0

高危漏洞

3

中危漏洞

1

低危漏洞

3

警告

文件名 com.simplemobiletools.filemanager.pro_74.apk
上传者 user1234
文件大小 4.7765026092529MB
MD5 07d57c5b68506fac12350f758b2b12db
包名 com.simplemobiletools.filemanager.pro
Main Activity
Min SDK 21
Target SDK 28

权限列表

# 名称 说明 提示
0 android.permission.WRITE_EXTERNAL_STORAGE 允许应用程序写入SD卡。 提示

四大组件

组件名称

com.simplemobiletools.filemanager.pro.activities.SplashActivity
com.simplemobiletools.filemanager.pro.activities.MainActivity
com.simplemobiletools.filemanager.pro.activities.ReadTextActivity
com.simplemobiletools.filemanager.pro.activities.SettingsActivity
com.simplemobiletools.filemanager.pro.activities.FavoritesActivity
com.simplemobiletools.commons.activities.AboutActivity
com.simplemobiletools.commons.activities.LicenseActivity
com.simplemobiletools.commons.activities.CustomizationActivity
com.simplemobiletools.commons.activities.FAQActivity

com.simplemobiletools.commons.receivers.SharedThemeReceiver

androidx.core.content.FileProvider

第三方库

# 库名 介绍
0 com.bumptech.glide An image loading and caching library for Android focused on smooth scrolling
1 com.google.gson A Java serialization library that can convert Java Objects into JSON and back.

静态扫描发现风险点

风险等级 风险名称

中危

检测到当前标志被设置成true或没设置,这会导致adb调试备份允许恶意攻击者复制应用程序数据,造成数据泄露。

中危

该app需要移除大部分日志打印代码。
经扫描该包仍存在大量打日志代码,共发现168处打日志代码.(此处扫描的日志打印代码,是指调用android.util.Log.* 打印的.)
详情如下:

位置: classes.dex
androidx.appcompat.widget.na;->b(Ljava/lang/String;)Landroid/graphics/drawable/Drawable;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F$t;->a(I)Landroid/graphics/PointF;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
a.o.a.f;->arrowScroll(I)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
androidx.swiperefreshlayout.widget.SwipeRefreshLayout;->onInterceptTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
b.a.a.b.c;->c()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.app.I;->a()Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.app.AppCompatViewInflater;->themifyContext(Landroid/content/Context; Landroid/util/AttributeSet; Z Z)Landroid/content/Context;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
b.a.a.b.c;->b()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.c.p;->b(Lcom/bumptech/glide/f/d;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.Ha;->a(Landroid/view/View; I I Z Landroid/view/WindowManager$LayoutParams;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.o;->a(Landroid/graphics/drawable/Drawable; Landroidx/appcompat/widget/ta; [I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.c.n;->handleMessage(Landroid/os/Message;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.c.e.a;->a(Ljava/nio/ByteBuffer; I I Lcom/bumptech/glide/b/d; Lcom/bumptech/glide/load/i;)Lcom/bumptech/glide/load/c/e/e;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
a.k.a.b$a;->a(La/k/b/c; Ljava/lang/Object;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->a(Landroidx/fragment/app/Fragment; I I I Z)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
a.f.g.h;->a(Landroid/view/MenuItem; La/f/g/b;)Landroid/view/MenuItem;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.M;->c(Landroid/graphics/drawable/Drawable;)Landroid/graphics/Rect;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.Ca;->o()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->f(Landroidx/fragment/app/Fragment;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.GridLayoutManager;->getSpanIndex(Landroidx/recyclerview/widget/F$p; Landroidx/recyclerview/widget/F$u; I)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.c.a.w;->c(Lcom/bumptech/glide/load/engine/a/e; Landroid/graphics/Bitmap; I I)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F;->scrollToPosition(I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.y;->a(Landroidx/fragment/app/l; Landroidx/fragment/app/j; Landroidx/fragment/app/Fragment; Landroidx/fragment/app/u; Landroidx/lifecycle/u;)Landroidx/fragment/app/Fragment;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->a(I Landroidx/fragment/app/a;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.c;->a(Landroidx/fragment/app/t;)Landroidx/fragment/app/a;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
a.f.a.k;->a(Ljava/io/File; Ljava/io/InputStream;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.j;->b(I)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.f.a.i$a$a;->onPreDraw()Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.a;->a(Z)I==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.c.a.i;->b(Lcom/bumptech/glide/load/c/a/i$c;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
a.a.d.g$b;->b(Landroid/util/AttributeSet;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.l;->(Landroid/content/Context; I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.k;->a(Landroid/graphics/Bitmap;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.c.a.w;->b(Lcom/bumptech/glide/load/engine/a/e; Landroid/graphics/Bitmap; I I)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.Ca;->n()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.SearchView;->onVoiceClicked()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.f.k;->a(Lcom/bumptech/glide/load/engine/G; Ljava/lang/Object; Lcom/bumptech/glide/load/a;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
a.i.a.d;->h()[La/i/a/a;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.core.widget.NestedScrollView;->onInterceptTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->a(Landroid/os/Parcelable; Landroidx/fragment/app/u;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.LinearLayoutManager;->validateChildOrder()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
a.m.U;->a(Landroid/view/ViewGroup; Z)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.GridLayoutManager;->getSpanGroupIndex(Landroidx/recyclerview/widget/F$p; Landroidx/recyclerview/widget/F$u; I)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.U;->a(Landroid/view/View; I Z)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F$t;->a(I I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.j;->a(Lcom/bumptech/glide/load/engine/a/j$a; Ljava/lang/Class;)Ljava/lang/Object;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.GridLayoutManager;->getSpanSize(Landroidx/recyclerview/widget/F$p; Landroidx/recyclerview/widget/F$u; I)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->c(Landroidx/fragment/app/Fragment;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->a(Landroidx/fragment/app/Fragment;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
a.f.f.b;->a()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.Ja;->b(Landroid/view/View;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F;->onTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->o(Landroidx/fragment/app/Fragment;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.core.widget.j;->a(Ljava/lang/reflect/Field; Landroid/widget/TextView;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.k;->d()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.U;->l()I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.K;->b(Ljava/lang/Object;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.b.e;->a(Lcom/bumptech/glide/load/f; Lcom/bumptech/glide/load/engine/b/a$b;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F$i;->smoothScrollToPosition(Landroidx/recyclerview/widget/F; Landroidx/recyclerview/widget/F$u; I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.Ga;->a()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.k;->a(J)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
