安全分析报告:
安全分数
安全分数 47/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
3
用户/设备跟踪器
调研结果
高危
6
中危
22
信息
4
安全
3
关注
5
高危 应用程序容易受到 Janus 漏洞的影响
应用程序使用 v1 签名方案进行签名,如果仅使用 v1 签名方案进行签名,则在 Android 5.0-8.0 上容易受到 Janus 漏洞的影响。在使用 v1 和 v2/v3 方案签名的 Android 5.0-7.0 上运行的应用程序也容易受到攻击。
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/qennnsad/aknkaksd/presentation/module/auth/captcha/ReCaptchaDialog.java, line(s) 81,14 com/qennnsad/aknkaksd/util/dialog/CustomDialog.java, line(s) 190,18
高危 使用弱加密算法
使用弱加密算法 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/ksyun/media/streamer/util/b.java, line(s) 22 com/qennnsad/aknkaksd/util/DES.java, line(s) 15,24 com/yolanda/nohttp/tools/Encryption.java, line(s) 19,22
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/qennnsad/aknkaksd/util/DES.java, line(s) 15,24
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/qennnsad/aknkaksd/presentation/ui/main/MallFragment.java, line(s) 322,321
中危 基本配置配置为信任系统证书。
Scope: *
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (com.qennnsad.aknkaksd.presentation.ui.main.MainActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.qennnsad.aknkaksd.presentation.ui.main.webview.SimpleWebViewActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.qennnsad.aknkaksd.presentation.ui.main.me.OtherUserActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.im.freechat.ui.main.DeeplinkComponent) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (iamutkarshtiwari.github.io.ananas.editimage.EditImageActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/hcaptcha/sdk/HCaptchaDialogFragment.java, line(s) 51,47 com/qennnsad/aknkaksd/presentation/module/auth/captcha/ReCaptchaDialog.java, line(s) 76,71 com/qennnsad/aknkaksd/presentation/ui/main/MallFragment.java, line(s) 173,169,214 com/qennnsad/aknkaksd/presentation/ui/main/webview/SimpleWebViewActivity.java, line(s) 290,274
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/giphy/sdk/core/network/api/GPHApiClient.java, line(s) 39 com/giphy/sdk/tracking/MediaExtensionKt.java, line(s) 12,13,14,16,17 com/giphy/sdk/ui/views/GiphyDialogFragment.java, line(s) 77,79,83,84 com/giphy/sdk/ui/views/UserProfileInfoDialog.java, line(s) 30 com/hcaptcha/sdk/HCaptchaConfig.java, line(s) 394,142 com/im/freechat/ui/chat/chatdetails/ChatDetailsFragmentKt.java, line(s) 7 com/ksy/statlibrary/util/AuthUtils.java, line(s) 19,23 com/ksy/statlibrary/util/PreferenceUtil.java, line(s) 8,9 com/ksyun/media/streamer/logstats/d.java, line(s) 58 com/posthog/android/PostHog.java, line(s) 31,34,35,36 com/posthog/android/PostHogContext.java, line(s) 23,25,24,26,28,27,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47 com/posthog/android/PostHogIntegration.java, line(s) 37 com/posthog/android/Properties.java, line(s) 12,13 com/posthog/android/payloads/AliasPayload.java, line(s) 9 com/posthog/android/payloads/BasePayload.java, line(s) 12,13,15,16,17 com/posthog/android/payloads/IdentifyPayload.java, line(s) 12,13 com/posthog/android/payloads/ScreenPayload.java, line(s) 10 com/qennnsad/aknkaksd/data/bean/LoginInfo.java, line(s) 113 com/qennnsad/aknkaksd/data/bean/LoginRequestBean.java, line(s) 157 com/qennnsad/aknkaksd/data/bean/Yunxin.java, line(s) 52 com/qennnsad/aknkaksd/data/bean/me/UserInfo.java, line(s) 483 com/qennnsad/aknkaksd/data/bean/register/RegisterBean.java, line(s) 106 com/qennnsad/aknkaksd/data/bean/user/UserBean.java, line(s) 