安全分析报告: 澳门金沙 v3.7.1

安全分数


安全分数 52/100

风险评级


等级

  1. A
  2. B
  3. C
  4. F

严重性分布 (%)


隐私风险

0

用户/设备跟踪器


调研结果

高危 2
中危 15
信息 2
安全 2
关注 1

高危 基本配置不安全地配置为允许到所有域的明文流量。 

Scope:
*

高危 基本配置配置为信任用户安装的证书。 

Scope:
*

中危 基本配置配置为信任系统证书。 

Scope:
*

中危 应用程序数据可以被备份 

[android:allowBackup=true]
这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。

中危 Activity (androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
com/tech/hope/lottery/buylottery/helper/RandomHelper.java, line(s) 9
com/tech/hope/lottery/mine/agent/GenerateCodeActivity.java, line(s) 19
oc/b.java, line(s) 15
t8/e.java, line(s) 14
wb/a.java, line(s) 7
wb/b.java, line(s) 3
xb/a.java, line(s) 3

中危 SHA-1是已知存在哈希冲突的弱哈希 

SHA-1是已知存在哈希冲突的弱哈希
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
oc/b.java, line(s) 142
qa/j.java, line(s) 183
t8/e.java, line(s) 62

中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
ba/d.java, line(s) 62
com/tech/hope/utils/a.java, line(s) 56,55
com/yalantis/ucrop/PictureMultiCuttingActivity.java, line(s) 197
com/yuyh/library/imgsel/config/ISCameraConfig.java, line(s) 26
com/yuyh/library/imgsel/config/ISListConfig.java, line(s) 55
com/yuyh/library/imgsel/utils/b.java, line(s) 53,76
f5/e.java, line(s) 17,33
l8/b.java, line(s) 15,19,81,84
l8/l.java, line(s) 25,39
n8/a.java, line(s) 61,66
o4/f.java, line(s) 511,511
wa/c.java, line(s) 73,77,85,89

中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 

应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2

Files:
h4/d.java, line(s) 5,118,273,298
h4/e.java, line(s) 5,6,16,17,40,41,44,45

中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 

可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6

Files:
com/tech/hope/lottery/buylottery/game/GameWebViewActivity.java, line(s) 441,442
com/tech/hope/lottery/commen/WebViewActivity.java, line(s) 211,206
com/tech/hope/lottery/firstpage/championship/CompetitionDetailActivity.java, line(s) 438,433
com/tech/hope/lottery/firstpage/luckymoney/LuckyMoneyActivity.java, line(s) 817,812,846
com/tech/hope/lottery/mine/accountTransaction/AccountTransactionActivity.java, line(s) 186,187
com/tech/hope/lottery/mine/activitycenter/ActivityDetailActivity.java, line(s) 284,279
com/tech/hope/lottery/mine/server/CustomServerActivity.java, line(s) 188,191,189
com/tech/pay/ui/mine/act/KefuActivity.java, line(s) 55,58,56

中危 MD5是已知存在哈希冲突的弱哈希 

MD5是已知存在哈希冲突的弱哈希
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
l8/s.java, line(s) 14
o4/f.java, line(s) 245
z8/c.java, line(s) 14

中危 IP地址泄露 

IP地址泄露


Files:
com/netease/LDNetDiagnoService/a.java, line(s) 224,214,382,383
ta/d.java, line(s) 43

中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞 

不安全的Web视图实现。可能存在WebView任意代码执行漏洞
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5

Files:
com/tech/hope/lottery/buylottery/helper/a.java, line(s) 79,85,78,84

中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
f1/c.java, line(s) 80
v7/c.java, line(s) 18
w8/c.java, line(s) 24

