMjExLjEwMSAyMy44MDAyIDIxMS42NzUgMjMuNTc2NSAyMTIuMzEgMjMuNDI1M0MyMTIuOTQ1IDIzLjI3NDEgMjEzLjU5MiAyMy4xNTkyIDIxNC4yNTEgMjMuMDgwNkMyMTUuMDg2IDIyLjk4MzkgMjE1Ljc2MyAyMi45MDUyIDIxNi4yODMgMjIuODQ0OEMyMTYuODAzIDIyLjc3ODMgMjE3LjE4MSAyMi42NzI0IDIxNy40MTcgMjIuNTI3M0MyMTcuNjUyIDIyLjM4MjIgMjE3Ljc3IDIyLjE0NjMgMjE3Ljc3IDIxLjgxOThWMjEuNzU2M0MyMTcuNzcgMjAuOTY0MSAyMTcuNTQ3IDIwLjM1MDQgMjE3LjA5OSAxOS45MTVDMjE2LjY1OCAxOS40Nzk2IDIxNS45OTkgMTkuMjYxOSAyMTUuMTIyIDE5LjI2MTlDMjE0LjIwOSAxOS4yNjE5IDIxMy40ODkgMTkuNDY0NSAyMTIuOTYzIDE5Ljg2OTZDMjEyLjQ0MyAyMC4yNjg3IDIxMi4wODMgMjAuNzEzMiAyMTEuODg0IDIxLjIwM0wyMDkuMzM1IDIwLjYyMjVDMjA5LjYzNyAxOS43NzU5IDIxMC4wNzkgMTkuMDkyNiAyMTAuNjU5IDE4LjU3MjVDMjExLjI0NiAxOC4wNDY1IDIxMS45MiAxNy42NjU1IDIxMi42ODIgMTcuNDI5N0MyMTMuNDQ0IDE3LjE4NzggMjE0LjI0NSAxNy4wNjY4IDIxNS4wODYgMTcuMDY2OEMyMTUuNjQyIDE3LjA2NjggMjE2LjIzMSAxNy4xMzM0IDIxNi44NTQgMTcuMjY2NEMyMTcuNDgzIDE3LjM5MzQgMjE4LjA3IDE3LjYyOTIgMjE4LjYxNCAxNy45NzM5QzIxOS4xNjQgMTguMzE4NiAyMTkuNjE1IDE4LjgxMTQgMjE5Ljk2NSAxOS40NTI0QzIyMC4zMTYgMjAuMDg3MyAyMjAuNDkyIDIwLjkxMjcgMjIwLjQ5MiAyMS45Mjg2VjMxLjE4MDZIMjE3Ljg0M1YyOS4yNzU4SDIxNy43MzRDMjE3LjU1OSAyOS42MjY1IDIxNy4yOTYgMjkuOTcxMiAyMTYuOTQ1IDMwLjMwOThDMjE2LjU5NCAzMC42NDg1IDIxNi4xNDQgMzAuOTI5NyAyMTUuNTkzIDMxLjE1MzRDMjE1LjA0MyAzMS4zNzcxIDIxNC4zODQgMzEuNDg5IDIxMy42MTYgMzEuNDg5Wk0yMTQuMjA2IDI5LjMxMjFDMjE0Ljk1NiAyOS4zMTIxIDIxNS41OTYgMjkuMTYzOSAyMTYuMTI5IDI4Ljg2NzZDMjE2LjY2NyAyOC41NzEzIDIxNy4wNzUgMjguMTg0MyAyMTcuMzUzIDI3LjcwNjZDMjE3LjYzNyAyNy4yMjI4IDIxNy43NzkgMjYuNzA1OCAyMTcuNzc5IDI2LjE1NTVWMjQuMzU5NkMyMTcuNjgzIDI0LjQ1NjMgMjE3LjQ5NSAyNC41NDcgMjE3LjIxNyAyNC42MzE3QzIxNi45NDUgMjQuNzEwMyAyMTYuNjM0IDI0Ljc3OTggMjE2LjI4MyAyNC44NDAzQzIxNS45MzIgMjQuODk0NyAyMTUuNTkgMjQuOTQ2MSAyMTUuMjU4IDI0Ljk5NDVDMjE0LjkyNSAyNS4wMzY4IDIxNC42NDcgMjUuMDczMSAyMTQuNDIzIDI1LjEwMzNDMjEzLjg5NyAyNS4xNjk5IDIxMy40MTcgMjUuMjgxNyAyMTIuOTgxIDI1LjQzODlDMjEyLjU1MiAyNS41OTYyIDIxMi4yMDcgMjUuODIyOSAyMTEuOTQ3IDI2LjExOTJDMjExLjY5MyAyNi40MDk1IDIxMS41NjYgMjYuNzk2NSAyMTEuNTY2IDI3LjI4MDNDMjExLjU2NiAyNy45NTE1IDIxMS44MTQgMjguNDU5NCAyMTIuMzEgMjguODA0MUMyMTIuODA2IDI5LjE0MjggMjEzLjQzOCAyOS4zMTIxIDIxNC4yMDYgMjkuMzEyMVoiIGZpbGw9ImJsYWNrIj48L3BhdGg+CiAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMjI1LjMxOSAzNi40MDUyQzIyNC45MTQgMzYuNDA1MiAyMjQuNTQ1IDM2LjM3MiAyMjQuMjEzIDM2LjMwNTVDMjIzLjg4IDM2LjI0NSAyMjMuNjMyIDM2LjE3ODUgMjIzLjQ2OSAzNi4xMDU5TDIyNC4xMjIgMzMuODgzNkMyMjQuNjE4IDM0LjAxNjcgMjI1LjA1OSAzNC4wNzQxIDIyNS40NDYgMzQuMDU2QzIyNS44MzMgMzQuMDM3OCAyMjYuMTc1IDMzLjg5MjcgMjI2LjQ3MSAzMy42MjA2QzIyNi43NzQgMzMuMzQ4NSAyMjcuMDQgMzIuOTA0IDIyNy4yNjkgMzIuMjg3MkwyMjcuNjA1IDMxLjM2MkwyMjIuNTA3IDE3LjI0ODJIMjI1LjQxTDIyOC45MzggMjguMDYwM0gyMjkuMDg0TDIzMi42MTIgMTcuMjQ4MkgyMzUuNTI0TDIyOS43ODIgMzMuMDQwMUMyMjkuNTE2IDMzLjc2NTcgMjI5LjE3NyAzNC4zNzk1IDIyOC43NjYgMzQuODgxNEMyMjguMzU1IDM1LjM4OTMgMjI3Ljg2NSAzNS43NzAzIDIyNy4yOTcgMzYuMDI0M0MyMjYuNzI4IDM2LjI3ODMgMjI2LjA2OSAzNi40MDUyIDIyNS4zMTkgMzYuNDA1MloiIGZpbGw9ImJsYWNrIj48L3BhdGg+CiAgICAgICAgICAgIDwvc3ZnPgogICAgICAgIDwvZGl2PgogICAgICAgIDxkaXYgY2xhc3M9ImZsZXgtY29udGFpbmVyIGxvYWRpbmciIHN0eWxlPSIKICAgIGZsZXg6IDE7CiI+CiAgICAgICAgICAgIDxkaXYgY2xhc3M9Imxkcy1lbGxpcHNpcyI+CiAgICAgICAgICAgICAgICA8ZGl2PjwvZGl2PgogICAgICAgICAgICAgICAgPGRpdj48L2Rpdj4KICAgICAgICAgICAgICAgIDxkaXY+PC9kaXY+CiAgICAgICAgICAgICAgICA8ZGl2PjwvZGl2PgogICAgICAgICAgICA8L2Rpdj4KICAgICAgICA8L2Rpdj4KICAgIDwvZGl2Pgo8L2Rpdj4KCgo8L2JvZHk+PC9odG1sPg==
3d9ab0dd2e243c00f37ee0441fd1cb9846dcf74a9c896d37582107c8fe4e4a03
ab439837c2e5d357fc8704c8650499f1e45892880a72e20cf9d5e1bd67887e36
bc9b945d20c41c760f74e355728463cc4f12894512a024554363801d7fe791e5
e214573905d30571c95cc1c6c2f687070e8e600898c9427a49df44b71618cc81
0337a08271785f216907d68a5b6da8d8bcb39bd10cec37dd9f84db85cc80509f
80e8316f0af99bb5d5466022fcc3467ac1faf6760a22f5192b956c095f702859
C38FB23A402222A0C17D34A92F971D1F
c18e6c7f9ce9dedba8a8cbb9e8b245ca0912945611282c140c549f55406a91db
bfdc237e067ce80b93351469888bc2d2c8e255d5dc53a5d4505ce086fe01aa7b

