安全分析报告:
安全分数
安全分数 49/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
3
用户/设备跟踪器
调研结果
高危
3
中危
18
信息
4
安全
2
关注
1
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 域配置不安全地配置为允许明文流量到达范围内的这些域。
Scope: 127.0.0.1
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/atlasv/android/downloader/NovaDownloader.java, line(s) 2010
中危 Activity (free.video.downloader.converter.music.main.MainActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/arialyy/aria/core/task/AbsTask.java, line(s) 16 d6/d.java, line(s) 16 io/jsonwebtoken/JwsHeader.java, line(s) 8 n6/g.java, line(s) 47 p6/f.java, line(s) 37 p6/q.java, line(s) 93 p6/w.java, line(s) 81 q2/d.java, line(s) 32
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/arialyy/aria/util/CommonUtil.java, line(s) 372,446,547,576 e4/b.java, line(s) 71 free/video/downloader/converter/music/view/activity/PatternLockActivity.java, line(s) 165 hg/a.java, line(s) 221 wa/t7.java, line(s) 188
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: c5/e.java, line(s) 67,133,136 com/arialyy/aria/util/CommonUtil.java, line(s) 216,213,220 com/arialyy/aria/util/FileUtil.java, line(s) 34,232 e4/d.java, line(s) 81 g5/f.java, line(s) 47 ic/e1.java, line(s) 42,42 ic/j1.java, line(s) 37 lf/a.java, line(s) 24,38 re/b.java, line(s) 299 s4/a.java, line(s) 73
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: bf/j.java, line(s) 12 d8/w.java, line(s) 8 d9/z.java, line(s) 4 df/c.java, line(s) 7 e5/a.java, line(s) 8 g5/b.java, line(s) 17 rd/j.java, line(s) 5 ti/a.java, line(s) 3 ti/b.java, line(s) 3 ui/a.java, line(s) 3 vh/a.java, line(s) 9 wa/t7.java, line(s) 30 xe/c.java, line(s) 6
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/arialyy/aria/orm/DelegateFind.java, line(s) 4,73,75,210,418,442,467 com/arialyy/aria/orm/DelegateUpdate.java, line(s) 4,93,94,112,113,71 com/arialyy/aria/orm/DelegateWrapper.java, line(s) 4,50 com/arialyy/aria/orm/SqlHelper.java, line(s) 5,6,29,30,125,164 com/arialyy/aria/orm/SqlUtil.java, line(s) 5,64,400 com/atlasv/android/ump/fb/h.java, line(s) 4,56 v1/c.java, line(s) 6,7,8,9,10,94,182 v3/b.java, line(s) 6,68,153 wa/j.java, line(s) 5,6,591,631 wa/n7.java, line(s) 7,8,479 x7/g.java, line(s) 4,41 y7/n.java, line(s) 3,33 y7/p.java, line(s) 3,25 y7/q.java, line(s) 5,6,139,160,180 y7/t.java, line(s) 3,9 y7/u.java, line(s) 4,5,128
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: he/b.java, line(s) 52 ia/a.java, line(s) 24
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/atlasv/android/downloader/privacy/ui/web/WebViewActivity.java, line(s) 63,68 sf/a.java, line(s) 32,37
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: gg/a.java, line(s) 287,283
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: he/c.java, line(s) 92
中危 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/135780811579/namespaces/firebase:fetch?key=AIzaSyDHf9ZukSLmob_KD1rTCp5z9JQ8KaalWUk ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"ad_icon_gallery_image": "{\"interval\":6,\"adInfo\":[{\"adId\":\"ins3\",\"url\":\"https://play.google.com/store/apps/details?id=instagram.video.downloader.story.saver.ig&referrer=utm_source%3Dall3%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-INS3-20231016\",\"name\":\"Video downloader: Story Saver\",\"desc\":\"Instagram post Downloader & Instagram Picture Downloader. \",\"cta\":\"Download\",\"icon\":\"https://lh3.googleusercontent.com/qTSNjNuLBj1tc1ax6no6d_wZU391gg5Cxy37sv0aLj39k-AisPjgLHN4Vn6s-GsltM4\",\"replaceIcon\":false,\"sort\":1},{\"adId\":\"in3lite\",\"icon\":\"https://play-lh.googleusercontent.com/pKHrkJZc1Q95ZdLoTb9YR0h2ed7qtoIFxByTRRfIulVzWQQy8yKMVN-9yolzRQWc2Rs=w240-h480-rw\",\"url\":\"https://play.google.com/store/apps/details?id=instagram.video.downloader.story.saver.ig.insaver&referrer=utm_source%3Dall3%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-in3lite-20240612\",\"name\":\"Instagram Video Downloader Lite\",\"desc\":\"Fast IG Video Downloader & Story Saver\",\"cta\":\"Download\",\"image\":\"\",\"replaceIcon\":true,\"sort\":1},{\"adId\":\"TTD2\",\"icon\":\"https://play-lh.googleusercontent.com/n1VZG-v2v9Y4nMGALXQyks1-ksM7KjvUkrY4FFCKAvd1SwSr52ZnBluYeUUNgBc5FLw=w240-h480-rw\",\"url\":\"https://play.google.com/store/apps/details?id=tiktok.video.downloader.nowatermark.tiktokdownload.snaptik&referrer=utm_source%3Dall3%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-TTD2-20240402\",\"name\":\"Tik Video Downloader Tok Saver\",\"desc\":\"Fast Video Saver & Watermark Remover\",\"cta\":\"Download\",\"image\":\"\",\"replaceIcon\":true,\"sort\":1},{\"adId\":\"WAD\",\"icon\":\"https://play-lh.googleusercontent.com/EvYu7EsVzrk7U8s8FfNRTlUBWnq06i8mw2qdlLLYOjxMrQW1Ib5aAvWdSkRkXpsensmN=w480-h960-rw\",\"url\":\"https://play.google.com/store/apps/details?id=statussaver.videodownloader.downloadstatus.savestatus.storysaver&referrer=utm_source%3Dall3%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-WAD-20240710\",\"name\":\"Whatsapp Downloader & Status Saver\",\"desc\":\"save and download photos, videos, and GIFs\",\"cta\":\"Download\",\"image\":\"\",\"replaceIcon\":true,\"sort\":1},{\"adId\":\"PTD\",\"icon\":\"https://play-lh.googleusercontent.com/STWAAs5lor6M5iQtOh6Kq9rY_-HrAs0h66UH4EH9pLoh8Awd25YALjIywmf3gY_WvQ=w240-h480-rw\",\"url\":\"https://play.google.com/store/apps/details?id=pin.pinterest.video.downloader.forpinterest.pinsaver=utm_source%3Dall3%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-PTD-20240716\",\"name\":\"Video