663 com/qennnsad/aknkaksd/data/bean/websocket/NameCardNews.java, line(s) 69 com/qennnsad/aknkaksd/data/bean/websocket/NewFanEvent.java, line(s) 92 com/qennnsad/aknkaksd/data/bean/websocket/SendGiftMsg.java, line(s) 216 com/qennnsad/aknkaksd/data/bean/websocket/SendGiftNewsMsg.java, line(s) 177 com/qennnsad/aknkaksd/domain/usecase/auth/AbstractLoginUseCase.java, line(s) 292 com/qennnsad/aknkaksd/domain/usecase/auth/ChangePasswordUseCase.java, line(s) 111 com/qennnsad/aknkaksd/presentation/module/auth/PredefinedLogins.java, line(s) 63 com/qennnsad/aknkaksd/presentation/module/auth/captcha/HCaptchaDialog.java, line(s) 20 com/qennnsad/aknkaksd/presentation/module/auth/captcha/ReCaptchaDialogKt.java, line(s) 8 com/qennnsad/aknkaksd/presentation/ui/main/me/MeStarListFragment.java, line(s) 35 com/qennnsad/aknkaksd/presentation/ui/main/me/sublist/SubListActivity.java, line(s) 15 com/qennnsad/aknkaksd/util/AES.java, line(s) 35 com/qennnsad/aknkaksd/util/DES.java, line(s) 9 com/yolanda/nohttp/cache/CacheEntityDao.java, line(s) 25 com/yolanda/nohttp/cache/CacheSQLHelper.java, line(s) 12 com/yolanda/nohttp/cache/DiskCacheStore.java, line(s) 29 io/github/rockerhieu/emojicon/EmojiconRecentsGridFragment.java, line(s) 11 io/github/rockerhieu/emojicon/EmojiconsFragment.java, line(s) 23 io/sentry/Baggage.java, line(s) 32 io/sentry/TraceContext.java, line(s) 23 io/sentry/protocol/User.java, line(s) 31 org/jsoup/helper/W3CDom.java, line(s) 177 org/jsoup/nodes/DocumentType.java, line(s) 11,12,14
中危 IP地址泄露
IP地址泄露 Files: com/koushikdutta/async/AsyncSSLSocketWrapper.java, line(s) 117,602 com/koushikdutta/async/dns/Dns.java, line(s) 101,131,93 com/ksyun/media/streamer/logstats/StatsConstant.java, line(s) 109 com/ksyun/media/streamer/publisher/RtmpPublisher.java, line(s) 173 org/minidns/DnsClient.java, line(s) 50 screenstreamer/kit/KSYScreenStreamer.java, line(s) 41,121
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/giphy/sdk/ui/ConstantsKt.java, line(s) 6 com/koushikdutta/async/dns/Dns.java, line(s) 19 com/koushikdutta/async/util/FileCache.java, line(s) 18 com/qennnsad/aknkaksd/data/sharedpreference/PrefsHelper.java, line(s) 33 com/qennnsad/aknkaksd/presentation/ui/room/player/player/PlayerActivity.java, line(s) 192 com/qennnsad/aknkaksd/presentation/ui/widget/heardAnim/HeartAnim.java, line(s) 17 com/qennnsad/aknkaksd/util/roomanim/MrlLove.java, line(s) 24 in/srain/cube/views/ptr/header/StoreHouseBarItem.java, line(s) 8 lombok/core/debug/AssertionLogger.java, line(s) 8 org/jsoup/helper/DataUtil.java, line(s) 16 org/minidns/AbstractDnsClient.java, line(s) 11 org/minidns/iterative/IterativeDnsClient.java, line(s) 15 org/minidns/util/CollectionsUtil.java, line(s) 4
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/koushikdutta/async/http/WebSocketImpl.java, line(s) 57 com/ksy/statlibrary/util/AuthUtils.java, line(s) 60 com/ksyun/media/streamer/logstats/c.java, line(s) 41 com/tangxiaolv/telegramgallery/Utils/Utilities.java, line(s) 155,169 io/sentry/util/StringUtils.java, line(s) 57 org/minidns/AbstractDnsClient.java, line(s) 92
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/koushikdutta/async/util/FileCache.java, line(s) 93 com/ksy/statlibrary/util/AuthUtils.java, line(s) 68 com/ksyun/media/player/misc/e.java, line(s) 93 com/ksyun/media/player/util/c.java, line(s) 165 com/ksyun/media/streamer/logstats/c.java, line(s) 122 com/opensource/svgaplayer/SVGACache.java, line(s) 131 com/qennnsad/aknkaksd/util/JwtUtil.java, line(s) 72 com/tangxiaolv/telegramgallery/Utils/Utilities.java, line(s) 214 com/yolanda/nohttp/tools/Encryption.java, line(s) 81