信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
a1/b.java, line(s) 206
a5/c.java, line(s) 85,95,96
a5/i.java, line(s) 251
a8/b.java, line(s) 125
b0/e.java, line(s) 92
b8/b.java, line(s) 33
bb/a.java, line(s) 22
c0/c.java, line(s) 172,197
c6/g.java, line(s) 73
c6/i.java, line(s) 24,62,74,75,90,93,116
c8/f.java, line(s) 179
cb/c.java, line(s) 72,75
cb/d.java, line(s) 23
com/badlogic/gdx/backends/android/AndroidApplicationLogger.java, line(s) 17,22
com/badlogic/gdx/backends/android/AndroidFragmentApplication.java, line(s) 121,128
com/badlogic/gdx/backends/android/AndroidGraphicsLiveWallpaper.java, line(s) 61
com/badlogic/gdx/backends/android/AndroidLiveWallpaperService.java, line(s) 228
com/badlogic/gdx/backends/android/ZipResourceFile.java, line(s) 149
com/badlogic/gdx/backends/android/surfaceview/GLSurfaceView20.java, line(s) 161
com/badlogic/gdx/graphics/g2d/PixmapPacker.java, line(s) 410
com/badlogic/gdx/graphics/glutils/ETC1.java, line(s) 83
com/badlogic/gdx/math/a.java, line(s) 176,181,187
com/caverock/androidsvg/SVGImageView.java, line(s) 124,138
com/extra/preferencelib/preferences/colorpicker/ColorPickerPreference.java, line(s) 207
com/iab/omid/library/ironsrc/utils/d.java, line(s) 17
com/iab/omid/library/taboola/utils/d.java, line(s) 17
com/ironsource/adapters/admob/AdMobAdapter.java, line(s) 175,183,272,274,278,292
com/ironsource/adapters/admob/banner/AdMobBannerAdListener.java, line(s) 63,70
com/ironsource/adapters/admob/banner/AdMobNativeBannerAdListener.java, line(s) 66
com/ironsource/adapters/admob/interstitial/AdMobInterstitialAdLoadListener.java, line(s) 42,26
com/ironsource/adapters/admob/interstitial/AdMobInterstitialAdShowListener.java, line(s) 53,41
com/ironsource/adapters/admob/interstitial/AdMobInterstitialAdapter.java, line(s) 152
com/ironsource/adapters/admob/nativead/AdMobNativeAdListener.java, line(s) 53
com/ironsource/adapters/admob/rewardedvideo/AdMobRewardedVideoAdLoadListener.java, line(s) 33,43
com/ironsource/adapters/admob/rewardedvideo/AdMobRewardedVideoAdShowListener.java, line(s) 55,43
com/ironsource/adapters/facebook/banner/FacebookBannerAdListener.java, line(s) 59
com/ironsource/adapters/facebook/interstitial/FacebookInterstitialAdListener.java, line(s) 73,95
com/ironsource/adapters/facebook/interstitial/FacebookInterstitialAdapter.java, line(s) 80,82,96
com/ironsource/adapters/facebook/rewardedvideo/FacebookRewardedVideoAdListener.java, line(s) 74,112
com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 168,227,161,171,221,369,372,376,381,570,595,597
com/ironsource/adapters/ironsource/IronSourceInterstitialListener.java, line(s) 28
com/ironsource/adapters/ironsource/IronSourceRewardedVideoListener.java, line(s) 31
com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 185,186,187,202,204,207,381,383
