安全分析报告:
安全分数
安全分数 35/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
23
用户/设备跟踪器
调研结果
高危
19
中危
35
信息
4
安全
2
关注
1
高危 应用程序容易受到 Janus 漏洞的影响
应用程序使用 v1 签名方案进行签名,如果仅使用 v1 签名方案进行签名,则在 Android 5.0-8.0 上容易受到 Janus 漏洞的影响。在使用 v1 和 v2/v3 方案签名的 Android 5.0-7.0 上运行的应用程序也容易受到攻击。
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 基本配置配置为信任用户安装的证书。
Scope: *
高危 域配置不安全地配置为允许明文流量到达范围内的这些域。
Scope: 127.0.0.1 http://apis.appnxt.net
高危 Activity (com.insdev.aronsport.plus.Splash.View.SplashActivity) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.insdev.aronsport.plus.MainActivity) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.onesignal.NotificationOpenedActivityHMS) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.onesignal.NotificationOpenedReceiver) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.onesignal.NotificationOpenedReceiverAndroid22AndOlder) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.google.firebase.auth.internal.FederatedSignInActivity) 容易受到 Android Task Hijacking/StrandHogg 的攻击。
活动不应将启动模式属性设置为“singleTask”。 然后,其他应用程序可以将恶意活动放置在活动栈顶部,从而导致任务劫持/StrandHogg 1.0 漏洞。 这使应用程序成为网络钓鱼攻击的易受攻击目标。 可以通过将启动模式属性设置为“singleInstance”或设置空 taskAffinity (taskAffinity="") 属性来修复此漏洞。 您还可以将应用的目标 SDK 版本 (27) 更新到 28 或更高版本以在平台级别修复此问题。
高危 Activity (com.google.firebase.auth.internal.FederatedSignInActivity) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.begal.appclone.classes.DefaultProvider$MyActivity) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (27) 更新到 29 或更高版本以在平台级别修复此问题。
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/startapp/networkTest/net/WebApiClient.java, line(s) 68,16,17,18,19
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/applovin/impl/adview/b.java, line(s) 493,14 com/appnext/core/result/ResultPageActivity.java, line(s) 366,15,16 com/appnext/core/webview/AppnextWebView.java, line(s) 343,10,11 com/criteo/publisher/CriteoInterstitialActivity.java, line(s) 123,8 com/criteo/publisher/m0/b.java, line(s) 36,3,4 com/explorestack/iab/vast/activity/VastView.java, line(s) 1755,27,28 com/my/target/fv.java, line(s) 56,9,10 com/ogury/ed/internal/hm.java, line(s) 247,4 com/startapp/r5.java, line(s) 72,9 com/startapp/sdk/ads/splash/SplashHtml.java, line(s) 74,7,8 com/startapp/vb.java, line(s) 456,23 com/unity3d/services/core/webview/WebViewApp.java, line(s) 157,10,77,83,97,126 com/yandex/mobile/ads/impl/g50.java, line(s) 149,9 g/h/b/d/l.java, line(s) 333,11,12 g/i/b/e/h/a/tq0.java, line(s) 244,713,18,19
高危 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/amazon/device/ads/DTBAdView.java, line(s) 196,18 com/applovin/impl/adview/d.java, line(s) 133,9,10 com/insdev/aronsport/plus/WebPlayer/VideoWebPlayerActivity.java, line(s) 1096,33,34 com/ironsource/sdk/controller/w.java, line(s) 2641,29,30 g/n/a4.java, line(s) 398,10
高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
com/begal/appclone/classes/util/SimpleCrypt.java, line(s) 55
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: andhook/lib/BuildConfig.java, line(s) 3,6 com/begal/appclone/classes/BuildConfig.java, line(s) 3,6
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/ironsource/mediationsdk/utils/IronSourceAES.java, line(s) 71,137 g/i/b/e/h/a/nt3.java, line(s) 27
高危 应用程序包含隐私跟踪程序
此应用程序有多个23隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 基本配置配置为信任系统证书。
Scope: *
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (com.insdev.aronsport.plus.MainActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.onesignal.FCMBroadcastReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Activity (com.onesignal.NotificationOpenedActivityHMS) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.onesignal.NotificationDismissReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.onesignal.BootUpReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.onesignal.UpgradeReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.onesignal.NotificationOpenedReceiver) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.onesignal.NotificationOpenedReceiverAndroid22AndOlder) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.google.firebase.auth.internal.FederatedSignInActivity) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.firebase.auth.api.gms.permission.LAUNCH_FEDERATED_SIGN_IN [android:exported=true] 发现一个 Activity被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.DUMP [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.startapp.sdk.adsbase.remoteconfig.BootCompleteListener) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护, 但是应该检查权限的保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 发现一个 Broadcast Receiver被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Broadcast Receiver (com.appodeal.ads.AppodealPackageAddedReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.ogury.core.internal.OguryLogEnablerReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Content Provider (com.begal.appclone.classes.DefaultProvider) 未被保护。
[android:exported=true] 发现 Content Provider与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.begal.appclone.service.RemoteService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.begal.appclone.classes.DefaultProvider$DefaultReceiver) 未被保护。
[android:exported=true] 发现 Broadcast Receiver与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.begal.appclone.classes.DefaultProvider$MyActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 高优先级的Intent (999) - {1} 个命中
[android:priority] 通过设置一个比另一个Intent更高的优先级,应用程序有效地覆盖了其他请求。
中危 IP地址泄露
IP地址泄露 Files: com/appnext/ads/fullscreen/Video.java, line(s) 28,236 com/appnext/ads/fullscreen/b.java, line(s) 213 com/appnext/ads/interstitial/Interstitial.java, line(s) 34,286 com/appnext/ads/interstitial/InterstitialActivity.java, line(s) 209 com/appnext/core/crashes/a.java, line(s) 33 com/appnext/core/d.java, line(s) 410 com/appnext/core/g.java, line(s) 75,77,167 com/appodeal/ads/adapters/ironsource/IronSourceNetwork.java, line(s) 274 com/begal/appclone/classes/HostsBlocker.java, line(s) 147 com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 44,361 com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 37,180,304 com/ironsource/mediationsdk/config/VersionInfo.java, line(s) 13 com/startapp/mc.java, line(s) 153 com/startapp/s2.java, line(s) 297 g/d/a/c2/a/b.java, line(s) 11 g/d/a/c2/b/a.java, line(s) 847 io/bidmachine/ads/networks/adcolony/AdColonyAdapter.java, line(s) 56 io/bidmachine/ads/networks/adcolony/BuildConfig.java, line(s) 5 io/bidmachine/ads/networks/amazon/BuildConfig.java, line(s) 5 io/bidmachine/ads/networks/criteo/BuildConfig.java, line(s) 5 io/bidmachine/ads/networks/criteo/CriteoAdapter.java, line(s) 87 io/bidmachine/ads/networks/facebook/BuildConfig.java, line(s) 5 io/bidmachine/ads/networks/mraid/MraidAdapter.java, line(s) 21 io/bidmachine/ads/networks/my_target/BuildConfig.java, line(s) 5 io/bidmachine/ads/networks/nast/NastAdapter.java, line(s) 12 io/bidmachine/ads/networks/pangle/BuildConfig.java, line(s) 5,4 io/bidmachine/ads/networks/vast/VastAdapter.java, line(s) 20
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/amazon/device/ads/DTBAdLoader.java, line(s) 4,5,7,6 com/amazon/device/ads/DTBAdUtil.java, line(s) 40,41,42,43,44 com/applovin/impl/sdk/k.java, line(s) 599 com/applovin/mediation/ads/MaxAdView.java, line(s) 155 com/applovin/mediation/ads/MaxInterstitialAd.java, line(s) 66 com/applovin/mediation/ads/MaxRewardedAd.java, line(s) 94 com/applovin/mediation/ads/MaxRewardedInterstitialAd.java, line(s) 62 com/applovin/sdk/AppLovinSdk.java, line(s) 231 com/applovin/sdk/AppLovinWebViewActivity.java, line(s) 19 com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 76,77,637,184 com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 87,269,766 com/ironsource/adapters/supersonicads/SupersonicConfig.java, line(s) 23 com/ironsource/mediationsdk/C0096d.java, line(s) 170,340 com/ironsource/mediationsdk/C1746d.java, line(s) 177,347 com/ironsource/mediationsdk/E.java, line(s) 919 com/ironsource/mediationsdk/adunit/data/DataKeys.java, line(s) 4 com/ironsource/mediationsdk/utils/IronSourceConstants.java, line(s) 75,84 com/startapp/networkTest/startapp/NetworkTester.java, line(s) 19,21,20 com/unity3d/ads/metadata/InAppPurchaseMetaData.java, line(s) 13 com/yandex/metrica/impl/ob/ba0.java, line(s) 16 com/yandex/metrica/impl/ob/e9.java, line(s) 94 com/yandex/metrica/impl/ob/j8.java, line(s) 76 g/e/a/o/h.java, line(s) 75 g/e/a/o/o/d.java, line(s) 32 g/e/a/o/o/p.java, line(s) 91 g/e/a/o/o/x.java, line(s) 74 g/i/d/t/d/j/c.java, line(s) 70 g/n/f1.java, line(s) 498 g/n/r3.java, line(s) 304 g/n/z0.java, line(s) 21 g/o/b/b/c/a.java, line(s) 42 g/o/b/b/c/b.java, line(s) 46 io/bidmachine/BidMachineFetcher.java, line(s) 21 io/bidmachine/ads/networks/amazon/AmazonConfig.java, line(s) 11 io/bidmachine/ads/networks/mraid/MraidAdapter.java, line(s) 18 io/bidmachine/ads/networks/nast/NastAdapter.java, line(s) 9 io/bidmachine/ads/networks/vast/VastAdapter.java, line(s) 17