a.o.a.f;->setOffscreenPageLimit(I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.c.a.l;->a(Lcom/bumptech/glide/load/ImageHeaderParser$ImageType; Ljava/io/InputStream; Lcom/bumptech/glide/load/c/a/l$a; Lcom/bumptech/glide/load/engine/a/e; Lcom/bumptech/glide/load/c/a/j; I I I I I Landroid/graphics/BitmapFactory$Options;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.c.a.i;->a(Lcom/bumptech/glide/load/c/a/i$b;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.c.g;->a(Landroid/content/Context; Lcom/bumptech/glide/c/c$a;)Lcom/bumptech/glide/c/c;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.c;->a(Landroid/content/Context; Lcom/bumptech/glide/d;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->u()Landroid/os/Parcelable;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.f.a.i$a;->a(I I I)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.k;->a(I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->e(Landroidx/fragment/app/Fragment;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.c.a.r;->b()Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F;->fling(I I)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.c.a.n;->b(Lcom/bumptech/glide/load/engine/a/e; Landroid/graphics/drawable/Drawable; I I)Landroid/graphics/Bitmap;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F$x;->setIsRecyclable(Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
a.f.g.v;->d(Landroid/view/ViewConfiguration; Landroid/content/Context;)F==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.c.a.i;->a(Lcom/bumptech/glide/load/c/a/i$c; [B I)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.c.e.a;->a(Lcom/bumptech/glide/b/c; I I)I==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->v()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.d.e;->a()Ljava/util/List;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.core.app.f;->a(Landroid/app/Activity;)Landroid/content/Intent;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F;->setScrollingTouchSlop(I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
a.k.a.b$a;->d()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.na;->a(Landroid/database/Cursor;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
a.f.a.e;->a()Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.k;->a()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->a(Landroidx/fragment/app/Fragment; I I I Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->g(Landroidx/fragment/app/Fragment;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
b.e.a.e;->a(Ljava/lang/String; Ljava/lang/String; Lb/e/a/e$a; Ljava/lang/Exception;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
a.k.a.b$a;->a(La/k/b/c; Ljava/lang/Object;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->k(Landroidx/fragment/app/Fragment;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->a(Ljava/lang/RuntimeException;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F;->onInterceptTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.na;->a(Landroid/content/ComponentName;)Landroid/graphics/drawable/Drawable;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
a.k.a.b$a;->a(Z)La/k/b/c;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.b.j;->(Lcom/bumptech/glide/load/engine/b/j$a;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.i;->onCreate(Landroid/os/Bundle;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
b.a.a.b.c;->b()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.b.e;->a()Landroid/graphics/Bitmap;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
a.m.U;->a(Landroid/animation/LayoutTransition;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F;->handleMissingPreInfoForChangeError(J Landroidx/recyclerview/widget/F$x; Landroidx/recyclerview/widget/F$x;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
a.i.a.b;->a(Landroid/content/Context; Landroid/net/Uri; Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.f.k;->a(Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
a.h.b.c;->e(I)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.c.a.l;->a(Lcom/bumptech/glide/load/ImageHeaderParser$ImageType; Ljava/io/InputStream; Lcom/bumptech/glide/load/c/a/l$a; Lcom/bumptech/glide/load/engine/a/e; Lcom/bumptech/glide/load/c/a/j; I I I I I Landroid/graphics/BitmapFactory$Options;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.app.y;->e(I Landroid/view/KeyEvent;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.a;->a(Ljava/util/ArrayList; Ljava/util/ArrayList;)Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F;->dispatchLayout()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
a.f.g.b;->a(La/f/g/b$b;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
b.e.a.e;->a(Ljava/lang/String; Ljava/lang/String; Lb/e/a/e$a; Ljava/lang/Exception;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
a.i.a.b;->a(Landroid/content/Context; Landroid/net/Uri; Ljava/lang/String; J)J==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.c;->i()Lcom/bumptech/glide/a;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.c.a.c;->a(Lcom/bumptech/glide/load/engine/G; Ljava/io/File; Lcom/bumptech/glide/load/i;)Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.U;->()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F$i;->onLayoutChildren(Landroidx/recyclerview/widget/F$p; Landroidx/recyclerview/widget/F$u;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