com/ironsource/b.java, line(s) 60
com/ironsource/d6.java, line(s) 67,96,128
com/ironsource/gd.java, line(s) 48,87,91
com/ironsource/h1.java, line(s) 99,116,68,96,104,112
com/ironsource/j1.java, line(s) 48,76,40,65,69
com/ironsource/jd.java, line(s) 95
com/ironsource/k4.java, line(s) 48
com/ironsource/ld.java, line(s) 144
com/ironsource/m2.java, line(s) 50
com/ironsource/mediationsdk/AbstractAdapter.java, line(s) 410,416
com/ironsource/mediationsdk/a.java, line(s) 73
com/ironsource/mediationsdk/a0.java, line(s) 123,128
com/ironsource/mediationsdk/ads/nativead/LevelPlayNativeAd.java, line(s) 64
com/ironsource/mediationsdk/d.java, line(s) 425,430
com/ironsource/mediationsdk/d1.java, line(s) 21,29,31
com/ironsource/mediationsdk/demandOnly/d.java, line(s) 86,218,383,399,73,96,99,117,141,147,150,154,173,228,380,404
com/ironsource/mediationsdk/demandOnly/g.java, line(s) 96,153,72,100,103,118,203,235,256
com/ironsource/mediationsdk/demandOnly/l.java, line(s) 97,174,73,101,104,139,191,223,244
com/ironsource/mediationsdk/demandOnly/r.java, line(s) 25
com/ironsource/mediationsdk/demandOnly/s.java, line(s) 20
com/ironsource/mediationsdk/demandOnly/t.java, line(s) 20
com/ironsource/mediationsdk/demandOnly/u.java, line(s) 20
com/ironsource/mediationsdk/demandOnly/v.java, line(s) 20
com/ironsource/mediationsdk/g1.java, line(s) 28,34
com/ironsource/mediationsdk/i0.java, line(s) 28,34
com/ironsource/mediationsdk/integration/IntegrationHelper.java, line(s) 12
com/ironsource/mediationsdk/logger/a.java, line(s) 41,32
com/ironsource/mediationsdk/p.java, line(s) 492,497,503,512,519,532,562,567,573,582,589,603,1551,1559,1589,485,555,1454,1456,1464,1466,1490,1529,1541,342,1572,1576,1580,345,350
com/ironsource/mediationsdk/w.java, line(s) 185,248,267,298,332,522,634,724,180,192,220,230,256,276,296,365,507,631,644,694,711,195,263,287,303,367
com/ironsource/mediationsdk/x.java, line(s) 151,194,149,186,190,197,251,258,278,375,395,435,388,398,440
com/ironsource/mediationsdk/y0.java, line(s) 26,34
com/ironsource/mediationsdk/z0.java, line(s) 18,24
com/ironsource/o9.java, line(s) 74,61,65
com/ironsource/p1.java, line(s) 67,120,138,49,107,129
com/ironsource/p3.java, line(s) 21,23,24
com/ironsource/q1.java, line(s) 308,391,422,507,540,756,95,140,197,201,241,301,313,383,426,471,477,486,538,585,599,743,749
com/ironsource/q9.java, line(s) 36,58
com/ironsource/r0.java, line(s) 19
com/ironsource/sdk/utils/Logger.java, line(s) 18,24,43,49
com/ironsource/t1.java, line(s) 122,134,303,428,485,532,564,571,97,281,292,422,440,472,517,545
com/ironsource/u0.java, line(s) 36
com/ironsource/v8.java, line(s) 58
com/launcher/theme/store/SlideButton.java, line(s) 28,55,63,68,76,79,81
com/launcher/theme/store/TransformSetImageView.java, line(s) 109,110,111,112,113
