漏洞分析

0

高危漏洞

3

中危漏洞

4

低危漏洞

7

警告

文件名 Signal%20Private%20Messenger_v4.26.2.apk
上传者 test
文件大小 31.939023017883MB
MD5 2fbb193a23032b5c273572d019dcd279
包名 org.thoughtcrime.securesms
Main Activity
Min SDK 14
Target SDK 25

权限列表

# 名称 说明 提示
0 android.permission.CALL_PHONE 允许应用程序在您不介入的情况下拨打电话。恶意应用程序可借此在您的话费单上产生意外通话费。请注意,此权限不允许应用程序拨打紧急呼救电话。 警告
1 android.permission.PROCESS_OUTGOING_CALLS 允许应用程序处理外拨电话或更改要拨打的号码。恶意应用程序可能会借此监视、另行转接甚至阻止外拨电话。 警告
2 android.permission.READ_SMS 允许应用程序读取您的手机或SIM卡中存储的短信。恶意应用程序可借此读取您的机密信息。 警告
3 android.permission.SEND_SMS 允许应用程序发送短信。恶意应用程序可能会不经您的确认就发送信息,给您带来费用。 警告
4 android.permission.ACCESS_COARSE_LOCATION 访问大概的位置源(例如蜂窝网络数据库)以确定手机的大概位置(如果可以)。恶意应用程序可借此确定您所处的大概位置。 注意
5 android.permission.ACCESS_FINE_LOCATION 访问精准的位置源,例如手机上的全球定位系统(如果有)。恶意应用程序可能会借此确定您所处的位置,并可能消耗额外的电池电量。 注意
6 android.permission.BLUETOOTH 允许应用程序查看本地蓝牙手机的配置,以及建立或接受与配对设备的连接。 注意
7 android.permission.BROADCAST_STICKY 允许应用程序发送顽固广播,这些广播在结束后仍会保留。恶意应用程序可能会借此使手机耗用太多内存,从而降低其速度或稳定性。 注意
8 android.permission.READ_CALENDAR 允许应用程序读取您手机上存储的所有日历活动。恶意应用程序可借此将您的日历活动发送给其他人。 注意
9 android.permission.READ_CONTACTS 允许应用程序读取您手机上存储的所有联系人(地址)数据。恶意应用程序可借此将您的数据发送给其他人。 注意
10 android.permission.READ_PHONE_STATE 允许应用程序访问设备的手机功能。有此权限的应用程序可确定此手机的号码和序列号,是否正在通话,以及对方的号码等。 注意
11 android.permission.RECEIVE_BOOT_COMPLETED 允许应用程序在系统完成启动后即自行启动。这样会延长手机的启动时间,而且如果应用程序一直运行,会降低手机的整体速度。 注意
12 android.permission.RECEIVE_MMS 允许应用程序接收和处理彩信。恶意应用程序可借此监视您的信息,或者将信息删除而不向您显示。 注意
13 android.permission.RECEIVE_SMS 允许应用程序接收和处理短信。恶意应用程序可借此监视您的信息,或者将信息删除而不向您显示。 注意
14 android.permission.RECORD_AUDIO 允许应用程序访问录音路径。 注意
15 android.permission.WRITE_CALENDAR 允许应用程序添加或更改日历中的活动,这可能会向邀请对象发送电子邮件。恶意应用程序可能会借此清除或修改您的日历活动,或者向邀请对象发送电子邮件。 注意
16 android.permission.WRITE_CONTACTS 允许应用程序修改您手机上存储的联系人(地址)数据。恶意应用程序可借此清除或修改您的联系人数据。 注意
17 android.permission.WRITE_SMS 允许应用程序写入手机或SIM卡中存储的短信。恶意应用程序可借此删除您的信息。 注意
18 android.permission.WRITE_SYNC_SETTINGS 允许应用程序修改同步设置,例如是否为\“联系人\”启用同步。 注意
19 android.permission.ACCESS_NETWORK_STATE 允许应用程序查看所有网络的状态。 提示
20 android.permission.ACCESS_WIFI_STATE 允许应用程序查看有关WLAN状态的信息。 提示
21 android.permission.AUTHENTICATE_ACCOUNTS 允许应用程序使用AccountManager的帐户身份验证程序功能,包括创建帐户以及获取和设置其密码。 提示
22 android.permission.CAMERA 允许应用程序使用相机拍照,这样应用程序可随时收集进入相机镜头的图像。 提示
23 android.permission.CHANGE_NETWORK_STATE 允许应用程序更改网络连接的状态。 提示
24 android.permission.CHANGE_WIFI_STATE 允许应用程序连接到WLAN接入点以及与WLAN接入点断开连接,并对配置的WLAN网络进行更改。 提示
25 android.permission.DISABLE_KEYGUARD 允许应用程序停用键锁和任何关联的密码安全设置。例如,在手机上接听电话时停用键锁,在通话结束后重新启用键锁。 提示
26 android.permission.GET_ACCOUNTS 允许应用程序获取手机已知的帐户列表。 提示
27 android.permission.INTERNET 允许程序访问网络. 提示
28 android.permission.MODIFY_AUDIO_SETTINGS 允许应用程序修改整个系统的音频设置,如音量和路由。 提示
29 android.permission.READ_SYNC_SETTINGS 允许应用程序读取同步设置,例如是否为\“联系人\”启用同步。 提示
30 android.permission.SET_WALLPAPER 允许应用程序设置系统壁纸。 提示
31 android.permission.USE_CREDENTIALS 允许应用程序请求身份验证标记。 提示
32 android.permission.VIBRATE 允许应用程序控制振动器。 提示
33 android.permission.WAKE_LOCK 允许应用程序防止手机进入休眠状态。 提示
34 android.permission.WRITE_EXTERNAL_STORAGE 允许应用程序写入SD卡。 提示

