Android审计平台,Android审计平台

最新推荐文章于 2022-04-21 17:38:54 发布
最新推荐文章于 2022-04-21 17:38:54 发布
阅读量270 收藏
点赞数
文章标签: Android审计平台

中危

检测到当前标志被设置成true或没设置,这会导致adb调试备份允许恶意攻击者复制应用程序数据,造成数据泄露。

中危

该app需要移除大部分日志打印代码。

经扫描该包仍存在大量打日志代码,共发现176处打日志代码.(此处扫描的日志打印代码,是指调用android.util.Log.* 打印的.)

详情如下:

位置: classes.dex

androidx.fragment.app.FragmentActivity;->onActivityResult(I I Landroid/content/Intent;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.content.a.f;->a(Landroid/content/Context; Landroid/content/res/Resources; Landroid/util/TypedValue; I I Landroidx/core/content/a/f$a; Landroid/os/Handler; Z)Landroid/graphics/Typeface;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.app.AppCompatDelegateImpl;->l(I)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.swiperefreshlayout.widget.SwipeRefreshLayout;->onInterceptTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.media.MediaBrowserServiceCompat$d$5;->run()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.app.AppCompatViewInflater;->themifyContext(Landroid/content/Context; Landroid/util/AttributeSet; Z Z)Landroid/content/Context;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.loader.a.b$b;->b()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.z;->a(Ljava/lang/String;)Landroid/graphics/drawable/Drawable;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->k(Landroidx/fragment/app/Fragment;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

com.wangdaye.mysplash.common.c.g;->a(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView$r;->d(I)Landroid/graphics/PointF;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView;->scrollTo(I I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.media.MediaBrowserServiceCompat$d$8;->run()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.transition.ad;->a()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.work.h$a;->e(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Throwable;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.customview.a.c;->g(I)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.FragmentActivity;->onCreate(Landroid/os/Bundle;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.work.h$a;->b(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Throwable;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.b.a.f;->b(I I Landroid/graphics/Bitmap$Config;)Landroid/graphics/Bitmap;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.z;->b(Landroid/net/Uri;)Landroid/graphics/drawable/Drawable;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.coordinatorlayout.widget.CoordinatorLayout;->a(Landroid/view/View;)Landroidx/coordinatorlayout/widget/CoordinatorLayout$e;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.ag;->f()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->a(Landroidx/fragment/app/Fragment; I I I Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.preference.SeekBarPreference$2;->onKey(Landroid/view/View; I Landroid/view/KeyEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.h.g;->a(Landroid/view/MenuItem; Landroidx/core/h/b;)Landroid/view/MenuItem;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.media.session.MediaButtonReceiver;->a(Landroid/content/Context;)Landroid/content/ComponentName;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.view.g$b;->a(Landroid/view/MenuItem;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.i.a;->b()[B==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.preference.PreferenceGroup;->c(Landroidx/preference/Preference;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView;->b(I I)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.aj;->a(Landroid/view/View; I I Z Landroid/view/WindowManager$LayoutParams;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.b.b.i;->(Landroid/content/Context; Landroid/app/ActivityManager; Lcom/bumptech/glide/load/b/b/i$b;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView;->s()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.media.MediaBrowserServiceCompat$d$6;->run()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.AppCompatSpinner$a;->a(Landroid/graphics/drawable/Drawable;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.d.k;->handleMessage(Landroid/os/Message;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.transition.y;->a(Landroid/animation/LayoutTransition;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.work.h$a;->a(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Throwable;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView;->onTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->n(Landroidx/fragment/app/Fragment;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.widget.NestedScrollView;->onInterceptTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->a(Ljava/lang/RuntimeException;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.z;->b(Landroid/content/ComponentName;)Landroid/graphics/drawable/Drawable;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView;->a(I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.b.a.f;->a(I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.a;->a(Z)I==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.h.b;->a(Landroidx/core/h/b$b;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.b.a;->f()Landroid/graphics/Bitmap;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->a(Landroidx/fragment/app/Fragment; Z)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.app.AppCompatDelegateImpl;->e(I Landroid/view/KeyEvent;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.resource.c.j;->a(Lcom/bumptech/glide/load/b/k; Ljava/io/OutputStream;)Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.media.session.MediaButtonReceiver;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.FragmentState;->a(Ljava/lang/ClassLoader; Landroidx/fragment/app/e;)Landroidx/fragment/app/Fragment;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.transition.y;->a(Landroid/view/ViewGroup; Z)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.h.v;->d(Landroid/view/ViewConfiguration; Landroid/content/Context;)F==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView$LayoutManager;->c(Landroidx/recyclerview/widget/RecyclerView$o; Landroidx/recyclerview/widget/RecyclerView$s;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.app.i;->a()Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView$r$a;->a(Landroidx/recyclerview/widget/RecyclerView;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.b.i;->e()Lcom/bumptech/glide/load/b/k;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

com.wangdaye.mysplash.common.db.DaoMaster$OpenHelper;->onCreate(Lorg/a/a/b/a;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

