安全分析报告:
安全分数
安全分数 45/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
6
用户/设备跟踪器
调研结果
高危
7
中危
20
信息
3
安全
3
关注
0
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 基本配置配置为信任用户安装的证书。
Scope: *
高危 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: co/monterosa/fancompanion/ui/views/AdvancedWebView.java, line(s) 128,10,11 co/monterosa/fancompanion/ui/views/AdvancedWebviewFragment.java, line(s) 436,21,22 co/monterosa/mercury/fragm/SimpleWebViewFragment.java, line(s) 125,16,17
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: co/monterosa/fancompanion/ui/views/GridWebviewFragment.java, line(s) 246,20,21 com/reactnativecommunity/webview/RNCWebViewManager.java, line(s) 1059,35,36
高危 该文件是World Writable。任何应用程序都可以写入文件
该文件是World Writable。任何应用程序都可以写入文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/braintreepayments/browserswitch/PersistentStore.java, line(s) 16
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: co/monterosa/mercury/util/AesCbcWithIntegrity.java, line(s) 257,331 com/tozny/crypto/android/AesCbcWithIntegrity.java, line(s) 257,331
高危 应用程序包含隐私跟踪程序
此应用程序有多个6隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 Activity (com.braintreepayments.api.BraintreeBrowserSwitchActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.google.android.gms.analytics.CampaignTrackingReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (androidx.compose.ui.tooling.PreviewActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Activity (androidx.test.core.app.InstrumentationActivityInvoker$BootstrapActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (androidx.test.core.app.InstrumentationActivityInvoker$EmptyFloatingActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: co/monterosa/mercury/tools/ColorTools.java, line(s) 4 co/monterosa/mercury/tools/ThreadTools.java, line(s) 3 com/amazonaws/retry/PredefinedRetryPolicies.java, line(s) 9 com/neoncube/itvandroidsdk/ui/common/ItvAnimatedImage.java, line(s) 16 com/neoncube/itvandroidsdk/ui/common/ItvProcessingProgress.java, line(s) 16 com/paypal/android/sdk/onetouch/core/fpti/FptiManager.java, line(s) 20 com/paypal/android/sdk/onetouch/core/fpti/FptiToken.java, line(s) 3 scala/concurrent/forkjoin/ThreadLocalRandom.java, line(s) 3 scala/util/Random$.java, line(s) 18 scala/util/Random.java, line(s) 18,20,24,86,117,129 uk/co/monterosa/enmasse/core/TransportManager.java, line(s) 3
中危 IP地址泄露
IP地址泄露 Files: lib/android/paypal/com/magnessdk/a/b.java, line(s) 11
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: co/monterosa/fancompanion/BuildConfig.java, line(s) 22,18,23 co/monterosa/fancompanion/lvis/AppSetup.java, line(s) 221,99 co/monterosa/fancompanion/model/AppSetupModelGeneral.java, line(s) 703 co/monterosa/fancompanion/model/BuzzerSkin.java, line(s) 214 co/monterosa/fancompanion/model/apimodels/SubNavigationTabSerializer.java, line(s) 26,29,35,38,59,62,65,68 co/monterosa/fancompanion/model/apimodels/SubNavigationType.java, line(s) 119 co/monterosa/fancompanion/model/apimodels/VideoData.java, line(s) 370,370 co/monterosa/fancompanion/react/ReactBridge.java, line(s) 91 co/monterosa/fancompanion/services/fcm/FcmRegistrationIntentService.java, line(s) 31,33 co/monterosa/fancompanion/ui/HomeActivity.java, line(s) 123 co/monterosa/fancompanion/ui/navigation/RecommendedVideosFragment.java, line(s) 58 co/monterosa/fancompanion/ui/videoplayer/activity/BrightcoveIMAActivity.java, line(s) 100 co/monterosa/fc/layout_components/models/GradientModel.java, line(s) 18,21 co/monterosa/fc/layout_components/tools/HtmlVideoTagsManager.java, line(s) 165 co/monterosa/mercury/tools/SecureFileTools.java, line(s) 17,26 co/monterosa/showstores/ui/shop/BaseShopWebViewFragment.java, line(s) 35 com/amazonaws/auth/CognitoCachingCredentialsProvider.java, line(s) 29,32,28,30,31 com/amazonaws/auth/policy/conditions/ConditionFactory.java, line(s) 8,9,10,11,12,13,14 com/amazonaws/auth/policy/conditions/S3ConditionFactory.java, line(s) 10,11,12,14,15,8,9,13 com/amazonaws/auth/policy/conditions/SNSConditionFactory.java, line(s) 