中危 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
YW5kcm9pZC5oYXJkd2FyZS5ibHVldG9vdGg=
L3N5c3RlbS9ldGMvZXhjbHVkZWQtaW5wdXQtZGV2aWNlcy54bWw=
L3N5c3RlbS9iaW4vbmVtdVZNLXByb3A=
L3N5c3RlbS9iaW4vbWljcm92aXJ0LXByb3A=
L3N5c3RlbS9iaW4vZ2VueW1vdGlvbi12Ym94LXNm
L3N5c3RlbS9iaW4vZHJvaWQ0eC1wcm9w
YW5kcm9pZC5oYXJkd2FyZS5jYW1lcmEuZmxhc2g=
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGVnpDQ0JEK2dBd0lCQWdJUUtjYm45SDRZRHlrcU1nNmZuYjVuMmpBTkJna3Foa2lHOXcwQkFRc0ZBRENCDQprREVMTUFrR0ExVUVCaE1DUjBJeEd6QVpCZ05WQkFnVEVrZHlaV0YwWlhJZ1RXRnVZMmhsYzNSbGNqRVFNQTRHDQpBMVVFQnhNSFUyRnNabTl5WkRFYU1CZ0dBMVVFQ2hNUlEwOU5UMFJQSUVOQklFeHBiV2wwWldReE5qQTBCZ05WDQpCQU1UTFVOUFRVOUVUeUJTVTBFZ1JHOXRZV2x1SUZaaGJHbGtZWFJwYjI0Z1UyVmpkWEpsSUZObGNuWmxjaUJEDQpRVEFlRncweE56QXpNVFl3TURBd01EQmFGdzB4T0RBek1UWXlNelU1TlRsYU1GMHhJVEFmQmdOVkJBc1RHRVJ2DQpiV0ZwYmlCRGIyNTBjbTlzSUZaaGJHbGtZWFJsWkRFZE1Cc0dBMVVFQ3hNVVVHOXphWFJwZG1WVFUwd2dWMmxzDQpaR05oY21ReEdUQVhCZ05WQkFNTUVDb3ViM0JsYm1sdWMzUmhiR3d1YVc4d2dnRWlNQTBHQ1NxR1NJYjNEUUVCDQpBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzNLMW9Ld1dQTENEdFM2bnZiQzE5ZEt0TmFJYU1PVU1sSkJQRzd4WVBTDQp1OWNiNmdWUXdPdCtZbEcwTkg1VVNUNDdpU21Va3JPMmJ3WkozRWlGRFBQVmRuN0JHb25qUE9KeHQxdUlCUEN0DQphME1sK2hBKzF1Z2ZMY2wvcHl2OERYbWZEU2lTZFJFZ1VpdW9sU0d3ck53cUxPM2c4d0pDMTUrTkdoU3lhOThvDQpwdmJRWlFqS0JJSWtDSStkdTBVRUJ1QVZTYWJicVhPRHdUV0hXSHZFMzFVSW4yaG1yd0pGM3d2MEpOTlBuUS8yDQp2blpNSG0zb0ZuOFpRYlYzeGNPUlRBL1ZBdnpxSlZ6anhWZitRQUVYTlJ5cFBsRCtocDc4cTJvVnBjbDhjUVFvDQoxeTVCL1d5Z3JrL1ZKMTFVNjY5SXhrMGlrSmNFUmN6WWtZV1FwY0hGSlF4VEFnTUJBQUdqZ2dIZE1JSUIyVEFmDQpCZ05WSFNNRUdEQVdnQlNRcjJvNmxGb0wySkRxRWxaejMwTzBPaWphNXpBZEJnTlZIUTRFRmdRVVgrcFFXYkJ5DQpGc2h6WHlBelo0MVZzd1ZHRjlzd0RnWURWUjBQQVFIL0JBUURBZ1dnTUF3R0ExVWRFd0VCL3dRQ01BQXdIUVlEDQpWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNRThHQTFVZElBUklNRVl3T2dZTEt3WUJCQUd5DQpNUUVDQWdjd0t6QXBCZ2dyQmdFRkJRY0NBUllkYUhSMGNITTZMeTl6WldOMWNtVXVZMjl0YjJSdkxtTnZiUzlEDQpVRk13Q0FZR1o0RU1BUUlCTUZRR0ExVWRId1JOTUVzd1NhQkhvRVdHUTJoMGRIQTZMeTlqY213dVkyOXRiMlJ2DQpZMkV1WTI5dEwwTlBUVTlFVDFKVFFVUnZiV0ZwYmxaaGJHbGtZWFJwYjI1VFpXTjFjbVZUWlhKMlpYSkRRUzVqDQpjbXd3Z1lVR0NDc0dBUVVGQndFQkJIa3dkekJQQmdnckJnRUZCUWN3QW9aRGFIUjBjRG92TDJOeWRDNWpiMjF2DQpaRzlqWVM1amIyMHZRMDlOVDBSUFVsTkJSRzl0WVdsdVZtRnNhV1JoZEdsdmJsTmxZM1Z5WlZObGNuWmxja05CDQpMbU55ZERBa0JnZ3JCZ0VGQlFjd0FZWVlhSFIwY0RvdkwyOWpjM0F1WTI5dGIyUnZZMkV1WTI5dE1Dc0dBMVVkDQpFUVFrTUNLQ0VDb3ViM0JsYm1sdWMzUmhiR3d1YVcrQ0RtOXdaVzVwYm5OMFlXeHNMbWx2TUEwR0NTcUdTSWIzDQpEUUVCQ3dVQUE0SUJBUUEyZ0lSQXMwQnVkZHdJV0g4MVo4Q1p3cm9pQ3NHNEVMSUJ6OHNuV1IxWndiRHFZaUVnDQp1dnl1bTFVVzdOdS95aHlVZE9lZlMrM1phejExQUhWak54Q3RmRkluQmp6WjI1dXNHcEo3cjY3RHRMWFhEVDFLDQpLNFAzWHVRMmFweUhvMHlUUVJrdjQ5YVBzNmlRcXU3eVQySnJiTmFDUnFwTjkrR29SOUJYanZ5VlRBNStsM1Z6DQp0ZFhoQWhnSjVlZTIzTEtzc3hsNDZGRllaY0ZGeiszN1pCUDFURlA1WXB2MmFGZHBraGxXbk1OK082K0hRaHBtDQpHSHpVcWtzcWhvRXBFN2w4QmxUTTFTVVhYMmJVbExvdEdqeW5wU21qMEF4eXlTR3Nza3V4dkFpSldaMTVOWkkzDQo4RUFYamttT1I1SVdJTlZJZGxqUnlFNDZHUHJvb1pTN1doQTINCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQ0KTUlJR0NEQ0NBL0NnQXdJQkFnSVFLeTV1NnRsMU5td1VpbTdibzN5TUJ6QU5CZ2txaGtpRzl3MEJBUXdGQURDQg0KaFRFTE1Ba0dBMVVFQmhNQ1IwSXhHekFaQmdOVkJBZ1RFa2R5WldGMFpYSWdUV0Z1WTJobGMzUmxjakVRTUE0Rw0KQTFVRUJ4TUhVMkZzWm05eVpERWFNQmdHQTFVRUNoTVJRMDlOVDBSUElFTkJJRXhwYldsMFpXUXhLekFwQmdOVg0KQkFNVElrTlBUVTlFVHlCU1UwRWdRMlZ5ZEdsbWFXTmhkR2x2YmlCQmRYUm9iM0pwZEhrd0hoY05NVFF3TWpFeQ0KTURBd01EQXdXaGNOTWprd01qRXhNak0xT1RVNVdqQ0JrREVMTUFrR0ExVUVCaE1DUjBJeEd6QVpCZ05WQkFnVA