com/launcher/theme/store/config/ThemeConfigService.java, line(s) 518
com/launcher/theme/store/config/WpaperConfigService.java, line(s) 358
com/liveeffectlib/colorpicker/ColorPickerPreference.java, line(s) 177
com/model/s/animation/AVLoadingIndicatorView.java, line(s) 66
com/model/s/launcher/AllAppsList.java, line(s) 65,92
com/model/s/launcher/AppsCustomizeTabHost.java, line(s) 144
com/model/s/launcher/DropTarget$DragEnforcer.java, line(s) 19,27,35,41
com/model/s/launcher/Folder.java, line(s) 1221
com/model/s/launcher/FolderPagedView.java, line(s) 260
com/model/s/launcher/IconCache.java, line(s) 1022
com/model/s/launcher/InstallShortcutReceiver.java, line(s) 331
com/model/s/launcher/Launcher.java, line(s) 2141,2162,414,3915,5734
com/model/s/launcher/LauncherAppState.java, line(s) 47,33
com/model/s/launcher/LauncherModel.java, line(s) 632,1659
com/model/s/launcher/LauncherProvider$DatabaseHelper.java, line(s) 51,110,151
com/model/s/launcher/LauncherStateTransitionAnimation.java, line(s) 314
com/model/s/launcher/MemoryDumpActivity.java, line(s) 54,50,88,103
com/model/s/launcher/MemoryTracker.java, line(s) 172,111,121,134,197,225
com/model/s/launcher/Utilities.java, line(s) 1235
com/model/s/launcher/WeightWatcher.java, line(s) 98
com/model/s/launcher/WidgetPreviewLoader.java, line(s) 437,507
com/model/s/launcher/Workspace.java, line(s) 1875
com/model/s/launcher/dialog/ColorIconEditBottomDialogFragment$updateTheme$2.java, line(s) 20
com/model/s/launcher/dialog/MaterialDialog.java, line(s) 186
com/model/s/launcher/graphics/GridCustomizationsProvider.java, line(s) 102
com/model/s/launcher/graphics/LauncherPreviewRenderer.java, line(s) 137,170
com/model/s/launcher/s0.java, line(s) 218,222
com/model/s/launcher/util/MainThreadInitializedObject.java, line(s) 42
com/model/s/launcher/util/SQLiteCacheHelper.java, line(s) 61,74
com/model/s/launcher/util/UIUtil.java, line(s) 520
com/model/s/launcher/widget/ComposeWidgetView.java, line(s) 381,395,412,421
com/model/s/launcher/widget/WidgetsContainerView.java, line(s) 188
com/model/s/slidingmenu/lib/SlidingMenu.java, line(s) 101
com/taboola/android/TBLMonitorManager.java, line(s) 37,68
com/taboola/android/global_components/configuration/TBLConfigManager.java, line(s) 183,224,230,236,271
com/taboola/android/tblnative/TBLNativeGlobalEPs.java, line(s) 37,57
com/taboola/android/tblnative/TBLNativeUnitInternal.java, line(s) 75
com/taboola/android/utils/TBLLogger.java, line(s) 29,40,86
com/taboola/android/utils/TBLOnClickHelper.java, line(s) 90
com/taboola/lightnetwork/dynamic_url/DynamicRequest.java, line(s) 59,75,124,143
com/taboola/lightnetwork/protocols/http/CookiesTracker.java, line(s) 40
com/taboola/lightnetwork/protocols/http/HttpManager.java, line(s) 41,47,53