a.a.d.g$b;->a(Landroid/view/MenuItem;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.c.a.i;->a(Lcom/bumptech/glide/load/c/a/i$c; Lcom/bumptech/glide/load/engine/a/b;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
a.f.a.b$b;->a(Landroid/graphics/Path; F F F F F F F Z Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.i;->onActivityResult(I I Landroid/content/Intent;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.b.e;->a(Lcom/bumptech/glide/load/f;)Ljava/io/File;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.l;->a(Ljava/lang/String; J Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.a;->a(I)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.lifecycle.j;->d()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
a.m.ba;->a()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
androidx.swiperefreshlayout.widget.SwipeRefreshLayout;->onTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
a.f.a.f;->b()Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.LinearLayoutManager;->logChildren()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F$t$a;->a(Landroidx/recyclerview/widget/F;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
a.f.g.v;->()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.W;->()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
b.d.a.a.b.a;->setBackgroundDrawable(Landroid/graphics/drawable/Drawable;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.c.e;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.na;->b(Landroid/net/Uri;)Landroid/graphics/drawable/Drawable;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.coordinatorlayout.widget.CoordinatorLayout;->b(I)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.W;->c(Z)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.u;->a(Ljava/lang/String; J Lcom/bumptech/glide/load/f;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.k;->a(J)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.h.a.d$b;->a()Ljava/lang/Object;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->a(Landroidx/fragment/app/Fragment; Z)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.core.app.j;->a(Landroid/app/Notification;)Landroid/os/Bundle;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.k;->d(I I Landroid/graphics/Bitmap$Config;)Landroid/graphics/Bitmap;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.app.y;->f()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->b(Landroidx/fragment/app/a;)I==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.a.k;->a(Lcom/bumptech/glide/h; Lcom/bumptech/glide/load/a/d$a;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.U;->c(Z)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.a.k;->a(Ljava/net/HttpURLConnection;)Ljava/io/InputStream;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
androidx.core.widget.NestedScrollView;->onTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.c.a.l;->a(I I Ljava/lang/String; Landroid/graphics/BitmapFactory$Options; Landroid/graphics/Bitmap; I I J)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->b(I)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F;->smoothScrollBy(I I Landroid/view/animation/Interpolator;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
a.k.a.b$a;->c()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->a(Landroid/os/Parcelable; Landroidx/fragment/app/u;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
a.i.a.b;->a(Landroid/content/Context; Landroid/net/Uri;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.core.widget.j;->a(Ljava/lang/String;)Ljava/lang/reflect/Field;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
b.e.a.e;->a(Ljava/lang/String; Ljava/lang/String; Lb/e/a/e$a; Ljava/lang/Exception;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.d.e;->a()Ljava/util/List;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.i;->onRequestPermissionsResult(I [Ljava/lang/String; [I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.fragment.app.t;->onCreateView(Landroid/view/View; Ljava/lang/String; Landroid/content/Context; Landroid/util/AttributeSet;)Landroid/view/View;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.k;->d(I I Landroid/graphics/Bitmap$Config;)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.c.a.l;->a(Ljava/io/InputStream; Landroid/graphics/BitmapFactory$Options; Lcom/bumptech/glide/load/c/a/j; Lcom/bumptech/glide/load/b; Z I I Z Lcom/bumptech/glide/load/c/a/l$a;)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
androidx.core.app.m;->a(Landroid/content/ComponentName;)Landroidx/core/app/m;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
androidx.core.content.a.h;->a(Landroid/content/Context; Landroid/content/res/Resources; Landroid/util/TypedValue; I I Landroidx/core/content/a/h$a; Landroid/os/Handler; Z)Landroid/graphics/Typeface;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.app.y;->k(I)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
androidx.appcompat.widget.Ja;->()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F;->scrollTo(I I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F$t;->a(Landroidx/recyclerview/widget/F; Landroidx/recyclerview/widget/F$i;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F;->smoothScrollToPosition(I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
androidx.recyclerview.widget.F;->scrollBy(I I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
androidx.coordinatorlayout.widget.CoordinatorLayout;->d(Landroid/view/View;)Landroidx/coordinatorlayout/widget/CoordinatorLayout$e;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