0KRWtkeVpXRjBaWElnVFdGdVkyaGxjM1JsY2pFUU1BNEdBMVVFQnhNSFUyRnNabTl5WkRFYU1CZ0dBMVVFQ2hNUg0KUTA5TlQwUlBJRU5CSUV4cGJXbDBaV1F4TmpBMEJnTlZCQU1UTFVOUFRVOUVUeUJTVTBFZ1JHOXRZV2x1SUZaaA0KYkdsa1lYUnBiMjRnVTJWamRYSmxJRk5sY25abGNpQkRRVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUA0KQURDQ0FRb0NnZ0VCQUk3Q0FobmhvRm1rNnpnMWpTejlBZERUU2NCa3h3dGlCVVVXT3FpZ3dBd0NmeDNNMjhTaA0KYlhjRG93K0crZU1HbkQ0TGdZcWJTUnV0QTc3NlM5dU1JTzNWemw1bGpqNE5yMHpDc0xkRlhsSXZOTjVJSkdTMA0KUWE0QWwvZStaOTZlMEhxblU0QTdmSzMxbGxWdmwwY0tmSVdMSXBlTnM0VGdsbGZRY0JoZ2xvL3VMUWVUbmFHNg0KeXRITmUrbkVLcG9vSVpGTmI1SlBKYVh5ZWpYZEp0eEdwZENzV1RXTS8wNlJRMUEvV1pNZWJGRWg3bGdVcS81MQ0KVUhnK1RMQWNoaFA2YTVpODREdVVIb1ZTM0FPVEpCaHV5eWRSUmVadzNpVkRwQTNoU3FYdHRuN0l6VzN1TGgwbg0KYzEzY1JUQ0FxdU95UVF1dnZVU0gycm5sRzUxL3J1V0ZncVVDQXdFQUFhT0NBV1V3Z2dGaE1COEdBMVVkSXdRWQ0KTUJhQUZMdXZmZ0k5K3FieFBJU09yZTQ0bU96Wk1qTFVNQjBHQTFVZERnUVdCQlNRcjJvNmxGb0wySkRxRWxaeg0KMzBPME9pamE1ekFPQmdOVkhROEJBZjhFQkFNQ0FZWXdFZ1lEVlIwVEFRSC9CQWd3QmdFQi93SUJBREFkQmdOVg0KSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3R3dZRFZSMGdCQlF3RWpBR0JnUlZIU0FBTUFnRw0KQm1lQkRBRUNBVEJNQmdOVkhSOEVSVEJETUVHZ1A2QTloanRvZEhSd09pOHZZM0pzTG1OdmJXOWtiMk5oTG1Odg0KYlM5RFQwMVBSRTlTVTBGRFpYSjBhV1pwWTJGMGFXOXVRWFYwYUc5eWFYUjVMbU55YkRCeEJnZ3JCZ0VGQlFjQg0KQVFSbE1HTXdPd1lJS3dZQkJRVUhNQUtHTDJoMGRIQTZMeTlqY25RdVkyOXRiMlJ2WTJFdVkyOXRMME5QVFU5RQ0KVDFKVFFVRmtaRlJ5ZFhOMFEwRXVZM0owTUNRR0NDc0dBUVVGQnpBQmhoaG9kSFJ3T2k4dmIyTnpjQzVqYjIxdg0KWkc5allTNWpiMjB3RFFZSktvWklodmNOQVFFTUJRQURnZ0lCQUU0cmRrK1NIR0kyaWJwM3dTY0Y5QnpXUkoycA0KbWo2cTFXWm1BVDdxU2VhaU5iejY5dDJWanBrMW1BNDJHSFd4M2QxUWNueXUzSGVJemcvM2tDREtvMmN1SDFaLw0KZStGRTZrS1Z4RjBOQVZCR0ZmS0JpVmxzaXQyTThSS2hqVHBDaXBqNFN6UjdKenNJdEc4a08zS2RZM1JZUEJwcw0KUDAvSEVacklxUFcxTis4UVJjWnMyZUJlbFNhejY2Mmp1ZTUvREpwbU5YTXlZRTdsM1lwaExHNVNFWGRvbHRNWQ0KZFZFVkFCdDBpTjNoeHpnRVF5anBGdjNaQmRSZFJ5ZGcxdnM0TzJ4eW9wVDRRaHJmN1c4R2pFWENCZ0NxNU9qYw0KMmJYaGMzanM5aVBjMGQxc2pocVBwZXBVZkphM3cvNVZqbzFKWHZ4a3U4OCt2WmJyYWMyLzRFanhZb0lRNVF4Rw0KVi9JejJ0RElZKzNHSDVRRmxrb2FrZEgzNjgrUFVxNE5DTmsrcUtCUjZjR0hkTlhKOTNTckxsUDd1M3I3bCtMNA0KSHlhUHM5S2c0RGRiS0RzeDVRNVhMVnE0clhtc1hpQm1HcVc1cHJVNXdmV1lRLy91K2Flbi9lN0tKRDJBRnNRWA0KajRyQllLRU1ybHREUjVGTDFab1hYL25VaDhIQ2pMZm40Zzh3R1RlR3JPRGNRZ1BtbEtpZHJ2MFBKRkdVenBJSQ0KMGZ4UThBTkFlNGhaN1E3ZHJOSjNnalRjQnBVQzJKRDVMZW8zMVJwZzBHY2cxOWhDQzBXdmdtamUzV1lrTjVBcA0KbEJsR0dTVzRnTmZMMUlZb2FrUndKaU5pcVorR2I3KzZrSERTVm5lRmVPL3FKYWtYemxCeWpBQTZxdVBiWXpTZg0KK0FaeEFlS0NJTlQrYjcyeA0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGZERDQ0JGeWdBd0lCQWdJUUoyYnVWdXRKODQ2cjEzQ2kvSVRlSWpBTkJna3Foa2lHOXcwQkFRd0ZBREJ2DQpNUXN3Q1FZRFZRUUdFd0pUUlRFVU1CSUdBMVVFQ2hNTFFXUmtWSEoxYzNRZ1FVSXhKakFrQmdOVkJBc1RIVUZrDQpaRlJ5ZFhOMElFVjRkR1Z5Ym1Gc0lGUlVVQ0JPWlhSM2IzSnJNU0l3SUFZRFZRUURFeGxCWkdSVWNuVnpkQ0JGDQplSFJsY201aGJDQkRRU0JTYjI5ME1CNFhEVEF3TURVek1ERXdORGd6T0ZvWERUSXdNRFV6TURFd05EZ3pPRm93DQpnWVV4Q3pBSkJnTlZCQVlUQWtkQ01Sc3dHUVlEVlFRSUV4SkhjbVZoZEdWeUlFMWhibU5vWlhOMFpYSXhFREFPDQpCZ05WQkFjVEIxTmhiR1p2Y21ReEdqQVlCZ05WQkFvVEVVTlBUVTlFVHlCRFFTQk1hVzFwZEdWa01Tc3dLUVlEDQpWUVFERXlKRFQwMVBSRThnVWxOQklFTmxjblJwWm1sallYUnBiMjRnUVhWMGFHOXlhWFI1TUlJQ0lqQU5CZ2txDQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQWtlaFVrdElLVnJHc0RTVGR4YzlFWjNTWkt6ZWpmU053DQpBSEc4VTkvRStpb1NqMHQvRUZhOW4zQnl0MkYveVVzUEY2Yzk0N0FFWWU3L0VaZkg5SVkrQ3ZvK1hQbVQ1alI2DQoyUlJyNTV5emhhQ0NlbmF2Y1pEWDdQME4rcHhzK3Qrd2d2UVVmdm0reEtZdlQzK1pmN1g4WjBOeXZRd0Exb25yDQpheXpUN1krWUhCU3JmdVhqYnZ6WXFPU1NKTnBEYTJLNFZmM3F3YnhzdG92