7,8 com/amazonaws/internal/keyvaluestore/AWSKeyValueStore.java, line(s) 253,250 com/amazonaws/internal/keyvaluestore/KeyProvider18.java, line(s) 29 com/amazonaws/mobileconnectors/s3/transferutility/TransferObserver.java, line(s) 126 com/amazonaws/services/s3/Headers.java, line(s) 23,28,65 com/amazonaws/services/s3/model/S3ObjectSummary.java, line(s) 71 com/braintreepayments/api/DataCollector.java, line(s) 24,25,26 com/braintreepayments/api/PayPal.java, line(s) 50,51,52,58,53,78,69,73,74,56,57,59,60,61,62,63,66,68,67,72,75,77,79 com/braintreepayments/api/PayPalTwoFactorAuthSharedPreferences.java, line(s) 10 com/braintreepayments/api/UnionPay.java, line(s) 17,16 com/braintreepayments/api/Venmo.java, line(s) 33,36,32 com/braintreepayments/api/exceptions/BraintreeError.java, line(s) 27,26,28 com/braintreepayments/api/exceptions/ErrorWithResponse.java, line(s) 26,27,28 com/braintreepayments/api/internal/AnalyticsEvent.java, line(s) 15,16,17,18,19,20,21,22 com/braintreepayments/api/internal/AnalyticsSender.java, line(s) 29,19,20,21,22,23,24,25,26,27,28,30,31,32,33,34 com/braintreepayments/api/internal/BraintreeHttpClient.java, line(s) 21,22 com/braintreepayments/api/internal/UUIDHelper.java, line(s) 8 com/braintreepayments/api/models/AmericanExpressRewardsBalance.java, line(s) 25,11,23,24,26,27,28,29,30 com/braintreepayments/api/models/AnalyticsConfiguration.java, line(s) 9 com/braintreepayments/api/models/AuthenticationInsight.java, line(s) 20,21 com/braintreepayments/api/models/BaseCardBuilder.java, line(s) 10,11,12,14,13,15,16,17,18,19,20,21,22,23,24,25,26 com/braintreepayments/api/models/BinData.java, line(s) 9,10,11,23,24,25,26,28,29,30 com/braintreepayments/api/models/BraintreeApiConfiguration.java, line(s) 8,9 com/braintreepayments/api/models/CardBuilder.java, line(s) 14,13,26 com/braintreepayments/api/models/CardConfiguration.java, line(s) 10,11 com/braintreepayments/api/models/CardNonce.java, line(s) 13,14,31,15,17,32,12,16,29,30,33,35,36,37,34 com/braintreepayments/api/models/ClientToken.java, line(s) 11,13 com/braintreepayments/api/models/Configuration.java, line(s) 13,21,14,15,18,19,17,20,22,23,24,25,27,26,28,29,30,31,32 com/braintreepayments/api/models/GooglePaymentCardNonce.java, line(s) 14,16,15,28,29,30 com/braintreepayments/api/models/GooglePaymentConfiguration.java, line(s) 12,13,14,15,16,17 com/braintreepayments/api/models/KountConfiguration.java, line(s) 8 com/braintreepayments/api/models/LocalPaymentRequest.java, line(s) 7,8,9,18,10,11,13,16,15,17,27,26,14,19,20,12,21,22,23,25,24 com/braintreepayments/api/models/LocalPaymentResult.java, line(s) 10,12,13,25,26,27,28,29,30,11,31,32,34 com/braintreepayments/api/models/MetadataBuilder.java, line(s) 8,7,9,10,11,12 com/braintreepayments/api/models/PayPalAccountBuilder.java, line(s) 9,10,11,12 com/braintreepayments/api/models/PayPalAccountNonce.java, line(s) 12,14,15,27,28,29,30,31,32,33,34,13,35,36,38,37 com/braintreepayments/api/models/PayPalConfiguration.java, line(s) 8,9,10,11,12,13,14,15 com/braintreepayments/api/models/PayPalCreditFinancing.java, line(s) 9,21,22,23,24,25 com/braintreepayments/api/models/PayPalCreditFinancingAmount.java, line(s) 21,22 com/braintreepayments/api/models/PayPalPaymentResource.java, line(s) 8,9,10,11 com/braintreepayments/api/models/PayPalTwoFactorAuthResponse.java, line(s) 8,9,10,11 com/braintreepayments/api/models/PaymentMethodBuilder.java, line(s) 12,13,14,15 com/braintreepayments/api/models/PaymentMethodNonce.java, line(s) 15,17,16,19,18,21,20 com/braintreepayments/api/models/PostalAddressParser.java, line(s) 21,22,23,24,25,26,14,8,10,9,27,12,13,28,29,30,16,15,31,18,17,32,19,20,11 com/braintreepayments/api/models/SamsungPayConfiguration.java, line(s) 13,15,17,18 com/braintreepayments/api/models/ThreeDSecureAuthenticationResponse.java, line(s) 22,21,23,24,25 com/braintreepayments/api/models/ThreeDSecureInfo.java, line(s) 8,9,10,22,23,24,25,26,27,28,29,30,31,32,33,34,35 