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/adcolony/sdk/k.java, line(s) 5,143,265 com/adcolony/sdk/l.java, line(s) 6,282 com/adcolony/sdk/m.java, line(s) 6,40 com/appnext/base/a/a.java, line(s) 4,5,29,30,31,40,41,42 com/ironsource/b/a.java, line(s) 5,6,111,116 com/ironsource/environment/f.java, line(s) 6,7,25,47,111 com/my/tracker/obfuscated/h.java, line(s) 5,6,7,8,9,273,331,365,397,414,443,463,468,474,492,508 com/startapp/fa.java, line(s) 6,47,48,49 com/startapp/n9.java, line(s) 6,100 com/yandex/metrica/impl/ob/ah.java, line(s) 3,10 com/yandex/metrica/impl/ob/bh.java, line(s) 6,48 com/yandex/metrica/impl/ob/ch.java, line(s) 3,9,10,19,32,33,34,35 com/yandex/metrica/impl/ob/dh.java, line(s) 6,20 com/yandex/metrica/impl/ob/eh.java, line(s) 3,9 com/yandex/metrica/impl/ob/fh.java, line(s) 3,10,11 com/yandex/metrica/impl/ob/gh.java, line(s) 3,9,10 com/yandex/metrica/impl/ob/hh.java, line(s) 3,9,10 com/yandex/metrica/impl/ob/ih.java, line(s) 3,10 com/yandex/metrica/impl/ob/jg.java, line(s) 3,9 com/yandex/metrica/impl/ob/jh.java, line(s) 3,12,13,14 com/yandex/metrica/impl/ob/kg.java, line(s) 3,9 com/yandex/metrica/impl/ob/kh.java, line(s) 3,11,12 com/yandex/metrica/impl/ob/lg.java, line(s) 3,9 com/yandex/metrica/impl/ob/lh.java, line(s) 3,9 com/yandex/metrica/impl/ob/mg.java, line(s) 3,9 com/yandex/metrica/impl/ob/ng.java, line(s) 3,10,11,12,13 com/yandex/metrica/impl/ob/nh.java, line(s) 3,12,13 com/yandex/metrica/impl/ob/of.java, line(s) 5,87 com/yandex/metrica/impl/ob/og.java, line(s) 3,9,10,11 com/yandex/metrica/impl/ob/oh.java, line(s) 3,9 com/yandex/metrica/impl/ob/pf.java, line(s) 6,98 com/yandex/metrica/impl/ob/pg.java, line(s) 3,9 com/yandex/metrica/impl/ob/ph.java, line(s) 3,12,13,14 com/yandex/metrica/impl/ob/qf.java, line(s) 7,8,119,127,293,329,534 com/yandex/metrica/impl/ob/qg.java, line(s) 3,9 com/yandex/metrica/impl/ob/qh.java, line(s) 3,11 com/yandex/metrica/impl/ob/rg.java, line(s) 3,10,11,12,13,14 com/yandex/metrica/impl/ob/rh.java, line(s) 3,11 com/yandex/metrica/impl/ob/sg.java, line(s) 3,10,11,12,13,14,15,16 com/yandex/metrica/impl/ob/sh.java, line(s) 3,11 com/yandex/metrica/impl/ob/tg.java, line(s) 3,10 com/yandex/metrica/impl/ob/th.java, line(s) 3,11 com/yandex/metrica/impl/ob/u50.java, line(s) 5,39 com/yandex/metrica/impl/ob/ug.java, line(s) 3,9,10 com/yandex/metrica/impl/ob/uh.java, line(s) 3,12 com/yandex/metrica/impl/ob/vg.java, line(s) 3,9,10 com/yandex/metrica/impl/ob/wg.java, line(s) 3,9 com/yandex/metrica/impl/ob/xg.java, line(s) 3,8 com/yandex/metrica/impl/ob/yg.java, line(s) 3,11 com/yandex/metrica/impl/ob/zf.java, line(s) 4,23 com/yandex/metrica/impl/ob/zg.java, line(s) 3,11 com/yandex/mobile/ads/impl/dj.java, line(s) 6,7,28 com/yandex/mobile/ads/impl/pb.java, line(s) 6,30,31 com/yandex/mobile/ads/impl/qk0.java, line(s) 7,12 com/yandex/mobile/ads/impl/vb.java, line(s) 6,7,397,510,511 e/b0/a/g/a.java, line(s) 5,6,7,8,68,83 g/d/a/c2/b/a.java, line(s) 7,8,225,231 g/i/b/b/j/y/k/b0.java, line(s) 5,6,64,80,365 g/i/b/b/j/y/k/f0.java, line(s) 3,15 g/i/b/b/j/y/k/h0.java, line(s) 4,5,90 g/i/b/e/h/a/lx1.java, line(s) 5,6,15,16,38,39 g/i/b/e/h/a/qy1.java, line(s) 6,7,178,183,188 g/i/b/e/i/b/i.java, line(s) 6,7,83,102,229,254 g/i/b/e/i/b/t9.java, line(s) 7,8,485 g/n/d4/a/k.java, line(s) 3,4,14,15,16,21,22,27,35,36,37,38,39,40,41,46,56,57,58,59,64,69 g/n/v2.java, line(s) 7,8,9,10,11,412,413,366 g/r/a/m0/j.java, line(s) 7,163
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/begal/appclone/classes/BundleObb.java, line(s) 106 com/explorestack/iab/vast/VastRequest.java, line(s) 243 com/insdev/aronsport/plus/WebPlayer/VideoWebPlayerActivity.java, line(s) 995,1001 com/ironsource/environment/h.java, line(s) 406,177 com/ironsource/mediationsdk/utils/h.java, line(s) 91 com/ironsource/sdk/utils/SDKUtils.java, line(s) 269 com/my/target/fa.java, line(s) 67,126 com/my/tracker/obfuscated/y.java, line(s) 118 com/startapp/mc.java, line(s) 119 com/startapp/n1.java, line(s) 241,337 com/unity3d/services/core/cache/CacheDirectory.java, line(s) 53 com/yandex/mobile/ads/impl/ba0.java, line(s) 20 com/yandex/mobile/ads/impl/qh.java, line(s) 9 g/d/a/b1.java, line(s) 577 g/d/a/f2/n.java, line(s) 39,42,45,48 g/d/a/f2/s.java, line(s) 62 g/d/a/f2/t.java, line(s) 70 g/d/a/k.java, line(s) 580 g/i/b/e/h/a/fx.java, line(s) 42 g/i/b/e/h/a/jw.java, line(s) 9 g/i/b/e/h/a/ym.java, line(s) 75 g/o/b/b/a/a.java, line(s) 37 g/r/a/m0/a.java, line(s) 158,160 g/r/a/m0/j.java, line(s) 186,187 io/bidmachine/DeviceInfo.java, line(s) 115,155 io/bidmachine/core/Utils.java, line(s) 265,368
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/adcolony/sdk/u0.java, line(s) 580 com/adcolony/sdk/x0.java, line(s) 27 com/amazon/device/ads/DtbDeviceData.java, line(s) 61 com/applovin/impl/sdk/utils/StringUtils.java, line(s) 29 com/applovin/impl/sdk/utils/k.java, line(s) 148 com/pgl/sys/ces/c.java, line(s) 12 com/unity3d/services/core/device/Device.java, line(s) 154 com/yandex/metrica/impl/ob/s0.java, line(s) 68 g/i/d/b0/r.java, line(s) 54 g/i/d/d0/q/b.java, line(s) 49
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/applovin/impl/a/l.java, line(s) 19 com/appnext/ads/a.java, line(s) 5 com/appnext/ads/fullscreen/FullscreenActivity.java, line(s) 34 com/appnext/ads/fullscreen/Video.java, line(s) 22 com/appnext/base/moments/services/a/a.java, line(s) 9 com/appnext/core/d.java, line(s) 21 com/appnext/core/g.java, line(s) 42 com/ironsource/mediationsdk/utils/e.java, line(s) 13 com/ironsource/mediationsdk/utils/g.java, line(s) 7 com/onesignal/OSUtils.java, line(s) 30 com/startapp/i2.java, line(s) 23 com/startapp/m2.java, line(s) 4 com/startapp/p8.java, line(s) 18 com/startapp/s2.java, line(s) 28 com/startapp/sdk/ads/banner/BannerBase.java, line(s) 31 com/startapp/v8.java, line(s) 22 com/unity3d/services/core/request/SDKMetrics.java, line(s) 10 com/yandex/metrica/impl/ob/c60.java, line(s) 3 com/yandex/mobile/ads/impl/gd0.java, line(s) 14 com/yandex/mobile/ads/impl/gk0.java, line(s) 9 com/yandex/mobile/ads/impl/vb.java, line(s) 27 g/b/a/a/a.java, line(s) 8 g/d/a/a.java, line(s) 36 g/h/b/e/f.java, line(s) 36 g/i/b/e/c/j/a.java, line(s) 10 g/i/b/e/h/a/ct3.java, line(s) 7 g/i/b/e/h/a/is.java, line(s) 4 g/i/b/e/h/a/p3.java, line(s) 4 g/i/b/e/h/j/y2.java, line(s) 18 g/i/b/e/i/b/z9.java, line(s) 32 g/i/d/h0/q.java, line(s) 9 g/i/d/h0/r/l.java, line(s) 15 j/w/a.java, line(s) 3 j/w/b.java, line(s) 4 j/w/d/a.java, line(s) 4
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/adcolony/sdk/w0.java, line(s) 897,888 com/insdev/aronsport/plus/Home/HomeFragment.java, line(s) 229,228 com/insdev/aronsport/plus/WebPlayer/VideoWebPlayerActivity.java, line(s) 1113,1109 com/ironsource/sdk/controller/w.java, line(s) 2492,2494 com/ironsource/sdk/utils/d.java, line(s) 33,35 com/startapp/sdk/ads/splash/SplashHtml.java, line(s) 66,65 com/unity3d/services/core/webview/WebView.java, line(s) 52,80 g/r/a/o0/j/e.java, line(s) 14,10
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/adcolony/sdk/w0.java, line(s) 902,904,888 com/amazon/device/ads/DTBAdView.java, line(s) 205,189 com/appnext/core/result/ResultPageActivity.java, line(s) 335,267 com/appnext/core/webview/AppnextWebView.java, line(s) 345,311 com/ironsource/sdk/controller/w.java, line(s) 2512,2513,2494 com/startapp/k4.java, line(s) 277,267 com/startapp/sdk/ads/banner/bannerstandard/BannerStandard.java, line(s) 530,398 com/startapp/sdk/ads/splash/SplashHtml.java, line(s) 69,65 com/unity3d/services/ads/webplayer/WebPlayerView.java, line(s) 329,313 com/unity3d/services/core/webview/WebView.java, line(s) 104,80 g/i/b/e/h/a/tq0.java, line(s) 143,128 g/n/a4.java, line(s) 447,446
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/amazon/device/ads/DTBMetricsConfiguration.java, line(s) 118 com/amazon/device/ads/WebResourceService.java, line(s) 106 com/begal/appclone/classes/Utils.java, line(s) 427 e/z/m.java, line(s) 43 g/i/d/d0/q/c.java, line(s) 41
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: andhook/lib/xposed/XposedHelpers.java, line(s) 1087 com/appnext/core/g.java, line(s) 306 com/appodeal/ads/adapters/admob/unified/UnifiedAdmobNetwork.java, line(s) 94 com/ironsource/mediationsdk/utils/IronSourceUtils.java, line(s) 350 com/ironsource/sdk/utils/SDKUtils.java, line(s) 188 com/my/target/ic.java, line(s) 61 com/my/tracker/obfuscated/k0.java, line(s) 8 com/ogury/ed/internal/ev.java, line(s) 19 com/startapp/y5.java, line(s) 53 com/yandex/metrica/impl/ob/m60.java, line(s) 44 com/yandex/metrica/impl/ob/o2.java, line(s) 326 g/i/b/e/h/a/bl.java, line(s) 20 g/i/b/e/h/a/gs3.java, line(s) 15 g/i/b/e/h/a/tj0.java, line(s) 54,72 g/i/b/e/i/b/z9.java, line(s) 60 g/j/a/a/i/h.java, line(s) 51 g/k/c/a/f.java, line(s) 32 io/bidmachine/core/Utils.java, line(s) 305
中危 此应用程序可能会请求root(超级用户)权限