org.a.a.e;->b(Ljava/lang/String;)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.g.b.k$a$a;->onPreDraw()Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.graphics.f;->b()Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.preference.g;->a(Landroidx/preference/Preference;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.preference.SeekBarPreference;->a(Landroidx/preference/l;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.al;->()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.z;->a(Landroid/database/Cursor;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.loader.a.b$a;->a(Z)Landroidx/loader/b/a;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.f.a.c$a;->d(Landroidx/f/a/b;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.resource.bitmap.q;->a(Landroid/graphics/Bitmap; Lcom/bumptech/glide/load/b/a/c; I I)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.media.MediaBrowserServiceCompat$1;->a(Ljava/util/List;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.MenuPopupWindow;->c(Z)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.SearchView;->h()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.g;->a(Ljava/lang/Class; Ljava/lang/Class; Landroid/content/Context;)Lcom/bumptech/glide/load/c/l;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.media.MediaBrowserServiceCompat$d$1;->run()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.ai;->a()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.media.MediaBrowserServiceCompat$1;->a(Ljava/util/List;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.b.a.f;->a()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.GridLayoutManager;->c(Landroidx/recyclerview/widget/RecyclerView$o; Landroidx/recyclerview/widget/RecyclerView$s; I)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.u;->()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.app.f;->a(Landroid/app/Activity;)Landroid/content/Intent;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.MenuPopupWindow;->()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->a(I Landroidx/fragment/app/a;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView;->onInterceptTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView;->a(I I Landroid/view/animation/Interpolator;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.loader.a.b$b;->onChanged(Ljava/lang/Object;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView;->scrollBy(I I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->onCreateView(Landroid/view/View; Ljava/lang/String; Landroid/content/Context; Landroid/util/AttributeSet;)Landroid/view/View;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->l()Landroid/os/Parcelable;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.resource.bitmap.ImageHeaderParser;->a(Lcom/bumptech/glide/load/resource/bitmap/ImageHeaderParser$a;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

dagger.android.support.a;->a(Landroidx/fragment/app/Fragment;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView$v;->c(Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.resource.bitmap.n;->a(Ljava/io/InputStream; [B)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.b.a.f;->d()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.FragmentActivity;->onRequestPermissionsResult(I [Ljava/lang/String; [I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.u;->n()I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

butterknife.ButterKnife;->bind(Ljava/lang/Object; Landroid/view/View;)Lbutterknife/Unbinder;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->a(Landroidx/fragment/app/Fragment; I I I Z)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.widget.i;->a(Ljava/lang/reflect/Field; Landroid/widget/TextView;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView$r;->a(Landroidx/recyclerview/widget/RecyclerView; Landroidx/recyclerview/widget/RecyclerView$LayoutManager;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.a.f;->a(Ljava/net/HttpURLConnection;)Ljava/io/InputStream;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.f.a.c$a;->a(Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.media.MediaBrowserServiceCompat$d$4;->run()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->j(Landroidx/fragment/app/Fragment;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.swiperefreshlayout.widget.SwipeRefreshLayout;->onTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.room.c;->a(Landroidx/f/a/b;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.b.c;->a(Ljava/lang/String; J Lcom/bumptech/glide/load/c;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.app.AppCompatDelegateImpl;->h()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.g.b;->a()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->c(I)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.lifecycle.k;->d()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.viewpager.widget.ViewPager;->setOffscreenPageLimit(I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.AppCompatSpinner$a;->b(I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.loader.a.b$a;->c()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.slidingpanelayout.widget.SlidingPaneLayout;->onMeasure(I I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.ag;->g()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->a(Landroid/os/Parcelable;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.g.b;->a(Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.w;->a(Landroid/graphics/drawable/Drawable; Landroidx/appcompat/widget/ad; [I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

butterknife.ButterKnife;->findBindingConstructorForClass(Ljava/lang/Class;)Ljava/lang/reflect/Constructor;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.BackStackState;->a(Landroidx/fragment/app/h;)Landroidx/fragment/app/a;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.room.c;->a()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.c.a;->c()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.a;->b(I)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.GridLayoutManager;->a(Landroidx/recyclerview/widget/RecyclerView$o; Landroidx/recyclerview/widget/RecyclerView$s; I)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.al;->b(Landroid/view/View;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

org.a.a.e;->c(Ljava/lang/String;)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.GridLayoutManager;->b(Landroidx/recyclerview/widget/RecyclerView$o; Landroidx/recyclerview/widget/RecyclerView$s; I)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.preference.ListPreference;->n()Ljava/lang/CharSequence;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.b.a.f;->a(Landroid/graphics/Bitmap;)Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.app.m;->a(Landroid/content/ComponentName;)Landroidx/core/app/m;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.graphics.i;->a(Ljava/io/File; Ljava/io/InputStream;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView;->a(J Landroidx/recyclerview/widget/RecyclerView$v; Landroidx/recyclerview/widget/RecyclerView$v;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView;->c(I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.viewpager.widget.ViewPager;->c(I)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->l(Landroidx/fragment/app/Fragment;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->p(Landroidx/fragment/app/Fragment;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.u;->c(Z)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.a;->a(Ljava/util/ArrayList; Ljava/util/ArrayList;)Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.widget.NestedScrollView;->onTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.b.a.f;->b(I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.f.a.c$a;->a(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->o(Landroidx/fragment/app/Fragment;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->m(Landroidx/fragment/app/Fragment;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.h.v;->()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