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/qennnsad/aknkaksd/presentation/ui/main/me/MeFragment.java, line(s) 75 com/qennnsad/aknkaksd/util/DataCleanManager.java, line(s) 10,18,26 com/qennnsad/aknkaksd/util/FileUtils.java, line(s) 27,52 com/qennnsad/aknkaksd/util/LogUtil.java, line(s) 70,73 com/qennnsad/aknkaksd/util/UpdateUtil.java, line(s) 47 com/qennnsad/aknkaksd/util/deviceinfo/DeviceInfo.java, line(s) 633,641,786 com/tangxiaolv/telegramgallery/Utils/AndroidUtilities.java, line(s) 138 com/tangxiaolv/telegramgallery/Utils/ImageLoader.java, line(s) 605,606 com/tangxiaolv/telegramgallery/Utils/MediaController.java, line(s) 448 com/yalantis/ucrop/util/FileUtils.java, line(s) 53 iamutkarshtiwari/github/io/ananas/editimage/utils/BitmapUtils.java, line(s) 141,144 io/sentry/android/core/DefaultAndroidEventProcessor.java, line(s) 282,501,533
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/ksy/statlibrary/db/DBHelper.java, line(s) 4,5,17,22 com/yolanda/nohttp/cache/CacheEntityDao.java, line(s) 6,53 com/yolanda/nohttp/cache/CacheSQLHelper.java, line(s) 4,27,28,40,41,42 com/yolanda/nohttp/cookie/CookieEntityDao.java, line(s) 6,51 com/yolanda/nohttp/cookie/CookieSQLHelper.java, line(s) 4,35,36,48,49,50 com/yolanda/nohttp/db/BaseDao.java, line(s) 5,6,57
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/im/freechat/ui/chat/attachment/AttachmentViewModel.java, line(s) 36 com/theartofdev/edmodo/cropper/BitmapUtils.java, line(s) 171 com/theartofdev/edmodo/cropper/CropImageActivity.java, line(s) 205 lombok/installer/OsUtils.java, line(s) 21 lombok/javac/apt/Processor.java, line(s) 58
中危 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: io/sentry/android/core/internal/util/RootChecker.java, line(s) 22,22,22,22,22
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/qennnsad/aknkaksd/presentation/ui/main/MallFragment.java, line(s) 160,164,169,214 com/qennnsad/aknkaksd/presentation/ui/main/webview/SimpleWebViewActivity.java, line(s) 266,271,274
中危 应用程序包含隐私跟踪程序
此应用程序有多个3隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "user" : "Usager" "password" : "Passwort" "password" : "Paswoord" "user" : "Gebruiker" "user" : "Benutzer" "google_api_key" : "AIzaSyBR2TQ24_-7-aIv_Rqn0V8Splq8TvAGdeo" "firebase_database_url" : "https://wood-dd878.firebaseio.com" "password" : "Password" "user" : "User" "google_app_id" : "1:557614287106:android:3cf00383e877e0ae52da1b" "google_crash_reporting_api_key" : "AIzaSyBR2TQ24_-7-aIv_Rqn0V8Splq8TvAGdeo" 8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14 1628686155461064465348252249725010996177649738666492500572664444461532807739744536029771810659241049343994038053541290419968870563183856865780916376571550372513476957870843322273120879361960335192976656756972171258658400305760429696147778001233984421619267530978084631948434496468785021389956803104620471232008587410372348519229650742022804219634190734272506220018657920136902014393834092648785514548876370028925405557661759399901378816916683122474038734912535425670533237815676134840739565610963796427401855723026687073600445461090736240030247906095053875491225879656640052743394090544036297390104110989318819106653199917493 