此应用程序可能会请求root(超级用户)权限 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/startapp/pc.java, line(s) 4,4,4,4,4,4
中危 Firebase远程配置已启用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/554480612698/namespaces/firebase:fetch?key=AIzaSyDinfHAiLLu8yQxkLv4zJ320AjjxsHfpDQ ) 已启用。请确保这些配置不包含敏感信息。响应内容如下所示:
{
"entries": {
"GET_CHANNEL": "",
"GET_CHANNELS": "",
"GET_EVENT": "",
"GET_EVENTS": "",
"GET_MOVIE": "",
"GET_MOVIES": "",
"GET_SERIE": "",
"GET_SERIES": "",
"GET_TOKEN": "",
"GET_TOKEN_15": "",
"GET_TOKEN_ACTUAL": "",
"VERSION_ACTUAL": "",
"isPublicity": ""
},
"state": "UPDATE",
"templateVersion": "1"
}
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "ca-app-pub-5256604179695577~6968812036" "youtube_api_key" : "AIzaSyCbehD6DCeDZHaGl8SUWKh1koTiHwKcvKY" "google_crash_reporting_api_key" : "AIzaSyDinfHAiLLu8yQxkLv4zJ320AjjxsHfpDQ" "google_api_key" : "AIzaSyDinfHAiLLu8yQxkLv4zJ320AjjxsHfpDQ" "google_app_id" : "1:554480612698:android:d159191b20f1f2ab862f63" J8azf2+hj5CfeV567WrXuBR7ZZN+z7A2uMpwG/6Vwg8= 637487f2e93ea88e3afb880b0ad01a8890f741c6da01db08d437b1dddd2704fb1cd26699dc157cb86377aef29db9219c 7d962ba4-a392-449a-a02d-6c5be5613928 nbmhoaGhoaMig8M5S0hTgENxxYMk8kg9v+nAPg34ys79CB6GnkDt8Q5KGon97Er8nPxu1LWU8UsbB XCFAVVqengVgLe+N9t6BCXhuU6el7VVu8UjYM6oM7FQ= 6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449 YW5kcm9pZC5pbnRlbnQuY2F0ZWdvcnkuTEFVTkNIRVI= nd7qkHRn2vssMU5VdE3xYVka86jITBsDMNuBGM2mjDa9lhqhj7ifnqmsbvLfG5CH0PGDUkNXMvqV4 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 ndVhCB+sWGgqIe8b9peKP8s+y2WgklaVUDfB4E/HtWU1F8E3c9a5F3dEE4kLWKNz m5qvrJ4O8ijBXImSZcuOJA97wfzw+hK596ZqOdm+Tjs= njY7OJr0mLOpwiHpt4BgUi6Q3PCZi8h1SSjpR0vaM9LxEkHSMh69dMRHz7agGfUSIhqhzKG50dHiJ Syk25scV901tyF1rFwUd4/uQNn3TJm6EMUhzIA5qSao= n4EPbNtXMNgNzgO0pJjfLc54Q9QnnUoOaUIYAPh3VtjxGkQhzM+wXdSDCxzgR/iipbLkIXQNuy2sY zBcDbOKVHA3qbJMrjyKwC16Ker1X7FjkdB4K14/k8o0= b2f7f966-d8cc-11e4-bed1-df8f05be55ba 16a09e667f3bcc908b2fb1366ea957d3e3adec17512775099da2f590b0667322a PKnIMKIh8nfaV5ZzWNYb+r2vyZR9lFo37epeFiKxnFE+gYvcctNdy0J3cwwS3iWp e1eb051e9230fda8568d681a1d3cf00b nEWYD347Bz/VmtmYM96cSWoCWRCLMJVsE38naNXQ+k30gdExyI+kVj3Z1fpu0Jssdnp1GWxEkHSTp Dg8F0CWKA8qeGVyouxgfCXANof5tdDd7jzk5R0eZelG4fu1qSR++MUIk12Hmu6Mz YW5kcm9pZC5pbnRlbnQuY2F0ZWdvcnkuSE9NRQ== nlwr5ETjezBRsKULS6ZJWAU8xvoIPcBxwGQRaC5I0iNvycX7oSARkPgQQQNKjwHJgQugIBGYiVLwY pgz2bZwfD7yTZ8ET6uzSZKfL1w2G7c0LgWeCO7ic+jc= qAW7jfGwxqU54r5Xf9awfIgoABCGgPHdTv4laSB35V0= 308204433082032ba003020102020900c2e08746644a308d300d06092a864886f70d01010405003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3038303832313233313333345a170d3336303130373233313333345a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820120300d06092a864886f70d01010105000382010d00308201080282010100ab562e00d83ba208ae0a966f124e29da11f2ab56d08f58e2cca91303e9b754d372f640a71b1dcb130967624e4656a7776a92193db2e5bfb724a91e77188b0e6a47a43b33d9609b77183145ccdf7b2e586674c9e1565b1f4c6a5955bff251a63dabf9c55c27222252e875e4f8154a645f897168c0b1bfc612eabf785769bb34aa7984dc7e2ea2764cae8307d8c17154d7ee5f64a51a44a602c249054157dc02cd5f5c0e55fbef8519fbe327f0b1511692c5a06f19d18385f5c4dbc2d6b93f68cc2979c70e18ab93866b3bd5db8999552a0e3b4c99df58fb918bedc182ba35e003c1b4b10dd244a8ee24fffd333872ab5221985edab0fc0d0b145b6aa192858e79020103a381d93081d6301d0603551d0e04160414c77d8cc2211756259a7fd382df6be398e4d786a53081a60603551d2304819e30819b8014c77d8cc2211756259a7fd382df6be398e4d786a5a178a4763074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964820900c2e08746644a308d300c0603551d13040530030101ff300d06092a864886f70d010104050003820101006dd252ceef85302c360aaace939bcff2cca904bb5d7a1661f8ae46b2994204d0ff4a68c7ed1a531ec4595a623ce60763b167297a7ae35712c407f208f0cb109429124d7b106219c084ca3eb3f9ad5fb871ef92269a8be28bf16d44c8d9a08e6cb2f005bb3fe2cb96447e868e731076ad45b33f6009ea19c161e62641aa99271dfd5228c5c587875ddb7f452758d661f6cc0cccb7352e424cc4365c523532f7325137593c4ae341f4db41edda0d0b1071a7c440f0fe9ea01cb627ca674369d084bd2fd911ff06cdbf2cfa10dc0f893ae35762919048c7efc64c7144178342f70581c9de573af55b390dd7fdb9418631895d5f759f30112687ff621410c069308a su2i7gSqopS31qwzseL/rjjE5O264xBxnz2DWOpcHro= nZWtL6D4gxleEjTgRsiZreZ8nNC9qRwx6BC0WIWuyNpCzY/YJalfUgLEw4LPgFs0T+snumNuJ4BOD wMCSaYnfq2Dz9Q1dJzmnvsvh0TJ2T4BwbHZjoGKYbKU= e2de3c54f36f9aabd3896d5f33522662 0000016742C00BDA259000000168CE0F13200000016588840DCE7118A0002FBF1C31C3275D78 n+AxcP7sT90e4wsx2lRLoVkh6KOeOs1Z8IekeSce3yWOWpL9T0tglaWGb+w/x8OmdyoJXQPCPkDTc HSrCHRtOan6wp2kwOIGJC1RDtuSrF2mWVbio2aBcMHX9KF3iTJ1lLSzCKP1ZSo5yNolPNw1kCTtWpxELFF4ah1 DATG+TTUTcvQNSy5Cy6sx2hCfXpKxzr4PylOnUS9N/A= 7bf3a1e7bbd31e612eda3310c2cdb8075c43c6b5 5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENIBD8zVGWMJWVFPJ9aQkyZS+ahKDB9xbQZeXIb7keGfUEMdOaOxWd+nTa2HbkeHi0PNfdGHAyCE4mycvIPwStw== 478cb909-6ad1-4e12-84cc-b3629a789f93 308204a830820390a003020102020900d585b86c7dd34ef5300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233333635365a170d3335303930313233333635365a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100d6ce2e080abfe2314dd18db3cfd3185cb43d33fa0c74e1bdb6d1db8913f62c5c39df56f846813d65bec0f3ca426b07c5a8ed5a3990c167e76bc999b927894b8f0b22001994a92915e572c56d2a301ba36fc5fc113ad6cb9e7435a16d23ab7dfaeee165e4df1f0a8dbda70a869d516c4e9d051196ca7c0c557f175bc375f948c56aae86089ba44f8aa6a4dd9a7dbf2c0a352282ad06b8cc185eb15579eef86d080b1d6189c0f9af98b1c2ebd107ea45abdb68a3c7838a5e5488c76c53d40b121de7bbd30e620c188ae1aa61dbbc87dd3c645f2f55f3d4c375ec4070a93f7151d83670c16a971abe5ef2d11890e1b8aef3298cf066bf9e6ce144ac9ae86d1c1b0f020103a381fc3081f9301d0603551d0e041604148d1cc5be954c433c61863a15b04cbc03f24fe0b23081c90603551d230481c13081be80148d1cc5be954c433c61863a15b04cbc03f24fe0b2a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900d585b86c7dd34ef5300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010019d30cf105fb78923f4c0d7dd223233d40967acfce00081d5bd7c6e9d6ed206b0e11209506416ca244939913d26b4aa0e0f524cad2bb5c6e4ca1016a15916ea1ec5dc95a5e3a010036f49248d5109bbf2e1e618186673a3be56daf0b77b1c229e3c255e3e84c905d2387efba09cbf13b202b4e5a22c93263484a23d2fc29fa9f1939759733afd8aa160f4296c2d0163e8182859c6643e9c1962fa0c18333335bc090ff9a6b22ded1ad444229a539a94eefadabd065ced24b3e51e5dd7b66787bef12fe97fba484c423fb4ff8cc494c02f0f5051612ff6529393e8e46eac5bb21f277c151aa5f2aa627d1e89da70ab6033569de3b9897bfff7ca9da3e1243f60b 59e3f34e-048a-4829-bd79-c160d8d3656f n+ZGkpzrId6ak3RlpLm1xz5kePn0QOrZ5A3H9GIMf80wHeZ+l7OZo6Qh7HwFWh45t3iCsKEiATkXo c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66 nnEP6ewBXAAflTa7oYJUhwJEetmtGlXCvCL+m3LNYblk7NznmCXnpivcDfARoGWQz+wH3PlZaTRjs h+zDTn2c+jZ+37MT62QJ7Oqwlcj0SCeGyWc4ISicALH9J2EGI7PzhSYdzmwb6kEb BcYDljg1B827gWFuo6QrhFDPNyXbfMHz+vF2qZ+sQXs= nbz2PpFXK5obQPvYskh5WPqaG9rXnkDRR0q6cAjxZdP59oQNQA84ADshpO6vozBsB4DAP2/2KzrwR 470fa2b4ae81cd56ecbcda9735803434cec591fa 11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650 3A757365722F72656C656173652D6B657973 mYw7UlkQaYShAtWXUAj5EkQO/hULK0KuTxVTSuMFKvk= 01528cc0-dd34-494d-9218-24af1317e1ee B3EEABB8EE11C2BE770B684D95219ECB Y29tLmFuZHJvaWQudmVuZGluZy5saWNlbnNpbmcuSUxpY2Vuc2luZ1NlcnZpY2U= 5eb5a37e-b458-11e3-ac11-000c2940e62c n5cgy1k4ASf3A5cAFuJXKKaF9KpBPgDvM7KP4g1oIIGkCMADcBJwb2p8KOMvMPoUaCCBpALgfmBba wQZIEl3BSmfZ1agYS1OikhXiZVzh8XA4z/rSXPJRi2wdTFGphMaUX7gAjuOv+KWy nzHYAd4WORoWsA241sxkhgw8jJi6SHgPuC+lQifwMvAu8ZGavhnYmptVM+CLc4RUzgEm42eiehP2E mBVvbdTXdRLQxoVO5Enxsg8TYYoNdh9NvZIOyhYtrJ9g7SYTB+gu0Z+hhVcxc1MU 322a737a-a0ca-44e0-bc85-649b1c7c1db6 b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef Wa/3AXpKnuLZhWJoDu3EKRVllcLPkwXnf4rXKbTdaC0= 6c5f504e-8928-47b5-bfb5-73af8d8bf4b4 jew4rLc8p+Kvhvs993YTC083AHA5luZjdai7bARcx6s3ZtH/lfLWBCr4XzQ9H5XV nJBUhcameExFCkEhow4NEJCIST32oW4TEg3ogbg+NklAaSl1KFG2lNGlJimqU0/P3sGZ0nLNn9qx9 nsw0NDQ0NDQ0FUesnYpIOBE4BTsKt2ewLTEyYDCfK0MfeUYzYO8ROjmQsca3o2lrYFJm2AXuAL81s noCasBeYxdhEKpQwBfJ50pb7yY2abgNmki7C4F0QoQ4DC2slIhFm4VchWLJb0nGeaa3F9QicidEUf 39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 78dfff40d553309e5115594472f14b49 HczeOsH3Eqcg6jth8+4WbXfU+uJrzSaH7p+2kDP9sIM= VFi/QGUJJzwlmWL41XFpEJTZyPdo+6i5Z6gnqCQtgvaoILzf820Q+wo1CcVXEvvX C38FB23A402222A0C17D34A92F971D1F nJ2k5MBi65DXhQ6iwE5b0BHBP6FLXhB3AUWa2u5ImSNKdNMFPcp2Z7YYKaoCkmcDa0CWuCVuBu8zs 637487f2e93ea88e3afb880b0ad01a88ebab36a524f8022e401824c688ae69918b00af416a66c1d961ea735d474e5cb6d58fdd1ebe5cc375aa29267b9afab914 bb2cf0647ba654d7228dd3f9405bbc6a rsB5SYE6Mhcc5MIrHvwWYenvVFwnZtj/awkMXiIkIP7uxgQaRvu8a9Ris0iTkCrU n78C8qoIPewXwOcK9V1kHzIi2qlRGLEB3LDSVx3KgP3rEWSlxHzAZt8OgljPjEvkcWGJmr4dyoA/A 2F73797374656D2F6C69622F6C69627265666572656E63652D72696C2E736F n2olwU2SXZdN1AtzmEfwtI+49oSQRspqj1yT9EUqAMoahx3rYvpW8MLONwFzglxT7WyQ97eOMmX0M 6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296 YW5kcm9pZC5pbnRlbnQuYWN0aW9uLk1BSU4= nAP7xsB0qOvNGAL+5kIrOvBGghKD60AgQmEYAONDD9oSiM98ndOlrwNdAPL4fjn7G/UKyedoX+C60 026ae9c9824b3e483fa6c71fa88f57ae27816141 nxtAB6Dkkzc+55W9DaF97Fkkv5BBgPHxbUjgkvZgS+F2SbgztX10o9cGJpAXA1cB03BOr94DlZvZT