ekRvMmE1SnRzYVpuNGVFZ3dSZFd0DQo0UTA4UldEOE1wWlJKN3hudzhvdXRtdnFSc2ZISUtDeEgyWGVTQWk2cEU2cDhvTkdONFRyNk15QlNFTm5UbklxDQptMXk5VEJzb2lsd2llN1NybU5udTRGR0R3d2xHVG0wK21mcVZGOXA4TTFkQlBJMVI3UXUyWEs4c1l4cmZWOGcvDQp2T2xkeEp1dlJabmlvMW9rdExxcFZqM1BiNnIvU1ZpKzhLai85TGl0NlRmN3VyajBDenI1NkVOQ0hvblloTXNUDQo4ZG03NFlsZ3VJd29WcXdVSFp3SzUzSHJ6dzdkUGFtV29VaTlQUGV2dFEwaVRNQVJnZXhXTy9iVG91SmJ0N0lFDQpJbEtWZ0pOcDZJNU1aZkdSQXkxd2RBTHFpMmNWS1dsU0FydlgzMUJxVlVhL29LTW9ZWDl3ME1PaXFpd2hxa2ZPDQpLSndHUlhhL2doZ250Tld1dE10UTVtdjBUSVp4TU9tbTN4YUc0TmovUU4zNzBFS0lmNk16T2k1Y0hrRVJnV1BPDQpHSEZySyt5bWlyY3hYRHBxUitERGVWbldJQnF2OG1xWXFuSzhWMHJTUzUyN0VQeXdURUhsN1IwOVhpaWRuTXkvDQpzMUhhcDBmbGhGTUNBd0VBQWFPQjlEQ0I4VEFmQmdOVkhTTUVHREFXZ0JTdHZaaDZOTFFtOS9yRUpsVHZBNzNnDQpKTXRVR2pBZEJnTlZIUTRFRmdRVXU2OStBajM2cHZFOGhJNnQ3amlZN05reU10UXdEZ1lEVlIwUEFRSC9CQVFEDQpBZ0dHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RVFZRFZSMGdCQW93Q0RBR0JnUlZIU0FBTUVRR0ExVWRId1E5DQpNRHN3T2FBM29EV0dNMmgwZEhBNkx5OWpjbXd1ZFhObGNuUnlkWE4wTG1OdmJTOUJaR1JVY25WemRFVjRkR1Z5DQpibUZzUTBGU2IyOTBMbU55YkRBMUJnZ3JCZ0VGQlFjQkFRUXBNQ2N3SlFZSUt3WUJCUVVITUFHR0dXaDBkSEE2DQpMeTl2WTNOd0xuVnpaWEowY25WemRDNWpiMjB3RFFZSktvWklodmNOQVFFTUJRQURnZ0VCQUdTL2cvRmZtb1hRDQp6YmloS1ZjTjZGcjMwZWsrOG5ZRWJ2RlNjTHNlUFA5TkRYUnF6SUdDSmRQRG9DcGRUUFc2aTZGdHhGUUpkY2ZqDQpKdzVkaEhrM1FCTjM5YlNzSE5BN3F4Y1MxdTgwR0g0cjZYblRxMWRGREs4byt0RGI1VkNWaUx2ZmhWZHBmWkxZDQpVc3B6Z2I4YzgrYTRibVlSQmJNZWxDMS9rWldTV2ZGTXpxT1JjVXg4Und3N0N4bjJvYkZzaGo1Y3FzUXVnc3Y1DQpCNWE2U0UyUThwVElxWE9pNndaN0k1M2Vvdk5OVlo5NllVV1lHR2pIWGtCckkvVjVldStNdFd1THQyOUc5SHZ4DQpQVXNFMkpPQVdWcmdRU1Fkc284VllGaEgyKzl1UnYwVjlkbGZtclBiMkxqa1FMUE5sem11aGJzZGpyemNoNXZSDQpwdS94TzI4UU9HOD0NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=