6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5B 5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B 3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F sha256/KGFQin+uewna1jKoxsmBHmec6cSmF8gqFFVqvIq2KdE 4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 sha256/svacBekDRZJdxNTjSrm4vNdOgSAaCz7CXCcB7uxR2OQ sha256/+4icG0KQu+0Z10BxX4BZITybbNSYcKThWv9icwDFcX8 K1JCCmFUISJuJwzpoNpPmVKhXQyMbM1OQAABWS6YOWN 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 62133ffc-087f-485d-bc4c-12c770deb6d8 AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7 tDiJym4rsyJALjtEp6MM1k9cl9rHv42f A2B55680-6F43-11E0-9A3F-0002A5D5C51B FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551 01360240043788015936020505 15be8989d2f8cca8c889a7653d72ed35 sha256/45VS2F2R1rF7lVJxDmqPV5aqddGft8ReBtjZdmqrr20 9c530677ff88832bde38873de4abd84d B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF 9A04F079-9840-4286-AB92-E65BE0885F95
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/clj/fastble/BleManager.java, line(s) 182,194,206,285,331,335,173,211,290 com/clj/fastble/bluetooth/BleBluetooth.java, line(s) 468,50,81,372,431,434 com/clj/fastble/bluetooth/SplitWriter.java, line(s) 103 com/clj/fastble/scan/BleScanPresenter.java, line(s) 140,160 com/clj/fastble/scan/BleScanner.java, line(s) 101 com/clj/fastble/utils/BleLog.java, line(s) 13,34,20,27 com/coremedia/iso/boxes/sampleentry/AudioSampleEntry.java, line(s) 194 com/gigamole/infinitecycleviewpager/VerticalViewPager.java, line(s) 433,439,464 com/giphy/sdk/analytics/batching/AnalyticsId.java, line(s) 35 com/giphy/sdk/analytics/batching/PingbackCollector.java, line(s) 172,185,272 com/giphy/sdk/analytics/batching/PingbackSubmissionQueue.java, line(s) 112,118,134 com/giphy/sdk/core/network/engine/DefaultNetworkSession.java, line(s) 158 com/giphy/sdk/core/threading/ApiTask.java, line(s) 87 com/giphy/sdk/tracking/GifTrackingManager.java, line(s) 187 com/hbb20/CCPCountry.java, line(s) 1521,1523,1541 com/hbb20/CountryCodePicker.java, line(s) 1502,1526,959,962,1518,1746 com/iab/omid/library/giphy/d/c.java, line(s) 11 com/im/freechat/data/SyncRepositoryImpl$uploadAttachments$2$1.java, line(s) 58,81 com/im/freechat/media/audio/AudioRecordImpl.java, line(s) 93,136,119,122 com/im/freechat/utils/CameraPreview.java, line(s) 60,74,108,136 com/im/freechat/utils/CameraRecorder.java, line(s) 260,263 com/koushikdutta/async/AsyncNetworkSocket.java, line(s) 226 com/koushikdutta/async/AsyncServer.java, line(s) 241,397,570,680,748,763,909,925,928,931 com/koushikdutta/async/ByteBufferList.java, line(s) 343 com/koushikdutta/async/PushParser.java, line(s) 233 com/koushikdutta/async/Util.java, line(s) 26,37,38 com/koushikdutta/async/http/AsyncHttpRequest.java, line(s) 247,254,255,262,269,270,226,233,240 com/koushikdutta/async/http/HybiParser.java, line(s) 381 com/koushikdutta/async/http/cache/RawHeaders.java, line(s) 109 com/koushikdutta/async/http/server/AsyncHttpServer.java, line(s) 63,113,107 com/koushikdutta/async/http/server/AsyncHttpServerRequestImpl.java, line(s) 91 com/koushikdutta/async/http/server/AsyncHttpServerRouter.java, line(s) 253 com/ksy/statlibrary/db/DBManager.java, line(s) 78,116,168,196,230 com/ksy/statlibrary/db/RecordResult.java, line(s) 36 com/ksy/statlibrary/interval/IntervalTask.java, line(s) 33 