安全分析报告:
安全分数
安全分数 50/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
1
用户/设备跟踪器
调研结果
高危
2
中危
46
信息
4
安全
2
关注
4
高危 App 链接 assetlinks.json 文件未找到
[android:name=org.telegram.ui.LaunchActivity][android:host=https://t.me] App Link 资产验证 URL (https://t.me/.well-known/assetlinks.json) 未找到或配置不正确。(状态代码:None)。应用程序链接允许用户从 Web URL/电子邮件重定向到移动应用程序。如果此文件丢失或为 App Link 主机/域配置不正确,则恶意应用程序可以劫持此类 URL。这可能会导致网络钓鱼攻击,泄露 URI 中的敏感数据,例如 PII、OAuth 令牌、魔术链接/密码重置令牌等。您必须通过托管 assetlinks.json 文件并通过 Activity intent-filter 中的 [android:autoVerify=“true”] 启用验证来验证 App Link 网域。
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 741,746,34,35
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Service (org.telegram.messenger.GcmPushListenerService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.GoogleVoiceClientService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (org.telegram.messenger.GoogleVoiceClientActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.DefaultIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.VintageIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.AquaIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.PremiumIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.TurboIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.messenger.NoxIcon) 未被保护。
[android:exported=true] 发现 Activity-Alias与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity-Alias (org.telegram.ui.CallsActivity) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.CALL_PHONE [android:exported=true] 发现一个 Activity-Alias被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Activity (org.telegram.ui.ShareActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (org.telegram.ui.ExternalActionActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (org.telegram.ui.ChatsWidgetConfigActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (org.telegram.ui.ContactsWidgetConfigActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (org.telegram.messenger.OpenChatReceiver) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity设置了TaskAffinity属性
(org.telegram.ui.VoIPPermissionActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity设置了TaskAffinity属性
(org.telegram.ui.VoIPFeedbackActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Broadcast Receiver (org.telegram.messenger.SmsReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.AuthenticatorService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.ContactsSyncAdapterService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.BringAppForegroundService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.NotificationsService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.VideoEncodingService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.ImportingService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.LocationSharingService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.MusicPlayerService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.MusicBrowserService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (org.telegram.messenger.voip.TelegramConnectionService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_TELECOM_CONNECTION_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (org.telegram.messenger.RefererReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.INSTALL_PACKAGES [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Content Provider (org.telegram.messenger.voip.CallNotificationSoundProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (androidx.sharetarget.ChooserTargetServiceCompat) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_CHOOSER_TARGET_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: org/telegram/messenger/BuildVars.java, line(s) 136 org/telegram/messenger/ImageReceiver.java, line(s) 380 org/telegram/messenger/MediaDataController.java, line(s) 64,70,69 org/telegram/messenger/voip/Instance.java, line(s) 230,202,212 org/telegram/ui/Adapters/MentionsAdapter.java, line(s) 672 org/telegram/ui/ArticleViewer.java, line(s) 2433 org/telegram/ui/ChannelCreateActivity.java, line(s) 177 org/telegram/ui/DataAutoDownloadActivity.java, line(s) 72,87,80 org/telegram/ui/PremiumPreviewFragment.java, line(s) 1106,1051 org/telegram/ui/TopicsFragment.java, line(s) 2552,2545
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/carrotsearch/randomizedtesting/Xoroshiro128PlusRandom.java, line(s) 3 com/tencent/qimei/j/a.java, line(s) 9 com/tencent/qimei/s/e.java, line(s) 3 com/tencent/qmsp/sdk/f/c.java, line(s) 6 j$/util/concurrent/ThreadLocalRandom.java, line(s) 18 org/telegram/messenger/Utilities.java, line(s) 17 org/telegram/ui/Components/AudioVisualizerDrawable.java, line(s) 6 org/telegram/ui/Components/AvatarsDrawable.java, line(s) 11 org/telegram/ui/Components/BlobDrawable.java, line(s) 7 org/telegram/ui/Components/CircleBezierDrawable.java, line(s) 7 org/telegram/ui/Components/FlickerLoadingView.java, line(s) 12 org/telegram/ui/Components/GroupCallPipButton.java, line(s) 17 org/telegram/ui/Components/LineBlobDrawable.java, line(s) 6 org/telegram/ui/Components/SharedMediaFastScrollTooltip.java, line(s) 15 org/telegram/ui/EmojiAnimationsOverlay.java, line(s) 11 q/rorbin/badgeview/BadgeAnimator.java, line(s) 12
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/github/gzuliyujiang/oaid/impl/OppoImpl.java, line(s) 71 com/tencent/qmsp/oaid2/h0.java, line(s) 72 com/tencent/qmsp/sdk/g/g/e.java, line(s) 74 org/telegram/messenger/Utilities.java, line(s) 335,349 org/telegram/ui/PassportActivity.java, line(s) 1671