四大组件

组件名称

org.thoughtcrime.securesms.WebRtcCallActivity
org.thoughtcrime.securesms.CountrySelectionActivity
org.thoughtcrime.securesms.InviteActivity
org.thoughtcrime.securesms.PromptMmsActivity
org.thoughtcrime.securesms.DeviceProvisioningActivity
org.thoughtcrime.securesms.preferences.MmsPreferencesActivity
org.thoughtcrime.securesms.ShareActivity
org.thoughtcrime.securesms.ConversationListActivity
org.thoughtcrime.securesms.ConversationListArchiveActivity
org.thoughtcrime.securesms.ConversationActivity
org.thoughtcrime.securesms.ConversationPopupActivity
org.thoughtcrime.securesms.MessageDetailsActivity
org.thoughtcrime.securesms.GroupCreateActivity
org.thoughtcrime.securesms.DatabaseMigrationActivity
org.thoughtcrime.securesms.DatabaseUpgradeActivity
org.thoughtcrime.securesms.ExperienceUpgradeActivity
org.thoughtcrime.securesms.PassphraseCreateActivity
org.thoughtcrime.securesms.PassphrasePromptActivity
org.thoughtcrime.securesms.NewConversationActivity
org.thoughtcrime.securesms.PushContactSelectionActivity
org.thoughtcrime.securesms.giph.ui.GiphyActivity
org.thoughtcrime.securesms.PassphraseChangeActivity
org.thoughtcrime.securesms.VerifyIdentityActivity
org.thoughtcrime.securesms.ApplicationPreferencesActivity
org.thoughtcrime.securesms.RegistrationActivity
org.thoughtcrime.securesms.DeviceActivity
org.thoughtcrime.securesms.LogSubmitActivity
org.thoughtcrime.securesms.MediaPreviewActivity
org.thoughtcrime.securesms.MediaOverviewActivity
org.thoughtcrime.securesms.DummyActivity
org.thoughtcrime.securesms.PlayServicesProblemActivity
org.thoughtcrime.securesms.SmsSendtoActivity
org.thoughtcrime.securesms.webrtc.VoiceCallShare
org.thoughtcrime.securesms.RecipientPreferenceActivity
org.thoughtcrime.securesms.BlockedContactsActivity
org.thoughtcrime.securesms.scribbles.ScribbleActivity
org.thoughtcrime.securesms.scribbles.StickerSelectActivity
com.soundcloud.android.crop.CropImageActivity
org.thoughtcrime.securesms.CreateProfileActivity
org.thoughtcrime.securesms.ClearProfileAvatarActivity
org.thoughtcrime.securesms.contactshare.ContactShareEditActivity
org.thoughtcrime.securesms.contactshare.ContactNameEditActivity
org.thoughtcrime.securesms.contactshare.SharedContactDetailsActivity
org.thoughtcrime.securesms.ShortcutLauncherActivity
com.google.android.gms.common.api.GoogleApiActivity