com/ksy/statlibrary/log/LogClient.java, line(s) 141,158,168,250,257,135,161,193,260,264,333,355,373,395,398,438,446 com/ksy/statlibrary/util/AuthUtils.java, line(s) 42,50 com/ksyun/media/player/KSYMediaPlayer.java, line(s) 1654,1658,1202,1363,1836 com/ksyun/media/player/KSYMediaRecorder.java, line(s) 478 com/ksyun/media/player/c/a.java, line(s) 50,54,58,14,18,22,26,30,34,62,66,70,38,42,46 com/ksyun/media/player/f.java, line(s) 196,198 com/ksyun/media/player/util/b.java, line(s) 14,27,11 com/ksyun/media/player/util/c.java, line(s) 190 com/ksyun/media/streamer/capture/AudioCapture.java, line(s) 65,119,129,259,278,222,223,224,225 com/ksyun/media/streamer/capture/AudioPlayerCapture.java, line(s) 53,66,78,118,301,383 com/ksyun/media/streamer/capture/CameraCapture.java, line(s) 91,111,172,310,317,324,441,650,658,136,148,189,329,368,407,416,576 com/ksyun/media/streamer/capture/ImageCapture.java, line(s) 42 com/ksyun/media/streamer/capture/ViewCapture.java, line(s) 135 com/ksyun/media/streamer/capture/audio/c.java, line(s) 77 com/ksyun/media/streamer/capture/camera/CameraTouchHelper.java, line(s) 48,243 com/ksyun/media/streamer/capture/camera/a.java, line(s) 77,85,66,44 com/ksyun/media/streamer/capture/camera/b.java, line(s) 83,170,355 com/ksyun/media/streamer/capture/camera/c.java, line(s) 87,130,44 com/ksyun/media/streamer/decoder/AVDecoderWrapper.java, line(s) 74 com/ksyun/media/streamer/decoder/Decoder.java, line(s) 127,88 com/ksyun/media/streamer/decoder/MediaCodecAudioDecoder.java, line(s) 156,159,185,177,165 com/ksyun/media/streamer/decoder/MediaCodecVideoDecoder.java, line(s) 231,234,247,143,257,238 com/ksyun/media/streamer/demuxer/AVDemuxerCapture.java, line(s) 121,145,148,160,163,169,278,281,290,293,326,357,360,376,382 com/ksyun/media/streamer/demuxer/AVDemuxerMultiCapture.java, line(s) 282 com/ksyun/media/streamer/encoder/AVCodecAudioEncoder.java, line(s) 33,74 com/ksyun/media/streamer/encoder/AVCodecSurfaceEncoder.java, line(s) 141,182,239 com/ksyun/media/streamer/encoder/AVCodecVideoEncoder.java, line(s) 59,86 com/ksyun/media/streamer/encoder/Encoder.java, line(s) 223,292,430,176,184,235,192,158,166 com/ksyun/media/streamer/encoder/ImgTexToBuf.java, line(s) 129,200,385 com/ksyun/media/streamer/encoder/MediaCodecAudioEncoder.java, line(s) 65,81,131,85,42,106 com/ksyun/media/streamer/encoder/MediaCodecEncoderBase.java, line(s) 97,38,86,106 com/ksyun/media/streamer/encoder/MediaCodecSurfaceEncoder.java, line(s) 118,205,261,82,91,143,154,160,242,271,321,165,237 com/ksyun/media/streamer/filter/audio/APMWrapper.java, line(s) 47,53,149 com/ksyun/media/streamer/filter/audio/AudioFilterBase.java, line(s) 66,117,130 com/ksyun/media/streamer/filter/audio/AudioMixer.java, line(s) 204,244 com/ksyun/media/streamer/filter/imgtex/ImgBeautyAdvanceFilter.java, line(s) 33,41 com/ksyun/media/streamer/filter/imgtex/ImgBeautySimpleFilter.java, line(s) 32,40 com/ksyun/media/streamer/filter/imgtex/ImgBeautySmoothFilter.java, line(s) 56 com/ksyun/media/streamer/filter/imgtex/ImgBeautyStylizeFilter.java, line(s) 56 com/ksyun/media/streamer/filter/imgtex/ImgTexFilter.java, line(s) 122 com/ksyun/media/streamer/filter/imgtex/ImgTexFilterBase.java, line(s) 356,252,298 com/ksyun/media/streamer/filter/imgtex/ImgTexMixer.java, line(s) 282,287,201,212,145 com/ksyun/media/streamer/filter/imgtex/ImgTexPreview.java, line(s) 27,38,131 