Downloader For Pinterest\",\"desc\":\"save and download photos, videos, and GIFs\",\"cta\":\"Download\",\"image\":\"\",\"replaceIcon\":true,\"sort\":1},{\"adId\":\"TTD1\",\"icon\":\"https://play-lh.googleusercontent.com/fjeLw6E6DBPnORnZfzP-G6aeJ5U--lJG4Sop3_Jvk4aQEbfzoYp7LZN1jA_4sRjC9Qk=w480-h960-rw\",\"url\":\"https://play.google.com/store/apps/details?id=tiktok.video.downloader.nowatermark.tiktokdownload&referrer=utm_source%3Dall3%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-TTD1-20240722\",\"name\":\"TikTok Video Downloader\",\"desc\":\"Download Video No Watermark\",\"cta\":\"Download\",\"image\":\"\",\"replaceIcon\":true,\"sort\":1},{\"adId\":\"FBD2\",\"icon\":\"https://play-lh.googleusercontent.com/wUgCGcPK4c2kUn0fi6oveBR_WssWh2zY1niVYH1imtZmgYvPbxPbNCumGTBOWRPXW7Y=w240-h480-rw\",\"url\":\"https://play.google.com/store/apps/details?id=facebook.video.downloader.savefrom.fb.saver.fast&referrer=utm_source%3Dall3%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-FBD2-20240730\",\"name\":\"Facebook Video Downloader\",\"desc\":\"Downloader Video from Facebook\",\"cta\":\"Download\",\"image\":\"\",\"replaceIcon\":true,\"sort\":1}]}",
"ad_icon_gallery_video": "{\"interval\":6,\"adInfo\":[{\"adId\":\"ins3\",\"url\":\"https://play.google.com/store/apps/details?id=instagram.video.downloader.story.saver.ig&referrer=utm_source%3Dall3%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-INS3-20231016\",\"name\":\"Video downloader: Story Saver\",\"desc\":\"Instagram post Downloader & Instagram Picture Downloader. \",\"cta\":\"Download\",\"icon\":\"https://lh3.googleusercontent.com/qTSNjNuLBj1tc1ax6no6d_wZU391gg5Cxy37sv0aLj39k-AisPjgLHN4Vn6s-GsltM4\",\"replaceIcon\":false,\"sort\":1},{\"adId\":\"in3lite\",\"icon\":\"https://play-lh.googleusercontent.com/pKHrkJZc1Q95ZdLoTb9YR0h2ed7qtoIFxByTRRfIulVzWQQy8yKMVN-9yolzRQWc2Rs=w240-h480-rw\",\"url\":\"https://play.google.com/store/apps/details?id=instagram.video.downloader.story.saver.ig.insaver&referrer=utm_source%3Dall3%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-in3lite-20240612\",\"name\":\"Instagram Video Downloader Lite\",\"desc\":\"Fast IG Video Downloader & Story Saver\",\"cta\":\"Download\",\"image\":\"\",\"replaceIcon\":true,\"sort\":1},{\"adId\":\"TTD2\",\"icon\":\"https://play-lh.googleusercontent.com/n1VZG-v2v9Y4nMGALXQyks1-ksM7KjvUkrY4FFCKAvd1SwSr52ZnBluYeUUNgBc5FLw=w240-h480-rw\",\"url\":\"https://play.google.com/store/apps/details?id=tiktok.video.downloader.nowatermark.tiktokdownload.snaptik&referrer=utm_source%3Dall3%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-TTD2-20240402\",\"name\":\"Tik Video Downloader Tok Saver\",\"desc\":\"Fast Video Saver & Watermark Remover\",\"cta\":\"Download\",\"image\":\"\",\"replaceIcon\":true,\"sort\":1},{\"adId\":\"WAD\",\"icon\":\"https://play-lh.googleusercontent.com/EvYu7EsVzrk7U8s8FfNRTlUBWnq06i8mw2qdlLLYOjxMrQW1Ib5aAvWdSkRkXpsensmN=w480-h960-rw\",\"url\":\"https://play.google.com/store/apps/details?id=statussaver.videodownloader.downloadstatus.savestatus.storysaver&referrer=utm_source%3Dall3%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-WAD-20240710\",\"name\":\"Whatsapp Downloader & Status Saver\",\"desc\":\"save and download photos, videos, and GIFs\",\"cta\":\"Download\",\"image\":\"\",\"replaceIcon\":true,\"sort\":1},{\"adId\":\"PTD\",\"icon\":\"https://play-lh.googleusercontent.com/STWAAs5lor6M5iQtOh6Kq9rY_-HrAs0h66UH4EH9pLoh8Awd25YALjIywmf3gY_WvQ=w240-h480-rw\",\"url\":\"https://play.google.com/store/apps/details?id=pin.pinterest.video.downloader.forpinterest.pinsaver=utm_source%3Dall3%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-PTD-20240716\",\"name\":\"Video Downloader For Pinterest\",\"desc\":\"save and download photos, videos, and GIFs\",\"cta\":\"Download\",\"image\":\"\",\"replaceIcon\":true,\"sort\":1},{\"adId\":\"TTD1\",\"icon\":\"https://play-lh.googleusercontent.com/fjeLw6E6DBPnORnZfzP-G6aeJ5U--lJG4Sop3_Jvk4aQEbfzoYp7LZN1jA_4sRjC9Qk=w480-h960-rw\",\"url\":\"https://play.google.com/store/apps/details?id=tiktok.video.downloader.nowatermark.tiktokdownload&referrer=utm_source%3Dall3%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-TTD1-20240722\",\"name\":\"TikTok Video Downloader\",\"desc\":\"Download Video No Watermark\",\"cta\":\"Download\",\"image\":\"\",\"replaceIcon\":true,\"sort\":1},{\"adId\":\"FBD2\",\"icon\":\"https://play-lh.googleusercontent.com/wUgCGcPK4c2kUn0fi6oveBR_WssWh2zY1niVYH1imtZmgYvPbxPbNCumGTBOWRPXW7Y=w240-h480-rw\",\"url\":\"https://play.google.com/store/apps/details?id=facebook.video.downloader.savefrom.fb.saver.fast&referrer=utm_source%3Dall3%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-FBD2-20240730\",\"name\":\"Facebook Video Downloader\",\"desc\":\"Downloader Video from Facebook\",\"cta\":\"Download\",\"image\":\"\",\"replaceIcon\":true,\"sort\":1}]}",
"ad_platform": "Admob",
"ad_value_threshold": "0.04342557179292531",
"adblock_common_config": "[]",