YeUYKCf1EObUeDFv+jxFZQ2b3Y6u+J7slI8k+We5tYM= nYfAXeebVnyGCJC3JuHeGh1/vFx2nMjvh++m8iTvax9jMPgHOBv5OMXlE0tICyhR86SYXchted46h 3fb1d140df8690d795c035163d71159dfec3c4f7 20799a27-fa80-4b36-b2db-0f8141f24180 nCXBIWXMAAC4jAAAuIwF4pT92AAAHk0lEQVR42u2dW6wdUxjHf98pirqURElc6tIihKZOL0rqLiEl 4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5 1mI1ChxWxIS3PNTdMTMiO5gx5XPIgNoUN7X6LVQLtLijKCLFnyRdWmcZ1tMSeBpn KGZ1bmN0aW9uKGMsZCl7dmFyIHI9YixlPWMoKTt3aGlsZSghIVtdKXt0cnl7dmFyIGY9cGFyc2VJbnQocigweDEyZCkpLzB4MSooLXBhcnNlSW50KHIoMHgxMmMpKS8weDIpKy1wYXJzZUludChyKDB4MTJhKSkvMHgzK3BhcnNlSW50KHIoMHgxM2MpKS8weDQqKHBhcnNlSW50KHIoMHgxNDcpKS8weDUpK3BhcnNlSW50KHIoMHgxMzYpKS8weDYrcGFyc2VJbnQocigweDEyOCkpLzB4NytwYXJzZUludChyKDB4MTNmKSkvMHg4Ky1wYXJzZUludChyKDB4MTJlKSkvMHg5O2lmKGY9PT1kKWJyZWFrO2Vsc2UgZVsncHVzaCddKGVbJ3NoaWZ0J10oKSk7fWNhdGNoKGcpe2VbJ3B1c2gnXShlWydzaGlmdCddKCkpO319fShhLDB4NWQ3NzcpLGZ1bmN0aW9uKCl7dmFyIHM9YixjPXdpbmRvd1snbmF0aXZlU3RvcmFnZSddPXt9LGQ9Y1tzKDB4MTQ1KV09eydSRUFEX0ZJTEVfU1VDQ0VTU19FVkVOVCc6cygweDEzYSksJ1JFQURfREVGQVVMVFNfU1VDQ0VTU19FVkVOVCc6cygweDEzYiksJ0VSUk9SX0VWRU5UJzpzKDB4MTM3KX0sZT17fTtjWydhZGRFdmVudExpc3RlbmVyJ109ZnVuY3Rpb24oaixrKXt2YXIgdD1zO2lmKCFqfHwha3x8IWYoaixkKSlyZXR1cm47dmFyIGw9ZVtqXT1lW2pdfHxbXTtmb3IodmFyIG09MHgwO208bFt0KDB4MTMzKV07bSsrKXt2YXIgbj1TdHJpbmcoayksbz1TdHJpbmcobFttXSk7aWYoaz09PWxbbV18fG49PT1vKXJldHVybjt9bFt0KDB4MTNkKV0oayk7fSxjWydyZW1vdmVFdmVudExpc3RlbmVyJ109ZnVuY3Rpb24oaixrKXt2YXIgdT1zO2lmKCFqfHwhZihqLGQpKXJldHVybjtpZihlW3UoMHgxMzApXShqKSl7aWYoayl7dmFyIGw9ZVtqXSxtPWxbdSgweDEzMyldO2Zvcih2YXIgbj0weDA7bjxtO24rKyl7dmFyIG89bFtuXSxwPVN0cmluZyhrKSxxPVN0cmluZyhvKTtpZihrPT09b3x8cD09PXEpe2xbJ3NwbGljZSddKG4sMHgxKTticmVhazt9fWxbdSgweDEzMyldPT09MHgwJiZkZWxldGUgZVtqXTt9ZWxzZSBkZWxldGUgZVtqXTt9fSxjW3MoMHgxNDEpXT1mdW5jdGlvbihpKXt2YXIgdj1zLGo9digweDEzNSkrZW5jb2RlVVJJQ29tcG9uZW50KGkpO2codigweDEzOCkraik7fSxjW3MoMHgxNDApXT1mdW5jdGlvbihpLGope3ZhciB3PXMsaz13KDB4MTM1KStlbmNvZGVVUklDb21wb25lbnQoaSkrJyZkYXRhPScrZW5jb2RlVVJJQ29tcG9uZW50KGopO2codygweDEyZikrayk7fSxjW3MoMHgxMzQpXT1mdW5jdGlvbihpKXt2YXIgeD1zLGo9eCgweDEzNSkrZW5jb2RlVVJJQ29tcG9uZW50KGkpO2coeCgweDE0Mykraik7fSxjW3MoMHgxNDQpXT1mdW5jdGlvbihpLGope3ZhciB5PXMsaz15KDB4MTM1KStlbmNvZGVVUklDb21wb25lbnQoaSkrJyZkYXRhPScrZW5jb2RlVVJJQ29tcG9uZW50KGopO2coeSgweDEyOSkrayk7fSxjW3MoMHgxMmIpXT1mdW5jdGlvbihpLGope3ZhciB6PXM7aChjW3ooMHgxNDUpXVt6KDB4MTMxKV0saSxqKTt9LGNbJ2ZpcmVSZWFkRGVmYXVsdHNTdWNjZXNzRXZlbnQnXT1mdW5jdGlvbihpLGope3ZhciBBPXM7aChjWydFVkVOVFMnXVtBKDB4MTNlKV0saSxqKTt9LGNbJ2ZpcmVFcnJvckV2ZW50J109ZnVuY3Rpb24oaSl7dmFyIEI9cztoKGNbQigweDE0NSldWydFUlJPUl9FVkVOVCddLGkpO307dmFyIGY9ZnVuY3Rpb24oaixrKXtmb3IodmFyIGwgaW4gayl7aWYoa1tsXT09PWopcmV0dXJuISFbXTt9cmV0dXJuIVtdO30sZz1mdW5jdGlvbihpKXt2YXIgQz1zO3dpbmRvd1tDKDB4MTQ5KV09QygweDE0MikraTt9LGg9ZnVuY3Rpb24oail7dmFyIEQ9cyxrPUFycmF5Wydwcm90b3R5cGUnXVtEKDB4MTQ2KV1bRCgweDE0OCldKGFyZ3VtZW50cyk7a1tEKDB4MTM5KV0oKTt2YXIgbD1lW2pdO2lmKGwpe3ZhciBtPWxbRCgweDE0NildKCksbj1tW0QoMHgxMzMpXTtmb3IodmFyIG89MHgwO288bjtvKyspe21bb11bRCgweDEzMildKG51bGwsayk7fX19O30oKSk7ZnVuY3Rpb24gYihjLGQpe3ZhciBlPWEoKTtyZXR1cm4gYj1mdW5jdGlvbihmLGcpe2Y9Zi0weDEyODt2YXIgaD1lW2ZdO3JldHVybiBoO30sYihjLGQpO31mdW5jdGlvbiBhKCl7dmFyIEU9WydzbGljZScsJzVubGtBS0onLCdjYWxsJywnbG9jYXRpb24nLCc0MDE0MjY5RFRYS1RVJywnd3JpdGVEZWZhdWx0cz8nLCc4ODE2NThvQVlkWnYnLCdmaXJlUmVhZEZpbGVTdWNjZXNzRXZlbnQnLCc0MjQ5MjhaTkxIUHAnLCcyWGZJbWpnJywnOTgyNjQ5N2NZYXFVQicsJ3dyaXRlRmlsZT8nLCdoYXNPd25Qcm9wZXJ0eScsJ1JFQURfRklMRV9TVUNDRVNTX0VWRU5UJywnYXBwbHknLCdsZW5ndGgnLCdyZWFkRGVmYXVsdHMnLCdwYXRoPScsJzE5NzQwOTBZem9kd1knLCdlcnJvcicsJ3JlYWRGaWxlPycsJ3NoaWZ0JywncmVhZEZpbGVTdWNjZXNzJywncmVhZERlZmF1bHRzU3VjY2VzcycsJzI3NDExODhSeW5pUGsnLCdwdXNoJywnUkVBRF9ERUZBVUxUU19TVUNDRVNTX0VWRU5UJywnNDg0NTY1Nk5na3NERicsJ3dyaXRlRmlsZScsJ3JlYWRGaWxlJywnbmF0aXZlc3RvcmFnZTovLycsJ3JlYWREZWZhdWx0cz8nLCd3cml0ZURlZmF1bHRzJywnRVZFTlRTJ107YT1mdW5jdGlvbigpe3JldHVybiBFO307cmV0dXJuIGEoKTt9 637487f2e93ea88e3afb880b0ad01a88ebab36a524f8022e401824c688ae69913ec02818be8c59bf7fa03928d00d9f9264faa480c6b79aeb16bda1047c3fb5e5 67bb016b-be40-4c08-a190-96a3f3b503d3 3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f n6ILXhSq+P2Ae7qsIh4HV0REDDQ314F/QQmVQhaYmuwAAAABJRU5ErkJggg== 0e5e9c33-f8c3-4568-86c5-2e4f57523f72 q0Ie9tR0GUUU0v6GQ3PsvBqOQJ8R67Qn/MLZ0wlMeBoDClyq9hIjIn8SwVZiaA29 AIzaSyDRKQ9d6kfsoZT2lUnZcZnBYvH69HExNPE 422de421e0f4e019426b9abfd780746bc40740eb cqDrduYTyGUHYJDhInepMKjNScT0Av+jOnllkYJZBz4= 6OBMOA/B6isMfhlL4i4LXI+hTER6xhK0+E8Zb1qYcI0= 637487f2e93ea88e3afb880b0ad01a88ebab36a524f8022e401824c688ae699104a97244f0a7bb63fa4b96c77ad4a299 pQRctH81OQy56rdDC/wRM4IXVaOi7IJhUfgnTSvlvsk= com/Vo9wbFH89BbDbWFhUezQZOGPKmfkJSAtIbVWk3QxPbvJwcR8I79EVuI0aB41a 115792089210356248762697446949407573529996955224135760342422259061068512044369 4e610cd2-753f-4bfc-9b05-772ce8905c5e e9026ffd475a1a3691e6b2ce637a9b92aab1073ebf53a67c5f2583be8a804ecb 3c40903061801fc7daaf11159d100c98dd49119e YfJuWK8fXTacAsv8dajl7Ao7XQbNAFGBUnKnAYFqBOOY8XhOn7+JdGv9TDfHKGnF vdwe6R77pDWKKZeSuaXWUJVxB4iD866SSO+cZGw7HBidLdOdjT9hJ41vyIbspcs4 bwFmlmsve0m2VO82z583iNX9rMg/E4QKYEod9FT8Kxw= Y29tLmFwcGxpc3RvLmFwcGNsb25lci5jbGFzc2VzLnNlY29uZGFyeQ== c682b8144a8dd52bc1ad63 e4250327-8d3c-4d35-b9e8-3c1720a64b91 H+sdSuuNOnG+ZVS10jq3feUI1Dt7mwNHFVMSchMHVx0= W4VHOLa8hqCOcTWO7kKvrdX08LlOY2ze1eIFIJ4LO/g= Mu4QHrwyZqA4+zEjMqT/nu0LyspO1y+UEPwTPuQUXqsHeOtoMhuEGJFaDz8jluT+ VC+DzLd638mG7rSzqz7HLCoi0KUiiV5k8eNAOeB4cJE= 637487f2e93ea88e3afb880b0ad01a88ebab36a524f8022e401824c688ae6991efd052c2faac569b4a38c6d077e81dc5 aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7 637487f2e93ea88e3afb880b0ad01a88ebab36a524f8022e401824c688ae6991aac3d9fcb00f1c5061adb8ba6bb52d8168e92b5d562ca8fec50d86a7f12bc9d9 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151 115792089210356248762697446949407573530086143415290314195533631308867097853951 051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00 52c6c70fcfd3ff556a2b04d53ac85ff8
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: andhook/lib/AndHook.java, line(s) 56,104 andhook/lib/HookHelper.java, line(s) 34,67,87,139,150,163,184,205,226,261,266,79 andhook/lib/xposed/XposedBridge.java, line(s) 30,26 andhook/lib/xposed/XposedHelpers.java, line(s) 468,479,490,501,512,523,534,545,556,567,582,593,604,615,626,637,648,659,670,681,692,703,714,725,736,747,758,769,780,791,802,813,824,835,846,857,868,881,894,907,928,943 com/adcolony/sdk/AdColonyAppOptions.java, line(s) 62,71 com/adcolony/sdk/c0.java, line(s) 70,88,92,288,76,82 com/adcolony/sdk/f.java, line(s) 699 com/adcolony/sdk/n0.java, line(s) 66,155,78 com/amazon/device/ads/AdRegistration.java, line(s) 113,129,158,186,208,254,281,303,314,317,450,492,529,562,591,601,612,622,658,669,686,196,229,578,633,298,300,681,683,224 com/amazon/device/ads/DTBAdActivity.java, line(s) 52 com/amazon/device/ads/DTBAdInterstitial.java, line(s) 25,48,77,86,95,104 com/amazon/device/ads/DTBAdMRAIDBannerController.java, line(s) 566 com/amazon/device/ads/DTBAdMRAIDController.java, line(s) 110,193,263,392,415,418,439,442,453,456,462,579,475 com/amazon/device/ads/DTBAdMRAIDExpandedController.java, line(s) 82 com/amazon/device/ads/DTBAdMRAIDInterstitialController.java, line(s) 134,158 com/amazon/device/ads/DTBAdRequest.java, line(s) 128,183,187,189,202,209,264,266,270,274,281,284,309,331,333,339,342,349,371,533,535,558,560,710,119,130,179,398,526,637,655,670,681,713,724,753,771,778,797,125,363,428,512,515,689,107,232,401,414,786 com/amazon/device/ads/DTBAdResponse.java, line(s) 149,181,197,217,237,278,356,136,170,258 com/amazon/device/ads/DTBAdUtil.java, line(s) 62,129,132,196,199,203,288,291,309,314,317,324,334,337,339,341,346,434,440,444,448,451,454,457,97,109,467 com/amazon/device/ads/DTBAdView.java, line(s) 79,92,112,118,143,380,387,402,105,133,161,291,309,448,459,516,529,631,649,667,724 com/amazon/device/ads/DTBAdViewSupportClient.java, line(s) 98,106,118,124,155,41,110,133,148,167 com/amazon/device/ads/DTBFetchFactory.java, line(s) 40,48,24,57,68 com/amazon/device/ads/DTBFetchManager.java, line(s) 87,121,142,163,177 com/amazon/device/ads/DTBInterstitialActivity.java, line(s) 42,88 com/amazon/device/ads/DTBMetricReport.java, line(s) 63 com/amazon/device/ads/DTBMetricsConfiguration.java, line(s) 56,75,88,127,131,142,156,171,188,199,52,71,184 com/amazon/device/ads/DTBMetricsProcessor.java, line(s) 64,69,72,77,83,74,76,79 com/amazon/device/ads/DTBRenderer.java, line(s) 39 com/amazon/device/ads/DTBTimeTrace.java, line(s) 63,43,55,66,79,89,114 com/amazon/device/ads/DtbAdRequestParamsBuilder.java, line(s) 85,88,69,162 com/amazon/device/ads/DtbAdvertisingInfo.java, line(s) 12,18,25,28,41,40 com/amazon/device/ads/DtbCommonUtils.java, line(s) 85,88,91,94,97,100,164,167,170,173,176,179,191,248,73,53 com/amazon/device/ads/DtbDebugProperties.java, line(s) 62,70,106,111,114,117,123,129,135,149 com/amazon/device/ads/DtbDeviceData.java, line(s) 73,78,113,115,169,185,140 com/amazon/device/ads/DtbDeviceRegistration.java, line(s) 