com/braintreepayments/api/models/ThreeDSecureLookup.java, line(s) 10,23,24,25,11,26,27,28 com/braintreepayments/api/models/ThreeDSecurePostalAddress.java, line(s) 9,26,10,23,24,30,22,25,27,28,29 com/braintreepayments/api/models/UnionPayCapabilities.java, line(s) 21,22,23,24,25 com/braintreepayments/api/models/UnionPayCardBuilder.java, line(s) 27,22,23,24,25,26 com/braintreepayments/api/models/VenmoAccountBuilder.java, line(s) 10,9 com/braintreepayments/api/models/VenmoAccountNonce.java, line(s) 22,23,9 com/braintreepayments/api/models/VenmoConfiguration.java, line(s) 10,11,12 com/braintreepayments/api/models/VisaCheckoutNonce.java, line(s) 11,12,14,13,26,27,29,10 com/braintreepayments/browserswitch/BrowserSwitchPersistentStore.java, line(s) 13 com/braintreepayments/browserswitch/PersistentStore.java, line(s) 9 com/brightcove/player/concurrency/ConcurrencyClient.java, line(s) 28,29 com/brightcove/player/concurrency/DefaultConcurrencyHandler.java, line(s) 19 com/brightcove/player/edge/Authorizer.java, line(s) 8,9 com/brightcove/player/edge/EdgeTask.java, line(s) 38 com/brightcove/player/event/EventEmitterImpl.java, line(s) 15,16 com/brightcove/player/network/DownloadManager.java, line(s) 52 com/neoncube/itvandroidsdk/ui/authentication/phone/PhoneFragment.java, line(s) 561 com/neoncube/itvandroidsdk/ui/generic/steps/authentication/phone/PhoneStepViewState.java, line(s) 234 com/paypal/android/sdk/onetouch/core/PayPalLineItem.java, line(s) 21,24,25,26,27,28,29,30
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/amazonaws/mobileconnectors/s3/transferutility/TransferTable.java, line(s) 3,7,8,9,10,11,15,19,23,27,31 com/braintreepayments/api/internal/AnalyticsDatabase.java, line(s) 6,7,8,119,124 com/reactnativecommunity/asyncstorage/AsyncLocalStorageUtil.java, line(s) 6,88 com/reactnativecommunity/asyncstorage/ReactDatabaseSupplier.java, line(s) 4,5,6,104 io/requery/android/sqlite/BaseConnection.java, line(s) 3,4,5,6,113,177,182,220,232,274 io/requery/android/sqlite/DatabaseSource.java, line(s) 6,7,46 io/requery/android/sqlite/SqliteMetaData.java, line(s) 5,599 io/requery/android/sqlitex/SqlitexDatabaseSource.java, line(s) 10,11,44
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/amazonaws/services/s3/internal/MD5DigestCalculatingInputStream.java, line(s) 28 com/amazonaws/services/sqs/MessageMD5ChecksumHandler.java, line(s) 42 com/amazonaws/util/Md5Utils.java, line(s) 17,53
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/brightcove/player/offline/ExternalFileCreator.java, line(s) 13 com/brightcove/player/offline/MediaDownloadable.java, line(s) 254 com/brightcove/player/util/FileUtil.java, line(s) 138 com/reactnativecommunity/webview/RNCWebViewModule.java, line(s) 197 lib/android/paypal/com/magnessdk/a/a.java, line(s) 18,22 lib/android/paypal/com/magnessdk/h.java, line(s) 181,812 lib/android/paypal/com/magnessdk/i.java, line(s) 225,273
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: co/monterosa/fancompanion/datacapture/DataCaptureDialog.java, line(s) 214,145 co/monterosa/fancompanion/ui/PlayerLayerActivity.java, line(s) 241,235 co/monterosa/fancompanion/ui/views/AdvancedWebView.java, line(s) 130,122 co/monterosa/fancompanion/ui/views/AdvancedWebviewFragment.java, line(s) 439,119,432 co/monterosa/fancompanion/ui/views/GridWebviewFragment.java, line(s) 228,156,258 co/monterosa/showstores/ui/shop/BaseShopWebViewFragment.java, line(s) 276,269 co/monterosa/showstores/ui/shop/ShopUriFragment.java, line(s) 176,164
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: co/monterosa/mercury/tools/StringTools.java, line(s) 52 co/monterosa/mercury/util/AesCbcWithIntegrity.java, line(s) 283 com/amazonaws/services/sns/util/SignatureChecker.java, line(s) 138 com/tozny/crypto/android/AesCbcWithIntegrity.java, line(s) 283
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/amazonaws/mobileconnectors/s3/transferutility/TransferUtility.java, line(s) 212 com/reactnativecommunity/webview/RNCWebViewModule.java, line(s) 197