com/taboola/lightnetwork/protocols/http/HttpRequest.java, line(s) 75,114,148,178,198,63,86
com/taboola/lightnetwork/url_components/PathParam.java, line(s) 19
com/taboola/lightnetwork/url_components/UrlParameters.java, line(s) 21
com/taboola/lightnetwork/utils/SharedPrefUtil.java, line(s) 21,35,44
d0/a.java, line(s) 59
d1/d.java, line(s) 25,26
d3/d2.java, line(s) 55
d5/a.java, line(s) 19,33,36
e1/h2.java, line(s) 51
e1/k2.java, line(s) 236
e1/l2.java, line(s) 43
e1/s.java, line(s) 380
e1/w2.java, line(s) 1057
f0/h.java, line(s) 24
g0/b.java, line(s) 74,84
g0/m.java, line(s) 88,128,130,136,142,139,143
h0/c.java, line(s) 85,96
h1/j.java, line(s) 287,288,289,290,291
h4/m.java, line(s) 29
i0/m.java, line(s) 125,190,460,298
i0/n.java, line(s) 132,133
i0/p0.java, line(s) 58,59
i0/y.java, line(s) 9,45
i7/s.java, line(s) 41,42
j0/j.java, line(s) 166,71,138,72,139
j0/k.java, line(s) 61,64,70,110,120,133,146,149,163,172,175,62,71,105,147
j7/g.java, line(s) 17
jb/a.java, line(s) 48
k0/c.java, line(s) 39,49,75,81,40,76
k8/h.java, line(s) 40,44
k8/i.java, line(s) 63,69,73
l0/a.java, line(s) 26,25
m0/j.java, line(s) 34
m0/q0.java, line(s) 31
o3/g.java, line(s) 167
o6/h.java, line(s) 275
o8/b.java, line(s) 197
p/g.java, line(s) 86,87,102
p0/g.java, line(s) 21,26,22,29
p0/g0.java, line(s) 42,51,58,43,52,59,60,61,64
p0/k.java, line(s) 66,83,101,108,113,156,170
p0/l0.java, line(s) 40
p0/x.java, line(s) 81
q1/c.java, line(s) 95,121
r7/f.java, line(s) 34
s2/j4.java, line(s) 45
s2/k.java, line(s) 29
s2/k5.java, line(s) 44
s2/l4.java, line(s) 45
s2/m5.java, line(s) 44
s2/w1.java, line(s) 24
s2/w3.java, line(s) 22,24,25,27
t0/a.java, line(s) 42,128,145,151,156,50,129,146,152,157
t0/l.java, line(s) 45
u/a.java, line(s) 544
v0/b.java, line(s) 32,52
v0/f.java, line(s) 53
v0/g.java, line(s) 241
v0/i.java, line(s) 57,63
v5/a.java, line(s) 293
y/a.java, line(s) 59
y/c.java, line(s) 56
y/l.java, line(s) 42
y0/f.java, line(s) 24,316
y3/j0.java, line(s) 108
y3/k1.java, line(s) 79,80
y3/u.java, line(s) 140
z0/d.java, line(s) 38
z0/k.java, line(s) 21,22
z0/l.java, line(s) 37
z2/a.java, line(s) 22,25

信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 

此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
com/badlogic/gdx/backends/android/AndroidClipboard.java, line(s) 4,32

安全 基本配置配置为禁止到所有域的明文流量。 

Scope:
*

安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 

此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4

Files:
com/lib/request/Request.java, line(s) 118,135,136,137,200,393,399,191
ha/l0.java, line(s) 85,84,93,83,83

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (res.appser.top) 通信。 

{'ip': '221.228.32.13', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (appser.top) 通信。 

{'ip': '221.228.32.13', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}

安全评分: ( One S Launcher 9.2)