22,107,112,125,150,220,260,297,314,317,321,117,170,172,307,335,80,83,131,134,161,185,192,204,208,232,245,255,280,283,304,352 com/amazon/device/ads/DtbFireOSServiceAdapter.java, line(s) 25,27,37,40 com/amazon/device/ads/DtbGeoLocation.java, line(s) 16,49,55,60,62,67,70,32,35 com/amazon/device/ads/DtbGooglePlayServices.java, line(s) 61,77 com/amazon/device/ads/DtbHttpClient.java, line(s) 44,76,82,94,103,152,153,163,166 com/amazon/device/ads/DtbLog.java, line(s) 30,37,131,141,48,57,151,179,186,195,16,99,161,122,171 com/amazon/device/ads/DtbMetrics.java, line(s) 92,118,120,127,134,144,147,150,156,159,163 com/amazon/device/ads/DtbPackageNativeData.java, line(s) 25,41 com/amazon/device/ads/DtbSharedPreferences.java, line(s) 195 com/amazon/device/ads/DtbThreadService.java, line(s) 22,30 com/amazon/device/ads/EventDistributor.java, line(s) 23 com/amazon/device/ads/SDKUtilities.java, line(s) 98,116,142,155 com/amazon/device/ads/WebResourceService.java, line(s) 48,98,117 com/applovin/impl/adview/activity/b/f.java, line(s) 515 com/applovin/impl/sdk/r.java, line(s) 45,62,97,58,105,66,113,70,89 com/appodeal/ads/utils/Log.java, line(s) 51,60,104,106 com/begal/appclone/classes/AbstractActivityContentProvider.java, line(s) 25,31 com/begal/appclone/classes/AppClonerNative.java, line(s) 16 com/begal/appclone/classes/ApplicationWrapper.java, line(s) 70,82,107,119,131,143,155,167,179,200 com/begal/appclone/classes/AutoPressButtons.java, line(s) 31,44,62,67,72,91,106,120,100,122,126,130,153 com/begal/appclone/classes/AutoRotateControls.java, line(s) 18,19,38,45,36,50 com/begal/appclone/classes/BackKeyHandler.java, line(s) 33,35,43,52,64,72,85,54,94 com/begal/appclone/classes/BluetoothControls.java, line(s) 18,19,37,40,45,52,58,61,43,64 com/begal/appclone/classes/BootReceiver.java, line(s) 14,24 com/begal/appclone/classes/BundleFilesDirectories.java, line(s) 18,30,38,46,61,41,66 com/begal/appclone/classes/BundleObb.java, line(s) 20,30,33,44,53,84,87 com/begal/appclone/classes/CalculatorActivity.java, line(s) 52,62,125,251 com/begal/appclone/classes/ClearCacheOnExitProvider.java, line(s) 16,43,47,21,39,52 com/begal/appclone/classes/ClearCacheOnExitService.java, line(s) 18,24 com/begal/appclone/classes/ClearCacheReceiver.java, line(s) 15 com/begal/appclone/classes/CloneSettings.java, line(s) 63,200,211,49,72,77,208 com/begal/appclone/classes/Configuration.java, line(s) 22,44,63,67,70,77,87,97,36,58,81,91,101 com/begal/appclone/classes/ConfirmExit.java, line(s) 14 com/begal/appclone/classes/CrashHandler.java, line(s) 71,80,94,26,60,82,98 com/begal/appclone/classes/DefaultFontProvider.java, line(s) 32 com/begal/appclone/classes/DefaultProvider.java, line(s) 42,78,83,91,95,111,57,70,102,117,175,182 com/begal/appclone/classes/DisableCameras.java, line(s) 24,45,62,80,100,106,126,140,28,57,75,93,121,133 com/begal/appclone/classes/DisableClipboardAccess.java, line(s) 58,94,98,102,109,116,122,128,145,149,153,157,161,165,174,186,191,202,206,210,217,224,230,236,253,257,261,265,269,273,282,294,299,308,338,347,353,358,362,379,396,72,136,244,301,340,365,382,398 com/begal/appclone/classes/FacebookLoginBehavior.java, line(s) 14,34 com/begal/appclone/classes/FacebookMessengerProvider.java, line(s) 36,38 com/begal/appclone/classes/FakeCalculator.java, line(s) 14,22,29,32 com/begal/appclone/classes/GmailSupport.java, line(s) 35,38,50,100,113,125,130,149,167,183,185,195,197,213,220,227,40,104,108,135,143,160,222 com/begal/appclone/classes/HeadphonesEventReceiver.java, line(s) 12,24,31,18,44 com/begal/appclone/classes/HostsBlocker.java, line(s) 83,111,119,133,155,158,169,222,249,257,265,270,305,316,325,334,345,358,426,103,121,281,297,348,441 com/begal/appclone/classes/InterruptionFilterControls.java, line(s) 21,22,37,47,48,57,62,64 com/begal/appclone/classes/LaunchTileService.java, line(s) 16,21,28 com/begal/appclone/classes/LogcatViewer.java, line(s) 49,308,63,147 com/begal/appclone/classes/NotificationOptions.java, line(s) 142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,188,193,198,200,250,302,319,326,93,233,241,252,256,285,355 com/begal/appclone/classes/OnAppExitListener.java, line(s) 19,26 com/begal/appclone/classes/OpenLinksWith.java, line(s) 26,42,50 com/begal/appclone/classes/PasswordActivity.java, line(s) 61,86,96,101,69,90,156,162,177,188 com/begal/appclone/classes/PasswordProvider.java, line(s) 12,14,21,24 com/begal/appclone/classes/PenEventReceiver.java, line(s) 12,17,35 com/begal/appclone/classes/PersistentApp.java, line(s) 13,21 com/begal/appclone/classes/PersistentAppService.java, line(s) 18 com/begal/appclone/classes/PictureInPicture.java, line(s) 28,34,40,52,63,73,83,65,88 com/begal/appclone/classes/PowerEventReceiver.java, line(s) 12,16,19,23,27,30,40 com/begal/appclone/classes/PreferenceEditor.java, line(s) 24,26,29,39,56,64 com/begal/appclone/classes/PressBackAgainToExit.java, line(s) 17,32,54 com/begal/appclone/classes/SecretDialerCodeReceiver.java, line(s) 15,25 com/begal/appclone/classes/SetBrightnessOnStart.java, line(s) 22,23,38,46,88,58,67,82,98,104 com/begal/appclone/classes/ShowOnLockScreen.java, line(s) 14,25 com/begal/appclone/classes/Signatures.java, line(s) 36,55,58,94,98,109,113,145,82,88,140,149,152,169,179,202,215 com/begal/appclone/classes/StartExitAppEventReceiver.java, line(s) 19,39,48,61,34,56,66 com/begal/appclone/classes/ToastFilter.java, line(s) 25,29,55,61,89,81,91 com/begal/appclone/classes/TrustAllCertificatesProvider.java, line(s) 37,39 com/begal/appclone/classes/Utils.java, line(s) 68,75,87,90,519,105,109,124,164,174,184,195,216,226,240,322,441,482,524,537,574,609 com/begal/appclone/classes/WhatsAppSupport.java, line(s) 30,59,72,45,62,66,85 com/begal/appclone/classes/WifiControls.java, line(s) 18,19,37,40,45,52,58,61,43,64 com/begal/appclone/classes/freeform/FreeFormWindow.java, line(s) 35,39,44,59 com/begal/appclone/classes/freeform/FreeFormWindowActivity.java, line(s) 37,53,56,76,96,59,89 com/begal/appclone/classes/service/RemoteService.java, line(s) 20 com/begal/appclone/classes/util/IActivityManagerHook.java, line(s) 19 com/begal/appclone/classes/util/IPackageManagerHook.java, line(s) 20 com/criteo/publisher/logging/g.java, line(s) 48 com/iab/omid/library/adcolony/d/c.java, line(s) 18,11 com/iab/omid/library/appodeal/d/c.java, line(s) 18,11 com/iab/omid/library/ironsrc/d/c.java, line(s) 18,11 com/iab/omid/library/oguryco/d/c.java, line(s) 18,11 com/iab/omid/library/vungle/d/c.java, line(s) 18,11 com/insdev/aronsport/plus/Channel/Favoritos/View/ChannelFavorite.java, line(s) 142,147,154,267,291,488,167,491,283,287,295 com/insdev/aronsport/plus/Channel/Todos/View/ChannelAllFragment.java, line(s) 108,113,120,233,257,486,719,751,133,489,249,253,261 com/insdev/aronsport/plus/Events/Adapter/EventAdapter.java, line(s) 112 com/insdev/aronsport/plus/Events/View/EventsFragment.java, line(s) 368,373,380,200,224,488,393,491,216,220,228 com/insdev/aronsport/plus/Home/HomeFragment.java, line(s) 182 com/insdev/aronsport/plus/M3U/View/M3UChanel.java, line(s) 110 com/insdev/aronsport/plus/M3U/View/M3UFragment.java, line(s) 64 com/insdev/aronsport/plus/MainActivity.java, line(s) 227,224 com/insdev/aronsport/plus/Player/View/PlayerActivity.java, line(s) 252,276,268,272,280 com/insdev/aronsport/plus/Player/View/PlayerFragment.java, line(s) 188,193,210,328,345,223,337,341,349 com/insdev/aronsport/plus/Splash/View/SplashActivity.java, line(s) 322 com/insdev/aronsport/plus/WebPlayer/VideoWebPlayerActivity.java, line(s) 468,473,490,603,641,973,1020,1188,503,976,633,637,645 com/ironsource/a/b.java, line(s) 75 com/ironsource/adapters/ironsource/IronSourceAdapter.java, line(s) 304,176,179,181,184,298,611,637,639 com/ironsource/adapters/supersonicads/SupersonicAdsAdapter.java, line(s) 247,248,249,264,266,269,736,766,768 com/ironsource/b/a.java, line(s) 75,97 com/ironsource/environment/a.java, line(s) 330,369 com/ironsource/environment/e.java, line(s) 176,240,103,108,109 com/ironsource/mediationsdk/C0105q.java, line(s) 57,63,78,83,88,55,72,97 com/ironsource/mediationsdk/C1751k.java, line(s) 101,107,113,134,143 com/ironsource/mediationsdk/C1755q.java, line(s) 57,63,78,83,88,55,72,97 com/ironsource/mediationsdk/E.java, line(s) 388,919,923,927,1443,1444,391,396 com/ironsource/mediationsdk/I.java, line(s) 34,36,64,69,91,96,87 com/ironsource/mediationsdk/M.java, line(s) 151,376,402,437,467,709,71,79,101,108,134,331,348,352,374,426,444,465,536,695,334,381,433,446,544 com/ironsource/mediationsdk/O.java, line(s) 225,256,134,189,193,214,223,248,252,259,370,387,138,380,390 com/ironsource/mediationsdk/adunit/c/d.java, line(s) 43,65,140,144,150,175,221,246,258,49,80,92,160,239,252,264 com/ironsource/mediationsdk/adunit/c/e.java, line(s) 152,144,156,175,205,328,334,360,363,406,445,513,516,165,378,456 com/ironsource/mediationsdk/adunit/c/f.java, line(s) 21,27 com/ironsource/mediationsdk/adunit/d/a/a.java, line(s) 31,68,39 