"adblock_local_file_names": "[\"1AdGuardBase.txt\",\"2EasyPrivacyLite.txt\",\"4Easylist.txt\",\"6Adblock_anti_killer_ffAdblock.txt\",\"7unblock_filter.txt\",\"8uBlock_filters_privacy.txt\",\"11uBlock_filters_unbreak.txt\",\"12uBlock_filters_badware_risks.txt\"]",
"adblock_specify_config": "[]",
"admob_interstitial_config": "{}",
"aha_search_engine": "GoogleVideo",
"app_ad": " {\n \"name\":\"Video downloader: Story Saver\",\n \"icon\":\"https://play-lh.googleusercontent.com/s9Jp_iJi8C4zqVkqAYdXky-QJIP02WcK0sHCsq3ETnACARr3x2TgqIInF-7iZi5QP5VZ=w480-h960-rw\",\n \"url\":\"https://play.google.com/store/apps/details?id=instagram.video.downloader.story.saver.ig&referrer=utm_source%3DIns2%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-INS3-20231016\"\n }",
"app_ad2": " {\n \"name\":\"Video downloader: Story Saver\",\n \"icon\":\"https://play-lh.googleusercontent.com/s9Jp_iJi8C4zqVkqAYdXky-QJIP02WcK0sHCsq3ETnACARr3x2TgqIInF-7iZi5QP5VZ=w480-h960-rw\",\n \"url\":\"https://play.google.com/store/apps/details?id=instagram.video.downloader.story.saver.ig&referrer=utm_source%3DIns2%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-INS3-20231016\"\n }",
"app_ad_refresh_interval": "10",
"app_play_icon_ad": "{\"icon\":\"https://play-lh.googleusercontent.com/s9Jp_iJi8C4zqVkqAYdXky-QJIP02WcK0sHCsq3ETnACARr3x2TgqIInF-7iZi5QP5VZ=w480-h960-rw\",\"url\":\"https://play.google.com/store/apps/details?id=instagram.video.downloader.story.saver.ig&referrer=utm_source%3DIns2%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-INS3-20231016\"}",
"browsing_website_ad_time_interval": "{\"other_ads\":6000,\"self_ads\":12000}",
"can_luck_you_download": "false",
"data_officer_config": "{\"name\":\"Calvin Dan\",\"address\":\"UK\",\"email\":\"privacy-downloader@vidma.com\"}",
"download_btn_scale": "0.7",
"download_list_dialog_styles": "style1",
"fb_guide_type": "guideB",
"guide_type": "1",
"home_entrance_sites": "[{\"url\":\"https://www.dailymotion.com/\",\"icon\":\"\",\"name\":\"Dailymotion\",\"isHot\":false},{\"url\":\"https://www.tiktok.com/\",\"icon\":\"\",\"name\":\"TikTok\",\"isHot\":false},{\"url\":\"https://twitter.com/\",\"icon\":\"\",\"name\":\"X\",\"isHot\":false},{\"url\":\"https://www.pinterest.com/\",\"icon\":\"\",\"name\":\"Pinterest\",\"isHot\":false},{\"url\":\"https://www.whatsapp.com/\",\"icon\":\"\",\"name\":\"WhatsApp\",\"isHot\":false}]",
"home_music_sites": "[\n {\n \"url\": \"https://www.spotify.com/\",\n \"icon\": \"https://i.imgur.com/0z3lvCFb.jpg\",\n \"name\": \"Spotify\",\n \"isHot\": true\n },\n {\n \"url\": \"https://ncs.io/music\",\n \"icon\": \"https://i.imgur.com/pT3C19xb.jpg\",\n \"name\": \"NCS\",\n \"isHot\": false\n },\n {\n \"url\": \"https://www.jango.com/\",\n \"icon\": \"https://i.imgur.com/DcdDXPnb.png\",\n \"name\": \"Jango Radio\",\n \"isHot\": false\n }\n]",
"home_picture_sites": "[{\"url\":\"https://www.pinterest.com/\",\"icon\":\"https://i.imgur.com/7smdq8tb.jpg\",\"name\":\"Pinterest\",\"isHot\":false},{\"url\":\"https://www.pexels.com\",\"icon\":\"https://i.imgur.com/DHX2YZwb.png\",\"name\":\"Pexels\",\"isHot\":false},{\"url\":\"https://500px.com\",\"icon\":\"https://i.imgur.com/LMiLwRhb.png\",\"name\":\"500px\",\"isHot\":false}]",
"home_social_sites": "[{\"url\":\"https://www.google.com/\",\"icon\":\"https://i.imgur.com/DWWU3JYb.png\",\"name\":\"Google\",\"isHot\":false},{\"url\":\"https://www.dailymotion.com/\",\"icon\":\"https://nova-downloader.firebaseapp.com/website_icons/Dailymotion.jpg\",\"name\":\"Dailymotion\",\"isHot\":false},{\"url\":\"https://www.instagram.com/\",\"icon\":\"https://i.imgur.com/ARlzFT8b.jpg\",\"name\":\"Instagram\",\"isHot\":true},{\"url\":\"https://www.facebook.com/\",\"icon\":\"https://i.imgur.com/eJzeXLWb.png\",\"name\":\"Facebook\",\"isHot\":false},{\"url\":\"https://twitter.com/\",\"icon\":\"https://i.imgur.com/2EadNuIb.png\",\"name\":\"Twitter\",\"isHot\":false},{\"url\":\"https://www.tiktok.com/\",\"icon\":\"https://i.imgur.com/IDStxDub.png\",\"name\":\"TikTok\",\"isHot\":true}\n]",
"home_video_sites": "[{\"url\":\"https://watch.plex.tv/movies-and-shows\",\"icon\":\"https://i.imgur.com/clD7JuDb.jpg\",\"name\":\"Plex\",\"isHot\":false},{\"url\":\"https://www.bilibili.com/\",\"icon\":\"https://i.imgur.com/6r98Nomb.jpg\",\"name\":\"bilibili\",\"isHot\":false},{\"url\":\"https://vimeo.com/watch\",\"icon\":\"https://i.imgur.com/Il2D45Eb.jpg\",\"name\":\"Vimeo\",\"isHot\":false},{\"url\":\"https://9gag.com/\",\"icon\":\"https://i.imgur.com/HF7o67Eb.jpg\",\"name\":\"9GAG\",\"isHot\":false}]",
"home_web_sites": "[{\"url\":\"https://www.tiktok.com/\",\"icon\":\"https://play-lh.googleusercontent.com/z5nin1RdQ4UZhv6fa1FNG7VE33imGqPgC4kKZIUjgf_up7E-Pj3AaojlMPwNNXaeGA=w480-h960-rw\",\"name\":\"TikTok\"}, {\"url\":\"http://www.instagram.com\",\"icon\":\"https://nova-downloader.firebaseapp.com/website_icons/instagram.jpg\",\"name\":\"Instagram\"}, {\"url\":\"https://m.facebook.com/\",\"icon\":\"https://nova-downloader.firebaseapp.com/website_icons/Facebook.jpg\",\"name\":\"Facebook\"}, {\"url\":\"https://www.pinterest.com/\",\"icon\":\"https://play-lh.googleusercontent.com/dVsv8Hc4TOUeLFAahxR8KANg22W9dj2jBsTW1VHv3CV-5NCZjP9D9i2j5IpfVx2NTB8=s248-rw\",\"name\":\"Pinterest\"}, {\"url\":\"https://twitter.com/\",\"icon\":\"https://nova-downloader.firebaseapp.com/website_icons/twitter.jpg\",\"name\":\"Twitter\"}, {\"url\":\"https://m.9gag.com\",\"icon\":\"https://nova-downloader.firebaseapp.com/website_icons/9gag.jpg\",\"name\":\"9GAG\"}, {\"url\":\"https://www.dailymotion.com/\",\"icon\":\"https://nova-downloader.firebaseapp.com/website_icons/Dailymotion.jpg\",\"name\":\"Dailymotion\"}, {\"url\":\"https://vimeo.com/watch\",\"icon\":\"https://nova-downloader.firebaseapp.com/website_icons/Vimeo.jpg\",\"name\":\"Vimeo\"}]",