com/ksyun/media/streamer/filter/imgtex/ImgTexScaleFilter.java, line(s) 87,92 com/ksyun/media/streamer/kit/KSYStreamer.java, line(s) 281,368,380,424,1212,1220,1546,1548,1551,1557,1560,1566,1569,1572,1575,271,298,394,466,359,1347 com/ksyun/media/streamer/logstats/StatsLogReport.java, line(s) 117,119,333,91,94,97,104,233,236,310,320,339,390,398,409,421,432,448,461,474,497,522,523,110,402,415,425,438,455,468,481 com/ksyun/media/streamer/logstats/c.java, line(s) 108,90 com/ksyun/media/streamer/publisher/Publisher.java, line(s) 346,242,246,477 com/ksyun/media/streamer/publisher/RtmpPublisher.java, line(s) 129,137,145,153,165 com/ksyun/media/streamer/util/BitmapLoader.java, line(s) 20,32 com/ksyun/media/streamer/util/CredtpWrapper.java, line(s) 60 com/ksyun/media/streamer/util/FrameBufferCache.java, line(s) 61,71,97,110,122 com/ksyun/media/streamer/util/LibraryLoader.java, line(s) 12 com/ksyun/media/streamer/util/TimeDeltaUtil.java, line(s) 84,97,139,276,153 com/ksyun/media/streamer/util/audio/PcmPlayer.java, line(s) 109,150,99 com/ksyun/media/streamer/util/device/DeviceInfoTools.java, line(s) 96 com/ksyun/media/streamer/util/gles/FboManager.java, line(s) 20,41,49,72,85,110,189 com/ksyun/media/streamer/util/gles/GLRender.java, line(s) 150,161,170,247,413,434,629,123 com/ksyun/media/streamer/util/gles/GlUtil.java, line(s) 127,146,36,46,47,67,71,82 com/ksyun/media/streamer/util/gles/a.java, line(s) 69,135,144,176,82,100 com/ksyun/media/streamer/util/gles/b.java, line(s) 63 com/ksyun/media/streamer/util/gles/d.java, line(s) 68,135,144,180,81,100 com/ksyun/media/streamer/util/gles/e.java, line(s) 63 com/ksyun/media/streamer/util/gles/g.java, line(s) 70 com/ksyun/media/streamer/util/https/KsyHttpConnection.java, line(s) 171,189 com/lljjcoder/style/citylist/CityListSelectActivity.java, line(s) 107 com/lljjcoder/style/citylist/sortlistview/CharacterParser.java, line(s) 40 com/lljjcoder/style/citypickerview/widget/wheel/adapters/AbstractWheelTextAdapter.java, line(s) 143 com/opensource/svgaplayer/utils/log/DefaultLogCat.java, line(s) 29,42,22,15,36 com/posthog/android/Logger.java, line(s) 31,37,25,19 com/qennnsad/aknkaksd/data/interceptor/SSLHandshakeInterceptor.java, line(s) 26 com/qennnsad/aknkaksd/data/websocket/WebSocketService.java, line(s) 1985 com/qennnsad/aknkaksd/domain/AnchorManager.java, line(s) 40,237,244,251,258,265,272,279,298,305 com/qennnsad/aknkaksd/presentation/ui/main/me/popup/city/widget/adapters/AbstractWheelTextAdapter.java, line(s) 134 com/qennnsad/aknkaksd/presentation/ui/main/me/popup/time/adapter/AbstractWheelTextAdapter.java, line(s) 137 com/qennnsad/aknkaksd/presentation/ui/room/player/player/PlayerPresenter.java, line(s) 350 com/qennnsad/aknkaksd/util/AES.java, line(s) 46,48,108,111,114,117,120,123,134,137,140,143,146,149,160,163,166,169,173,176,187,190,193,196,200,203 com/qennnsad/aknkaksd/util/L.java, line(s) 72,78,80,37 com/qennnsad/aknkaksd/util/fresco/FrescoUtil.java, line(s) 40,44 com/tangxiaolv/telegramgallery/Theme.java, line(s) 28,35,42 com/tangxiaolv/telegramgallery/Utils/AndroidUtilities.java, line(s) 190 com/tangxiaolv/telegramgallery/Utils/ImageLoader.java, line(s) 603,615,625,636,647,654 com/tao/admin/loglib/Logger.java, line(s) 41,13,27 com/theartofdev/edmodo/cropper/BitmapUtils.java, line(s) 180,218 com/theartofdev/edmodo/cropper/CropImageActivity.java, line(s) 89,240 