com/ironsource/mediationsdk/adunit/d/a/c.java, line(s) 135,119,315,325 com/ironsource/mediationsdk/adunit/e/a.java, line(s) 37,39,59,65 com/ironsource/mediationsdk/integration/IntegrationHelper.java, line(s) 106,34,45,64,69,128,142,146,160,165,179,184,192,37,43,60,67,94,119,125,138,156,163,173,174,177,182,190,32 com/ironsource/mediationsdk/logger/a.java, line(s) 29,22,18,24 com/ironsource/mediationsdk/p.java, line(s) 69,73,67,79,86 com/ironsource/sdk/a/d.java, line(s) 39 com/ironsource/sdk/b/b.java, line(s) 43,72,111,145 com/ironsource/sdk/c/c.java, line(s) 55,204 com/ironsource/sdk/controller/w.java, line(s) 179,210,272,292,308,324,511,585,605,649,669,754,762,1321,1655,1983,2397 com/ironsource/sdk/service/Connectivity/a.java, line(s) 55 com/ironsource/sdk/service/Connectivity/e.java, line(s) 90,104 com/ironsource/sdk/service/e.java, line(s) 143 com/ironsource/sdk/utils/Logger.java, line(s) 12,18,24,30,40,48,53,59,65,71 com/my/target/ae.java, line(s) 13,22,30 com/my/target/ix.java, line(s) 105,172 com/my/tracker/obfuscated/e.java, line(s) 13,22,39,48,56 com/ogury/cm/internal/abbab.java, line(s) 29,13,19,24 com/ogury/cm/internal/acbcc.java, line(s) 26 com/ogury/cm/internal/accbb.java, line(s) 84,141,148,160,198,261,289,327,336,355,376,388,433,346,369,543,374,457,210,255,425 com/ogury/cm/internal/accca.java, line(s) 20 com/ogury/cm/internal/acccb.java, line(s) 25 com/ogury/ed/internal/dd.java, line(s) 236,285 com/ogury/ed/internal/fx.java, line(s) 13,18 com/ogury/ed/internal/gc.java, line(s) 15 com/ogury/ed/internal/ka.java, line(s) 15 com/onesignal/JobIntentService.java, line(s) 194,197,235 com/pgl/sys/ces/b.java, line(s) 254 com/startapp/c.java, line(s) 122,947,984 com/startapp/cb.java, line(s) 70,121,124,136,139,79,156,174 com/startapp/i7.java, line(s) 30,35,38,42 com/startapp/k4.java, line(s) 424 com/startapp/me.java, line(s) 15,25,34 com/startapp/pe.java, line(s) 58,60,70,160 com/startapp/rf.java, line(s) 46 com/startapp/sdk/ads/banner/bannerstandard/BannerStandard.java, line(s) 924 com/startapp/sdk/ads/video/VideoMode.java, line(s) 817 com/startapp/sdk/adsbase/StartAppSDKInternal.java, line(s) 164 com/startapp/sdk/jobs/SchedulerService.java, line(s) 65 com/startapp/vb.java, line(s) 539,541 com/unity3d/ads/UnityAdsBaseOptions.java, line(s) 22 com/unity3d/ads/metadata/InAppPurchaseMetaData.java, line(s) 27,40,54 com/unity3d/ads/metadata/MetaData.java, line(s) 34,49 com/unity3d/services/UnityServices.java, line(s) 39,78,84,89,97,103,116,125,110,112,122,52 com/unity3d/services/ads/UnityAdsImplementation.java, line(s) 87 com/unity3d/services/ads/adunit/AdUnitActivity.java, line(s) 393,395,57,69,147,206,242,286,320,342,411,247 com/unity3d/services/ads/adunit/VideoPlayerHandler.java, line(s) 17,35 com/unity3d/services/ads/api/AdUnit.java, line(s) 201,207,256,259,263,266,474,477,480,483,506,109,131,154,161,339,430,497,510,515,520 com/unity3d/services/ads/api/VideoPlayer.java, line(s) 60,78,101,153,164,182 com/unity3d/services/ads/api/WebPlayer.java, line(s) 53 com/unity3d/services/ads/configuration/AdsModuleConfiguration.java, line(s) 58,69,77 com/unity3d/services/ads/gmascar/adapters/ScarAdapterFactory.java, line(s) 24 com/unity3d/services/ads/gmascar/bridges/AdapterStatusBridge.java, line(s) 21,39 com/unity3d/services/ads/gmascar/bridges/InitializeListenerBridge.java, line(s) 21,40 com/unity3d/services/ads/gmascar/bridges/MobileAdsBridge.java, line(s) 19 com/unity3d/services/ads/gmascar/finder/GMAInitializer.java, line(s) 54 com/unity3d/services/ads/gmascar/finder/ScarVersionFinder.java, line(s) 48 com/unity3d/services/ads/video/VideoPlayerView.java, line(s) 43,61,104,109,131,174,186,220 com/unity3d/services/ads/webplayer/WebPlayerView.java, line(s) 66,76,304,348,407,422,437,450,652,668 com/unity3d/services/ar/view/ARView.java, line(s) 288,367,184,311,326,200,205,213,358 com/unity3d/services/ar/view/GLSurfaceView.java, line(s) 161,175,275,594,233 com/unity3d/services/ar/view/ShaderLoader.java, line(s) 14,29 com/unity3d/services/banners/BannerView.java, line(s) 94 com/unity3d/services/banners/UnityBanners.java, line(s) 325 com/unity3d/services/core/api/Cache.java, line(s) 158,172,51,124,177 com/unity3d/services/core/api/DeviceInfo.java, line(s) 156,174,195,343,369,383,436 com/unity3d/services/core/api/Intent.java, line(s) 48,62,206,230,245 com/unity3d/services/core/api/Request.java, line(s) 33,45,96,108,126,138 com/unity3d/services/core/api/Sdk.java, line(s) 15,26,42,66,72,78,84 com/unity3d/services/core/broadcast/BroadcastEventReceiver.java, line(s) 37 com/unity3d/services/core/cache/CacheDirectory.java, line(s) 25,27,64,68,78,101,105,111,114,30,57,73 com/unity3d/services/core/cache/CacheThread.java, line(s) 74 com/unity3d/services/core/cache/CacheThreadHandler.java, line(s) 39,42,46,67 com/unity3d/services/core/configuration/Configuration.java, line(s) 203 com/unity3d/services/core/configuration/EnvironmentCheck.java, line(s) 32,45,35,48,51,54,57 com/unity3d/services/core/configuration/InitializationNotificationCenter.java, line(s) 43 com/unity3d/services/core/configuration/InitializeThread.java, line(s) 217,359,374,418,431,531,543,569,625,114,225,228,275,295,480,517,629,731,740,183,256,368,458 com/unity3d/services/core/connectivity/ConnectivityMonitor.java, line(s) 57,85,95,77,125 com/unity3d/services/core/device/AdvertisingId.java, line(s) 125,142,152 com/unity3d/services/core/device/Device.java, line(s) 72,156,232,237,247,256,353,363,376,509,543,552,312 com/unity3d/services/core/device/OpenAdvertisingId.java, line(s) 127,148,155 com/unity3d/services/core/device/Storage.java, line(s) 47,51,58 com/unity3d/services/core/log/DeviceLog.java, line(s) 69,194,201 com/unity3d/services/core/misc/JsonStorage.java, line(s) 154,26,32,51,72,83,95,163,169 com/unity3d/services/core/misc/Utilities.java, line(s) 109,139 com/unity3d/services/core/misc/ViewUtilities.java, line(s) 26,35 com/unity3d/services/core/preferences/AndroidPreferences.java, line(s) 15,27,39,51,63 com/unity3d/services/core/properties/ClientProperties.java, line(s) 73,104,116,118 com/unity3d/services/core/properties/SdkProperties.java, line(s) 187,189 com/unity3d/services/core/reflection/GenericBridge.java, line(s) 32,48,60,66,74,80,92,99 com/unity3d/services/core/request/SDKMetrics.java, line(s) 34,38,55,58,60,66,80,95,105 com/unity3d/services/core/request/WebRequest.java, line(s) 70,167,173,182 com/unity3d/services/core/request/WebRequestRunnable.java, line(s) 91,76,95 com/unity3d/services/core/request/WebRequestThread.java, line(s) 63,113,128 com/unity3d/services/core/sensorinfo/SensorInfoListener.java, line(s) 28 com/unity3d/services/core/webview/WebView.java, line(s) 113,32,42,60 com/unity3d/services/core/webview/WebViewApp.java, line(s) 67,79,127,208,251,295,349,60,86,89,92,110,133,148,155,160,287,317,362 com/unity3d/services/core/webview/bridge/Invocation.java, line(s) 67 com/unity3d/services/core/webview/bridge/NativeCallback.java, line(s) 40 com/unity3d/services/core/webview/bridge/WebViewBridge.java, line(s) 59 com/unity3d/services/core/webview/bridge/WebViewBridgeInterface.java, line(s) 20,35 com/unity3d/services/core/webview/bridge/WebViewCallback.java, line(s) 72 com/unity3d/services/store/core/StoreLifecycleListener.java, line(s) 43 com/unity3d/services/store/gpbl/bridges/CommonJsonResponseBridge.java, line(s) 24 com/unity3d/services/store/gpbl/bridges/PurchaseBridge.java, line(s) 38 com/vungle/warren/AdActivity.java, line(s) 146,148,212,231,247 com/vungle/warren/Vungle.java, line(s) 333,776,1202,1207,400,421,440,557,566,693,757,826,891,904,921,931,941,964,1028,1054,1073,1081,1087,1096,1103,1107,1140,1156,1186,1215,1227 com/vungle/warren/VungleApiClient.java, line(s) 138,258,424,159,426,430,443,627,459,521,524,530 com/vungle/warren/VungleBanner.java, line(s) 43,63,65,79,90,111 com/vungle/warren/VungleLogger.java, line(s) 61,48,80,91 com/vungle/warren/ui/view/FullAdWidget.java, line(s) 296 com/vungle/warren/ui/view/VungleNativeView.java, line(s) 153,242,157 com/yandex/metrica/impl/ob/b5.java, line(s) 14,22 com/yandex/metrica/impl/ob/e6.java, line(s) 131 com/yandex/metrica/impl/ob/s4.java, line(s) 54 com/yandex/metrica/impl/ob/zu.java, line(s) 520 com/yandex/metrica/k/a.java, line(s) 68,74,100 com/yandex/mobile/ads/impl/ba0.java, line(s) 17 com/yandex/mobile/ads/impl/bf0.java, line(s) 100,152,164 com/yandex/mobile/ads/impl/by.java, line(s) 15,29,44,62,72,81,91 com/yandex/mobile/ads/impl/cg.java, line(s) 691,232,237,246,725 com/yandex/mobile/ads/impl/cp0.java, line(s) 35 com/yandex/mobile/ads/impl/eh0.java, line(s) 59 com/yandex/mobile/ads/impl/ep.java, line(s) 61 com/yandex/mobile/ads/impl/fi.java, line(s) 241 com/yandex/mobile/ads/impl/gd0.java, line(s) 304,311,329,66,157 com/yandex/mobile/ads/impl/gg.java, line(s) 137 com/yandex/mobile/ads/impl/gu.java, line(s) 17,9,13,21 com/yandex/mobile/ads/impl/hc.java, line(s) 