org.thoughtcrime.securesms.service.WebRtcCallService
org.thoughtcrime.securesms.service.ApplicationMigrationService
org.thoughtcrime.securesms.service.KeyCachingService
org.thoughtcrime.securesms.service.MessageRetrievalService
org.thoughtcrime.securesms.service.QuickResponseService
org.thoughtcrime.securesms.service.AccountAuthenticatorService
org.thoughtcrime.securesms.service.ContactsSyncAdapterService
org.thoughtcrime.securesms.service.DirectShareService
org.thoughtcrime.securesms.service.GenericForegroundService

org.thoughtcrime.securesms.gcm.GcmBroadcastReceiver
org.thoughtcrime.securesms.service.SmsListener
org.thoughtcrime.securesms.service.SmsDeliveryListener
org.thoughtcrime.securesms.service.MmsListener
org.thoughtcrime.securesms.notifications.MarkReadReceiver
org.thoughtcrime.securesms.notifications.RemoteReplyReceiver
org.thoughtcrime.securesms.notifications.AndroidAutoHeardReceiver
org.thoughtcrime.securesms.notifications.AndroidAutoReplyReceiver
org.thoughtcrime.securesms.service.ExpirationListener
org.thoughtcrime.securesms.jobmanager.requirements.BackoffReceiver
org.thoughtcrime.securesms.service.BootReceiver
org.thoughtcrime.securesms.service.DirectoryRefreshListener
org.thoughtcrime.securesms.service.RotateSignedPreKeyListener
org.thoughtcrime.securesms.service.LocalBackupListener
org.thoughtcrime.securesms.service.PersistentConnectionBootListener
org.thoughtcrime.securesms.notifications.LocaleChangedReceiver
org.thoughtcrime.securesms.notifications.MessageNotifier$ReminderReceiver
org.thoughtcrime.securesms.notifications.DeleteNotificationReceiver
org.thoughtcrime.securesms.ExperienceUpgradeActivity$AppUpgradeReceiver
org.thoughtcrime.securesms.service.PanicResponderListener

org.thoughtcrime.securesms.providers.PartProvider
org.thoughtcrime.securesms.providers.MmsBodyProvider
android.support.v4.content.FileProvider
org.thoughtcrime.securesms.database.DatabaseContentProviders$Conversation
org.thoughtcrime.securesms.database.DatabaseContentProviders$ConversationList
org.thoughtcrime.securesms.database.DatabaseContentProviders$Attachment
android.arch.lifecycle.ProcessLifecycleOwnerInitializer
com.klinker.android.send_message.MmsFileProvider