com.wangdaye.mysplash.common.db.MysplashOpenHelper;->onUpgrade(Lorg/a/a/b/a; I I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.b.a.f;->b(I I Landroid/graphics/Bitmap$Config;)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.app.j;->a(Landroid/app/Notification;)Landroid/os/Bundle;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView$r;->a(I I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.u;->a(Landroid/view/View; I Z)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.media.MediaBrowserServiceCompat$d$9;->run()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.work.h$a;->c(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Throwable;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

com.wangdaye.mysplash.common.db.DaoMaster$DevOpenHelper;->onUpgrade(Lorg/a/a/b/a; I I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.AppCompatSpinner$a;->a(I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.fragment.app.h;->a(Landroidx/fragment/app/a;)I==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.graphics.b$b;->a(Landroid/graphics/Path; F F F F F F F Z Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.view.g$b;->b(Landroid/util/AttributeSet;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.coordinatorlayout.widget.CoordinatorLayout;->b(I)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.b.a.f;->b(I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.work.h$a;->d(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Throwable;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.media.MediaBrowserServiceCompat$d$3;->run()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.media.MediaBrowserServiceCompat$g;->handleMessage(Landroid/os/Message;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.widget.i;->a(Ljava/lang/String;)Ljava/lang/reflect/Field;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.room.e$d;->a(Landroidx/room/a/a;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.loader.a.b$a;->b()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

androidx.preference.PreferenceGroup;->g(I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView$LayoutManager;->a(Landroidx/recyclerview/widget/RecyclerView; Landroidx/recyclerview/widget/RecyclerView$s; I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.widget.q;->a(Landroid/graphics/drawable/Drawable;)Landroid/graphics/Rect;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

androidx.media.MediaBrowserServiceCompat$d$1;->run()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.b.a;->a(Ljava/lang/String; J)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

org.a.a.e;->a(Ljava/lang/String;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

androidx.core.graphics.e;->a()Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.recyclerview.widget.RecyclerView;->setScrollingTouchSlop(I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

androidx.appcompat.app.d;->d(I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.resource.bitmap.b;->a(Lcom/bumptech/glide/load/b/k; Ljava/io/OutputStream;)Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I

com.bumptech.glide.load.resource.bitmap.ImageHeaderParser;->d()[B==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I

中危

检测到67条敏感明文信息,建议移除。

位置: classes.dex

'fedec96@gmail.com' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'http://localhost/' used in: Lretrofit2/Response;->success(Ljava/lang/Object; Lokhttp3/Headers;)Lretrofit2/Response;

'http://localhost/' used in: Lretrofit2/Response;->success(Ljava/lang/Object;)Lretrofit2/Response;

'http://localhost/' used in: Lretrofit2/Response;->error(I Lokhttp3/ResponseBody;)Lretrofit2/Response;

'http://localhost/' used in: Lretrofit2/Response;->success(I Ljava/lang/Object;)Lretrofit2/Response;

'http://schemas.android.com/apk/res-auto' used in: Lcom/google/android/material/chip/a;->a(Landroid/util/AttributeSet; I I)V

'http://schemas.android.com/apk/res/android' used in: Landroidx/core/content/a/g;->a(Lorg/xmlpull/v1/XmlPullParser; Ljava/lang/String;)Z

'http://schemas.android.com/apk/res/android' used in: Lcom/google/android/material/chip/Chip;->a(Landroid/util/AttributeSet;)V

'https://api.getstream.io/' used in: Lcom/wangdaye/mysplash/common/network/d/h;->(Lokhttp3/OkHttpClient; Lretrofit2/adapter/rxjava2/RxJava2CallAdapterFactory; Lb/a/b/a;)V

'https://api.unsplash.com/' used in: Lcom/wangdaye/mysplash/common/network/d/o;->(Lokhttp3/OkHttpClient; Lretrofit2/converter/gson/GsonConverterFactory; Lretrofit2/adapter/rxjava2/RxJava2CallAdapterFactory; Lb/a/b/a;)V

'https://api.unsplash.com/' used in: Lcom/wangdaye/mysplash/common/network/d/j;->(Lokhttp3/OkHttpClient; Lretrofit2/converter/gson/GsonConverterFactory; Lretrofit2/adapter/rxjava2/RxJava2CallAdapterFactory; Lb/a/b/a;)V

'https://api.unsplash.com/' used in: Lcom/wangdaye/mysplash/common/network/d/b;->(Lokhttp3/OkHttpClient; Lretrofit2/converter/gson/GsonConverterFactory; Lretrofit2/adapter/rxjava2/RxJava2CallAdapterFactory; Lb/a/b/a;)V

'https://api.unsplash.com/' used in: Lcom/wangdaye/mysplash/common/network/d/l;->(Lokhttp3/OkHttpClient; Lretrofit2/converter/gson/GsonConverterFactory; Lretrofit2/adapter/rxjava2/RxJava2CallAdapterFactory; Lb/a/b/a;)V