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/tencent/qimei/y/g.java, line(s) 43,42 com/tencent/qimei/y/k.java, line(s) 38,43 org/telegram/ui/JMTBaiduMapActivity.java, line(s) 65,60 org/telegram/ui/JMTMapPreviewActivity.java, line(s) 67,61
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/tencent/qimei/y/g.java, line(s) 45,42 com/tencent/qimei/y/k.java, line(s) 45,43 org/telegram/ui/ArticleViewer$BlockEmbedCell.java, line(s) 55,49 org/telegram/ui/Components/BotWebViewContainer.java, line(s) 342,307 org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 720,257 org/telegram/ui/Components/WebPlayerView.java, line(s) 1124,1131 org/telegram/ui/LoginActivity.java, line(s) 1417,2173,1415,2171 org/telegram/ui/WebviewActivity.java, line(s) 171,158
中危 IP地址泄露
IP地址泄露 Files: com/tencent/qimei/c/c.java, line(s) 121 com/tencent/qimei/o/u.java, line(s) 176,223 com/tencent/qimei/upload/BuildConfig.java, line(s) 13 cos/MyCOSService.java, line(s) 294,359,425,490,275,340,406,471,317,382,448,513,254,319,385,450,280,345,411,476,269,334,400,465,261,326,392,457,259,324,390,455,301,366,432,497,285,350,416,481,257,322,388,453,284,349,415,480,278,343,409,474,276,341,407,472,312,377,443,508,299,364,430,495,310,375,441,506,304,369,435,500,277,342,408,473,270,335,401,466,290,355,421,486,316,381,447,512,302,367,433,498,281,346,412,477,289,354,420,485,315,380,446,511,267,332,398,463,309,374,440,505,283,348,414,479,272,337,403,468,298,363,429,494,174,574,282,347,413,478,313,378,444,509,255,320,386,451,273,338,404,469,305,370,436,501,297,362,428,493,256,321,387,452,279,344,410,475,264,329,395,460,266,331,397,462,307,372,438,503,287,352,418,483,262,327,393,458,274,339,405,470,306,371,437,502,292,357,423,488,311,376,442,507,296,361,427,492,263,328,394,459,258,323,389,454,314,379,445,510,265,330,396,461,260,325,391,456,300,365,431,496,253,318,384,449,293,358,424,489,268,333,399,464,303,368,434,499,291,356,422,487,295,360,426,491,308,373,439,504,271,336,402,467,288,353,419,484,286,351,417,482 org/telegram/messenger/EmuDetector.java, line(s) 19
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: org/telegram/ui/Components/Paint/Slice.java, line(s) 22
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/tencent/qimei/j/a.java, line(s) 29 com/tencent/qmsp/oaid2/l.java, line(s) 38 com/tencent/qmsp/sdk/a/c.java, line(s) 35,88 com/tencent/qmsp/sdk/g/b/c.java, line(s) 37 org/telegram/messenger/MessagesController.java, line(s) 4806 org/telegram/messenger/Utilities.java, line(s) 480
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/github/gzuliyujiang/oaid/DeviceID.java, line(s) 293,294 com/hbisoft/hbrecorder/HBRecorder.java, line(s) 151 com/hbisoft/hbrecorder/ScreenRecordService.java, line(s) 166 com/lxj/xpopup/util/XPopupUtils.java, line(s) 323,346 org/telegram/messenger/AndroidUtilities.java, line(s) 636,2723,635,1875,1907,1917,2675,2676 org/telegram/messenger/EmuDetector.java, line(s) 226 org/telegram/messenger/FilesMigrationService.java, line(s) 92,76,188 org/telegram/messenger/MediaController.java, line(s) 3011,3013 org/telegram/messenger/SharedConfig.java, line(s) 1077 org/telegram/messenger/voip/VoIPController.java, line(s) 207 org/telegram/ui/ChatActivity.java, line(s) 3385,9340,9348 org/telegram/ui/Components/ChatAttachAlertDocumentLayout.java, line(s) 961,1163,1163,1163,1166 org/telegram/ui/Components/voip/VoIPHelper.java, line(s) 776,810
中危 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 openinstall统计的=> "com.openinstall.APP_KEY" : "banlo7" "LoginPassword" : "Senha" "UsernameLinkActive" : "active" "UseProxySecret" : "Sleutel" "TypePrivateGroup" : "Privat" "UseProxySecret" : "Segreto " "LoginPassword" : "Wachtwoord" "firebase_database_url" : "https://tmessages2.firebaseio.com" "PasswordCode" : "Codice" "AutodownloadPrivateChats" : "Chats" "TypePrivateGroup" : "pribadi" "PasswordOn" : "On" "CancelPasswordResetYes" : "Ya" "EncryptionKey" : "Encryptiesleutel" "PaymentPasswordEmailTitle" : "Herstel-e-mailadres" "NotificationHiddenChatUserName" : "Utente" "RestorePasswordNoEmailTitle" : "Desculpe" "TypePrivate" : "Privado" "RestorePasswordNoEmailTitle" : "Spiacenti" "CancelPasswordResetNo" : "NO" "JMTUsername" : "Username" "UsernameLinkActive" : "positif" "CancelPasswordResetYes" : "YES" "LoginPassword" : "Passwort" "UseProxyPassword" : "Passwort" "CheckPasswordPerfect" : "sempurna!" "NotificationHiddenChatUserName" : "User" "TypePrivateGroup" : "Private" "Username" : "Benutzername" "PasswordOn" : "Aan" "PasswordOn" : "Ativada" "google_crash_reporting_api_key" : "AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k" "NotificationHiddenChatUserName" : "Pengguna" "PaymentPasswordTitle" : "Senha" "UseProxySecret" : "Secret" "PasswordOn" : "Ein" "YourPasswordSuccess" : "Fatto!" "UsernameProfileLinkActive" : "positif" "TypePrivateGroup" : "Privato" "YourPasswordSuccess" : "Success!" "YourPasswordSuccess" : "Gelukt!" "UseProxySecret" : "Segredo" "PasswordOff" : "Aus" "PasswordRecovery" : "Wachtwoordherstel" "AbortPasswordMenu" : "Interromper" "PasswordOff" : "Uit" "CancelPasswordResetNo" : "TIDAK" "ChannelPrivate" : "privat" "ReportSpamUser" : "BLOQUEAR" "UseProxyUsername" : "Username" "PaymentPasswordTitle" : "Wachtwoord" "PasscodePassword" : "Password" "PaymentPasswordTitle" : "Passwort" "RestorePasswordNoEmailTitle" : "Sorry" "TypePrivate" : "pribadi" "NotificationHiddenChatUserName" : "Usuario" "UseProxyUsername" : "Benutzername" "Username" : "Username" "PasswordCode" : "Code