714,324,334,339,457,510,530,533,538,623,640,644 com/yandex/mobile/ads/impl/ii.java, line(s) 127 com/yandex/mobile/ads/impl/ij.java, line(s) 303 com/yandex/mobile/ads/impl/j80.java, line(s) 27,15,21 com/yandex/mobile/ads/impl/jd0.java, line(s) 101,549 com/yandex/mobile/ads/impl/ji0.java, line(s) 138,75,81,220,231,387 com/yandex/mobile/ads/impl/jj.java, line(s) 344,365 com/yandex/mobile/ads/impl/jp0.java, line(s) 140,225,242 com/yandex/mobile/ads/impl/kc.java, line(s) 39 com/yandex/mobile/ads/impl/kg.java, line(s) 74 com/yandex/mobile/ads/impl/kl.java, line(s) 184 com/yandex/mobile/ads/impl/l8.java, line(s) 87 com/yandex/mobile/ads/impl/lj0.java, line(s) 355 com/yandex/mobile/ads/impl/mk0.java, line(s) 60 com/yandex/mobile/ads/impl/o6.java, line(s) 87,166,195,216,230 com/yandex/mobile/ads/impl/of0.java, line(s) 59,62,257 com/yandex/mobile/ads/impl/pj0.java, line(s) 22 com/yandex/mobile/ads/impl/po0.java, line(s) 18,14,22,8,27 com/yandex/mobile/ads/impl/q8.java, line(s) 66 com/yandex/mobile/ads/impl/rv.java, line(s) 302 com/yandex/mobile/ads/impl/sv.java, line(s) 104,114 com/yandex/mobile/ads/impl/tv.java, line(s) 202 com/yandex/mobile/ads/impl/tx.java, line(s) 31 com/yandex/mobile/ads/impl/ub.java, line(s) 85 com/yandex/mobile/ads/impl/vo0.java, line(s) 285 com/yandex/mobile/ads/impl/vv.java, line(s) 318,430,435,441,447,514,522,526,536,541,548,559,564,569,574,581,586,593,599,606,619,625,633,638,643 com/yandex/mobile/ads/impl/wu.java, line(s) 504 com/yandex/mobile/ads/impl/wv.java, line(s) 453 com/yandex/mobile/ads/impl/x50.java, line(s) 51,54,117 com/yandex/mobile/ads/impl/yp0.java, line(s) 43 com/yandex/mobile/ads/impl/ze0.java, line(s) 244,73,78,82,86,105,128,160,233 e/b/k/e.java, line(s) 23 e/b/k/f.java, line(s) 1922,1040,1046,1540,1939,2172 e/b/k/i.java, line(s) 100 e/b/k/k.java, line(s) 45,55,70,80,97,109,121,130,143,157,169 e/b/k/n.java, line(s) 56,71 e/b/p/g.java, line(s) 141,188,247 e/b/p/j/i.java, line(s) 388 e/b/p/j/j.java, line(s) 277 e/b0/a/c.java, line(s) 36,39,51,29,43 e/e0/a.java, line(s) 33 e/f0/i0.java, line(s) 33,79 e/f0/y.java, line(s) 33,42,44 e/g/a/d.java, line(s) 397 e/g/d/a.java, line(s) 234,237,244,250,258,309,319 e/g/d/b.java, line(s) 223,112,276 e/g/d/c.java, line(s) 715,1673,2484,1891,737,764,1481,1758,1810,2574,2587 e/g0/a/a/i.java, line(s) 247,250 e/i/h/d.java, line(s) 82,235 e/i/h/f.java, line(s) 26,35,49,58 e/i/h/g.java, line(s) 27 e/i/h/k.java, line(s) 60,74,78 e/i/h/l.java, line(s) 195,211,217,265,296,306,317,325,194,210,216,264,295,305,316,324,148,220,270,287 e/i/h/p.java, line(s) 75 e/i/i/e/c.java, line(s) 56 e/i/i/e/d.java, line(s) 64 e/i/i/e/h.java, line(s) 125,134,255 e/i/j/d.java, line(s) 505,510 e/i/j/f.java, line(s) 68 e/i/j/g.java, line(s) 39,71 e/i/j/h.java, line(s) 50,216 e/i/j/k.java, line(s) 80,83 e/i/j/l.java, line(s) 96 e/i/j/m/a.java, line(s) 96,105,163,173 e/i/j/m/e.java, line(s) 39,62 e/i/o/e.java, line(s) 27,31,35 e/i/o/j.java, line(s) 23 e/i/q/b.java, line(s) 36,48,50,62,64,84,87 e/i/s/d0.java, line(s) 1457,1315,1456 e/i/s/e0.java, line(s) 21,32 e/i/s/f.java, line(s) 74 e/i/s/g0.java, line(s) 19,34,55,82,103,124,145 e/i/s/l.java, line(s) 19,28 e/i/s/l0.java, line(s) 739,897,549,561,568,577,38,60,888 e/i/s/m0/c.java, line(s) 131 e/i/s/o.java, line(s) 14,22 e/i/s/o0/b.java, line(s) 72 e/i/t/c.java, line(s) 24,33 e/i/t/d.java, line(s) 25,34 e/i/t/i.java, line(s) 55,64 e/i/t/j.java, line(s) 289,280 e/i/t/k.java, line(s) 49,48 e/j0/e.java, line(s) 164,169,178,184,190,200,207 e/j0/n.java, line(s) 21,23,32,34,43,45,54,56,65,67 e/k/a/d.java, line(s) 154 e/n/a/f.java, line(s) 83 e/o/a/a.java, line(s) 261,713,847,976,979,988,994,1046,1057,1064,1147,1214,1306,1395,1457,1470,1524,1592,1633,1697,81,894,1111,1119,1179,1186,1372,1605,1609,1613,1864 e/p/d/a.java, line(s) 30,44,53,65 e/p/d/b.java, line(s) 481,508,513,870 e/p/d/c.java, line(s) 94,121,278,289,297,299 e/p/d/i.java, line(s) 89,102 e/p/d/m.java, line(s) 46,80,65,73,152,158 e/p/d/p.java, line(s) 81,98,183,205,289,333,352,367,377,471,533,572,683,691,176,270,421,587,725 e/p/d/q.java, line(s) 224,234,277,292,310 e/p/d/v.java, line(s) 26 e/p/d/w.java, line(s) 115,189,198,205,214,251,296,306,314,364,371,378,385,409,476,494 e/s/a/b.java, line(s) 31,40,65 e/u/m/a.java, line(s) 125 e/u/m/c.java, line(s) 486,522,221,63,376,731 e/u/m/g.java, line(s) 133,214,251,265 e/u/m/h.java, line(s) 369,61,161,722,843,864,1107 e/u/n/a0.java, line(s) 452,738,865,893,961,986,1006,1011,1029,1035,1041,1107,1124,2016,2101,2121,2128,43,868,1052,1064,1071,1083,1097,479,628,635,673,677,705,707,731,810,938,947,967,1158,1174,1427 e/u/n/d0.java, line(s) 178,180,183 e/u/n/e0.java, line(s) 49,62,64,120 e/u/n/h0.java, line(s) 408,430,709,719,722,815,824,833,859,891,900,910,934,947,955,284,917,940,27,387 e/u/n/s.java, line(s) 146,259,281,375,99,187,195,201,209,215,224,347,359,370,446,471,476,495,513,539,582 e/u/n/t.java, line(s) 64,78,375,94,38,246,288,317,339,469,477,528,535,543,573,582,617,624,654,665,695,703,714,727,734,742,750,761 e/v/a.java, line(s) 235,252 e/v/w/a.java, line(s) 119 e/z/f.java, line(s) 69,363,370,515 e/z/g.java, line(s) 95,126,155 e/z/i.java, line(s) 205 e/z/m.java, line(s) 101,104,109 g/b/a/a/a.java, line(s) 65,68,93,102 g/b/a/a/b/a.java, line(s) 48,94,123 g/b/a/a/c/b.java, line(s) 33,131,133,139,36,58,65,71,81,84,90,108,115,145,151,174,180,202 g/c/a/v.java, line(s) 93,97,101,11,106 g/d/a/c2/a/a.java, line(s) 15,21 g/d/a/c2/a/c/d.java, line(s) 145 g/d/a/c2/b/b.java, line(s) 15,21 g/d/a/h1.java, line(s) 119,125,142,258,268,273,281,443,450,455,459,463,506,527,530,540,549,553,556,568,573,589,592,595,600,605,732,735,742,828,835,849,856 g/d/a/n1.java, line(s) 268,405 g/d/a/v0.java, line(s) 59 g/e/a/b.java, line(s) 267,276,225,266,273,228 g/e/a/m/a.java, line(s) 287 g/e/a/n/d.java, line(s) 97,124,96,123 g/e/a/n/e.java, line(s) 49,70,88,48,69,87 g/e/a/o/n/b.java, line(s) 49,48 g/e/a/o/n/j.java, line(s) 50,120,149,47,119,123,129,136,148,133,137 g/e/a/o/n/l.java, line(s) 50,49 g/e/a/o/n/o/c.java, line(s) 98,97 g/e/a/o/n/o/e.java, line(s) 54,53 g/e/a/o/o/a0/j.java, line(s) 131,171,132,172 g/e/a/o/o/a0/k.java, line(s) 93,105,177,212,92,104,125,132,158,176,186,201,211,126,133,164,187,202 g/e/a/o/o/b0/e.java, line(s) 34,40,68,78,35,69,41,81 g/e/a/o/o/b0/i.java, line(s) 114,98 g/e/a/o/o/c0/a.java, line(s) 115,112 g/e/a/o/o/c0/b.java, line(s) 38,37 g/e/a/o/o/h.java, line(s) 494,314,328,493,438 g/e/a/o/o/i.java, line(s) 52,53 g/e/a/o/o/k.java, line(s) 14,138 g/e/a/o/o/q.java, line(s) 94 g/e/a/o/o/z.java, line(s) 95,96 g/e/a/o/p/c.java, line(s) 15,14 g/e/a/o/p/d.java, line(s) 38,37 g/e/a/o/p/f.java, line(s) 91,90 g/e/a/o/p/s.java, line(s) 85,88 g/e/a/o/p/t.java, line(s) 36,35 g/e/a/o/q/a.java, line(s) 72,73 g/e/a/o/q/d/a0.java, line(s) 125,130,142,151,158,126,131,143,152,159,160,161,165 g/e/a/o/q/d/c0.java, line(s) 165,162 g/e/a/o/q/d/d.java, line(s) 14,15 g/e/a/o/q/d/k.java, line(s) 176,194,204,207,210,213,216,245,252,339,349,361,373,378,175,193,203,206,209,212,215,244,251,338,348,360,372,377 g/e/a/o/q/d/m.java, line(s) 92,308,91,174,307,390,414,175,240,391 g/e/a/o/q/d/n.java, line(s) 39,45,40,46 g/e/a/o/q/d/r.java, line(s) 99,108,114,120,126,132,139,145,153,109,115,121,127,133,140,146,154,100 g/e/a/o/q/h/a.java, line(s) 56,76,81,86,57,77,82,87 g/e/a/o/q/h/d.java, line(s) 19,20 g/e/a/o/q/h/j.java, line(s) 37,40 g/e/a/p/e.java, line(s) 30,29,50,66,51,67 g/e/a/p/f.java, line(s) 13,12 g/e/a/p/o.java, line(s) 136,137 g/e/a/p/p.java, line(s) 157,158,169 g/e/a/p/r.java, line(s) 89,90 g/e/a/p/s.java, line(s) 90,97,91,98 g/e/a/q/e.java, line(s) 52,59,70,75,51,58,63,69,74,64 g/e/a/s/h.java, line(s) 460,15,394,418 g/e/a/s/j/i.java, line(s) 43,125,126,44 g/e/a/u/l/a.java, line(s) 52,53 g/h/b/d/b.java, line(s) 20 g/h/b/e/e.java, line(s) 46,58,52,64,70 g/h/b/f/e.java, line(s) 20 g/i/a/d/h/d.java, line(s) 39,78,132,147,184,52,83,171 g/i/b/b/j/u/k.java, line(s) 33,40,43,51,77,80,83,86,89 g/i/b/b/j/w/a.java, line(s) 7,11,15,23,27 g/i/b/e/c/i/y/e.java, line(s) 451 g/i/b/e/c/i/y/j0.java, line(s) 20,32 g/i/b/e/c/j/b.java, line(s) 22,28,33,37,41,69,45,49 g/i/b/e/d/a0.java, line(s) 39 g/i/b/e/d/d.java, line(s) 72,228,85,139,247,259,269,283,286,288,292 g/i/b/e/d/e.java, line(s) 37,69 g/i/b/e/d/e0.java, line(s) 63,67,104,122,126,87 g/i/b/e/d/i/l.java, line(s) 25 g/i/b/e/d/i/p/g.java, line(s) 277,393 g/i/b/e/d/i/p/i1.java, line(s) 116,444 g/i/b/e/d/i/p/i2.java, line(s) 48 g/i/b/e/d/i/p/l1.java, line(s) 48 g/i/b/e/d/i/p/m1.java, line(s) 33 g/i/b/e/d/i/p/o2.java, line(s) 27 g/i/b/e/d/i/p/r0.java, line(s) 307,76,293,294,299,319,320 g/i/b/e/d/i/p/r2.java, line(s) 23,38 g/i/b/e/d/i/p/u0.java, line(s) 28 g/i/b/e/d/i/p/v.java, line(s) 158,225 g/i/b/e/d/i/p/w2.java, line(s) 23 g/i/b/e/d/i/p/x2.java, line(s) 82,87,119,29,31 g/i/b/e/d/i/p/z0.java, line(s) 26 g/i/b/e/d/k/a.java, line(s) 18 g/i/b/e/d/k/a1.java, line(s) 35 g/i/b/e/d/k/c.java, line(s) 