中危

检测到12条敏感明文信息,建议移除。

位置: classes.dex
'data:image' used in: Lcom/bumptech/glide/load/b/g;->a(Ljava/lang/Object;)Z
'data:image' used in: Lcom/bumptech/glide/load/b/h;->decode(Ljava/lang/String;)Ljava/io/InputStream;
'http://schemas.android.com/apk/res/android' used in: Landroidx/core/content/a/i;->a(Lorg/xmlpull/v1/XmlPullParser; Ljava/lang/String;)Z
'https://medium.com/@tibbi/some-simple-mobile-tools-apps-are-becoming-paid-d053268f0fb2' used in: Lcom/simplemobiletools/commons/dialogs/UpgradeToProDialog;->moreInfo()V
'https://play.google.com/store/apps/details?id=' used in: Lcom/simplemobiletools/commons/extensions/ContextKt;->getProUrl(Landroid/content/Context;)Ljava/lang/String;
'https://play.google.com/store/apps/details?id=' used in: Lcom/simplemobiletools/commons/dialogs/AppSideloadedDialog;->(Landroid/app/Activity; Lkotlin/d/a/a;)V
'https://play.google.com/store/apps/details?id=' used in: Lcom/simplemobiletools/commons/extensions/ContextKt;->getStoreUrl(Landroid/content/Context;)Ljava/lang/String;
'https://play.google.com/store/apps/details?id=' used in: Lcom/simplemobiletools/commons/dialogs/NewAppDialog;->(Landroid/app/Activity; Ljava/lang/String; Ljava/lang/String;)V
'https://play.google.com/store/apps/dev?id=9070296388022589266' used in: Lcom/simplemobiletools/commons/activities/BaseSimpleActivity$onCreate$1;->invoke()V
'https://play.google.com/store/apps/dev?id=9070296388022589266' used in: Lcom/simplemobiletools/commons/activities/AboutActivity$setupMoreApps$1;->onClick(Landroid/view/View;)V
'https://www.facebook.com/simplemobiletools' used in: Lcom/simplemobiletools/commons/activities/AboutActivity$setupFacebook$1;->onClick(Landroid/view/View;)V
'https://www.reddit.com/r/SimpleMobileTools' used in: Lcom/simplemobiletools/commons/activities/AboutActivity$setupReddit$1;->onClick(Landroid/view/View;)V

低危

非debug包,需要通过打包平台proguard脚本,移除大部分系统输出代码。
经扫描该包仍存在大量系统输出代码,共发现1处系统输出代码.(此处扫描的系统输出代码,是指调用System.out.print*输出的,本应在打包平台移除的系统输出代码.)
各个bundle系统输出代码详情如下:

位置: classes.dex
com.bumptech.glide.a.b;

警告

检测到3处addFlags使用Intent.FLAG_ACTIVITY_NEW_TASK。

位置: classes.dex
androidx.appcompat.widget.SearchView;->
androidx.appcompat.widget.SearchView;->createIntent
androidx.core.app.m;->a

APP创建Intent传递数据到其他Activity,如果创建的Activity不是在同一个Task中打开,就很可能被其他的Activity劫持读取到Intent内容,跨Task的Activity通过Intent传递敏感信息是不安全的。建议:
尽量避免使用包含FLAG_ACTIVITY_NEW_TASK标志的Intent来传递敏感信息。

参考资料:
http://wolfeye.baidu.com/blog/intent-data-leak

警告

检测到3个导出的组件接收其他app的消息,这些组件会被其他app引用并导致dos攻击。

activity com.simplemobiletools.filemanager.pro.activities.MainActivity
activity com.simplemobiletools.filemanager.pro.activities.ReadTextActivity
receiver com.simplemobiletools.commons.receivers.SharedThemeReceiver

建议:
(1)最小化组件暴露。对不会参与跨应用调用的组件建议显示添加android:exported="false"属性。
(2)设置组件访问权限。对provider设置权限,同时将权限的protectionLevel设置为"signature"或"signatureOrSystem"。
(3)组件传输数据验证。对组件之间,特别是跨应用的组件之间的数据传入与返回做验证和增加异常处理,防止恶意调试数据传入,更要防止敏感数据返回。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0169746
http://www.wooyun.org/bugs/wooyun-2010-0104965

参考资料:
http://jaq.alibaba.com/blog.htm?spm=0.0.0.0.Wz4OeC&id=55
《Android安全技术解密与防范》

警告

检测到1处provider的grantUriPermissions设置为true。
androidx.core.content.FileProvider


grant-uri-permission若设置为true,可被其它程序员通过uri访问到content provider的内容,容易造成信息泄露。

参考资料:
https://security.tencent.com/index.php/blog/msg/6


动态扫描发现风险点

风险等级 风险名称

服务端分析

风险等级 风险名称

警告

检测到?处XSS漏洞。
开发中...

警告

检测到?处XSS跨站漏洞。
开发中...

应用证书