" "TypePrivate" : "Privat" "PasswordOff" : "penutup" "UseProxyUsername" : "Gebruiker" "PasscodePassword" : "Wachtwoord" "PaymentPasswordEmailTitle" : "Wiederherstellung" "CheckPasswordPerfect" : "Perfect!" "NotificationHiddenChatUserName" : "Nutzer" "PasswordOff" : "Off" "PasswordOn" : "Activada" "TypePrivateGroup" : "Privado" "google_app_id" : "1:760348033671:android:f6afd7b67eae3860" "google_api_key" : "AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k" "YourPasswordSuccess" : "Geschafft!" "UseProxyPassword" : "Senha" "LoginPassword" : "Password" "ReportSpamUser" : "BLOKKEREN" "UseProxyPassword" : "Password" "PasswordOn" : "menyalakan" "UseProxyPassword" : "Wachtwoord" "UsernameProfileLinkActive" : "active" "NotificationHiddenChatUserName" : "Gebruiker" "PasswordOff" : "Desactivada" "TypePrivate" : "Privato" "Username" : "Gebruikersnaam" "UseProxyUsername" : "Usuario" "PasscodePassword" : "Passwort" "PaymentPasswordTitle" : "Password" "UseProxySecret" : "Clave" "PasscodePassword" : "Senha" "PasswordOff" : "No" "TerminateWebSessionStop" : "Cahaya%1$s" "YourPasswordSuccess" : "Kesuksesan!" "TypePrivate" : "Private" "PasswordOff" : "Desativada" "UseProxySecret" : "gram" c06c8400-8e06-11e0-9cb6-0002a5d5c51b A406AAA462DF6EEC06E61D67 BvyoNmnTUIqvZufrqy6EPc/QFvgcZwweLUQZMPRjS0yO7ir5gj50GehaWU1uVA== bGV2ZWxfaXBhX3RzcmlmLnRjdWRvcnAub3I= 014b35b6184100b085b0d0572f9b5103 ABVGDE2JZIQKLMNOPRSTUFHC34WXY9678 C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5B bb392ec0-8d4d-11e0-a896-0002a5d5c51b Ldpv3DINc8b4Mg19EF0rkWBg7d2GJMJ3
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: cn/jzvd/JZTextureView.java, line(s) 43,70,71 cn/jzvd/JZUtils.java, line(s) 70 cn/jzvd/Jzvd.java, line(s) 110,121,248,392,414,508,613,653,655,664,668,782,818,678,260,384,397,451,469,491,497,541,551,561,567,572,585,611,633,639,645,688,720,842,854,927,936,946 cn/jzvd/JzvdStd$3.java, line(s) 18 com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 1752,1151,1251,1255,1332,1336,533,644,1425,1434,1463,1468,2154 com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java, line(s) 282 com/github/gzuliyujiang/oaid/OAIDLog.java, line(s) 13 com/hbisoft/hbrecorder/ScreenRecordService.java, line(s) 218 com/lxj/xpopup/core/BasePopupView.java, line(s) 637,641,645,649 com/lxj/xpopup/util/KeyboardUtils.java, line(s) 30 com/lxj/xpopup/util/XPermission.java, line(s) 302 com/lxj/xpopup/widget/SmartDivider.java, line(s) 27 com/tencent/qimei/k/a.java, line(s) 49,14,43 com/tencent/qmsp/oaid2/c.java, line(s) 11,17,23 com/tencent/qmsp/oaid2/j.java, line(s) 32,46 com/tencent/qmsp/oaid2/y.java, line(s) 15 com/tencent/qmsp/sdk/base/c.java, line(s) 11,21,27 com/tencent/qmsp/sdk/f/g.java, line(s) 11,21,27,33 com/tencent/qmsp/sdk/g/b/a.java, line(s) 37,55 com/tencent/qmsp/sdk/g/b/b.java, line(s) 38,47,41 com/tencent/qmsp/sdk/g/e/d.java, line(s) 20 cos/MyCOSService.java, line(s) 562,566 io/nlopez/smartlocation/utils/LoggerFactory$Blabber.java, line(s) 18,30,34,22,26 np/manager/KillSignerApplication776.java, line(s) 70,68 org/telegram/PhoneFormat/PhoneFormat.java, line(s) 112,117,138,145,155,163,213 org/telegram/SQLite/SQLiteCursor.java, line(s) 98,103 org/telegram/SQLite/SQLiteDatabase.java, line(s) 60,77 org/telegram/SQLite/SQLitePreparedStatement.java, line(s) 104,112 org/telegram/messenger/AndroidUtilities.java, line(s) 1786,1923,1948,1953,2551,2681,2688,325,381,464,562,600,926,963,1190,1221,1340,1356,1524,1533,1689,1753,1778,1834,1853,1919,1956,1965,2064,2068,2195,2211,2222,2271,2288,2292,2393,2519,2534,2645,2667,2725,2817,2983,2995,3039,4002,4020,4241,4251,4259,4299,4315,4521,4530,4578 org/telegram/messenger/AnimatedFileDrawableStream.java, line(s) 54,113 org/telegram/messenger/ApplicationLoader.java, line(s) 183,206,231,232,242,345,527,139,355,395,412,426,450,495,519 org/telegram/messenger/AuthTokensHelper.java, line(s) 66 org/telegram/messenger/BillingController.java, line(s) 218,300,304,322,109 org/telegram/messenger/ChatObject.java, line(s) 237,245,435,800,812,836,844,987,996,1009,1019,1094 org/telegram/messenger/ChatThemeController.java, line(s) 51,129,273,332,353 org/telegram/messenger/ContactsController.java, line(s) 378,390,401,624,710,719,743,856,861,886,940,958,1389,1516,103,112,497,522,670,1128,1136,1332,1336,1345,1611,2116,2148 org/telegram/messenger/ContactsRemoteViewsFactory.java, line(s) 158 org/telegram/messenger/ContactsSyncAdapterService.java, line(s) 49,30 org/telegram/messenger/DatabaseMigrationHelper.java, line(s) 1221,1331,547,600,646,670,694,718,765,981,1235,1239 org/telegram/messenger/DispatchQueue.java, line(s) 52,63,76,89 org/telegram/messenger/DispatchQueuePoolBackground.java, line(s) 122 org/telegram/messenger/DocumentObject.java, line(s) 50 org/telegram/messenger/DownloadController.java, line(s) 883,955,1036,1078,1137,1179,1232,1237 org/telegram/messenger/Emoji.java, line(s) 154,164,355,621,633 org/telegram/messenger/EmuInputDevicesDetector.java, line(s) 57 org/telegram/messenger/FeedRemoteViewsFactory.java, line(s) 134 org/telegram/messenger/FileLoadOperation.java, line(s) 757,1032,1034,1082,1230,1232,1318,1398,1511,1528,1550,1554,535,544,605,878,888,898,908,919,943,949,957,963,971,977,985,992,1001 org/telegram/messenger/FileLoader.java, line(s) 1332,118,752,1152,1160,1168,1177 org/telegram/messenger/FileLog.java, line(s) 96,97,98,99,131,132,133,382,237,262,409 org/telegram/messenger/FilePathDatabase.java, line(s) 64,74,120,190,224,293,87,140,199,229,291,295,327,343,356,388,425,496 