第三方库

# 库名 介绍
0 com.google.android.gms.maps 谷歌地图是 Google 公司提供的电子地图服务,包括局部详细的卫星照片。此款服务可以提供含有政区和交通以及商业信息的矢量地图、不同分辨率的卫星照片和可以用来显示地形和等高线地形视图。在各类平台均有应用,操作简单方便。
1 dagger A fast dependency injector for Android and Java.
2 com.amulyakhare.textdrawable This light-weight library provides images with letter/text like the Gmail app. It extends the Drawable class thus can be used with existing/custom/network ImageView classes. Also included is a fluent interface for creating drawables and a customizable ColorGenerator.
3 okhttp3 An HTTP+SPDY client for Android and Java applications.
4 com.nineoldandroids Android library for using the Honeycomb animation API on all versions of the platform back to 1.0!
5 com.melnykov.fab Android Google+ like floating action button
6 me.leolin.shortcutbadger The ShortcutBadger makes your Android App show the count of unread messages as a badge on your App shortcut!
7 com.bumptech.glide An image loading and caching library for Android focused on smooth scrolling
8 com.google.zxing Official ZXing ("Zebra Crossing") project home
9 android.support.transition A backport of the new Transitions API for Android.
10 com.astuetz An interactive indicator to navigate between the different pages of a ViewPager
11 ezvcard.util.org A vCard parser library written in Java
12 android.support.multidex DEPRECATED
13 net.sqlcipher Android SQLite API based on SQLCipher http://sqlcipher.net/sqlcipher-for-android/
14 com.makeramen.roundedimageview A fast ImageView that supports rounded corners, ovals, and circles.
15 com.google.protobuf Protocol Buffers - Google's data interchange format https://developers.google.com/protocol-buffers/
16 com.soundcloud.android.crop Android library project for cropping images
17 com.pnikosis.materialishprogress A material style progress wheel compatible with 2.3
18 com.dd Android Shadow Layout
19 org.apache.http The Apache HttpComponents™ project is responsible for creating and maintaining a toolset of low level Java components focused on HTTP and associated protocols.

静态扫描发现风险点

风险等级 风险名称

中危

该app需要移除大部分日志打印代码。
经扫描该包仍存在大量打日志代码,共发现109处打日志代码.(此处扫描的日志打印代码,是指调用android.util.Log.* 打印的.)
详情如下:

位置: classes.dex
com.bumptech.glide.load.resource.gif.ByteBufferGifDecoder;->decode(Ljava/nio/ByteBuffer; I I Lcom/bumptech/glide/gifdecoder/GifHeaderParser; Lcom/bumptech/glide/load/Options;)Lcom/bumptech/glide/load/resource/gif/GifDrawableResource;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.Downsampler;->calculateScaling(Lcom/bumptech/glide/load/ImageHeaderParser$ImageType; Ljava/io/InputStream; Lcom/bumptech/glide/load/resource/bitmap/Downsampler$DecodeCallbacks; Lcom/bumptech/glide/load/engine/bitmap_recycle/BitmapPool; Lcom/bumptech/glide/load/resource/bitmap/DownsampleStrategy; I I I I I Landroid/graphics/BitmapFactory$Options;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.request.target.ViewTarget$SizeDeterminer;->getTargetDimen(I I I)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
org.thoughtcrime.securesms.logging.PersistentLogger;->lambda$getLogs$1$PersistentLogger(Lorg/thoughtcrime/securesms/util/concurrent/SettableFuture;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteOpenHelper;->getReadableDatabase([C)Lnet/sqlcipher/database/SQLiteDatabase;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.TransformationUtils;->centerInside(Lcom/bumptech/glide/load/engine/bitmap_recycle/BitmapPool; Landroid/graphics/Bitmap; I I)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.request.SingleRequest;->logV(Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
android.arch.lifecycle.LifecycleRegistry;->sync()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.manager.DefaultConnectivityMonitorFactory;->build(Landroid/content/Context; Lcom/bumptech/glide/manager/ConnectivityMonitor$ConnectivityListener;)Lcom/bumptech/glide/manager/ConnectivityMonitor;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.codewaves.stickyheadergrid.StickyHeaderGridLayoutManager;->onRestoreInstanceState(Landroid/os/Parcelable;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
android.arch.lifecycle.HolderFragment$HolderFragmentManager$1;->onActivityDestroyed(Landroid/app/Activity;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.cache.MemorySizeCalculator;->(Lcom/bumptech/glide/load/engine/cache/MemorySizeCalculator$Builder;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.data.HttpUrlFetcher;->getStreamForSuccessfulRequest(Ljava/net/HttpURLConnection;)Ljava/io/InputStream;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.Engine;->logWithTimeAndKey(Ljava/lang/String; J Lcom/bumptech/glide/load/Key;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.klinker.android.logger.Log;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.klinker.android.logger.Log;->v(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.BulkCursorToCursorAdaptor;->commitUpdates(Ljava/util/Map;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.data.HttpUrlFetcher;->loadData(Lcom/bumptech/glide/Priority; Lcom/bumptech/glide/load/data/DataFetcher$DataCallback;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.bitmap_recycle.LruBitmapPool;->trimToSize(J)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteProgram;->(Lnet/sqlcipher/database/SQLiteDatabase; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteDatabase;->endTransaction()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.DefaultImageHeaderParser;->parseExifSegment(Lcom/bumptech/glide/load/resource/bitmap/DefaultImageHeaderParser$Reader; [B I)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.BulkCursorToCursorAdaptor;->deleteRow()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
me.leolin.shortcutbadger.ShortcutBadger;->isBadgeCounterSupported(Landroid/content/Context;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.SourceGenerator;->cacheData(Ljava/lang/Object;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.bitmap_recycle.LruArrayPool;->getForKey(Lcom/bumptech/glide/load/engine/bitmap_recycle/LruArrayPool$Key; Ljava/lang/Class;)Ljava/lang/Object;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.nineoldandroids.animation.PropertyValuesHolder;->getPropertyFunction(Ljava/lang/Class; Ljava/lang/String; Ljava/lang/Class;)Ljava/lang/reflect/Method;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.BulkCursorToCursorAdaptor;->onMove(I I)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteQueryBuilder;->query(Lnet/sqlcipher/database/SQLiteDatabase; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Lnet/sqlcipher/Cursor;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.davemorrissey.labs.subscaleview.SubsamplingScaleImageView;->debug(Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.manager.RequestManagerRetriever;->handleMessage(Landroid/os/Message;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteDatabase;->insertWithOnConflict(Ljava/lang/String; Ljava/lang/String; Landroid/content/ContentValues; I)J==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.DefaultDatabaseErrorHandler;->deleteDatabaseFile(Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.bitmap_recycle.LruBitmapPool;->clearMemory()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.bitmap_recycle.LruBitmapPool;->getDirtyOrNull(I I