"is_enable_auto_upper_speed": "true",
"is_enable_new_fb_parse": "true",
"is_ins_server_parse_enable": "0",
"is_open_anr_check": "false",
"is_open_collect_player_error": "true",
"is_open_ins_fb_parse_method_error": "false",
"is_open_ins_fb_parse_method_error2": "false",
"is_open_report_recent_account_google": "true",
"is_prefer_open_interstitial": "false",
"is_show_unsupport_ad": "true",
"is_show_video_convert": "false",
"link_intercept_domain": "",
"premium_dialog_config": "{\"download_count\":1000,\"display_frequency\":0}",
"report_dash_error": "false",
"report_dash_type": "false",
"report_download_error": "false",
"report_m3u8_error": "false",
"report_unsupported_formats": "true",
"score_down_history_new": "default_5_star_button",
"score_down_history_play_new": "default_5_star_button",
"score_down_home": "score_new_1",
"score_down_home_play": "score_new_1",
"search_engine": "Google",
"test_web_sites": "[]",
"unsupport_ad_link": "https://play.google.com/store/apps/details?id=vidma.screenrecorder.videorecorder.videoeditor.pro&referrer=utm_source%3DALL3ADS%26utm_medium%3Dcpc%26utm_campaign%3DINHOUSE-Recorder-014-221124",
"unsupport_recommend_sites": "[{\"url\":\"https://tubidy.com/\",\"icon\":\"https://i.imgur.com/0gJPEWWb.jpg\",\"name\":\"tubidy\"},{\"url\":\"https://www.facebook.com/\",\"icon\":\"https://i.imgur.com/eJzeXLWb.jpg\",\"name\":\"Facebook\"},{\"url\":\"https://twitter.com/\",\"icon\":\"https://i.imgur.com/2EadNuIb.jpg\",\"name\":\"Twitter\"}]",
"update_info": "{\"updateCoreList\":[{\"minVersion\":0,\"maxVersion\":20200517,\"updateType\":0,\"updatePriority\":0,\"stalenessDays\":-1}]}"
},
"state": "UPDATE",
"personalizationMetadata": {
"home_web_sites": {
"personalizationId": "1b46d646-8650-4d2e-a1c2-c81f7046ed23",
"armIndex": 0,
"choiceId": "1f02273e-477e-6e1e-b322-fef377db07a2",
"group": "BASELINE"
}
},
"templateVersion": "484"
}
中危 应用程序包含隐私跟踪程序
此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.atlasv.android.purchase.JWT_KEY" : "D7dO6QxcTFEOc0d5Jf2H6bm9Zf1WFqX4MrsLCDPLiko=" 凭证信息=> "x_api_key" : "vVirHgvf3W3KRkbkZfa7Z6lZOz4agMQn88MGuiic" AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-5787270397790977~5577508580" "access_key_part_3" : "KZlI4inPyiBj" "button_private_import" : "Import" "com.google.firebase.crashlytics.mapping_file_id" : "aa4a565dbbff46779768478081389d8c" "firebase_database_url" : "https://nova-downloader.firebaseio.com" "google_api_key" : "AIzaSyDHf9ZukSLmob_KD1rTCp5z9JQ8KaalWUk" "google_app_id" : "1:135780811579:android:4bb8f81082dbb6c1b56d1e" "google_crash_reporting_api_key" : "AIzaSyDHf9ZukSLmob_KD1rTCp5z9JQ8KaalWUk" "secret_key_part_3" : "IBdc3xFNi0OyVDSkaPVFqKYkyrQ" "access_key_part_3" : "KZlI4inPyiBj" "secret_key_part_3" : "IBdc3xFNi0OyVDSkaPVFqKYkyrQ" "access_key_part_3" : "KZlI4inPyiBj" "secret_key_part_3" : "IBdc3xFNi0OyVDSkaPVFqKYkyrQ" "access_key_part_3" : "KZlI4inPyiBj" "button_private_import" : "Importieren" "secret_key_part_3" : "IBdc3xFNi0OyVDSkaPVFqKYkyrQ" "access_key_part_3" : "KZlI4inPyiBj" "secret_key_part_3" : "IBdc3xFNi0OyVDSkaPVFqKYkyrQ" "access_key_part_3" : "KZlI4inPyiBj" "button_private_import" : "Import" "secret_key_part_3" : "IBdc3xFNi0OyVDSkaPVFqKYkyrQ" "access_key_part_3" : "KZlI4inPyiBj" "button_private_import" : "Impor" "secret_key_part_3" : "IBdc3xFNi0OyVDSkaPVFqKYkyrQ" "access_key_part_3" : "KZlI4inPyiBj" "secret_key_part_3" : "IBdc3xFNi0OyVDSkaPVFqKYkyrQ" "access_key_part_3" : "KZlI4inPyiBj" "secret_key_part_3" : "IBdc3xFNi0OyVDSkaPVFqKYkyrQ" "access_key_part_3" : "KZlI4inPyiBj" "button_private_import" : "Importer" "secret_key_part_3" : "IBdc3xFNi0OyVDSkaPVFqKYkyrQ" "access_key_part_3" : "KZlI4inPyiBj" "secret_key_part_3" : "IBdc3xFNi0OyVDSkaPVFqKYkyrQ" "access_key_part_3" : "KZlI4inPyiBj" "button_private_import" : "Importar" "secret_key_part_3" : "IBdc3xFNi0OyVDSkaPVFqKYkyrQ" "access_key_part_3" : "KZlI4inPyiBj" "button_private_import" : "Importar" "secret_key_part_3" : "IBdc3xFNi0OyVDSkaPVFqKYkyrQ" "access_key_part_3" : "KZlI4inPyiBj" "secret_key_part_3" : "IBdc3xFNi0OyVDSkaPVFqKYkyrQ" "access_key_part_3" : "KZlI4inPyiBj" "secret_key_part_3" : "IBdc3xFNi0OyVDSkaPVFqKYkyrQ" 3DTYfbDKbT3jJPCEVnMYqilB28NHfOPqkca3qaAxGfsyKCs0wRbw dd55eaab36d51bfc762b81f4d5c2cc1c d89c16ea2f71414b5be8b9f5914edb47 4E0F765BAF8482E090A206E4C0DEBE1A clBBdCQGK0oeUPkNJ4fmwtVgfHE0T898uA/formResponse 482743473a652892d97277c3052d9385 6xcFaiPs2VODGZp5AOtRAbzBHwWA FB9A581543B7EE76C7DA3FAF608E6D2F 58d466a0983e3a00cb1d9db4cd2d0a38 