'https://api.unsplash.com/' used in: Lcom/wangdaye/mysplash/common/network/d/n;->(Lokhttp3/OkHttpClient; Lretrofit2/converter/gson/GsonConverterFactory; Lretrofit2/adapter/rxjava2/RxJava2CallAdapterFactory; Lb/a/b/a;)V

'https://avatars0.githubusercontent.com/u/3891063?v=3&s=400' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://avatars1.githubusercontent.com/u/22525368?v=3&s=400' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://avatars2.githubusercontent.com/u/14093922?v=3&s=460' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://avatars2.githubusercontent.com/u/22666602?v=3&s=460' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://avatars2.githubusercontent.com/u/8462938?v=3&s=460' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/Bakumon/NumberAnimTextView' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/DavidPacioianu/InkPageIndicator' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/JakeWharton/butterknife' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/OffifialMITX' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/ReactiveX/RxAndroid' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/ReactiveX/RxJava' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/Ulop' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/WangDaYeeeeee' used in: Lcom/wangdaye/mysplash/about/ui/holder/AppHolder;->clickItem()V

'https://github.com/WangDaYeeeeee/MySplash' used in: Lcom/wangdaye/mysplash/about/ui/holder/AppHolder;->clickItem()V

'https://github.com/bm-x/PhotoView' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/bumptech/glide' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/google/dagger' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/greenrobot/greenDAO' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/hdodenhof/CircleImageView' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/lingochamp/FileDownloader' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/mueller-ma' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/naofum' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/rahatarmanahmed/CircularProgressView' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/square/retrofit' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/valentind44' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://github.com/zhihu/RxLifecycle' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://images.unsplash.com/photo-1451847487946-99830706c22d?ixlib=rb-0.3.5&q=80&fm=jpg&crop=entropy&cs=tinysrgb&w=1080&fit=max&s=334b584fa099b256b9e755cd3b75fd45' used in: Lcom/wangdaye/mysplash/common/db/WallpaperSource;->mysplashSource()Lcom/wangdaye/mysplash/common/db/WallpaperSource;

'https://images.unsplash.com/photo-1544979407-1204ff29f490?ixlib=rb-0.3.5&q=80&fm=jpg&crop=entropy&cs=tinysrgb&w=1080&fit=max&s=334b584fa099b256b9e755cd3b75fd45' used in: Lcom/wangdaye/mysplash/common/db/WallpaperSource;->unsplashSource()Lcom/wangdaye/mysplash/common/db/WallpaperSource;

'https://lh3.googleusercontent.com/-G62rc78uq2Q/AAAAAAAAAAI/AAAAAAAAB14/IDC70nBA63U/s128-p-k-rw-no/photo.jpg' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://lh3.googleusercontent.com/-zf-IZfbNHg4/AAAAAAAAAAI/AAAAAAAANfM/-0-pEtFp5a8/s60-p-rw-no/photo.jpg' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://lh3.googleusercontent.com/3fnKvLj0v3uhsxzSDBwUBzN-ppW9LbaAi7opuGqav7QEIDd5Kl0Fm5GYTPX6oQ-wSb_9FFo7PD2WPg=w1920-h1080-rw-no' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://plus.google.com/+SakshamBarsaiyan' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://qr.alipay.com/a6x003871ksdfhcaplh7iab' used in: Lcom/wangdaye/mysplash/common/c/b/b;->a(Landroid/content/Context;)V

'https://ssl.gstatic.com/bt/C3341AA7A1A076756462EE2E5CD71C11/avatars/avatar_tile_s_80.png' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'https://unsplash.com' used in: Lcom/wangdaye/mysplash/common/network/b/d;->intercept(Lokhttp3/Interceptor$Chain;)Lokhttp3/Response;

'https://unsplash.com/' used in: Lcom/wangdaye/mysplash/common/network/b/d;->intercept(Lokhttp3/Interceptor$Chain;)Lokhttp3/Response;

'https://unsplash.com/' used in: Lcom/wangdaye/mysplash/common/network/d/j;->(Lokhttp3/OkHttpClient; Lretrofit2/converter/gson/GsonConverterFactory; Lretrofit2/adapter/rxjava2/RxJava2CallAdapterFactory; Lb/a/b/a;)V

'https://unsplash.com/' used in: Lcom/wangdaye/mysplash/common/network/d/o;->(Lokhttp3/OkHttpClient; Lretrofit2/converter/gson/GsonConverterFactory; Lretrofit2/adapter/rxjava2/RxJava2CallAdapterFactory; Lb/a/b/a;)V

'https://unsplash.com/' used in: Lcom/wangdaye/mysplash/common/network/d/f;->(Lokhttp3/OkHttpClient; Lretrofit2/converter/gson/GsonConverterFactory; Lretrofit2/adapter/rxjava2/RxJava2CallAdapterFactory; Lb/a/b/a;)V