168,194,420,424,428,434 g/i/b/e/d/k/c1.java, line(s) 42,58 g/i/b/e/d/k/d0.java, line(s) 31 g/i/b/e/d/k/g.java, line(s) 19,25,14,31,37 g/i/b/e/d/k/h0.java, line(s) 115,135,151,163 g/i/b/e/d/k/j1.java, line(s) 47,53 g/i/b/e/d/k/m1.java, line(s) 53 g/i/b/e/d/k/v0.java, line(s) 30 g/i/b/e/d/k/y0.java, line(s) 94 g/i/b/e/d/k/z.java, line(s) 95,98,101,104,107,110,121,124,127,130,162,167 g/i/b/e/d/k/z0.java, line(s) 29 g/i/b/e/d/l/a.java, line(s) 40,44,33,55,64,69,73 g/i/b/e/d/l0.java, line(s) 38,40,34 g/i/b/e/d/n/a.java, line(s) 76,87 g/i/b/e/d/o/h.java, line(s) 13 g/i/b/e/d/o/t.java, line(s) 16,15 g/i/b/e/d/o/u.java, line(s) 52,60,33,42,77,101 g/i/b/e/d/s.java, line(s) 26 g/i/b/e/f/b.java, line(s) 35,100 g/i/b/e/h/a/a10.java, line(s) 82 g/i/b/e/h/a/a54.java, line(s) 136,155,176 g/i/b/e/h/a/ai.java, line(s) 113 g/i/b/e/h/a/b.java, line(s) 116 g/i/b/e/h/a/b6.java, line(s) 78 g/i/b/e/h/a/bk0.java, line(s) 8,14,20,26,32,72,38,44 g/i/b/e/h/a/bs3.java, line(s) 23 g/i/b/e/h/a/c.java, line(s) 686 g/i/b/e/h/a/c8.java, line(s) 16,11 g/i/b/e/h/a/d90.java, line(s) 83 g/i/b/e/h/a/dp3.java, line(s) 18,22,26,8,13 g/i/b/e/h/a/e74.java, line(s) 32 g/i/b/e/h/a/em0.java, line(s) 76,134,135 g/i/b/e/h/a/g41.java, line(s) 178,32,70,102,111,192,205,231,241 g/i/b/e/h/a/ga.java, line(s) 176 g/i/b/e/h/a/gj.java, line(s) 114,120 g/i/b/e/h/a/gm3.java, line(s) 19 g/i/b/e/h/a/gn2.java, line(s) 47 g/i/b/e/h/a/gs2.java, line(s) 44 g/i/b/e/h/a/gt3.java, line(s) 129 g/i/b/e/h/a/hf.java, line(s) 132,194 g/i/b/e/h/a/hi.java, line(s) 152,158,164 g/i/b/e/h/a/hu3.java, line(s) 152,385,293,294,295 g/i/b/e/h/a/in3.java, line(s) 53 g/i/b/e/h/a/ix1.java, line(s) 307 g/i/b/e/h/a/j74.java, line(s) 301,330,175 g/i/b/e/h/a/jj.java, line(s) 474,381 g/i/b/e/h/a/jy3.java, line(s) 314 g/i/b/e/h/a/k3.java, line(s) 183 g/i/b/e/h/a/k9.java, line(s) 520 g/i/b/e/h/a/kb.java, line(s) 41 g/i/b/e/h/a/ks2.java, line(s) 45,49,117,140 g/i/b/e/h/a/ln3.java, line(s) 21 g/i/b/e/h/a/lw3.java, line(s) 46 g/i/b/e/h/a/mb.java, line(s) 107 g/i/b/e/h/a/o54.java, line(s) 288,391 g/i/b/e/h/a/q.java, line(s) 51 g/i/b/e/h/a/q7.java, line(s) 75 g/i/b/e/h/a/qb.java, line(s) 238,490,499 g/i/b/e/h/a/r6.java, line(s) 36,72,65 g/i/b/e/h/a/r62.java, line(s) 212 g/i/b/e/h/a/rv2.java, line(s) 28 g/i/b/e/h/a/sv2.java, line(s) 32,30 g/i/b/e/h/a/tf.java, line(s) 111,227,236,244,249,254,262,270 g/i/b/e/h/a/tl0.java, line(s) 64 g/i/b/e/h/a/tm0.java, line(s) 47 g/i/b/e/h/a/ts2.java, line(s) 11 g/i/b/e/h/a/tw3.java, line(s) 82 g/i/b/e/h/a/vf3.java, line(s) 24 g/i/b/e/h/a/wt0.java, line(s) 24 g/i/b/e/h/a/y9.java, line(s) 344,416 g/i/b/e/h/a/yc.java, line(s) 340,155,167,181 g/i/b/e/h/a/yd2.java, line(s) 36,43,49 g/i/b/e/h/a/yf3.java, line(s) 16 g/i/b/e/h/a/yx3.java, line(s) 56,503,215 g/i/b/e/h/a/ze.java, line(s) 55,68,94,104 g/i/b/e/h/a/zn3.java, line(s) 16 g/i/b/e/h/a/zw0.java, line(s) 49 g/i/b/e/h/h/k.java, line(s) 20 g/i/b/e/h/j/b1.java, line(s) 19 g/i/b/e/h/j/f6.java, line(s) 22 g/i/b/e/h/j/f7.java, line(s) 15 g/i/b/e/h/j/g6.java, line(s) 25 g/i/b/e/h/j/h6.java, line(s) 22 g/i/b/e/h/j/l6.java, line(s) 90,107,129 g/i/b/e/h/j/s5.java, line(s) 100 g/i/b/e/h/j/u1.java, line(s) 59 g/i/b/e/h/j/y2.java, line(s) 65,51,62,71,231,237,262,273 g/i/b/e/h/j/z5.java, line(s) 68 g/i/b/e/i/b/j3.java, line(s) 50 g/i/b/e/i/b/o3.java, line(s) 194 g/i/b/e/j/a.java, line(s) 54,74,72,30,48 g/i/b/e/k/b/a.java, line(s) 65,92,96,109 g/i/b/e/l/a.java, line(s) 70,113 g/i/b/f/d0/a.java, line(s) 630 g/i/b/f/i0/d.java, line(s) 141,174 g/i/b/f/j0/b.java, line(s) 73 g/i/b/f/l0/h.java, line(s) 506 g/i/b/f/m/h.java, line(s) 49 g/i/d/b0/e0.java, line(s) 71,90,107 g/i/d/b0/f.java, line(s) 26,25 g/i/d/b0/i0.java, line(s) 31,40,26,35 g/i/d/b0/o0.java, line(s) 74,115,132,189,281,298,69,113,130,187,276,297,81,163,184,202,316 g/i/d/b0/p0.java, line(s) 57,66,95,105,145,71,78,81,136,139,55,94,104,144 g/i/d/b0/q0.java, line(s) 105,99,103,46,66 g/i/d/b0/r.java, line(s) 114,87,109 g/i/d/b0/r0.java, line(s) 30,40,65,91,87,156,63,90,102,110,113 g/i/d/b0/u.java, line(s) 30,23 g/i/d/b0/u0.java, line(s) 22,21 g/i/d/b0/x.java, line(s) 100,196,235,427,441,537,98,107,192,230,246,291,301,322,419,433,532,108,247,292,302,323,209,282,354 g/i/d/b0/x0.java, line(s) 94,98,106,115,130,155,178,138,143,167,93,97,105,114,125,150,173,77 g/i/d/d0/f.java, line(s) 26 g/i/d/d0/q/b.java, line(s) 53,74 g/i/d/d0/r/c.java, line(s) 95,276,279,103,104 g/i/d/f0/a.java, line(s) 317,324,148,169,177,205,227,231,236,261,272 g/i/d/f0/c.java, line(s) 74,73,99,107,109 g/i/d/f0/m.java, line(s) 69,45,54,64,86,94,35 g/i/d/f0/n.java, line(s) 211,264,280,287,59,257,279,286,171,242,250,270,290 g/i/d/f0/o.java, line(s) 72,92,120,128,177,195,215,237,254,293,311 g/i/d/f0/s.java, line(s) 45 g/i/d/f0/t.java, line(s) 36 g/i/d/f0/w.java, line(s) 156,166,174,182,190,92,95 g/i/d/f0/x.java, line(s) 36,49,91,172,90,108,111,139,152,167,178,187 g/i/d/h.java, line(s) 309,284,288,200 g/i/d/h0/k.java, line(s) 141,170,190,188 g/i/d/h0/r/j.java, line(s) 137 g/i/d/h0/r/m.java, line(s) 48 g/i/d/r/p/a/e.java, line(s) 22 g/i/d/r/q/m.java, line(s) 77 g/i/d/s/p.java, line(s) 27,34,37,46,84 g/i/d/s/s.java, line(s) 123 g/i/d/t/d/b.java, line(s) 28,38,19,48,58 g/i/d/t/d/h/m.java, line(s) 110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128 g/i/d/z/i/f.java, line(s) 44,46 g/j/a/a/b/b/a/a.java, line(s) 150 g/j/a/a/f/c.java, line(s) 44 g/j/a/a/h/a/a.java, line(s) 28,31,42 g/j/a/a/i/c.java, line(s) 29,30,42 g/j/a/a/i/f.java, line(s) 513,132,156,191,203,215,219,239,415,427 g/j/a/a/i/h.java, line(s) 165,167,169,171,173,175 g/n/e.java, line(s) 13 g/n/e4/c.java, line(s) 63 g/n/o2.java, line(s) 1306,1312,1328,1308,1304,1310 g/p/a/e0.java, line(s) 269 g/r/a/a.java, line(s) 97,53,65 g/r/a/b.java, line(s) 202,249,270,317,342,649,871,1153,1313,296,304,467,595,837,254,623,635,248,902 g/r/a/b0.java, line(s) 78 g/r/a/e.java, line(s) 75,99,161,177,191,251,256,263,267 g/r/a/f0/c.java, line(s) 25,29,68,69,72,75,77,99 g/r/a/g0/b.java, line(s) 99,134,177,256,261,359,361,364,366,404,433,496,556,595,617,672,675,679,683,694,701,722,727,749,765,775,787,792,74,408,804 g/r/a/g0/e.java, line(s) 112,131,143,147,167,171,177,192,198,213,237,303,313 g/r/a/i.java, line(s) 52 g/r/a/i0/c.java, line(s) 104,136,141,149,154 g/r/a/i0/d.java, line(s) 128,157,141,193 g/r/a/i0/e.java, line(s) 63,97 g/r/a/j0/c.java, line(s) 283 g/r/a/k0/d.java, line(s) 33,44 g/r/a/m0/a.java, line(s) 104 g/r/a/m0/g.java, line(s) 31,55,27,51,58 g/r/a/m0/h.java, line(s) 42,62 g/r/a/m0/j.java, line(s) 191,199,205,947,953,971,974,1018,737,1067,393 g/r/a/n0/b.java, line(s) 81,94,143,162,172,48,75,84,87,110,178,190,46 g/r/a/n0/c.java, line(s) 37,65,74,76,93,84,56 g/r/a/n0/g.java, line(s) 28 g/r/a/n0/k.java, line(s) 43,52 g/r/a/n0/n/a.java, line(s) 39,48,50,56,41,60,62 g/r/a/o0/d.java, line(s) 19 g/r/a/o0/h/a.java, line(s) 203,210 g/r/a/o0/h/b.java, line(s) 695,368,434 g/r/a/o0/j/a.java, line(s) 142,146 g/r/a/o0/j/b.java, line(s) 90,125,79 g/r/a/o0/j/d.java, line(s) 130,235,263,207,208,218,219,237,280,281,62,226 g/r/a/p0/a.java, line(s) 176 g/r/a/p0/g.java, line(s) 22,21 g/r/a/p0/h.java, line(s) 72,75,108,119,127,224 g/r/a/p0/j.java, line(s) 123,169 g/r/a/p0/r.java, line(s) 133 g/r/a/p0/s.java, line(s) 14 h/a/f.java, line(s) 29,57 io/bidmachine/core/Logger.java, line(s) 46,44,51 io/bidmachine/nativead/utils/NoSSLv3SocketFactory.java, line(s) 336,338 java/io/ByteArrayOutputStrean.java, line(s) 13,17,18,35,20
信息 此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改
此应用侦听剪贴板更改。一些恶意软件也会监听剪贴板更改 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/begal/appclone/classes/DisableClipboardAccess.java, line(s) 45,117,117,123,123,132,225,225,231,231,240,9
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/begal/appclone/classes/DisableClipboardAccess.java, line(s) 9,70,359
信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: com/ogury/cm/internal/aabba.java, line(s) 26,26 com/ogury/cm/internal/acbcc.java, line(s) 35,35 com/ogury/sdk/internal/j.java, line(s) 18,18
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/appodeal/ads/DeviceData.java, line(s) 64 com/startapp/c.java, line(s) 378,639,639,639,639,639,639 com/startapp/n1.java, line(s) 258,258,258,258,258,258 com/yandex/metrica/impl/ob/j4.java, line(s) 146 g/d/a/c2/a/c/e.java, line(s) 127 g/d/a/j.java, line(s) 160 g/d/a/k.java, line(s) 533,533,533,533,533 g/i/b/e/h/j/l6.java, line(s) 77 g/i/d/t/d/h/h.java, line(s) 99,99,100 h/a/h.java, line(s) 123 io/bidmachine/DeviceInfo.java, line(s) 224,213,213,213,213,213,206
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/startapp/networkTest/net/WebApiClient.java, line(s) 117,68 l/f0/c.java, line(s) 133,132,131,131
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (config.unityads.unitychina.cn) 通信。
{'ip': '115.231.182.12', 'country_short': 'CN', 'country_long': '中国', 'region': '浙江', 'city': '杭州', 'latitude': '30.293650', 'longitude': '120.161583'}