308204433082032ba003020102020900c2e08746644a308d300d06092a864886f70d01010405003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3038303832313233313333345a170d3336303130373233313333345a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820120300d06092a864886f70d01010105000382010d00308201080282010100ab562e00d83ba208ae0a966f124e29da11f2ab56d08f58e2cca91303e9b754d372f640a71b1dcb130967624e4656a7776a92193db2e5bfb724a91e77188b0e6a47a43b33d9609b77183145ccdf7b2e586674c9e1565b1f4c6a5955bff251a63dabf9c55c27222252e875e4f8154a645f897168c0b1bfc612eabf785769bb34aa7984dc7e2ea2764cae8307d8c17154d7ee5f64a51a44a602c249054157dc02cd5f5c0e55fbef8519fbe327f0b1511692c5a06f19d18385f5c4dbc2d6b93f68cc2979c70e18ab93866b3bd5db8999552a0e3b4c99df58fb918bedc182ba35e003c1b4b10dd244a8ee24fffd333872ab5221985edab0fc0d0b145b6aa192858e79020103a381d93081d6301d0603551d0e04160414c77d8cc2211756259a7fd382df6be398e4d786a53081a60603551d2304819e30819b8014c77d8cc2211756259a7fd382df6be398e4d786a5a178a4763074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964820900c2e08746644a308d300c0603551d13040530030101ff300d06092a864886f70d010104050003820101006dd252ceef85302c360aaace939bcff2cca904bb5d7a1661f8ae46b2994204d0ff4a68c7ed1a531ec4595a623ce60763b167297a7ae35712c407f208f0cb109429124d7b106219c084ca3eb3f9ad5fb871ef92269a8be28bf16d44c8d9a08e6cb2f005bb3fe2cb96447e868e731076ad45b33f6009ea19c161e62641aa99271dfd5228c5c587875ddb7f452758d661f6cc0cccb7352e424cc4365c523532f7325137593c4ae341f4db41edda0d0b1071a7c440f0fe9ea01cb627ca674369d084bd2fd911ff06cdbf2cfa10dc0f893ae35762919048c7efc64c7144178342f70581c9de573af55b390dd7fdb9418631895d5f759f30112687ff621410c069308a 089307952ba97c8da09b04f34021e8ac b88453f3b717bf462a5e7183b634c702 WA8CoRB9kjZfhKeqjha0RKrNZDGxKOyBppeVxXclmA/formResponse 9382E59A1EC7E62E29B43BDC26E967E4 9404cd21f7bccff999b7585525a2b048 52a36e788a02a3c612742ed5146f1676 16a09e667f3bcc908b2fb1366ea957d3e3adec17512775099da2f590b0667322a 308204a830820390a003020102020900d585b86c7dd34ef5300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233333635365a170d3335303930313233333635365a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100d6ce2e080abfe2314dd18db3cfd3185cb43d33fa0c74e1bdb6d1db8913f62c5c39df56f846813d65bec0f3ca426b07c5a8ed5a3990c167e76bc999b927894b8f0b22001994a92915e572c56d2a301ba36fc5fc113ad6cb9e7435a16d23ab7dfaeee165e4df1f0a8dbda70a869d516c4e9d051196ca7c0c557f175bc375f948c56aae86089ba44f8aa6a4dd9a7dbf2c0a352282ad06b8cc185eb15579eef86d080b1d6189c0f9af98b1c2ebd107ea45abdb68a3c7838a5e5488c76c53d40b121de7bbd30e620c188ae1aa61dbbc87dd3c645f2f55f3d4c375ec4070a93f7151d83670c16a971abe5ef2d11890e1b8aef3298cf066bf9e6ce144ac9ae86d1c1b0f020103a381fc3081f9301d0603551d0e041604148d1cc5be954c433c61863a15b04cbc03f24fe0b23081c90603551d230481c13081be80148d1cc5be954c433c61863a15b04cbc03f24fe0b2a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900d585b86c7dd34ef5300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010019d30cf105fb78923f4c0d7dd223233d40967acfce00081d5bd7c6e9d6ed206b0e11209506416ca244939913d26b4aa0e0f524cad2bb5c6e4ca1016a15916ea1ec5dc95a5e3a010036f49248d5109bbf2e1e618186673a3be56daf0b77b1c229e3c255e3e84c905d2387efba09cbf13b202b4e5a22c93263484a23d2fc29fa9f1939759733afd8aa160f4296c2d0163e8182859c6643e9c1962fa0c18333335bc090ff9a6b22ded1ad444229a539a94eefadabd065ced24b3e51e5dd7b66787bef12fe97fba484c423fb4ff8cc494c02f0f5051612ff6529393e8e46eac5bb21f277c151aa5f2aa627d1e89da70ab6033569de3b9897bfff7ca9da3e1243f60b DE7BE9E1B80C7FB20992376ECBE69A8C A4E1F264453AEFA1A5EB485657CAE852 29c8c56c048bced603828e1f94b5b925 B3EEABB8EE11C2BE770B684D95219ECB 276D8AF58ADAB8C57C46F6FD5B092E7C 34A5FD8FDF83FE9D5C626C6C0F9A1352
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: a/a.java, line(s) 58,57 a0/d.java, line(s) 719,144,634 a1/c.java, line(s) 249 a2/k.java, line(s) 470 a7/a.java, line(s) 67,129,146,152,157,75,130,147,153,158 a7/i.java, line(s) 44,45 aa/b.java, line(s) 62,75,51 aa/c.java, line(s) 132,149,127,148,91,196 aa/e.java, line(s) 43,56,81,41,55,80,77,101,113 aa/g.java, line(s) 15,12,12 aa/k.java, line(s) 31 aa/l.java, line(s) 101 aa/n.java, line(s) 37,80,33,78,93,116,147,167,194,94,117,148,168,195,46 aa/o.java, line(s) 24 aa/q.java, line(s) 36,50,28,42 aa/s.java, line(s) 54,49 aa/t.java, line(s) 29,49 aa/u.java, line(s) 21,16 ab/a.java, line(s) 95,118,197,272,284,104,112,125,214 ac/f.java, line(s) 126 b0/a.java, line(s) 105 b1/m.java, line(s) 230 b4/n.java, line(s) 71,99 ba/a0.java, line(s) 93,97,37 ba/f0.java, line(s) 61,64,38 ba/j.java, line(s) 55,119,126 ba/k.java, line(s) 29 ba/m.java, line(s) 37 ba/n.java, line(s) 44 ba/p.java, line(s) 29 ba/w.java, line(s) 39 bd/e.java, line(s) 78,318,336,135,139,145,148,170,247 bf/e.java, line(s) 44,48,42 bl/a.java, line(s) 67,86 c4/a.java, line(s) 23 c5/e.java, line(s) 335 c7/n.java, line(s) 62,63 c7/o.java, line(s) 258,300,285,242,257,281,284,299,313,244,246,282,314 c7/r.java, line(s) 114,163,203,115,164,204 c7/u.java, line(s) 21,20 c7/w.java, line(s) 40,47,41,48 c8/h.java, line(s) 95,87 ce/i.java, line(s) 77 ce/n.java, line(s) 37,47,36,46 cf/e.java, line(s) 53,99 ck/b.java, line(s) 76 com/arialyy/aria/core/Aria.java, line(s) 39 com/arialyy/aria/core/AriaConfig.java, line(s) 120,127,46,107 com/arialyy/aria/core/AriaManager.java, line(s) 215,186 com/arialyy/aria/core/WidgetLiftManager.java, line(s) 56,70,48 com/arialyy/aria/core/command/AbsGroupCmd.java, line(s) 35 com/arialyy/aria/core/command/AbsNormalCmd.java, line(s) 27,33,38,42 com/arialyy/aria/core/command/AddCmd.java, line(s) 15 com/arialyy/aria/core/command/CancelAllCmd.java, line(s) 29 com/arialyy/aria/core/command/HighestPriorityCmd.java, line(s) 19 