'https://unsplash.com/' used in: Lcom/wangdaye/mysplash/common/network/d/b;->(Lokhttp3/OkHttpClient; Lretrofit2/converter/gson/GsonConverterFactory; Lretrofit2/adapter/rxjava2/RxJava2CallAdapterFactory; Lb/a/b/a;)V

'https://unsplash.com/' used in: Lcom/wangdaye/mysplash/common/network/d/i;->(Lokhttp3/OkHttpClient; Lretrofit2/converter/gson/GsonConverterFactory; Lretrofit2/adapter/rxjava2/RxJava2CallAdapterFactory; Lb/a/b/a;)V

'https://unsplash.com/' used in: Lcom/wangdaye/mysplash/common/network/d/a;->(Lokhttp3/OkHttpClient; Lretrofit2/converter/gson/GsonConverterFactory; Lretrofit2/adapter/rxjava2/RxJava2CallAdapterFactory; Lb/a/b/a;)V

'https://unsplash.com/' used in: Lcom/wangdaye/mysplash/common/network/d/l;->(Lokhttp3/OkHttpClient; Lretrofit2/converter/gson/GsonConverterFactory; Lretrofit2/adapter/rxjava2/RxJava2CallAdapterFactory; Lb/a/b/a;)V

'https://unsplash.com/' used in: Lcom/wangdaye/mysplash/common/network/d/d;->(Lokhttp3/OkHttpClient; Lretrofit2/converter/gson/GsonConverterFactory; Lretrofit2/adapter/rxjava2/RxJava2CallAdapterFactory; Lb/a/b/a;)V

'https://unsplash.com/@' used in: Lcom/wangdaye/mysplash/common/c/h;->a(Lcom/wangdaye/mysplash/common/network/json/User;)V

'https://unsplash.com/collections/' used in: Lcom/wangdaye/mysplash/common/c/h;->a(Lcom/wangdaye/mysplash/common/network/json/Collection;)V

'https://unsplash.com/collections/curated/' used in: Lcom/wangdaye/mysplash/common/c/h;->a(Lcom/wangdaye/mysplash/common/network/json/Collection;)V

'https://unsplash.com/join' used in: Lcom/wangdaye/mysplash/common/ui/activity/LoginActivity;->join()V

'https://unsplash.com/oauth/authorize?client_id=' used in: Lcom/wangdaye/mysplash/Mysplash;->c(Landroid/content/Context;)Ljava/lang/String;

'https://unsplash.com/photos/' used in: Lcom/wangdaye/mysplash/common/c/h;->a(Lcom/wangdaye/mysplash/common/network/json/Photo;)V

'https://unsplash.com/submit' used in: Lcom/wangdaye/mysplash/me/ui/MeActivity;->h(I)V

'memcos@gmail.com' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

'oton.translator@gmail.com' used in: Lcom/wangdaye/mysplash/about/a;->a(Landroid/content/Context;)Ljava/util/List;

中危

检测到1使用全局可读写操作文件。

位置: classes.dex

androidx.preference.j;->c()Landroid.content.SharedPreferences;===>getSharedPreferences

在使用getDir、getSharedPreferences(SharedPreference)或openFileOutput时,如果设置了全局的可读权限,攻击者恶意读取文件内容,获取敏感信息。在设置文件属性时如果设置全局可写,攻击者可能会篡改、伪造内容,可以能会进行诈骗等行为,造成用户财产损失。建议:

(1)使用MODE_PRIVATE模式创建内部存储文件。

(2)加密存储敏感数据。

(3)避免在文件中存储明文和敏感信息。

参考案例:

http://wooyun.org/bugs/wooyun-2010-047172

http://wooyun.org/bugs/wooyun-2010-054438

http://wooyun.org/bugs/wooyun-2010-0151270

参考资料:

https://jaq.alibaba.com/blog.htm?id=56

https://jaq.alibaba.com/blog.htm?id=58

http://wolfeye.baidu.com/blog/global-rw-of-file

http://wolfeye.baidu.com/blog/global-rw-of-sharepreference/

低危

检测3处Intent Scheme URI漏洞。

位置: classes.dex

Lcom/google/android/apps/muzei/api/Artwork;->fromBundle(Landroid/os/Bundle;)Lcom/google/android/apps/muzei/api/Artwork;

Lcom/google/android/apps/muzei/api/Artwork;->fromCursor(Landroid/database/Cursor;)Lcom/google/android/apps/muzei/api/Artwork;

Lcom/google/android/apps/muzei/api/Artwork;->fromJson(Lorg/json/JSONObject;)Lcom/google/android/apps/muzei/api/Artwork;

Intent Scheme URI是一种特殊的URL格式,用来通过Web页面启动已安装应用的Activity组件,大多数主流浏览器都支持此功能。如果在app中,没有检查获取到的load_url的值,攻击者可以构造钓鱼网站,诱导用户点击加载,就可以盗取用户信息。所以,对Intent URI的处理不当时,就会导致基于Intent的攻击。建议:

如果使用了Intent.parseUri函数,获取的intent必须严格过滤,intent至少包含addCategory(“android.intent.category.BROWSABLE”),setComponent(null),setSelector(null)3个策略。

参考资料:

http://wolfeye.baidu.com/blog/intent-scheme-url/

http://drops.wooyun.org/papers/2893

http://drops.wooyun.org/mobile/15202

低危

非debug包,需要通过打包平台proguard脚本,移除大部分系统输出代码。

经扫描该包仍存在大量系统输出代码,共发现2处系统输出代码.(此处扫描的系统输出代码,是指调用System.out.print*输出的,本应在打包平台移除的系统输出代码.)