信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
a0/a.java, line(s) 96,99
a0/c.java, line(s) 92,94
a0/d.java, line(s) 143,145
a0/f.java, line(s) 173,175
a1/a.java, line(s) 17
b4/a.java, line(s) 93,118,171
ba/d.java, line(s) 33,47,57
bb/c.java, line(s) 9,17,13
c0/c.java, line(s) 57
c0/d.java, line(s) 67
c0/h.java, line(s) 137,146,271
cat/ereza/customactivityoncrash/CustomActivityOnCrash.java, line(s) 75,77,90,226,232,238,242,354,376,393,406,240
cn/bingoogolapple/qrcode/core/a.java, line(s) 74,84
com/handmark/pulltorefresh/library/internal/b.java, line(s) 7
com/huxq17/floatball/libarary/floatball/FloatBall.java, line(s) 86
com/huxq17/floatball/libarary/floatball/StatusBarView.java, line(s) 35,43
com/netease/LDNetDiagnoService/LDNetAsyncTaskEx.java, line(s) 50
com/netease/LDNetDiagnoService/LDNetSocket.java, line(s) 214
com/netease/LDNetDiagnoService/LDNetTraceRoute.java, line(s) 112
com/netease/LDNetDiagnoService/b.java, line(s) 48
com/scwang/smartrefresh/layout/SmartRefreshLayout.java, line(s) 1342
com/tech/hope/lottery/mine/profit/ProfitDetailsActivity.java, line(s) 129
com/tech/hope/utils/MyRadioGroup.java, line(s) 60
com/tech/pay/ui/buyorder/a.java, line(s) 76
com/wang/avi/AVLoadingIndicatorView.java, line(s) 332
com/yalantis/ucrop/UCropActivity.java, line(s) 578
com/yalantis/ucrop/task/BitmapCropTask.java, line(s) 97
com/yalantis/ucrop/task/BitmapLoadTask.java, line(s) 62,104,182,188,202,209,237,240
com/yalantis/ucrop/util/BitmapLoadUtils.java, line(s) 57,102,112
com/yalantis/ucrop/util/EglUtils.java, line(s) 75
com/yalantis/ucrop/util/ImageHeaderParser.java, line(s) 136,171,181,193,205,210,223,228,242,258,262,267,276,279,284,170,180,192,204,209,222,227,241,257,261,266,275,278,283
com/yalantis/ucrop/view/TransformImageView.java, line(s) 117,172,200,217
d0/f.java, line(s) 512,517
d0/g.java, line(s) 97
d1/a.java, line(s) 363
d2/a.java, line(s) 72,73
e1/d.java, line(s) 78,105,77,104
e1/e.java, line(s) 527,556,563,526,555,562
f/g.java, line(s) 152,185,266
g/c.java, line(s) 277
g1/b.java, line(s) 49,48
g1/j.java, line(s) 55,150,54,149,153,159,166,163,167
g1/l.java, line(s) 50,49
h0/e.java, line(s) 32,36,40
h0/f.java, line(s) 23
h1/c.java, line(s) 108,107
h1/e.java, line(s) 77,76
h2/h.java, line(s) 60
i1/j.java, line(s) 110,150,111,151
i1/k.java, line(s) 112,155,212,225,76,111,121,144,154,177,184,211,224,82,122,178,185,145
j0/c.java, line(s) 36,48,50,62,64,84,87
j1/e.java, line(s) 41,51,65,71,42,66,54,72
j1/i.java, line(s) 125,109
k1/a.java, line(s) 96,93
k1/b.java, line(s) 39,38
l0/c.java, line(s) 149
m1/c.java, line(s) 16,15
m1/d.java, line(s) 41,40
m1/f.java, line(s) 101,100
m1/s.java, line(s) 82,85
m1/t.java, line(s) 37,36
n/b.java, line(s) 20
n0/b.java, line(s) 77
oa/a.java, line(s) 420
org/greenrobot/eventbus/f.java, line(s) 16,21
p0/c.java, line(s) 148
pa/b.java, line(s) 69,65,71,73,67
r2/d.java, line(s) 165,198
r8/b.java, line(s) 121,124,138
s2/b.java, line(s) 87
s8/a.java, line(s) 113,117,142
t1/a.java, line(s) 80,85,90,99,81,86,91,100
t1/d.java, line(s) 21,22
t1/j.java, line(s) 39,42
u/c.java, line(s) 117
u/l.java, line(s) 48,49
u/o.java, line(s) 128
u0/a.java, line(s) 166,171,178,182,198,208
u2/h.java, line(s) 245
u4/a.java, line(s) 408
v1/e.java, line(s) 36,35,58,81,59,82
v1/f.java, line(s) 12,11
v1/k.java, line(s) 102,103
v1/l.java, line(s) 238,239,250
v1/n.java, line(s) 89,90
v1/o.java, line(s) 99,100
w0/a.java, line(s) 36
w1/d.java, line(s) 51,58,69,74,50,57,62,68,73,63
w5/f.java, line(s) 7,11,15,19
y1/h.java, line(s) 151,20,307,110
y7/b.java, line(s) 10
z1/k.java, line(s) 54,95,96,55
z8/b.java, line(s) 10