com/arialyy/aria/core/command/ResumeAllCmd.java, line(s) 18 com/arialyy/aria/core/command/ResumeThread.java, line(s) 92,94,96 com/arialyy/aria/core/command/StartCmd.java, line(s) 45,26,43,55 com/arialyy/aria/core/command/StopCmd.java, line(s) 19 com/arialyy/aria/core/common/AbsNormalTarget.java, line(s) 93,57 com/arialyy/aria/core/common/FtpOption.java, line(s) 127,134,140,144,148,158,170,186,218,227,261,265 com/arialyy/aria/core/common/HttpOption.java, line(s) 84,25,29,41 com/arialyy/aria/core/common/RecordHandler.java, line(s) 45,58,121 com/arialyy/aria/core/common/RecordHelper.java, line(s) 38,42,44,47,53,57,60,129,140,137,81,122 com/arialyy/aria/core/common/SFtpOption.java, line(s) 32,36,47,56,65,74,83 com/arialyy/aria/core/common/controller/FeatureController.java, line(s) 64,68,74 com/arialyy/aria/core/common/controller/NormalController.java, line(s) 55,53 com/arialyy/aria/core/config/BaseConfig.java, line(s) 23 com/arialyy/aria/core/config/BaseTaskConfig.java, line(s) 141 com/arialyy/aria/core/config/DGroupConfig.java, line(s) 95 com/arialyy/aria/core/config/DownloadConfig.java, line(s) 59 com/arialyy/aria/core/config/UploadConfig.java, line(s) 25 com/arialyy/aria/core/config/XMLReader.java, line(s) 138 com/arialyy/aria/core/download/CheckDEntityUtil.java, line(s) 30,34,38,44,92,96,106,147,79,82,128,131,137 com/arialyy/aria/core/download/CheckDGEntityUtil.java, line(s) 139,36,41,45,49,74,87,94,105,111,114,117,192,200,61,77,176 com/arialyy/aria/core/download/CheckFtpDirEntityUtil.java, line(s) 27,31,36,55,59,65,76,86,90,47 com/arialyy/aria/core/download/DownloadEntity.java, line(s) 66 com/arialyy/aria/core/download/DownloadReceiver.java, line(s) 66,86,141,168,224 com/arialyy/aria/core/download/M3U8Entity.java, line(s) 69 com/arialyy/aria/core/download/m3u8/M3U8LiveOption.java, line(s) 19 com/arialyy/aria/core/download/m3u8/M3U8Option.java, line(s) 77,56 com/arialyy/aria/core/download/m3u8/M3U8VodOption.java, line(s) 23,32,41 com/arialyy/aria/core/download/target/DNormalConfigHandler.java, line(s) 85,76,80 com/arialyy/aria/core/download/target/GroupBuilderTarget.java, line(s) 45 com/arialyy/aria/core/download/target/GroupNormalTarget.java, line(s) 52 com/arialyy/aria/core/download/target/HttpGroupConfigHandler.java, line(s) 45,49 com/arialyy/aria/core/download/target/M3U8NormalTarget.java, line(s) 19,23 com/arialyy/aria/core/download/tcp/TcpDelegate.java, line(s) 19,25,34,43 com/arialyy/aria/core/event/EventMsgUtil.java, line(s) 92,96 com/arialyy/aria/core/group/AbsGroupLoader.java, line(s) 123,214,70,76 com/arialyy/aria/core/group/AbsGroupLoaderUtil.java, line(s) 67 com/arialyy/aria/core/group/AbsSubDLoadUtil.java, line(s) 36,128 com/arialyy/aria/core/group/SimpleSchedulers.java, line(s) 33,34,44,49,53,69,96,120,89,135,118,129 com/arialyy/aria/core/group/SimpleSubQueue.java, line(s) 74,110,119,125,159,164,57,62 com/arialyy/aria/core/inf/AbsReceiver.java, line(s) 59 com/arialyy/aria/core/inf/AbsTarget.java, line(s) 36 com/arialyy/aria/core/listener/BaseListener.java, line(s) 75,98 com/arialyy/aria/core/listener/DownloadGroupListener.java, line(s) 41 com/arialyy/aria/core/loader/AbsNormalLoader.java, line(s) 79,147,148,174,192,208,211,204,224,166,182 com/arialyy/aria/core/loader/AbsNormalLoaderUtil.java, line(s) 84 com/arialyy/aria/core/loader/GroupSubThreadStateManager.java, line(s) 77,88 com/arialyy/aria/core/loader/NormalTTBuilder.java, line(s) 75,97,110,56,100 com/arialyy/aria/core/loader/NormalThreadStateManager.java, line(s) 73,84 com/arialyy/aria/core/loader/SubLoader.java, line(s) 68,73,174,175,80,85,196,137,232 com/arialyy/aria/core/loader/UploadThreadStateManager.java, line(s) 68,79 com/arialyy/aria/core/manager/SubTaskManager.java, line(s) 21,26,32 com/arialyy/aria/core/manager/TaskWrapperManager.java, line(s) 71,98,114 com/arialyy/aria/core/manager/ThreadTaskManager.java, line(s) 97,102,142,167,179,183,198,238,246 com/arialyy/aria/core/queue/AbsTaskQueue.java, line(s) 114,122,215,225,235,208,323,48,131,181,230,243,247,262,269,280,291,317,320 com/arialyy/aria/core/queue/DGroupTaskQueue.java, line(s) 58 com/arialyy/aria/core/queue/DTaskQueue.java, line(s) 93,108 com/arialyy/aria/core/queue/UTaskQueue.java, line(s) 57 com/arialyy/aria/core/queue/pool/BaseCachePool.java, line(s) 73,31,60,90,115,64 com/arialyy/aria/core/queue/pool/BaseExecutePool.java, line(s) 81,31,94,98,119,163,51 com/arialyy/aria/core/queue/pool/DLoadExecutePool.java, line(s) 35,42,20 com/arialyy/aria/core/scheduler/FailureTaskHandler.java, line(s) 96 com/arialyy/aria/core/scheduler/TaskSchedulers.java, line(s) 111,114,118,124,127,54,57,60,269,299,330,309,235 com/arialyy/aria/core/task/AbsTask.java, line(s) 193,204,143,174,188,201,213,145 com/arialyy/aria/core/task/ThreadTask.java, line(s) 221,229,368,125,137,159,270,91,96,108,110,216,242,245,366,371,378,120,128,143,150 com/arialyy/aria/core/upload/CheckUEntityUtil.java, line(s) 24,28,36,42,49,53,60,71 com/arialyy/aria/core/upload/UploadReceiver.java, line(s) 87,102,149 com/arialyy/aria/core/upload/target/HttpNormalTarget.java, line(s) 32 com/arialyy/aria/http/ChunkedInputStream.java, line(s) 22,27,55,57 com/arialyy/aria/http/ConnectionHelp.java, line(s) 55 com/arialyy/aria/http/download/HttpDFileInfoTask.java, line(s) 