各个bundle系统输出代码详情如下:

位置: classes.dex

b.a.c.a$c;

com.bumptech.glide.a.a;

警告

检测到8处addFlags使用Intent.FLAG_ACTIVITY_NEW_TASK。

位置: classes.dex

androidx.core.app.m;->a

com.wangdaye.mysplash.common.c.b.c;->b

com.wangdaye.mysplash.common.c.b.c;->a

androidx.appcompat.widget.SearchView;->androidx.appcompat.widget.SearchView;->a

com.wangdaye.mysplash.common.download.a.b;->i

com.wangdaye.mysplash.common.download.a.b;->h

com.google.android.apps.muzei.api.provider.MuzeiArtProvider;->openArtworkInfo

APP创建Intent传递数据到其他Activity,如果创建的Activity不是在同一个Task中打开,就很可能被其他的Activity劫持读取到Intent内容,跨Task的Activity通过Intent传递敏感信息是不安全的。建议:

尽量避免使用包含FLAG_ACTIVITY_NEW_TASK标志的Intent来传递敏感信息。

参考资料:

http://wolfeye.baidu.com/blog/intent-data-leak

警告

检测到9个导出的组件接收其他app的消息,这些组件会被其他app引用并导致dos攻击。

activitycom.wangdaye.mysplash.common.ui.activity.LoginActivity

activitycom.wangdaye.mysplash.me.ui.MeActivity

activitycom.wangdaye.mysplash.common.ui.activity.DownloadManageActivity

activitycom.wangdaye.mysplash.common.ui.activity.SetWallpaperActivity

activitycom.wangdaye.mysplash.common.ui.activity.muzei.MuzeiSettingsActivity

activitycom.wangdaye.mysplash.common.ui.activity.muzei.MuzeiCollectionSourceConfigActivity

activitycom.wangdaye.mysplash.common.ui.activity.invisible.DispatchBrowserActionActivity

servicecom.wangdaye.mysplash.common.muzei.MysplashMuzeiArtSource

receivercom.wangdaye.mysplash.common.download.DownloadReceiver

建议:

(1)最小化组件暴露。对不会参与跨应用调用的组件建议显示添加android:exported="false"属性。

(2)设置组件访问权限。对provider设置权限,同时将权限的protectionLevel设置为"signature"或"signatureOrSystem"。

(3)组件传输数据验证。对组件之间,特别是跨应用的组件之间的数据传入与返回做验证和增加异常处理,防止恶意调试数据传入,更要防止敏感数据返回。

参考案例:

http://www.wooyun.org/bugs/wooyun-2010-0169746

http://www.wooyun.org/bugs/wooyun-2010-0104965

参考资料:

http://jaq.alibaba.com/blog.htm?spm=0.0.0.0.Wz4OeC&id=55

《Android安全技术解密与防范》

警告

检测到1个导出的隐式Service组件。

servicecom.wangdaye.mysplash.common.muzei.MysplashMuzeiArtSource

建议:为了确保应用的安全性,启动Service时,请始终使用显式Intent,且不要为服务声明Intent过滤器。使用隐式Intent启动服务存在安全隐患,因为您无法确定哪些服务将响应Intent,且用户无法看到哪些服务已启动。从Android 5.0(API 级别 21)开始,如果使用隐式 Intent 调用 bindService(),系统会抛出异常。

参考资料:

https://developer.android.com/guide/components/intents-filters.html#Types

警告

检测2处組件設置了android.intent.category.BROWSABLE属性。

com.wangdaye.mysplash.common.ui.activity.LoginActivity

com.wangdaye.mysplash.common.ui.activity.invisible.DispatchBrowserActionActivity

在AndroidManifest文件中定义了android.intent.category.BROWSABLE属性的组件,可以通过浏览器唤起,这会导致远程命令执行漏洞攻击。建议:

(1)APP中任何接收外部输入数据的地方都是潜在的攻击点,过滤检查来自网页的参数。

(2)不要通过网页传输敏感信息,有的网站为了引导已经登录的用户到APP上使用,会使用脚本动态的生成URL Scheme的参数,其中包括了用户名、密码或者登录态token等敏感信息,让用户打开APP直接就登录了。恶意应用也可以注册相同的URL Sechme来截取这些敏感信息。Android系统会让用户选择使用哪个应用打开链接,但是如果用户不注意,就会使用恶意应用打开,导致敏感信息泄露或者其他风险。