org/telegram/messenger/FileRefController.java, line(s) 568,713,761 org/telegram/messenger/FileStreamLoadOperation.java, line(s) 159 org/telegram/messenger/FileUploadOperation.java, line(s) 112,136,204 org/telegram/messenger/FilesMigrationService.java, line(s) 99,134,139,154,158 org/telegram/messenger/FingerprintController.java, line(s) 32,47,68,73,86,111,129 org/telegram/messenger/GcmPushListenerService.java, line(s) 14,25 org/telegram/messenger/ImageLoader.java, line(s) 1258,286,316,328,347,385,404,425,718,736,1223,1342,1357,1424,1432,1442,2056,2068,2093,2158,2164,2239 org/telegram/messenger/ImageReceiver.java, line(s) 1154,1290,1328,1388,1439,1496 org/telegram/messenger/ImportingService.java, line(s) 39,75 org/telegram/messenger/KeepAliveJob.java, line(s) 24,38,44,60,72 org/telegram/messenger/LanguageDetector.java, line(s) 37,43,49 org/telegram/messenger/LinkifyPort.java, line(s) 42 org/telegram/messenger/LiteMode.java, line(s) 144,157 org/telegram/messenger/LocaleController.java, line(s) 586,977,1025,1046,2503,2519,2529,2532,2566,2580,2640,2687,2726,2747,2762,2771,2782,2793,3547,423,428,751,908,914,920,931,1077,1126,1218,1266,1894,1995,2020,2036,2052,2071,2093,2109,2138,2187,2329,2345,2369,2411,2421,2588,2643,3503,3523 org/telegram/messenger/LocationController.java, line(s) 258,314,642,699,764,818,898 org/telegram/messenger/LocationSharingService.java, line(s) 145 org/telegram/messenger/MediaController$13.java, line(s) 16 org/telegram/messenger/MediaController$2.java, line(s) 34 org/telegram/messenger/MediaController$5.java, line(s) 76 org/telegram/messenger/MediaController$6.java, line(s) 21 org/telegram/messenger/MediaController$StopMediaObserverRunnable.java, line(s) 25,33 org/telegram/messenger/MediaController$VideoConvertRunnable.java, line(s) 30 org/telegram/messenger/MediaController.java, line(s) 545,971,1059,1096,1114,1130,1142,1152,2691,2698,2803,2831,2840,495,500,505,510,528,554,563,630,646,664,713,724,796,953,1364,1397,1520,1734,1748,2115,2121,2199,2366,2375,2428,2547,2587,2717,2727,2768,2821,2843,2908,2911,3062,3083,3115,3123,3131,3154,3193,3201,3213,3270,3293,3301,3307,3315,3334,3345,3351,3357,3376,3386,3516,3595,3670,3676 org/telegram/messenger/MediaDataController$1.java, line(s) 223 org/telegram/messenger/MediaDataController.java, line(s) 4036,443,672,747,816,955,1026,1160,1211,1266,1499,1598,1642,1995,2180,2257,2704,2800,2940,3041,3232,4142,4182,4208,4274,4299,4415,4498,4637,4694,4706,4870,4995,5153,5308,5869,5961,6159,6199,6247,6290,6320,6539,6605,6708,6902,7062,7159 org/telegram/messenger/MessageObject.java, line(s) 492,878,1033,1256,2671,2768,2860,2866 org/telegram/messenger/MessagesController.java, line(s) 4244,6217,6258,6263,6298,6310,6320,6343,6348,6355,6372,6384,7967,7976,8912,9447,9684,9934,10119,10169,10210,10216,10222,11892,11906,12037,12046,12059,12104,12113,12125,12443,546,580,1348,1364,1391,2614,3163,3966,5199,7265,7305,7354,9703,10047,10146,10864,10890,10937,10957,12173,12631,12750,12837,13368,14097,14265,14408 org/telegram/messenger/MessagesStorage.java, line(s) 313,319,584,589,345,353,363,370,416,426,434,607,707,712,715,718,5195 org/telegram/messenger/MusicBrowserService$MediaSessionCallback.java, line(s) 55 org/telegram/messenger/MusicBrowserService.java, line(s) 193,270,328 org/telegram/messenger/MusicPlayerService.java, line(s) 145,380 org/telegram/messenger/NativeLoader.java, line(s) 46,54 org/telegram/messenger/NotificationBadge$HuaweiHomeBadger.java, line(s) 23 org/telegram/messenger/NotificationBadge$ZukHomeBadger.java, line(s) 25 org/telegram/messenger/NotificationCenter.java, line(s) 1313 org/telegram/messenger/NotificationImageProvider.java, line(s) 113 org/telegram/messenger/NotificationsController$1NotificationHolder.java, line(s) 55,50 org/telegram/messenger/NotificationsController.java, line(s) 222,364,405,1216,1278,1293,1332,1347,1384,202,207,214,233,269,339,361,369,1011,1026,1093,1147,1164,1172,1195,1199,1208,1222,1275,1290,1299,1329,1344,1354,1392,1456,1616,1641,1645,1654 org/telegram/messenger/NotificationsDisabledReceiver.java, line(s) 31,35,46,55,64,78 org/telegram/messenger/OpenChatReceiver.java, line(s) 34 org/telegram/messenger/PushListenerController$GooglePushListenerServiceProvider.java, line(s) 31,34,56,48,74 org/telegram/messenger/PushListenerController.java, line(s) 112,126,132,136,69,75 org/telegram/messenger/ScreenReceiver.java, line(s) 13,19 org/telegram/messenger/SecretChatHelper.java, line(s) 614,686,709,781,940,1066,1288,1307,1346,1363 org/telegram/messenger/SendMessagesHelper$LocationProvider.java, line(s) 46,90,95,104 org/telegram/messenger/SendMessagesHelper.java, line(s) 2397,2403,2418,2428,2442,3125,4136,4156,4164,4170,656,673,1058,1825,3393,3445,3509,3679,3978 org/telegram/messenger/SharedConfig.java, line(s) 1192,361,441,456,482,496,650,946,1099 org/telegram/messenger/SmsReceiver.java, line(s) 47 org/telegram/messenger/SvgHelper.java, line(s) 455,474,487,500,513,528,542,558,1619 org/telegram/messenger/TopicsController.java, line(s) 80,98,119,887 org/telegram/messenger/TranslateController.java, line(s) 311,316,321,340,962,1005 org/telegram/messenger/UserConfig.java, line(s) 234 org/telegram/messenger/UserNameResolver.java, line(s) 31 org/telegram/messenger/Utilities.java, line(s) 111,339,355,384,397,408,420,439,456,487 org/telegram/messenger/VideoEditedInfo.java, line(s) 379 org/telegram/messenger/VideoEncodingService.java, line(s) 37,92,54 org/telegram/messenger/XiaomiUtilities.java, line(s) 45 