133,175,199,275,314,324,355,62,318,90,126,352,210,233,311 com/arialyy/aria/http/download/HttpDGInfoTask.java, line(s) 49,84,151,36,65 com/arialyy/aria/http/download/HttpDTTBuilderAdapter.java, line(s) 27,47 com/arialyy/aria/http/download/HttpDThreadTaskAdapter.java, line(s) 33,63,114,166,125,128 com/arialyy/aria/http/upload/HttpULoader.java, line(s) 59 com/arialyy/aria/http/upload/HttpUThreadTaskAdapter.java, line(s) 77 com/arialyy/aria/m3u8/BaseM3U8Loader.java, line(s) 43 com/arialyy/aria/m3u8/M3U8InfoTask.java, line(s) 339,346,422 com/arialyy/aria/m3u8/M3U8ThreadTaskAdapter.java, line(s) 73,163 com/arialyy/aria/m3u8/vod/M3U8VodLoader.java, line(s) 195,302,322,420,451,455,166,172,176,392,447,520,529,179,474,475,560 com/arialyy/aria/m3u8/vod/VodRecordHandler.java, line(s) 65,69,76,73 com/arialyy/aria/m3u8/vod/VodStateManager.java, line(s) 61,79,88,216,241,242,196 com/arialyy/aria/orm/DelegateFind.java, line(s) 96,320,452,472,234,242,246,254,258,437,493,508 com/arialyy/aria/orm/DelegateUpdate.java, line(s) 86,105 com/arialyy/aria/orm/SqlHelper.java, line(s) 37,45,157,195,230,233,112,117 com/arialyy/aria/orm/SqlUtil.java, line(s) 78,89,193 com/arialyy/aria/util/ALog.java, line(s) 114 com/arialyy/aria/util/AriaServiceLoader.java, line(s) 36 com/arialyy/aria/util/CheckUtil.java, line(s) 19,31,44,61,73,90,94,100,22,34,76 com/arialyy/aria/util/CommonUtil.java, line(s) 235,238,307,331,336,347,352,82,89,95,103,109,376,474,615,620,511,408,463 com/arialyy/aria/util/ComponentUtil.java, line(s) 135 com/arialyy/aria/util/DeleteDGRecord.java, line(s) 52,62,78 com/arialyy/aria/util/DeleteDRecord.java, line(s) 56,65,74 com/arialyy/aria/util/DeleteM3u8Record.java, line(s) 80,89,96 com/arialyy/aria/util/DeleteURecord.java, line(s) 47,56 com/arialyy/aria/util/FileUtil.java, line(s) 136,544,570,643,645,144,202,366,373,589 com/arialyy/aria/util/RecordUtil.java, line(s) 22,68,74 com/arialyy/aria/util/SSLContextUtil.java, line(s) 149 com/atlasv/android/player/PlayerActivity.java, line(s) 123 d/d.java, line(s) 191 d5/c.java, line(s) 49,57,80,85,98,105,128 da/t.java, line(s) 238,334 da/v.java, line(s) 42 db/g.java, line(s) 45 df/a.java, line(s) 52 df/b.java, line(s) 61,68 df/c.java, line(s) 59,61,78 df/f.java, line(s) 29,33,37,48,52,56,24,61,85,98,108 e4/a.java, line(s) 15,22,28,35,42,49,55 e4/b.java, line(s) 43,94,100 e4/e.java, line(s) 95 ea/b.java, line(s) 161,192,257,263,268,277 ea/e.java, line(s) 68 ea/f0.java, line(s) 28 ea/q0.java, line(s) 39,54 ea/s.java, line(s) 77,80,83,86,89,92,100,103,106,109,148,153 ea/v.java, line(s) 16 ea/w0.java, line(s) 43,48 ea/y0.java, line(s) 48 ef/b.java, line(s) 253,277,83,124,175,252,276,69,74,237,280 f/d.java, line(s) 37,44 f0/d.java, line(s) 33 f0/e.java, line(s) 73 f0/j.java, line(s) 43 f0/o.java, line(s) 35,34 f0/s.java, line(s) 151,260,270,292,300,150,259,269,291,299,164,249 f6/b.java, line(s) 241 f7/i.java, line(s) 424,22,320 fe/c.java, line(s) 194,368 free/video/downloader/converter/music/main/MainActivity.java, line(s) 255 free/video/downloader/converter/music/view/activity/StartupActivity.java, line(s) 135 g6/b.java, line(s) 446,286 g7/d.java, line(s) 42,97,98,43 g7/j.java, line(s) 43,98,99,44 gh/m.java, line(s) 51 h1/a.java, line(s) 219,626,632,694,770,847,897,917,931,965,983,1043,1084,1087,1173,1178,1184,1201,1211,1222,1229,1324,71,670,675,822,1145,1149,1153,1259,1267 h3/c.java, line(s) 20,30 ha/a.java, line(s) 76,92 he/b.java, line(s) 45,56 i/b0.java, line(s) 82,96,106 i/d0.java, line(s) 37,51,62 i/h.java, line(s) 164 i/k.java, line(s) 62 i/l.java, line(s) 816,818,820,1482,1590,1593 i/m.java, line(s) 53 i0/g.java, line(s) 134,143 i0/j.java, line(s) 24 i2/c.java, line(s) 24,30,36 i2/n0.java, line(s) 292 i2/p0.java, line(s) 41 i2/y.java, line(s) 74 i6/c.java, line(s) 34,50 ia/j.java, line(s) 36,35,29 ia/k.java, line(s) 46,53 ie/c.java, line(s) 238,243,89,94,229,231 j0/d.java, line(s) 39,44 j0/e.java, line(s) 34 j0/f.java, line(s) 56 j0/g.java, line(s) 36 j0/h.java, line(s) 55,220 j0/m.java, line(s) 86 j1/a.java, line(s) 33,51,61,73,34,52,62,74 j1/c0.java, line(s) 49,60,134,260,300,367,396,445,464,489,515,598,672,715,787,815,46,59,131,249,257,299,352,364,395,442,461,488,514,540,559,565,597,606,643,669,712,727,784,812,862,250,353,541,560,566,607,644,736,863 j1/l0.java, line(s) 15 j1/m.java, line(s) 109,202,204,234,354,361,399,108,199,233,353,360,398 j1/m0.java, line(s) 87,160,212,230,405,414,421,430,464,480,490,502,88,161,223,241,406,415,422,431,465,481,491,503 j1/u.java, line(s) 122,139,123,140 j1/w.java, line(s) 263,369,389,535,606,615,629,649,677,719,842,848,864,877,1002,1084,1093,1134,1142,264,370,390,536,607,616,630,650,678,724,843,849,865,880,1003,1085,1094,1135,1143,111,120,141,147,232,241 j1/z.java, line(s) 46,45,53,57,54,60 j3/v.java, line(s) 426,71,146,163 jd/b.java, line(s) 38 jd/g.java, line(s) 56,59,76 k0/a.java, line(s) 135,144,161,171 k0/e.java, line(s) 24,56 k5/a.java, line(s) 221 k7/a.java, line(s) 43,44 ka/a.java, line(s) 650,421,462,983,988,993,1003,1173,1195 l5/a.java, line(s) 27,33,38,47 l6/a.java, line(s) 311 lc/f.java, line(s) 79,80 lc/g.java, line(s) 41,40 lc/i.java, line(s) 59,58 lc/k.java, line(s) 62,53,61,54 le/a0.java, line(s) 36 le/b0.java, line(s) 33,43,85,79,120,32,32,42,42,82,93,96,99 le/c0.java, line(s) 