中危 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: lib/android/paypal/com/magnessdk/c.java, line(s) 600,600,600,600,600,600
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 "com.google.firebase.crashlytics.mapping_file_id" : "0e8b4aa2209b4bab9a1224f9fbd68536" "google_api_key" : "AIzaSyBcrBdAhIArE312STaDmRizZO-ssBeezzg" "google_app_id" : "1:454474405043:android:c674605b14a050722d4cc6" "google_crash_reporting_api_key" : "AIzaSyBcrBdAhIArE312STaDmRizZO-ssBeezzg" "theme_functionality_authentication_provider_type_func" : "core" sha1/gzF+YoVCU9bXeDGQ7JGQVumRueM= sha1/IvGeLsbqzPxdI0b0wuj2xVTdXgc= sha1/sYEIGhmkwJQf+uiVKMEkyZs0rMc= sha1/I0PRSKJViZuUfUYaeX7ATP7RcLc= sha1/GiG0lStik84Ys2XsnA6TTLOB5tQ= 3-d861b25a-1edf-11eb-adc1-0242ac120002 1VI658NmHZ8ndPiiB4elMo8qajNlL8vZ4YPICYcSc0FFTlu2py sha1/PANDaGiVHPNpKri0Jtq6j+ki5b0= sha1/wHqYaI2J+6sFZAwRfap9ZbjKzE4= sha1/cTg28gIxU0crbrplRqkQFVggBQk= sha1/VRmyeKyygdftp6vBg5nDu2kEJLU= sha1/aDMOYTWFIVkpg6PI0tLhQG56s8E= sha1/u8I+KQuzKHcdrT6iTb30I70GsD0= x34mMawEUcCG8l95riWCOK+kAJYejVmdt44l6tzcyUc= sha1/1S4TwavjSdrotJWU73w4Q2BkZr0= sha1/nKmNAK90Dd2BgNITRaWLjy6UONY= x8YuoPbi9uuof5VAaYdQVTDvL1FufN5ZkdcUAzFEgHI= sha1/7WYxNdMb1OymFMQp4xkGn5TBJlA=
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: co/monterosa/fancompanion/lvis/parser/AppSetupParser.java, line(s) 82 co/monterosa/fancompanion/react/ReactBridge.java, line(s) 214,258,270,329,338,388,395,402,414,444,468,475,479,518,532,538,556,558,570,576,583,605,610,616,622,633,644,664,675,685,696,708,709,717,742,750,203 co/monterosa/fancompanion/react/ui/BaseReactFragment.java, line(s) 55 co/monterosa/fancompanion/react/ui/elements/PollFragment.java, line(s) 72,85,90,111 co/monterosa/fancompanion/react/ui/elements/PredictionFragment.java, line(s) 56,72,77,98 co/monterosa/fancompanion/react/ui/elements/QuizQuestionFragment.java, line(s) 55,71,76,97 co/monterosa/fancompanion/services/analytics/Analytics.java, line(s) 268,274,286,291 co/monterosa/fancompanion/services/analytics/adobe/AdobeAnalyticsTracker.java, line(s) 112,119 co/monterosa/fancompanion/services/analytics/cpt/CPTAnalytics.java, line(s) 32,54 co/monterosa/fancompanion/services/analytics/cpt/CPTAnalyticsTracker.java, line(s) 46,56,80 co/monterosa/fancompanion/services/analytics/fa/FirebaseAnalyticsTracker.java, line(s) 43,52 co/monterosa/fancompanion/services/analytics/monterosa/MonterosaAnalytics.java, line(s) 52,74,98 co/monterosa/fancompanion/services/analytics/monterosa/MonterosaAnalyticsTracker.java, line(s) 45,53 co/monterosa/fancompanion/services/fcm/FcmMessageHandler.java, line(s) 18 co/monterosa/fancompanion/services/fcm/FcmRegistrationIntentService.java, line(s) 72,81,87,107 co/monterosa/fancompanion/services/fcm/FcmSNSManager.java, line(s) 76,79,127,129 co/monterosa/fancompanion/services/lvis/ContentTracker.java, line(s) 97,185,294,320 co/monterosa/fancompanion/ui/BaseActivity.java, line(s) 70 co/monterosa/fancompanion/ui/BaseFragment.java, line(s) 70 co/monterosa/fancompanion/ui/BaseViewModel.java, line(s) 35 co/monterosa/fancompanion/ui/HomeActivity.java, line(s) 431,436,449,486,492,505,506,580,977,1189,1211,1290,1354,1368,1387 co/monterosa/fancompanion/ui/PlayerLayerActivity.java, line(s) 126,139 co/monterosa/fancompanion/ui/PromoteBuzzerHelper.java, line(s) 155,188,204 co/monterosa/fancompanion/ui/SplitModeFragment.java, line(s) 187 co/monterosa/fancompanion/ui/navigation/discover/DiscoverFragment.java, line(s) 264,275 co/monterosa/fancompanion/ui/navigation/latest/LatestFragment$listen$1.java, line(s) 46,99,147 co/monterosa/fancompanion/ui/navigation/latest/LatestFragment$subscribe$2.java, line(s) 38,46 co/monterosa/fancompanion/ui/navigation/latest/LatestFragment.java, line(s) 420,778,792,832,897,911,925,946,964,1029,1151,1163,1270,1325,1380,1392,1427,1470,1492,1500,1562,1636,1819,1829,1855,1863,1871,1883,1933,1993,2035,2089,2093,2184 co/monterosa/fancompanion/ui/navigation/latest/grid/GridAdapter.java, line(s) 334,503,518,525 co/monterosa/fancompanion/ui/navigation/latest/grid/RecommendedContentViewHolder.java, line(s) 