com/theartofdev/edmodo/cropper/CropOverlayView.java, line(s) 699 com/wang/avi/AVLoadingIndicatorView.java, line(s) 205 com/yalantis/ucrop/UCropActivity.java, line(s) 154 com/yalantis/ucrop/task/BitmapCropTask.java, line(s) 151,164,191,130 com/yalantis/ucrop/task/BitmapLoadTask.java, line(s) 127,147,88,91,133,140 com/yalantis/ucrop/util/BitmapLoadUtils.java, line(s) 104,52,83 com/yalantis/ucrop/util/EglUtils.java, line(s) 27 com/yalantis/ucrop/util/FileUtils.java, line(s) 61 com/yalantis/ucrop/util/ImageHeaderParser.java, line(s) 57,64,75,83,115,125,137,151,165,171,175,180,186,190,281,287,300,307,314,327,340,347,354,56,63,74,82,114,124,136,150,164,170,174,179,185,189 com/yalantis/ucrop/view/TransformImageView.java, line(s) 226,243,135,80 com/yolanda/nohttp/BitmapBinary.java, line(s) 28 com/yolanda/nohttp/FileBinary.java, line(s) 27 com/yolanda/nohttp/InputStreamBinary.java, line(s) 23 com/yolanda/nohttp/Logger.java, line(s) 135,154 eltos/simpledialogfragment/SimpleImageDialog.java, line(s) 161 iamutkarshtiwari/github/io/ananas/editimage/EditImageActivity.java, line(s) 446 iamutkarshtiwari/github/io/ananas/editimage/utils/BitmapUtils.java, line(s) 146 iamutkarshtiwari/github/io/ananas/editimage/utils/Matrix3.java, line(s) 65,66,67 iamutkarshtiwari/github/io/ananas/editimage/view/imagezoom/ImageViewTouch.java, line(s) 194 iamutkarshtiwari/github/io/ananas/editimage/view/imagezoom/ImageViewTouchBase.java, line(s) 469,139 in/srain/cube/views/ptr/PtrFrameLayout.java, line(s) 447,583,659,668,689,695,704,715,961,972,1073,480,489,512,625,648,680,722,764,414,530,1013,1034 in/srain/cube/views/ptr/util/PtrCLog.java, line(s) 46,56,63,118,128,135,70,80,87,22,29,39,94,104,111,142,152,159 io/sentry/SystemOutLogger.java, line(s) 14,22,31 io/sentry/android/core/AndroidLogger.java, line(s) 78,74,66,70,76 io/sentry/transport/StdoutTransport.java, line(s) 36 lombok/bytecode/PoolConstantsApp.java, line(s) 70,71,53,57,59,63,67 lombok/bytecode/PostCompilerApp.java, line(s) 89,90,59,66,70,78,85 lombok/core/DiagnosticsReceiver.java, line(s) 7,12 lombok/core/Main.java, line(s) 87,44,77 lombok/core/PublicApiCreatorApp.java, line(s) 40,48,61,124,88,113 lombok/core/Version.java, line(s) 14,16 lombok/core/configuration/ConfigurationProblemReporter.java, line(s) 13 lombok/core/debug/FileLog.java, line(s) 24 lombok/core/debug/ProblemReporter.java, line(s) 72,80,88 lombok/core/runtimeDependencies/CreateLombokRuntimeApp.java, line(s) 93,171,111,114,116,133,160 lombok/delombok/Delombok.java, line(s) 236,238,269,312,315,325,335,336,228,251,253,254,255,256,258,259,331 lombok/delombok/DelombokApp.java, line(s) 62 lombok/eclipse/TransformEclipseAST.java, line(s) 69 lombok/eclipse/handlers/EclipseSingularsRecipes.java, line(s) 68,80 lombok/installer/Installer.java, line(s) 209,210,211,240,242,245,248,250,253,266,269,274,275,276,205,286 lombok/javac/CompilerMessageSuppressor.java, line(s) 93 lombok/javac/HandlerLibrary.java, line(s) 128 lombok/javac/JavacAST.java, line(s) 142 lombok/javac/JavacResolution.java, line(s) 211 lombok/javac/JavacTreeMaker.java, line(s) 415,472 lombok/javac/handlers/HandleBuilder.java, line(s) 558 lombok/javac/handlers/HandleVal.java, line(s) 95,106 lombok/javac/handlers/JavacSingularsRecipes.java, line(s) 49,61 lombok/patcher/ClassRootFinder.java, line(s) 80 lombok/patcher/ScriptManager.java, line(s) 139,153 lombok/patcher/Version.java, line(s) 