參考案例:

http://www.wooyun.org/bugs/wooyun-2014-073875

http://www.wooyun.org/bugs/wooyun-2014-067798

参考资料:

http://wolfeye.baidu.com/blog/intent-scheme-url/

http://www.jssec.org/dl/android_securecoding_en.pdf

http://drops.wooyun.org/mobile/15202

http://blog.csdn.net/l173864930/article/details/36951805

http://drops.wooyun.org/papers/2893

警告

检测到1处provider的grantUriPermissions设置为true。

androidx.core.content.FileProvider

grant-uri-permission若设置为true,可被其它程序员通过uri访问到content provider的内容,容易造成信息泄露。

参考资料:

https://security.tencent.com/index.php/blog/msg/6

警告

检测到4处使用了加解密算法。密钥处理不当可能会导致信息泄露。

位置: classes.dex

okio.ByteString;->hmac(Ljava.lang.String; Lokio.ByteString;)Lokio.ByteString;

okio.HashingSource;->(Lokio.Source; Lokio.ByteString; Ljava.lang.String;)V

okio.Buffer;->hmac(Ljava.lang.String; Lokio.ByteString;)Lokio.ByteString;

okio.HashingSink;->

即将离开的人
关注
android审计日志,hdfs auditlog(审计日志)
weixin_31889705的博客
06-03 955
hdfs审计日志(Auditlog)记录了用户针对hdfs的所有操作,详细信息包括操作成功与否、用户名称、客户机地址、操作命令、操作的目录等。对于用户的每一个操作,namenode都会将这些信息以key-value对的形式组织成固定格式的一条日志,然后记录到audit.log文件中。通过审计日志,我们可以实时查看hdfs的各种操作状况、可以追踪各种误操作、可以做一些指标监控等等。hdfs的审计日志...
浅谈Android软件安全自动化审计
10-08
一本非常好的研究Android安全的书籍,内含研究代码。是从事移动安全人员很好的教程
android分析审计工具,一种实时高效率的Android应用审计方法——AppAudit
weixin_39828715的博客
05-25 653
一种实时高效的Android应用审计方法——AppAuditEffective Real-time Android Application Auditing, 2015 IEEE Symposium on Security and Privacy, 2015年5月 [1]http://www.ieee-security.org/TC/SP2015/papers/6949a899.pdf1.1. 背...
Android 应用的逆向和审计
weixin_30878501的博客
02-26 317
Android 应用程序拆解 Android 应用程序是在开发应用程序时创建的数据和资源文件的归档文件。 Android 应用程序的扩展名是.apk,意思是应用程序包,在大多数情况下包括以下文件和文件夹: Classes.dex(文件) AndroidManifest.xml(文件) META-INF(文件夹) resources.arsc(文件) res(文件...
android分析审计工具,Android审计平台
weixin_39942397的博客
05-25 341
该app需要移除大部分日志打印代码。经扫描该包仍存在大量打日志代码,共发现103处打日志代码.(此处扫描的日志打印代码,是指调用android.util.Log.* 打印的.)详情如下:位置: classes.dexcom.tencent.bugly.yaq.crashreport.CrashReport;->getUserData(Landroid/content/Context; Lja...
Android系统安全审计概述.pptx
10-12
Android系统安全审计是确保移动设备及其应用程序免受恶意攻击的关键环节。在当今信息化社会,智能手机和平板电脑等Android设备已经成为日常生活中不可或缺的一部分,因此保护这些设备的安全至关重要。本篇文章将详细...
信息安全_浅谈Android自动化审计.pptx
08-14
Android自动化审计】是针对移动应用安全性的一种重要技术,尤其在Android平台上,由于其开源特性,安全问题尤为突出。本文将探讨基于Java和Smali的两种自动化审计方法,以及它们在移动安全领域的应用。 首先,...
行业文档-设计装置-基于Android平台的智能备忘录策略审计系统.zip
09-06
《基于Android平台的智能备忘录策略审计系统》是一份深度探讨如何在Android平台上构建高效、安全的备忘录应用的行业文档。该文档详细阐述了设计与实现这样一个系统的各个环节,旨在提供一种策略审计机制,确保用户...
Coeus:Android apksdk扫描包括android apksdk安全审计代码扫描以及国内政策扫描
03-08
如果我们需要导入android sdk,我们可能会对sdk有一些疑问,例如安全性/权限/政策/信息 Coeus项目将帮助您做到这一点。 您可以在报告目录中看到report.xml。 尝试 尝试进行第一次Coeus扫描: python coeus.py xxx....
java反编译class源码-AndroTickler:适用于Android应用的渗透测试和审计工具包
06-05