111 co/monterosa/fancompanion/ui/navigation/latest/grid/TwitterUIKitViewHolder$bind$1$1$1.java, line(s) 75 co/monterosa/fancompanion/ui/navigation/live/LiveFragment.java, line(s) 89,94,178,185,192,199,453,466,501,516,532,540,547,561,569,575,583,671 co/monterosa/fancompanion/ui/navigation/menu/MoreMenuFragment.java, line(s) 104,159 co/monterosa/fancompanion/ui/navigation/participants/ParticipantsMatrix.java, line(s) 64,87,109,131,155,157 co/monterosa/fancompanion/ui/navigation/vote/monterosa/AuthenticationProvider.java, line(s) 107,113 co/monterosa/fancompanion/ui/navigation/vote/monterosa/auth0/Auth0VoteFragment.java, line(s) 875 co/monterosa/fancompanion/ui/navigation/vote/monterosa/utils/VoteLogger.java, line(s) 73 co/monterosa/fancompanion/ui/splash/SplashActivity.java, line(s) 535,563,606 co/monterosa/fancompanion/ui/splash/SplashViewModel.java, line(s) 229,249,289,292,309,326,335,348,413,425,449,487 co/monterosa/fancompanion/ui/videoplayer/VideoplayerHelper.java, line(s) 184 co/monterosa/fancompanion/ui/videoplayer/activity/BrightcoveIMAActivity.java, line(s) 237,684,688,693,697,724,731,164,300,316,328 co/monterosa/fancompanion/ui/views/AdvancedWebviewFragment.java, line(s) 256,270,296,307,371 co/monterosa/fancompanion/ui/views/BaseAlertDialog.java, line(s) 33,40 co/monterosa/fancompanion/ui/views/CustomCarouselLayoutManager.java, line(s) 72 co/monterosa/fancompanion/ui/views/GridWebviewFragment.java, line(s) 214 co/monterosa/fancompanion/ui/views/ReconnectionView.java, line(s) 48,62,84,100 co/monterosa/fancompanion/util/AdHelper$special$$inlined$CoroutineExceptionHandler$1.java, line(s) 20 co/monterosa/fancompanion/util/AdHelper.java, line(s) 124 co/monterosa/fancompanion/util/AudioDelegate.java, line(s) 31,41,50,61,70,80,90 co/monterosa/fancompanion/util/BuzzerHelper.java, line(s) 87,88,94 co/monterosa/fancompanion/util/DeepLinksHelper.java, line(s) 70,72,75,81,85 co/monterosa/fancompanion/util/GridHelper.java, line(s) 52,59 co/monterosa/fancompanion/util/PersistentCookieStore.java, line(s) 39,114 co/monterosa/fancompanion/util/PointsHelper.java, line(s) 38,46 co/monterosa/fancompanion/util/RateAppManager.java, line(s) 39,46,48,56,58,66,70,73,105 co/monterosa/fancompanion/util/SerializableHttpCookie.java, line(s) 90,93,114,66,103 co/monterosa/fc/layout_components/tools/DownloadHelper.java, line(s) 134,137,177,184,192,200 co/monterosa/fc/layout_components/tools/HtmlTagHandler.java, line(s) 108 co/monterosa/fc/layout_components/views/misc/GridVideoPlayer.java, line(s) 48 co/monterosa/fc/mid_core/AnonymousAuth.java, line(s) 78,73 co/monterosa/fc/session/SessionDataHolder.java, line(s) 23,36 co/monterosa/mercury/config/ConfigHelper.java, line(s) 11,19 co/monterosa/mercury/config/ConfigLoader.java, line(s) 32,36,51 co/monterosa/mercury/config/UpdateChecker.java, line(s) 26 co/monterosa/mercury/customtabs/CustomTabsHelper.java, line(s) 22 co/monterosa/mercury/tools/DownloadTools.java, line(s) 36,40,48,55 co/monterosa/mercury/tools/HttpTools.java, line(s) 51,55,59,83,86,89,95,190 co/monterosa/mercury/tools/PlayServicesTools.java, line(s) 44,58,68 co/monterosa/mercury/tools/SecureFileTools.java, line(s) 17,26 co/monterosa/mercury/util/AesCbcWithIntegrity.java, line(s) 109 co/monterosa/showstores/WebShopInterface.java, line(s) 43,64,47 co/monterosa/showstores/api/ShopSettings.java, line(s) 91 co/monterosa/showstores/helper/ShopDeepLinkHandler.java, line(s) 48,33 co/monterosa/showstores/ui/shop/BaseShopFragment.java, line(s) 38 co/monterosa/showstores/ui/shop/BaseShopWebViewFragment.java, line(s) 143 co/monterosa/showstores/ui/shop/ShopFragment.java, line(s) 130,250,185 com/amazonaws/logging/AndroidLog.java, line(s) 21,86,28,93,35,41,46,51,56,61,100,72,107,79,114 com/amazonaws/logging/ConsoleLog.java, line(s) 19,21 com/amazonaws/services/sns/util/Topics.java, line(s) 26 com/braintreepayments/browserswitch/BrowserSwitchPersistentStore.java, line(s) 33,34,44,45 com/brentvatne/react/ReactVideoView.java, line(s) 