Landroid/graphics/Bitmap$Config;)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteCompiledSql;->acquire()Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.Glide;->getPhotoCacheDir(Landroid/content/Context; Ljava/lang/String;)Ljava/io/File;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.HardwareConfigState;->isFdSizeBelowHardwareLimit()Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.Glide;->getAnnotationGeneratedGlideModules()Lcom/bumptech/glide/GeneratedAppGlideModule;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteDatabase;->addToCompiledQueries(Ljava/lang/String; Lnet/sqlcipher/database/SQLiteCompiledSql;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.gif.ByteBufferGifDecoder;->getSampleSize(Lcom/bumptech/glide/gifdecoder/GifHeader; I I)I==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.util.pool.FactoryPools$FactoryPool;->acquire()Ljava/lang/Object;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.DefaultDatabaseErrorHandler;->onCorruption(Lnet/sqlcipher/database/SQLiteDatabase;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.bitmap_recycle.LruBitmapPool;->trimToSize(J)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.bitmap_recycle.LruBitmapPool;->dumpUnchecked()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.BitmapEncoder;->encode(Lcom/bumptech/glide/load/engine/Resource; Ljava/io/File; Lcom/bumptech/glide/load/Options;)Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteCompiledSql;->finalize()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteContentHelper;->getBlobColumnAsAssetFile(Lnet/sqlcipher/database/SQLiteDatabase; Ljava/lang/String; [Ljava/lang/String;)Landroid/content/res/AssetFileDescriptor;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.DecodeJob;->logWithTimeAndKey(Ljava/lang/String; J Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
android.arch.lifecycle.HolderFragment$HolderFragmentManager$2;->onFragmentDestroyed(Landroid/support/v4/app/FragmentManager; Landroid/support/v4/app/Fragment;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.makeramen.roundedimageview.RoundedDrawable;->drawableToBitmap(Landroid/graphics/drawable/Drawable;)Landroid/graphics/Bitmap;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteQuery;->fillWindow(Lnet/sqlcipher/CursorWindow; I I)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteCursor;->fillWindow(I)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.davemorrissey.labs.subscaleview.SubsamplingScaleImageView;->getExifOrientation(Landroid/content/Context; Ljava/lang/String;)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.bitmap_recycle.LruBitmapPool;->getDirtyOrNull(I I Landroid/graphics/Bitmap$Config;)Landroid/graphics/Bitmap;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
me.leolin.shortcutbadger.ShortcutBadger;->initBadger(Landroid/content/Context;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.BulkCursorToCursorAdaptor;->getColumnNames()[Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.DefaultImageHeaderParser;->getOrientation(Lcom/bumptech/glide/load/resource/bitmap/DefaultImageHeaderParser$Reader; Lcom/bumptech/glide/load/engine/bitmap_recycle/ArrayPool;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.DefaultDatabaseErrorHandler;->deleteDatabaseFile(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.gifdecoder.StandardGifDecoder;->getNextFrame()Landroid/graphics/Bitmap;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.klinker.android.logger.Log;->d(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.Glide;->initializeGlide(Landroid/content/Context; Lcom/bumptech/glide/GlideBuilder;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteDatabase;->getCompiledStatementForSql(Ljava/lang/String;)Lnet/sqlcipher/database/SQLiteCompiledSql;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteCursor;->commitUpdates(Ljava/util/Map;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteCursor;->fillWindow(I Landroid/database/CursorWindow;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteDatabase;->insertWithOnConflict(Ljava/lang/String; Ljava/lang/String; Landroid/content/ContentValues; I)J==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.BulkCursorToCursorAdaptor;->requery()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.request.SingleRequest;->onResourceReady(Lcom/bumptech/glide/load/engine/Resource; Ljava/lang/Object; Lcom/bumptech/glide/load/DataSource;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.bitmap_recycle.LruBitmapPool;->put(Landroid/graphics/Bitmap;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.BulkCursorToCursorAdaptor;->deactivate()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.module.ManifestParser;->parse()Ljava/util/List;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.klinker.android.logger.Log;->w(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteDatabase;->onCorruption()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.nineoldandroids.animation.PropertyValuesHolder$IntPropertyValuesHolder;->setAnimatedValue(Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteDatabase;->rawQuery(Ljava/lang/String; [Ljava/lang/Object;)Lnet/sqlcipher/Cursor;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