org/telegram/messenger/browser/Browser$1.java, line(s) 20 org/telegram/messenger/browser/Browser.java, line(s) 79 org/telegram/messenger/camera/CameraController.java, line(s) 168,203,550,567,586,185,220,261,349,364,369,421,438,464,476,508,540,593,622,683,693,717,746,749,808,813,819,824,832,855 org/telegram/messenger/camera/CameraSession.java, line(s) 198,202,133,192,247,265,322,335,351,356,448 org/telegram/messenger/camera/CameraView$CameraGLThread.java, line(s) 73,343,368,81,89,98,111,122,129,148,166,179,188,242,252 org/telegram/messenger/camera/CameraView.java, line(s) 447,827,857,1006,1070,1186,806,1039,1110,1119,1129,1137,1250,1328,1333,1341 org/telegram/messenger/ringtone/RingtoneDataStore.java, line(s) 44,357 org/telegram/messenger/secretmedia/ExtendedDefaultDataSource.java, line(s) 194 org/telegram/messenger/support/JobIntentService$CompatWorkEnqueuer.java, line(s) 58 org/telegram/messenger/support/customtabsclient/shared/CustomTabsHelper.java, line(s) 70 org/telegram/messenger/support/fingerprint/FingerprintManagerCompatApi23.java, line(s) 38,51,60 org/telegram/messenger/utils/BitmapsCache.java, line(s) 311 org/telegram/messenger/utils/CopyUtilities.java, line(s) 84 org/telegram/messenger/video/AudioRecoder.java, line(s) 61 org/telegram/messenger/video/MediaCodecVideoConvertor.java, line(s) 63 org/telegram/messenger/video/TextureRenderer.java, line(s) 83,85,206 org/telegram/messenger/voip/AudioRecordJNI.java, line(s) 245,64,77,93,112,136,178,210,236,108,218,61,74,90 org/telegram/messenger/voip/AudioTrackJNI.java, line(s) 37,60,114,124,122,31 org/telegram/messenger/voip/Instance.java, line(s) 98 org/telegram/messenger/voip/JNIUtilities.java, line(s) 93 org/telegram/messenger/voip/NativeInstance.java, line(s) 142,276,306 org/telegram/messenger/voip/TelegramConnectionService.java, line(s) 33,70,50,60,18,26 org/telegram/messenger/voip/VideoCapturerDevice.java, line(s) 361 org/telegram/messenger/voip/VoIPServerConfig.java, line(s) 19 org/telegram/messenger/voip/VoIPService$1.java, line(s) 63 org/telegram/messenger/voip/VoIPService$2.java, line(s) 40 org/telegram/messenger/voip/VoIPService$3.java, line(s) 52,60 org/telegram/messenger/voip/VoIPService$CallConnection.java, line(s) 26,37,65,77,84 org/telegram/messenger/voip/VoIPService.java, line(s) 912,1350,1594,1693,2557,2573,2593,2692,2919,3293,3309,3341,3348,3355,3461,3476,3591,3634,3760,3797,3804,3812,3923,3970,4088,509,570,842,886,910,928,959,1398,1627,2492,2725,2912,3025,3074,3136,3153,3209,3284,3361,3507,3519,3562,3653,3662,3698,3728,3770,3944,3964,4202,4213,576,599,921,955,1414,3198 org/telegram/tgnet/ConnectionsManager.java, line(s) 348,404,414,416,485,584,592,608,624,627,634,687,718,851,857,860,368,394,419,637,696,748,760,773,866,906,386 org/telegram/tgnet/NativeByteBuffer.java, line(s) 125,126,140,141,165,166,180,181,199,200,208,209,217,218,253,254,289,290,300,301,337,383,384,401,416,417,430,431,444,445,479,480,509,510,545,546,561,562 org/telegram/tgnet/SerializedData.java, line(s) 68,77,86,95,113,114,136,137,164,165,179,180,194,195,209,210,245,246,256,257,292,293,303,304,314,315,342,367,384,385,399,400,439,440,473,474,489,490,505,506,522,523,542,543 org/telegram/tgnet/TLClassStore.java, line(s) 51 org/telegram/tgnet/TLRPC$TL_chatPhoto.java, line(s) 39 org/telegram/tgnet/TLRPC$TL_chatPhoto_layer127.java, line(s) 25 org/telegram/tgnet/TLRPC$TL_userProfilePhoto.java, line(s) 36 org/telegram/tgnet/TLRPC$TL_userProfilePhoto_layer127.java, line(s) 26 org/telegram/ui/ActionBar/ActionBarLayout.java, line(s) 1303,1160,1164,1834,2648 org/telegram/ui/ActionBar/ActionBarPopupWindow.java, line(s) 177,580,680 org/telegram/ui/ActionBar/AlertDialog.java, line(s) 908,1194 org/telegram/ui/ActionBar/BaseFragment.java, line(s) 283,295,321,336,468,563,575,619,633 org/telegram/ui/ActionBar/BottomSheet.java, line(s) 842,1448,1583,1607 org/telegram/ui/ActionBar/DrawerLayoutContainer.java, line(s) 492 org/telegram/ui/ActionBar/EmojiThemes.java, line(s) 403,472 org/telegram/ui/ActionBar/Theme.java, line(s) 5131,5180,2091,2683,2699,2763,2902,2950,3166,3174,3537,4592,4599,4653,4740,4763,5578,5599,5613,5732,5744,7493,7535,7730,7757,5423 org/telegram/ui/ActionBar/ThemeDescription.java, line(s) 787 org/telegram/ui/ActionIntroActivity.java, line(s) 366,435,511 org/telegram/ui/Adapters/ContactsAdapter.java, line(s) 109 org/telegram/ui/Adapters/DialogsAdapter.java, line(s) 350 org/telegram/ui/Adapters/DialogsSearchAdapter.java, line(s) 747,790,837,863 org/telegram/ui/Adapters/SearchAdapter.java, line(s) 114,135,487 org/telegram/ui/Adapters/SearchAdapterHelper.java, line(s) 334,520,578 org/telegram/ui/ArticleViewer$BlockAuthorDateCell.java, line(s) 84 org/telegram/ui/ArticleViewer$BlockEmbedCell$1.java, line(s) 133,145 org/telegram/ui/ArticleViewer$BlockEmbedCell.java, line(s) 75,99,130 org/telegram/ui/ArticleViewer$BlockMapCell.java, line(s) 67 org/telegram/ui/ArticleViewer.java, line(s) 521,3179,3215,3229,3353,3362,3384,3392 org/telegram/ui/BasePermissionsActivity.java, line(s) 100 org/telegram/ui/BubbleActivity$1.java, line(s) 19,23 org/telegram/ui/BubbleActivity.java, line(s) 77 org/telegram/ui/CacheControlActivity.java, line(s) 267,384,475,482,804,1214,1261 org/telegram/ui/CameraScanActivity.java, line(s) 405,415,647 org/telegram/ui/Cells/AboutLinkCell.java, line(s) 233,305,526 org/telegram/ui/Cells/AudioPlayerCell.java, line(s) 87,98 org/telegram/ui/Cells/BotHelpCell.java, line(s) 179 org/telegram/ui/Cells/ChatActionCell.java, line(s) 435,814,819 