577 com/brightcove/ima/GoogleIMAComponent.java, line(s) 323,328,382,761,962,975,1023,1029,1077,1083,153,292,294,310,357,733,737,781,159 com/brightcove/player/Sdk.java, line(s) 41 com/brightcove/player/ads/ExoAdPlayer.java, line(s) 134 com/brightcove/player/analytics/Analytics.java, line(s) 776,395,399,566,733,792,818,969,972,980,983,1018 com/brightcove/player/analytics/AnalyticsClient.java, line(s) 159 com/brightcove/player/analytics/DefaultAnalyticsHandler.java, line(s) 63,65,104,128 com/brightcove/player/appcompat/BrightcovePlayerActivity.java, line(s) 24,84,90,96,102,119,125 com/brightcove/player/appcompat/BrightcovePlayerFragment.java, line(s) 40,46,59,65,78,84,90,96,108,114,120 com/brightcove/player/captioning/BrightcoveCaptionFormat.java, line(s) 69 com/brightcove/player/captioning/BrightcoveCaptionStyle.java, line(s) 117 com/brightcove/player/captioning/TTMLParser.java, line(s) 389,341,364 com/brightcove/player/captioning/WebVTTParser.java, line(s) 49 com/brightcove/player/captioning/tasks/LoadCaptionsTask.java, line(s) 96,118,169 com/brightcove/player/concurrency/ConcurrencyClient.java, line(s) 61,172,175,187,190,206,209,272 com/brightcove/player/concurrency/DefaultConcurrencyHandler.java, line(s) 41,69,75,83,92,98,104,109,115,145,169,230 com/brightcove/player/controller/BrightcoveAudioTracksController.java, line(s) 56,100 com/brightcove/player/controller/BrightcoveClosedCaptioningController.java, line(s) 167,244,272,188,191,194,197,200 com/brightcove/player/controller/DefaultSourceSelectionController.java, line(s) 45 com/brightcove/player/controller/FullScreenController.java, line(s) 90,50,69,105 com/brightcove/player/controller/MediaControlsVisibilityManager.java, line(s) 116,49,56,68,83,96,119,88,125 com/brightcove/player/controller/VideoPlaybackController.java, line(s) 186,215,231,102,112,379,100,247,275,294 com/brightcove/player/dash/DashUtil.java, line(s) 108 com/brightcove/player/display/ExoPlayerVideoDisplayComponent.java, line(s) 625,654,655,1068,1900,1905,1914,363,384,416,583,775,935,1002,1012,1031,1016,239,253,256,291,316,361,395,413,429,448,470,689,693,697,701,712,783,798,816,850,863,889,905,950,957,1095,1202,1264,1445,1476,1532,1606,1801,1893,1931 com/brightcove/player/display/VideoDisplayComponent.java, line(s) 1020,1034,1039,201,279,340,350,576,597,610,717,721,804,968,1026,1056,651,653,657,660,663,666,671,674,677,680,685,792,120,123,174,198,212,218,230,242,277,283,315,338,345,361,393,397,425,467,552,612,737,739,765,813,954,1000,1010,251,988 com/brightcove/player/display/VideoStillDisplayComponent.java, line(s) 49,69 com/brightcove/player/display/tasks/LoadImageTask.java, line(s) 105 com/brightcove/player/drm/BrightcoveMediaDrmCallback.java, line(s) 48,54 com/brightcove/player/drm/WidevineMediaDrmCallback.java, line(s) 36,50,59 com/brightcove/player/edge/AbstractOfflineCatalog.java, line(s) 569,684,1071 com/brightcove/player/edge/Catalog.java, line(s) 133 com/brightcove/player/edge/ErrorListener.java, line(s) 15 com/brightcove/player/edge/OfflineStoreManager.java, line(s) 124,128,135,141,170,185,201,562,160,249 com/brightcove/player/edge/VideoParser.java, line(s) 174,179,192,399,467,478,486 com/brightcove/player/event/AbstractEvent.java, line(s) 182,194 com/brightcove/player/event/BackgroundEventListener.java, line(s) 64,72,96 com/brightcove/player/event/EventEmitterImpl.java, line(s) 193,97,114,203,231,256 com/brightcove/player/event/EventLogger.java, line(s) 86,93 com/brightcove/player/event/InvocationContainer.java, line(s) 36 com/brightcove/player/event/RegisteringEventEmitter.java, line(s) 85 com/brightcove/player/logging/Log.java, line(s) 37 com/brightcove/player/management/BrightcoveClosedCaptioningManager.java, line(s) 33 com/brightcove/player/management/BrightcovePluginManager.java, line(s) 74,67,81,83,85,94,40 com/brightcove/player/mediacontroller/BrightcoveControlBar.java, line(s) 83,127,139,148,161,174,186 com/brightcove/player/mediacontroller/BrightcoveMediaControlRegistryImpl.java, line(s) 