信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 

此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
a8/k.java, line(s) 4,56
cat/ereza/customactivityoncrash/activity/DefaultErrorActivity.java, line(s) 6,87
com/tech/hope/lottery/firstpage/championship/CompetitionBettingDetailsActivity.java, line(s) 5,66,174
com/tech/hope/lottery/mine/agent/GenerateCodeActivity.java, line(s) 5,65,76
com/tech/hope/lottery/mine/agent/InvitationCodeDetailActivity.java, line(s) 4,53,70
com/tech/hope/lottery/mine/agent/MyDomainListActivity.java, line(s) 6,210
com/tech/hope/lottery/mine/agent/NextOrderDetailsActivity.java, line(s) 6,65
com/tech/hope/lottery/mine/applyagent/ApplyAgentActivity.java, line(s) 6,83,97,111,125,139,153
com/tech/hope/lottery/mine/domain/ParkeDomainActivity.java, line(s) 5,121
com/tech/hope/lottery/mine/message/ChattingWithMasterActivity.java, line(s) 6,132,276
com/tech/hope/lottery/mine/recording/AccountDetailsActivity.java, line(s) 6,53
com/tech/hope/lottery/mine/recording/BettingDetailsActivity.java, line(s) 6,86,101
com/tech/hope/lottery/mine/recording/GameDetailsActivity.java, line(s) 6,59
com/tech/hope/lottery/mine/recording/RechargeRecordingDetailsActivity.java, line(s) 6,64
com/tech/hope/lottery/mine/recording/WithdrawRecordingDetailsActivity.java, line(s) 6,54
com/tech/hope/lottery/mine/setting/NetworkDetectionActivity.java, line(s) 5,146
com/tech/hope/lottery/mine/share/ShareActivity.java, line(s) 4,171
com/tech/hope/lottery/mine/share/ShareBaseActivity.java, line(s) 5,127
com/tech/hope/yeb/BillingDetailsActivity.java, line(s) 4,77
com/tech/pay/base/BaseWalletActivity.java, line(s) 4,83
com/tech/pay/ui/home/HomeFragment.java, line(s) 4,139
com/tech/pay/ui/mine/MineFragment.java, line(s) 6,297
com/tech/pay/ui/mine/act/ShareActivity.java, line(s) 5,69
com/tech/pay/ui/trade/b.java, line(s) 4,65
com/tech/pay/ui/wallet/a.java, line(s) 4,57
d8/a0.java, line(s) 5,69,78
d8/e0.java, line(s) 5,59
d8/f.java, line(s) 4,56
d8/u.java, line(s) 6,393
h7/i.java, line(s) 4,75
ra/a.java, line(s) 4,40
y5/u.java, line(s) 6,136

安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 

此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4

Files:
ya/c.java, line(s) 41,39,41,37,38,38

安全 此应用程序没有隐私跟踪程序 

此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。

关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (zhj.huabaoqiaoshifu.com) 通信。 

{'ip': '58.220.73.244', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '扬州', 'latitude': '32.397221', 'longitude': '119.435600'}

安全评分: ( 澳门金沙 3.7.1)