22 le/e.java, line(s) 23,26 le/f0.java, line(s) 68,68 le/g0.java, line(s) 43,56,95,151,42,42,55,55,94,164,177,194,201 le/i.java, line(s) 66,65 le/k.java, line(s) 28,96,127,136,115,118,139,145,148,27,95,126 le/k0.java, line(s) 26,25 le/l.java, line(s) 35,49,34,48,28,46 le/m0.java, line(s) 55,59,67,80,97,126,151,105,110,134,54,58,66,79,94,125,150 le/q.java, line(s) 53,27,30,42,52,43 le/r.java, line(s) 61,70,60,45,53,67 le/s.java, line(s) 87,76,105 le/t.java, line(s) 46,59,83,86,116,132,142,174 le/z.java, line(s) 39,49,38,48 lk/d.java, line(s) 33 m5/a.java, line(s) 50,58 m5/b.java, line(s) 58,67,106 m5/c.java, line(s) 78 m5/d.java, line(s) 48,61,65,107,136,175,192,275,183,303 m5/g.java, line(s) 131,112,117 m6/d.java, line(s) 183,210,180,209 ma/b.java, line(s) 40,107 md/a.java, line(s) 75,201,193 mg/b.java, line(s) 40,51 n/f.java, line(s) 135,186,198,208,381 n0/k.java, line(s) 33 n5/b.java, line(s) 30,39 na/q6.java, line(s) 221,230,130,140,216,225,131,141 na/t8.java, line(s) 17,27,29,39,49,51,60,67,77,79,125,89,99,101,110 nc/a.java, line(s) 58,39,64,70,57,63,69,75,76,81,82 nc/l.java, line(s) 40,50 nc/o.java, line(s) 48,58,75,90,93,101,102,83 ne/c.java, line(s) 50,67 o5/b.java, line(s) 21 o6/a.java, line(s) 93,92 p/a0.java, line(s) 81,160,169,273 p/c1.java, line(s) 79,151 p/f1.java, line(s) 27 p/i.java, line(s) 194 p/j0.java, line(s) 351,156,161,168,264,334 p/l0.java, line(s) 127 p/p0.java, line(s) 47,62,81,104 p/s0.java, line(s) 96,119,195,209 p/t0.java, line(s) 33 p/w.java, line(s) 130,159,164,169 p/z0.java, line(s) 300,153,313 p6/j.java, line(s) 426,232,269,425,380 p6/k.java, line(s) 139,140 p6/m.java, line(s) 19,174 p6/z.java, line(s) 44,96,43,86,95,87 p7/b.java, line(s) 84,85,123,124 pc/a.java, line(s) 226,234,76,199 pc/c.java, line(s) 17 pc/f.java, line(s) 88 pc/j.java, line(s) 35 pc/n.java, line(s) 46,58,63,66,70,88,108,145 pc/p.java, line(s) 18 pf/g.java, line(s) 83 pg/p.java, line(s) 28,40,17 q0/c.java, line(s) 51,54 q6/h.java, line(s) 183,216,184,217 q6/i.java, line(s) 58,70,167,220,57,69,105,111,118,163,179,185,203,215,222,109,126,148,183,204 qc/a0.java, line(s) 171,264,277 qd/h.java, line(s) 69 r2/p.java, line(s) 42 r5/b.java, line(s) 47,79,84 r6/d.java, line(s) 58,64,102,112,59,103,65,115 r6/i.java, line(s) 92,77 re/a.java, line(s) 46,54,62,70,77,85 s0/a.java, line(s) 270 s0/a0.java, line(s) 1055,969,1054,407 s0/b.java, line(s) 39 s0/c0.java, line(s) 40,51 s0/l.java, line(s) 31,44,91,153,194 s0/p0.java, line(s) 209,226,616,628,635,644,50,200 s4/a.java, line(s) 78 s5/a.java, line(s) 22,28 s5/c.java, line(s) 154,161,48 s5/d.java, line(s) 74,69 s5/e.java, line(s) 154,157,167,170,194,221,227 s5/g.java, line(s) 23,34 s6/a.java, line(s) 101,100 sg/h.java, line(s) 30 t6/c.java, line(s) 54,53 t6/f.java, line(s) 101,100 t6/v.java, line(s) 71,72 t6/w.java, line(s) 62,67,75,89,63,70,78,92 tb/c.java, line(s) 224 u1/c.java, line(s) 45,49 u5/b.java, line(s) 10 uc/h.java, line(s) 31,49,50 uc/n.java, line(s) 43,42 v0/d.java, line(s) 55,63,77,125,190 v1/d.java, line(s) 143,255 v3/d.java, line(s) 80,110,129,158,289,75,96,120,180 v3/e.java, line(s) 68,88,156,159 v3/f.java, line(s) 72,98,121,154,271 v3/h.java, line(s) 136,154,175,201 v3/l.java, line(s) 26,31,49,54,73,83,89 v3/m.java, line(s) 43,28 v3/n.java, line(s) 56 v3/o.java, line(s) 40,45,59,64,93,107,112,152,180,85,143 v3/p.java, line(s) 26 v6/a.java, line(s) 79,80 v7/a.java, line(s) 10,17,9,16 v9/n.java, line(s) 45,51,61,67 va/a.java, line(s) 31,44 w/d.java, line(s) 233 w0/b.java, line(s) 51,60 w0/g.java, line(s) 56,65 w0/i.java, line(s) 19,18 w1/a.java, line(s) 64 w3/a.java, line(s) 27,58,72,98 w3/d.java, line(s) 117,134,168,191 w6/c.java, line(s) 26,27 w6/i.java, line(s) 21,26,22,29 w6/l.java, line(s) 47,50,48,51 w6/p.java, line(s) 61,67,73,79,85,92,98,113,125,62,68,74,80,86,93,99,126,114 w6/x.java, line(s) 73,82,89,74,83,90,91,92,95 wa/g5.java, line(s) 47 wa/r3.java, line(s) 209 wb/d.java, line(s) 124,158 x7/d.java, line(s) 95,94 xa/a.java, line(s) 41,79,94,93,52,73 xa/b.java, line(s) 48 xb/b.java, line(s) 49 y1/a.java, line(s) 33 y3/b.java, line(s) 20 y3/k.java, line(s) 45,54,67,140 y3/p.java, line(s) 85,92,100,126 y3/q.java, line(s) 66,88,94,100,107 y7/q.java, line(s) 96,95 z1/p.java, line(s) 83,82,344 za/a.java, line(s) 99,104 zd/b.java, line(s) 30
信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: e5/a.java, line(s) 24 f5/a.java, line(s) 22 free/video/downloader/converter/music/view/activity/StartupActivity.java, line(s) 120,162,120,162 k5/a.java, line(s) 70,181,214,70,181,214
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: pf/b.java, line(s) 5,27,30
信息 应用与Firebase数据库通信
该应用与位于 https://nova-downloader.firebaseio.com 的 Firebase 数据库进行通信
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/arialyy/aria/util/SSLContextUtil.java, line(s) 65,58,60,65,111,56,57,57 kk/c.java, line(s) 79,78,77 kk/d.java, line(s) 104,94,103,113,102,102 kk/g.java, line(s) 78,77,76,76 kk/h.java, line(s) 146,134,145,144,144 pf/c.java, line(s) 33,32,46,31,31
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: lc/k.java, line(s) 43 nc/c0.java, line(s) 37
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.bilibili.com) 通信。
{'ip': '185.199.108.153', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}