83,73 com/brightcove/player/mediacontroller/BrightcoveMediaController.java, line(s) 100,148,192,383,406,488,491,494,674,790,802,816,1185,439,466,541 com/brightcove/player/mediacontroller/BrightcoveSeekBar.java, line(s) 103,110 com/brightcove/player/mediacontroller/BrightcoveSeekBarController.java, line(s) 222,243,256,235,250,200 com/brightcove/player/mediacontroller/BrightcoveShowHideController.java, line(s) 202 com/brightcove/player/mediacontroller/buttons/AbstractButtonController.java, line(s) 201,213,196 com/brightcove/player/mediacontroller/buttons/AudioTracksButtonController.java, line(s) 70,126 com/brightcove/player/mediacontroller/buttons/ButtonActionHandler.java, line(s) 31,53,21,24,34,47 com/brightcove/player/mediacontroller/buttons/CaptionsButtonController.java, line(s) 109 com/brightcove/player/mediacontroller/buttons/LiveButtonController.java, line(s) 57,69,170,203,252,179 com/brightcove/player/mediacontroller/buttons/PlayButtonController.java, line(s) 30,42 com/brightcove/player/mediacontroller/buttons/SeekButtonController.java, line(s) 141 com/brightcove/player/model/Length.java, line(s) 23 com/brightcove/player/model/LengthVtt.java, line(s) 37 com/brightcove/player/model/MetadataObject.java, line(s) 42,79,29,66 com/brightcove/player/model/Video.java, line(s) 278,289 com/brightcove/player/network/DownloadManager.java, line(s) 125,142,166,171,176,275,181,252,377,395 com/brightcove/player/network/HttpRequestConfig.java, line(s) 38 com/brightcove/player/network/HttpService.java, line(s) 162,218,245,161,217,82,90,117,128,256 com/brightcove/player/offline/DashDownloadable.java, line(s) 326 com/brightcove/player/offline/MediaDownloadable.java, line(s) 288,300,310,354,132,168,330,338,346,151,262,266,321,371 com/brightcove/player/offline/MultiDataSource.java, line(s) 110,91,178 com/brightcove/player/pictureinpicture/PictureInPictureManager.java, line(s) 271,264,322,326 com/brightcove/player/render/InclusiveHEVCVideoSelectionOverride.java, line(s) 124 com/brightcove/player/store/BaseStore.java, line(s) 72,99,105,109 com/brightcove/player/util/Convert.java, line(s) 128,249,251,275,277 com/brightcove/player/util/ErrorUtil.java, line(s) 72 com/brightcove/player/util/EventEmitterUtil.java, line(s) 11,18 com/brightcove/player/util/NumberUtil.java, line(s) 14 com/brightcove/player/util/VideoUtil.java, line(s) 71 com/brightcove/player/video360/GlUtil.java, line(s) 42 com/brightcove/player/video360/RenderThread.java, line(s) 225,248,103,155,217 com/brightcove/player/video360/ShaderProgram.java, line(s) 27,41,42,58,62 com/brightcove/player/view/BaseVideoView.java, line(s) 1128,1344,660,1269,819,992,1043,167,178,323,645,846,1179,1248,1310 com/brightcove/player/view/BrightcoveClosedCaptioningView.java, line(s) 267,1106,1237,335,383,458,624,631,758,832 com/brightcove/player/view/BrightcovePlayer.java, line(s) 85,111,138,152,165,172,197,204,39 com/brightcove/player/view/BrightcovePlayerFragment.java, line(s) 36,58,64,71,85,92,99,106,119,132,145,152,160 com/brightcove/player/view/BrightcoveTextureVideoView.java, line(s) 28,35,42,97 com/brightcove/player/view/BrightcoveVideoView.java, line(s) 32,38,45,186,192,199,210,216,223,59,77,79,81 com/brightcove/player/view/TimedTextView.java, line(s) 62 com/kount/api/DataCollector.java, line(s) 312,320 com/kount/api/a.java, line(s) 74 com/neoncube/itvandroidsdk/analytics/ItvAnalytics.java, line(s) 68,84 com/neoncube/itvandroidsdk/ui/SharedImageActivity.java, line(s) 434 com/neoncube/itvandroidsdk/ui/entry/optin/OptInFragment.java, line(s) 105 com/neoncube/itvandroidsdk/ui/entry/paid/payment/PaymentFragment.java, line(s) 523 com/neoncube/itvandroidsdk/ui/entry/paid/processing/ProcessingService$scheduleCheck$1.java, line(s) 122,142,86 com/neoncube/itvandroidsdk/ui/entry/paid/processing/ProcessingService.java, line(s) 307,345,378 com/neoncube/itvandroidsdk/ui/generic/steps/optin/OptInStepFragment.java, line(s) 98 com/neoncube/itvandroidsdk/ui/generic/steps/payment/PaymentStepFragment.java, line(s) 