org/telegram/ui/Cells/ChatMessageCell.java, line(s) 3412,4034,4148,4176 org/telegram/ui/Cells/DialogCell.java, line(s) 778,885,1902 org/telegram/ui/Cells/DialogMeUrlCell.java, line(s) 210,225,307 org/telegram/ui/Cells/DrawerActionCell.java, line(s) 99,108 org/telegram/ui/Cells/DrawerProfileCell.java, line(s) 446 org/telegram/ui/Cells/SettingsSuggestionCell.java, line(s) 127 org/telegram/ui/Cells/SharedAudioCell.java, line(s) 173,206 org/telegram/ui/Cells/TextSelectionHelper.java, line(s) 1057,1058 org/telegram/ui/Cells/ThemesHorizontalListCell.java, line(s) 329 org/telegram/ui/ChangeBioActivity.java, line(s) 205,216 org/telegram/ui/ChangeUsernameActivity$InputCell.java, line(s) 121 org/telegram/ui/ChangeUsernameActivity.java, line(s) 715,729,738,747 org/telegram/ui/ChannelAdminLogActivity$8.java, line(s) 32,53 org/telegram/ui/ChannelAdminLogActivity.java, line(s) 312,1447,2089,2098,2107,2116,2125,2134,2143,2152,311,311,315 org/telegram/ui/ChannelCreateActivity.java, line(s) 1044,1164,1178 org/telegram/ui/ChatActivity$16.java, line(s) 36,61,83 org/telegram/ui/ChatActivity$17.java, line(s) 138 org/telegram/ui/ChatActivity$48.java, line(s) 13,17 org/telegram/ui/ChatActivity$ChatActivityAdapter.java, line(s) 342,359,376,395,419,436,336,353,370,387,413,430,447 org/telegram/ui/ChatActivity.java, line(s) 9772,13517,2467,3013,5928,6350,6530,6581,8269,8279,9033,9264,11491,12178,12779,14082,14915,15278,15297,15327,9352 org/telegram/ui/ChatEditActivity.java, line(s) 793 org/telegram/ui/ChatRightsEditActivity.java, line(s) 882,898 org/telegram/ui/ChatUsersActivity.java, line(s) 1681 org/telegram/ui/Components/AlertsCreator.java, line(s) 206,237,284,317,1135,1187,1202,2100,4828,4885,5593 org/telegram/ui/Components/AnimatedEmojiDrawable.java, line(s) 724,240,272 org/telegram/ui/Components/AvatarDrawable.java, line(s) 463 org/telegram/ui/Components/BlockingUpdateView.java, line(s) 274,278 org/telegram/ui/Components/BlurBehindDrawable.java, line(s) 139,391 org/telegram/ui/Components/BotWebViewContainer.java, line(s) 242,693,1028,1038,1048,1095,1122 org/telegram/ui/Components/BotWebViewMenuContainer.java, line(s) 861 org/telegram/ui/Components/BotWebViewSheet.java, line(s) 912 org/telegram/ui/Components/ChatActivityEnterView.java, line(s) 2557,3407,3478,4478,6576,6594,6606,6665,7310,7330,7549,7597 org/telegram/ui/Components/ChatAttachAlertAudioLayout.java, line(s) 603 org/telegram/ui/Components/ChatAttachAlertBotWebViewLayout.java, line(s) 553 org/telegram/ui/Components/ChatAttachAlertDocumentLayout.java, line(s) 203,694,957,964 org/telegram/ui/Components/ChatAttachAlertLocationLayout.java, line(s) 112,130,412,435,453,461 org/telegram/ui/Components/ChatAttachAlertPhotoLayout.java, line(s) 3226,3665,3679 org/telegram/ui/Components/ChatAvatarContainer.java, line(s) 683 org/telegram/ui/Components/ChatThemeBottomSheet.java, line(s) 1154,1332 org/telegram/ui/Components/ClippingImageView.java, line(s) 232 org/telegram/ui/Components/Crop/CropView.java, line(s) 1157,963,1105 org/telegram/ui/Components/EditTextBoldCursor.java, line(s) 344,588,765,839,848 org/telegram/ui/Components/EditTextCaption.java, line(s) 282,413,440,481,547 org/telegram/ui/Components/EditTextEmoji.java, line(s) 142,715,743 org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 223,355,383,397,419,462,535,542,732,751,765,847,873,943 org/telegram/ui/Components/EmojiColorPickerWindow.java, line(s) 442 org/telegram/ui/Components/EmojiPacksAlert.java, line(s) 829,1304,1706 org/telegram/ui/Components/EmojiView.java, line(s) 1268,1704,2035,5889,7161 org/telegram/ui/Components/FilterGLThread.java, line(s) 107,180,213,220,229,240,251,258,334,439 org/telegram/ui/Components/FilterShaders.java, line(s) 948,949 org/telegram/ui/Components/ForegroundDetector.java, line(s) 82,119,89,126 org/telegram/ui/Components/ForwardingPreviewView.java, line(s) 739 org/telegram/ui/Components/GroupCallPipAlertView.java, line(s) 196 org/telegram/ui/Components/GroupVoipInviteAlert.java, line(s) 377 org/telegram/ui/Components/ImageUpdater.java, line(s) 635,668,706,738,999,1006 org/telegram/ui/Components/InstantCameraView.java, line(s) 586,598,604,1036,1110,1138,1147,1154,1318,1323,1566,1587,1855,2166,526,578,786,894,1141,1151,1181,1194,1226,1238,1331,1338,1347,1358,1369,1399,1426,1431,1437,1446,1500,1669,1674,1682,1919,1942,1951,1962,1970,2089,2138,2236 org/telegram/ui/Components/JoinCallAlert.java, line(s) 223,287 org/telegram/ui/Components/LetterDrawable.java, line(s) 113 org/telegram/ui/Components/LinkActionView.java, line(s) 222,240 org/telegram/ui/Components/MotionBackgroundDrawable.java, line(s) 317,538 org/telegram/ui/Components/Paint/RenderView.java, line(s) 391,398,407,418,429,436,455,614 org/telegram/ui/Components/Paint/Shader.java, line(s) 19,27,82,92 org/telegram/ui/Components/Paint/ShapeDetector.java, line(s) 232,293,606 org/telegram/ui/Components/Paint/Slice.java, line(s) 24,54,88 org/telegram/ui/Components/Paint/Utils.java, line(s) 12 org/telegram/ui/Components/Paint/Views/LPhotoPaintView.java, line(s) 1702,1709,1727,1979,3611,3639 org/telegram/ui/Components/PasscodeView.java, line(s) 176,293,1207,1217,1247,1300,1315,1340,1360,1381,1391 org/telegram/ui/Components/PathAnimator.java, line(s) 101 org/telegram/ui/Components/PhonebookShareAlert.java, line(s) 304,362,775 org/telegram/ui/Components/PhotoViewerCaptionEnterView.java, line(s) 183,547,859,880,905,938,1057 org/telegram/ui/Components/PhotoViewerWebView.java, line(s) 404,581,706 org/telegram/ui/Components/PipRoundVideoView.java, line(s) 