10 lombok/patcher/scripts/SetSymbolDuringMethodCallScript.java, line(s) 122 master/flame/danmaku/danmaku/model/objectpool/FinitePool.java, line(s) 56 me/jessyan/retrofiturlmanager/RetrofitUrlManager.java, line(s) 106 org/greenrobot/eventbus/Logger.java, line(s) 32,37 org/koin/android/logger/AndroidLogger.java, line(s) 52,58,60,56 rubikstudio/library/PielView.java, line(s) 257,522,525,553 screenstreamer/capture/ScreenCapture.java, line(s) 93,97,144,177,198,257,262,349,363,378,137,149,187,268 screenstreamer/filters/ImgTexGPUImageFilter.java, line(s) 37 screenstreamer/filters/OpenGlUtils.java, line(s) 69,77,82,91 screenstreamer/kit/KSYScreenStreamer.java, line(s) 209,271,283,323,484,488,199,296,358,416,893,915,262 timber/log/Timber.java, line(s) 395,414 tv/cjump/jni/DeviceUtils.java, line(s) 64 tv/cjump/jni/NativeBitmapFactory.java, line(s) 70,128
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/giphy/sdk/ui/views/GPHMediaActionsView.java, line(s) 4,204,205 com/im/freechat/extend/ExtendsKt.java, line(s) 5,89,90 com/qennnsad/aknkaksd/presentation/ui/main/MallFragment.java, line(s) 5,562,568 com/qennnsad/aknkaksd/presentation/ui/main/webview/SimpleWebViewActivity.java, line(s) 9,823,831 com/qennnsad/aknkaksd/presentation/ui/room/player/player/PlayerActivity.java, line(s) 9,1458,3189 com/qennnsad/aknkaksd/util/ScreenUtil.java, line(s) 5,217,218
信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/giphy/sdk/analytics/GiphyPingbacks.java, line(s) 98,98 com/giphy/sdk/ui/GPHRecentSearches.java, line(s) 26,26 com/giphy/sdk/ui/GiphyRecents.java, line(s) 29,29 com/qennnsad/aknkaksd/data/sharedpreference/Prefs.java, line(s) 23,23
信息 应用与Firebase数据库通信
该应用与位于 https://wood-dd878.firebaseio.com 的 Firebase 数据库进行通信
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/im/freechat/di/ApiModuleKt.java, line(s) 286,318,318,324,208,221,234,247,260,273,346,359 com/koushikdutta/async/AsyncSSLSocketWrapper.java, line(s) 700,103,148,696,698,700,697,697 com/ksyun/media/player/d/b.java, line(s) 31,43 com/qennnsad/aknkaksd/data/repository/PingDnsSource.java, line(s) 108,79,48 com/qennnsad/aknkaksd/data/repository/RetrofitSource.java, line(s) 103,106,102 com/qennnsad/aknkaksd/data/repository/RetrofitStaticSource.java, line(s) 23,23 com/yolanda/nohttp/HttpConnection.java, line(s) 59,88 org/minidns/dane/ExpectingTrustManager.java, line(s) 57,56,55,55
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/qennnsad/aknkaksd/util/deviceinfo/DeviceInfo.java, line(s) 545,545,545,545,545,545,543 io/sentry/android/core/DefaultAndroidEventProcessor.java, line(s) 83 io/sentry/android/core/internal/util/RootChecker.java, line(s) 40,22,22,22,22,22,22,34
安全 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/557614287106/namespaces/firebase:fetch?key=AIzaSyBR2TQ24_-7-aIv_Rqn0V8Splq8TvAGdeo ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.moonscap.com) 通信。
{'ip': '221.228.32.13', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (static.moonscap.com) 通信。
{'ip': '221.228.32.13', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (centertime.ksyun.com) 通信。
{'ip': '110.43.105.194', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (trace-ldns.ksyun.com) 通信。
{'ip': '110.43.221.241', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (doh.pub) 通信。
{'ip': '1.12.12.21', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}