442 com/paypal/android/sdk/data/collector/PayPalDataCollector.java, line(s) 33 com/paypal/android/sdk/onetouch/core/Result.java, line(s) 61,113 com/reactnativecommunity/asyncstorage/AsyncLocalStorageUtil.java, line(s) 80,83,90,92 com/reactnativecommunity/asyncstorage/AsyncStorageExpoMigration.java, line(s) 119,125,131,133,139,141 com/reactnativecommunity/asyncstorage/AsyncStorageModule.java, line(s) 85,126,140,154,172,177,182,222,227,243,276,290,304,318,329,334,350,374,405 com/reactnativecommunity/asyncstorage/ReactDatabaseSupplier.java, line(s) 51,56 com/reactnativecommunity/webview/RNCWebViewManager.java, line(s) 1368,1428,1356,1370,1401,1417,661 com/reactnativecommunity/webview/RNCWebViewModule.java, line(s) 251,256,298,303,437,481 com/tozny/crypto/android/AesCbcWithIntegrity.java, line(s) 109 com/zmxv/RNSound/RNSoundModule.java, line(s) 49,74,158,169,180,191,337,354,164,186 dagger/android/AndroidInjection.java, line(s) 52,51 dk/madslee/imageSequence/RCTImageSequenceView.java, line(s) 123 io/requery/android/LoggingListener.java, line(s) 24,29,34,39,44,49,54,59,64,69,74,79,84 lib/android/paypal/com/magnessdk/b/a.java, line(s) 16,37,28,49,20,41,24,45 lib/android/paypal/com/magnessdk/network/b.java, line(s) 99 scala/concurrent/impl/ExecutionContextImpl.java, line(s) 157 uk/co/monterosa/enmasse/core/ConnectionManager.java, line(s) 36,42,53,59,69,81,89,104,113 uk/co/monterosa/enmasse/core/Enmasse.java, line(s) 61,72,128,141,166,215,220,280,296,298,305,311,351,378,387,393,399,406,417,438,448 uk/co/monterosa/enmasse/core/transport/websocket/Websocket.java, line(s) 94,163,177,195,228 uk/co/monterosa/enmasse/core/transport/websocket/WebsocketHandler.java, line(s) 58,81,98 uk/co/monterosa/enmasse/model/Poll.java, line(s) 131,153,162,167 uk/co/monterosa/enmasse/util/ELog.java, line(s) 26 uk/co/monterosa/lvis/core/LViS.java, line(s) 129,140,146,153,202,214,234,341,368,487,574,636,682,704,721,745,761 uk/co/monterosa/lvis/core/User.java, line(s) 13 uk/co/monterosa/lvis/model/Event.java, line(s) 71,79,87,132,306,315,383,411,448,460 uk/co/monterosa/lvis/model/Project.java, line(s) 46,49,54,126,131 uk/co/monterosa/lvis/model/elements/Data.java, line(s) 32 uk/co/monterosa/lvis/model/elements/Powerbar.java, line(s) 44,56,66,73,74 uk/co/monterosa/lvis/model/elements/RegularPoll.java, line(s) 78,95,106,110,118,119 uk/co/monterosa/lvis/model/elements/base/Diametric.java, line(s) 38,50,60,62,69,63 uk/co/monterosa/lvis/model/elements/base/Quiz.java, line(s) 82,103,114,118,126,127 uk/co/monterosa/lvis/util/DelayMessageQueue.java, line(s) 227,231,236,265
信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: co/monterosa/fancompanion/util/data/FcmSNSDataStorage.java, line(s) 26,26 co/monterosa/fancompanion/util/data/TimezoneDataStorage.java, line(s) 28,28 co/monterosa/fancompanion/util/data/TopicsDataStorage.java, line(s) 25,25 co/monterosa/fc/mid_core/storage/CoreStorageRepository.java, line(s) 26,26 com/neoncube/itvandroidsdk/di/RepositoryProvider.java, line(s) 54,72
信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密
此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 Files: io/requery/android/sqlcipher/SqlCipherDatabaseSource.java, line(s) 59,22,23
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: co/monterosa/fancompanion/services/network/NetworkClient.java, line(s) 25,25 co/monterosa/fc/mid_core/network/CoreNetworkService.java, line(s) 49,49 com/braintreepayments/api/internal/TLSSocketFactory.java, line(s) 83,28,81,83,77,80,80 com/neoncube/itvandroidsdk/di/ItvCloudProvider.java, line(s) 43,43,43,43,43,43,43,43,43,43,43,43,55
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/braintreepayments/api/internal/AnalyticsSender.java, line(s) 65,59,61,54,115 lib/android/paypal/com/magnessdk/a/b.java, line(s) 11,11 lib/android/paypal/com/magnessdk/h.java, line(s) 294
安全 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/454474405043/namespaces/firebase:fetch?key=AIzaSyBcrBdAhIArE312STaDmRizZO-ssBeezzg ) 已禁用。响应内容如下所示: 响应码是 403