266 org/telegram/ui/Components/Premium/GLIcon/GLIconTextureView.java, line(s) 393,400,437 org/telegram/ui/Components/Premium/PremiumAppIconsPreviewView.java, line(s) 40 org/telegram/ui/Components/Premium/PremiumNotAvailableBottomSheet.java, line(s) 68 org/telegram/ui/Components/ProfileGalleryView.java, line(s) 475 org/telegram/ui/Components/ProximitySheet.java, line(s) 564 org/telegram/ui/Components/QRCodeBottomSheet.java, line(s) 164 org/telegram/ui/Components/RLottieDrawable.java, line(s) 368,406,528,662,700,822,902,988,1026,1148,1370,1408,1530,1913 org/telegram/ui/Components/RadioButton.java, line(s) 48,153 org/telegram/ui/Components/RecyclerListView.java, line(s) 904,1162,1176,2169,2175 org/telegram/ui/Components/SeekBar.java, line(s) 345,357 org/telegram/ui/Components/SeekBarView.java, line(s) 503 org/telegram/ui/Components/ShareAlert.java, line(s) 2368 org/telegram/ui/Components/SharedMediaLayout.java, line(s) 1942,4144 org/telegram/ui/Components/SizeNotifierFrameLayout.java, line(s) 670 org/telegram/ui/Components/SlotsDrawable.java, line(s) 70,176 org/telegram/ui/Components/StaticLayoutEx.java, line(s) 99 org/telegram/ui/Components/StickerCategoriesListView.java, line(s) 926 org/telegram/ui/Components/StickersAlert.java, line(s) 1279,1390,1596 org/telegram/ui/Components/TermsOfServiceView.java, line(s) 172 org/telegram/ui/Components/ThemeEditorView.java, line(s) 99,108,1107,1331,1446 org/telegram/ui/Components/TimerDrawable.java, line(s) 124 org/telegram/ui/Components/TranscribeButton.java, line(s) 636,703 org/telegram/ui/Components/UndoView.java, line(s) 124 org/telegram/ui/Components/VideoPlayerSeekBar.java, line(s) 337 org/telegram/ui/Components/VideoTimelinePlayView.java, line(s) 340,410,441 org/telegram/ui/Components/VideoTimelineView.java, line(s) 274,344,376 org/telegram/ui/Components/WallpaperUpdater.java, line(s) 106,109,133,159 org/telegram/ui/Components/WebPlayerView.java, line(s) 461,385,441,512,570,619,680,734,1073,1335,1383,1727,1735,1743,1751,1759,1765,1789 org/telegram/ui/Components/voip/VoIPHelper.java, line(s) 108,177,401,803 org/telegram/ui/Components/voip/VoIPPiPView.java, line(s) 371,631 org/telegram/ui/ContactAddActivity$4.java, line(s) 17 org/telegram/ui/ContactsActivity$10.java, line(s) 47 org/telegram/ui/ContactsActivity.java, line(s) 262,360,381,542,572 org/telegram/ui/ContentPreviewViewer.java, line(s) 1126,1196,1372 org/telegram/ui/CountrySelectActivity$CountryAdapter.java, line(s) 85 org/telegram/ui/CountrySelectActivity$CountrySearchAdapter$1.java, line(s) 23 org/telegram/ui/CountrySelectActivity$CountrySearchAdapter.java, line(s) 67 org/telegram/ui/DeviceUtils.java, line(s) 50 org/telegram/ui/DialogsActivity$16.java, line(s) 68 org/telegram/ui/DialogsActivity$21.java, line(s) 29 org/telegram/ui/DialogsActivity$6$1.java, line(s) 25,31,39 org/telegram/ui/DialogsActivity.java, line(s) 1528,3176,5500,6672 org/telegram/ui/EmojiAnimationsOverlay.java, line(s) 756 org/telegram/ui/ExternalActionActivity$4.java, line(s) 19,23 org/telegram/ui/ExternalActionActivity.java, line(s) 98,385,426 org/telegram/ui/FilterChatlistActivity$InviteLinkCell.java, line(s) 525 org/telegram/ui/FilterCreateActivity.java, line(s) 645,1079 org/telegram/ui/FilteredSearchView.java, line(s) 739 org/telegram/ui/FiltersSetupActivity$ListAdapter.java, line(s) 128 org/telegram/ui/GroupCallActivity.java, line(s) 565,701 org/telegram/ui/GroupCreateActivity.java, line(s) 384 org/telegram/ui/GroupCreateFinalActivity.java, line(s) 171 org/telegram/ui/GroupInviteActivity.java, line(s) 140,155 org/telegram/ui/GroupStickersActivity$ListAdapter.java, line(s) 65 org/telegram/ui/IdenticonActivity$LinkMovementMethodMy.java, line(s) 18 org/telegram/ui/InviteContactsActivity$InviteAdapter$1.java, line(s) 25 org/telegram/ui/InviteContactsActivity$InviteAdapter.java, line(s) 98 org/telegram/ui/InviteContactsActivity.java, line(s) 240,283 org/telegram/ui/LanguageSelectActivity.java, line(s) 196,225 org/telegram/ui/LaunchActivity$26.java, line(s) 21,30,27 org/telegram/ui/LaunchActivity.java, line(s) 649,860,872,3688,4415,4443,4521,4533,4537,4558,4570,356,611,660,1441,1484,1749,1756,1840,1858,1863,1873,1965,2013,2019,2063,2148,2234,2246,2319,2361,2368,2707,2737,2818,2835,2847,2863,2886,2949,2975,2997,3024,3219,3234,3243,3262,3577,3875,3882,4473,4672,4750,4822 org/telegram/ui/LocationActivity.java, line(s) 244,252,358,1174,1241,1248,1360,1570,1613,1640,1665,1783,1853,2190,2220,2243,2336,2444,2505,2514,2537,2546 org/telegram/ui/LoginActivity$MergeUserNameView$10$1.java, line(s) 35 org/telegram/ui/LoginActivity$RegisterUserNameView$10$1.java, line(s) 35 org/telegram/ui/LoginActivity$RegisterUserNameView$11$1.java, line(s) 95 org/telegram/ui/LoginActivity$RegisterUserNameView$2.java, line(s) 27 org/telegram/ui/LoginActivity.java, line(s) 1110,1182,1277,1283,1288,1292,1304,1310,1519,1527,1674,1681,1931,1939,1980,1987,2021,2028,2258,2312,2321,2356,2363,6024,6066,455,529,1038,1282,1309,1488,1900,2234,2524,2801,2832,3877,4193,6208 org/telegram/ui/ManageLinksActivity$LinkCell.java, line(s) 115,130 org/telegram/ui/NewContactBottomSheet.java, line(s) 267 org/telegram/ui/NotificationsCustomSettingsActivity.java, line(s) 486 org/telegram/ui/NotificationsSettingsActivity.java, line(s) 280 org/telegram/ui/NotificationsSoundActivity.java, line(s) 496,694 org/telegram/ui/PasscodeActivity.java, line(s) 476,641 org/telegram/ui/PassportActivity.java, line(s) 