java反编译class源码安德罗·提克勒 一个 Java 工具,有助于更快、更轻松、更高效地渗透测试 Android 应用程序。 AndroTickler 提供了许多信息收集、静态和动态检查功能,涵盖了 Android 应用程序渗透测试的大部分方面。 它还提供了渗透测试人员在渗透测试期间需要的一些功能。 AndroTickler 还与 Frida 集成以提供方法跟踪和操作。 它以前以Tickler的名义出版。 AndroTickler 需要一个 linux 主机和一个连接到其 USB 端口的有根 Android 设备。 该工具不会在 Android 设备上安装任何东西,它只会在 /sdcard 上创建一个Tickler目录。 AndroTickler 依赖 Android SDK 在设备上运行命令并将应用程序的数据复制到主机上的TicklerWorkspace目录以供进一步分析。 TicklerWorkspace是AndroTickler的工作目录,每个应用程序在TicklerWorkspace 中都有一个单独的子目录,其中可以包含以下内容(取决于用户操作): DataDir 目录:
混淆java隐藏源码-AndroidChecklist:Android应用审计checklist整理
06-06
混淆java隐藏源码 Android应用审计checklist整理 在对一个Android应用做安全审计分析的时候,可以从静态、动态2个方面去做安全分析,下面是我整理的常规漏洞的checklist,欢迎大家补充。 一、静态扫描 1 文件信息 2 证书检测 3 权限信息检测 4 so文件检测 5 第三方库/SDK/组件检测 第三方开源库/SDK检测 6 manifest文件检测 6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8 7 组件安全检测 7.1 7.2 7.3 7.4 7.5 7.6 7.7 7.8 7.9 7.10 7.11 8 webview组件安全检测 8.1 8.2 8.3 8.4 8.5 8.6 8.7 8.8 8.9 9 sqlite安全检测 9.1 9.2 9.3 9.4 9.5 10 网络通信安全检测 10.1 10.2 10.3 10.4 10.5 11 弱加密风险检测 11.1 11.2 11.3 11.4 11.5 11.6 12 数据安全检测 12.1 12.2 12.3 12.4 12.5 12.6 12.7 12.8 12.9 12.10
Easytalk博客系统代码审计.docx
04-19
代码审计练习,从本地搭建环境到详细代码审计步骤再到漏洞验证一条龙。EasyTalk是国内首款多用户PHP+Mysql开源微博客系统,支持网页、手机等多种方式发表和接收信息,EasyTalk微博客系统是由兰州乐游网络科技有限公司开发研制而成,轻量级架构,使得使用者上手容易,管理者安装部署容易、管理便捷。EasyTalk功能强大,可二次开发性高,人性化的模板自定义功能。采用PHP+MySQL构建,基于thinkphp框架编写,使用轻量级的模板引擎,使得维护以及美化更简单。系统内使用Memcache对数据查询进行高效的缓存,足可以满足大访问量、高并发的请求
Android审计平台,Android系统安全审计方法研究
weixin_39995297的博客
06-02 312
摘要:随着智能手机的快速发展和大量普及,移动互联网的安全已是当今主流安全威胁之一。Android是目前市场占有量最大的移动智能设备平台,它也成为众多恶意代码攻击的目标。恶意代码产生的危害巨大,它不仅会窃取用户个人隐私,侵犯用户的权益,更会对用户造成严重的经济损失。定期对移动终端设备进行安全审计,有利于降低系统被入侵的风险,提高系统的安全性。但现有的Android安全审计系统的全面性、安全性和灵活性...
快速的Android漏洞的审计工具
欢迎来到我的博客!我是[一禅],一名专注于软件测试领域的资深专家,拥有10年以上的丰富经验。在这个博客中,我将分享我的知识和经验,帮助你从编程小白成长为技术大神。
10-21 1795
Quick Android Review Kit -这个工具的目的是寻找一些与安全相关的Android应用程序的漏洞,无论是源代码还是打包的APK。 使用方法 在互动模式下运行: Default 1$ python qark.py在headless模式下运行:Defaul
Android安卓安全审计mobiseclab
亚飞正传的专栏
11-05 2616
关于安卓上的app分析,安全审计,有很多的本地化软件可以胜任,不过,今天给大家介绍一款在线的安全审计,恶意软件(android app)检测和分析工具,mobiseclab,有着强大的分析和源码审计功能.
android app代码审计,常规漏洞/缺陷整理(持续更新)
qq_29194615的博客
04-21 4795
android app代码审计,常规漏洞/缺陷整理(持续更新)
Android量身定做的代码审查利器——Lint
chengxuyuan22的博客
06-21 984
一、Android Lint简介 Android Lint是SDK Tools 16(ADT16,当前笔者使用的ADT已经是26了,所以现在就不用担心自己所使用的SDK中不包含lint工具了)开始引入的一个代码扫描工具,路径为:Sdk\tools\bin\lint.bat。通过它对Android工程源代码进行扫描和检查,可发现潜在的问题,以便程序员及早修正这个问题。通过Lint,无需实际执行应用,也不必编写测试用例,就可以检查Android项目中源文件是否存潜在的错误,以及在正确性、安全性、...
Android 代码审计工具和常见问题
hellenicguo的专栏
11-25 1927
1.Android lint工具 Android studio 找到Analyze目录下的Inspect Code 检查代码选择检查代码的范围 2.FindBugs_IDEA 插件 AndroidStudio 点击Setting ->Plugins点击Brow Repositories搜索FindBugs_IDEA  点击Install 注意FindBugs_IDEA 只支持JDK1
Android平台安全隐患剖析与防护策略
Android平台通用安全问题分析及策略深入探讨了Android系统在安全性方面的挑战。相较于封闭且集中管理的iOS,Android以其开放性带来了更高的灵活性和定制能力,但同时也暴露了安全性的脆弱性。开发团队在注重用户体验...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值