605,1675,1995,2103,2201,2802,4179,4508,4567,4752,4770,4913,5532,5555 org/telegram/ui/PaymentFormActivity$TelegramWebviewProxy.java, line(s) 33 org/telegram/ui/PaymentFormActivity.java, line(s) 409,1083,1284,1368,1377,1501,1508,1764,2016 org/telegram/ui/PeopleNearbyActivity.java, line(s) 541,481,698 org/telegram/ui/PhotoCropActivity$PhotoCropView.java, line(s) 168,173 org/telegram/ui/PhotoViewer$28.java, line(s) 28,40 org/telegram/ui/PhotoViewer$55.java, line(s) 48,56 org/telegram/ui/PhotoViewer$6.java, line(s) 40 org/telegram/ui/PhotoViewer$77.java, line(s) 86 org/telegram/ui/PhotoViewer$CaptionScrollView.java, line(s) 74,82,184 org/telegram/ui/PhotoViewer$FirstFrameView.java, line(s) 92 org/telegram/ui/PhotoViewer.java, line(s) 4792,4800,1813,3808,4081,4112,4342,4391,5065,5155,5162,5386,5402,5855,5956,5964,5979,6008,6220,6225,7832,8631,8687,8703,8714,8723,8819,8936 org/telegram/ui/PopupNotificationActivity.java, line(s) 428,1019 org/telegram/ui/PremiumPreviewFragment.java, line(s) 1054,1068,1082,1108 org/telegram/ui/PrivacyControlActivity.java, line(s) 731 org/telegram/ui/PrivacySettingsActivity.java, line(s) 282,478,565 org/telegram/ui/ProfileActivity.java, line(s) 853,1161,1554,2788,2806,3417,4470,4645,4658,4673,4754,4774,6953,7051,7667 org/telegram/ui/ProfileNotificationsActivity.java, line(s) 270 org/telegram/ui/RestrictedLanguagesSelectActivity.java, line(s) 491,503,526 org/telegram/ui/SecretMediaViewer.java, line(s) 301,307,342,386,651,770,865 org/telegram/ui/SelectAnimatedEmojiDialog.java, line(s) 495,560,2026 org/telegram/ui/SessionsActivity.java, line(s) 461,482,1242,1322 org/telegram/ui/ShareActivity.java, line(s) 77,100 org/telegram/ui/StickersActivity.java, line(s) 1081,1103,1440 org/telegram/ui/ThemeActivity.java, line(s) 1264,1276,1354,1359 org/telegram/ui/ThemePreviewActivity.java, line(s) 1214 org/telegram/ui/ThemeSetUrlActivity$3.java, line(s) 72 org/telegram/ui/ThemeSetUrlActivity$LinkMovementMethodMy.java, line(s) 23 org/telegram/ui/ThemeSetUrlActivity.java, line(s) 335,351,557,568 org/telegram/ui/TopicsFragment.java, line(s) 3141,638 org/telegram/ui/TwoStepVerificationActivity.java, line(s) 150,673 org/telegram/ui/TwoStepVerificationSetupActivity$14.java, line(s) 77 org/telegram/ui/TwoStepVerificationSetupActivity.java, line(s) 1091,1115 org/telegram/ui/VoIPFragment.java, line(s) 657,1131,1328 org/telegram/ui/VoIPPermissionActivity.java, line(s) 35 org/telegram/ui/WallpapersListActivity.java, line(s) 1030 org/telegram/ui/WebviewActivity$3.java, line(s) 35,45 org/telegram/ui/WebviewActivity$TelegramWebviewProxy.java, line(s) 35 org/telegram/ui/WebviewActivity.java, line(s) 100,275 org/webrtc/AndroidVideoDecoder.java, line(s) 436 org/webrtc/EglRenderer.java, line(s) 207,507 org/webrtc/GlGenericDrawer.java, line(s) 328 org/webrtc/GlShader.java, line(s) 97 org/webrtc/HardwareVideoEncoderFactory.java, line(s) 125 org/webrtc/MediaCodecUtils.java, line(s) 55 org/webrtc/ScreenCapturerAndroid.java, line(s) 85,147 org/webrtc/TextureBufferImpl.java, line(s) 120 org/webrtc/YuvConverter.java, line(s) 116,142 org/webrtc/voiceengine/WebRtcAudioRecord.java, line(s) 161,355,396 org/webrtc/voiceengine/WebRtcAudioTrack.java, line(s) 266,375 repeackage/com/qiku/id/QikuIdmanager.java, line(s) 24
信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: org/telegram/ui/ProxySettingsActivity$$ExternalSyntheticLambda1.java, line(s) 5,3 org/telegram/ui/ProxySettingsActivity.java, line(s) 62,5
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: org/telegram/messenger/AndroidUtilities.java, line(s) 10,2639,2642 org/telegram/ui/ChangeUsernameActivity$InputCell.java, line(s) 4,116 org/telegram/ui/ChatActivity.java, line(s) 12,12774 org/telegram/ui/Components/EmbedBottomSheet.java, line(s) 10,845 org/telegram/ui/Components/InviteMembersBottomSheet.java, line(s) 12,1169 org/telegram/ui/Components/LinkActionView.java, line(s) 6,215 org/telegram/ui/Components/PhonebookShareAlert.java, line(s) 8,357,379 org/telegram/ui/Components/ShareAlert.java, line(s) 11,2352 org/telegram/ui/GroupInviteActivity.java, line(s) 4,136 org/telegram/ui/ManageLinksActivity$LinkCell.java, line(s) 4,111 org/telegram/ui/PrivacyControlActivity$ListAdapter$2.java, line(s) 4,24 org/telegram/ui/ProfileActivity.java, line(s) 10,4467,4651 org/telegram/ui/SessionBottomSheet.java, line(s) 5,198 org/telegram/ui/StickersActivity.java, line(s) 5,1100 org/telegram/ui/ThemeSetUrlActivity$3.java, line(s) 4,67
信息 应用与Firebase数据库通信
该应用与位于 https://tmessages2.firebaseio.com 的 Firebase 数据库进行通信
安全 此应用程序使用Safety Net API。
此应用程序使用Safety Net API。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#safetynet Files: org/telegram/ui/LoginActivity.java, line(s) 64
安全 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/760348033671/namespaces/firebase:fetch?key=AIzaSyA-t0jLPjUt2FxrA8VPK2EiYHcYcboIR6k ) 已禁用。响应内容如下所示: 响应码是 403
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ip.jmtim.cn) 通信。
{'ip': '117.21.189.54', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (tun-cos-1258344701.file.myqcloud.com) 通信。
{'ip': '117.21.189.54', 'country_short': 'CN', 'country_long': '中国', 'region': '江西', 'city': '九江', 'latitude': '29.733330', 'longitude': '115.983330'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (bit.909321.xyz) 通信。
{'ip': '221.228.32.13', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (szcp.mxdx.net) 通信。
{'ip': '27.155.98.155', 'country_short': 'CN', 'country_long': '中国', 'region': '福建', 'city': '福州', 'latitude': '26.061390', 'longitude': '119.306107'}