org.greenrobot.eventbus.EventBus;->unregister(Ljava/lang/Object;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
me.leolin.shortcutbadger.ShortcutBadger;->isBadgeCounterSupported(Landroid/content/Context;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.TransformationUtils;->fitCenter(Lcom/bumptech/glide/load/engine/bitmap_recycle/BitmapPool; Landroid/graphics/Bitmap; I I)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteDatabase;->rawQueryWithFactory(Lnet/sqlcipher/database/SQLiteDatabase$CursorFactory; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String;)Lnet/sqlcipher/Cursor;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.GeneratedAppGlideModuleImpl;->()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
org.thoughtcrime.securesms.logging.PersistentLogger;->lambda$write$2$PersistentLogger(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.cache.DiskLruCacheWrapper;->get(Lcom/bumptech/glide/load/Key;)Ljava/io/File;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.Downsampler;->calculateScaling(Lcom/bumptech/glide/load/ImageHeaderParser$ImageType; Ljava/io/InputStream; Lcom/bumptech/glide/load/resource/bitmap/Downsampler$DecodeCallbacks; Lcom/bumptech/glide/load/engine/bitmap_recycle/BitmapPool; Lcom/bumptech/glide/load/resource/bitmap/DownsampleStrategy; I I I I I Landroid/graphics/BitmapFactory$Options;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.BulkCursorToCursorAdaptor;->set(Lnet/sqlcipher/IBulkCursor;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.request.target.ViewTarget$SizeDeterminer$SizeDeterminerLayoutListener;->onPreDraw()Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.DefaultImageHeaderParser;->parseExifSegment(Lcom/bumptech/glide/load/resource/bitmap/DefaultImageHeaderParser$RandomAccessReader;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteDatabase;->addToCompiledQueries(Ljava/lang/String; Lnet/sqlcipher/database/SQLiteCompiledSql;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteDatabase;->updateWithOnConflict(Ljava/lang/String; Landroid/content/ContentValues; Ljava/lang/String; [Ljava/lang/String; I)I==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
org.greenrobot.eventbus.EventBus;->postSingleEvent(Ljava/lang/Object; Lorg/greenrobot/eventbus/EventBus$PostingThreadState;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.DefaultImageHeaderParser;->moveToExifSegmentAndGetLength(Lcom/bumptech/glide/load/resource/bitmap/DefaultImageHeaderParser$Reader;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteCursor;->deleteRow()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.BulkCursorToCursorAdaptor;->close()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteDatabase;->checkLockHoldTime()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tomergoldst.tooltips.ToolTipsManager;->create(Lcom/tomergoldst/tooltips/ToolTip;)Landroid/view/View;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.Downsampler;->logDecode(I I Ljava/lang/String; Landroid/graphics/BitmapFactory$Options; Landroid/graphics/Bitmap; I I J)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.bitmap_recycle.LruBitmapPool;->trimMemory(I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.manager.DefaultConnectivityMonitor$1;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteCompiledSql;->releaseSqlStatement()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.DrawableToBitmapConverter;->drawToBitmap(Lcom/bumptech/glide/load/engine/bitmap_recycle/BitmapPool; Landroid/graphics/drawable/Drawable; I I)Landroid/graphics/Bitmap;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.Downsampler;->decodeFromWrappedStreams(Ljava/io/InputStream; Landroid/graphics/BitmapFactory$Options; Lcom/bumptech/glide/load/resource/bitmap/DownsampleStrategy; Lcom/bumptech/glide/load/DecodeFormat; Z I I Z Lcom/bumptech/glide/load/resource/bitmap/Downsampler$DecodeCallbacks;)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteCompiledSql;->release()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.nineoldandroids.animation.PropertyValuesHolder;->setAnimatedValue(Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
net.sqlcipher.database.SQLiteDatabase;->updateWithOnConflict(Ljava/lang/String; Landroid/content/ContentValues; Ljava/lang/String; [Ljava/lang/String; I)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.module.ManifestParser;->parse()Ljava/util/List;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.cache.DiskLruCacheWrapper;->put(Lcom/bumptech/glide/load/Key; Lcom/bumptech/glide/load/engine/cache/DiskCache$Writer;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.bitmap_recycle.LruArrayPool;->evictToSize(I)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.nineoldandroids.animation.PropertyValuesHolder;->setupSetterAndGetter(Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

位置: classes2.dex
org.whispersystems.signalservice.api.util.RealtimeSleepTimer$AlarmReceiver;->setAlarm(J)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
org.whispersystems.signalservice.api.util.RealtimeSleepTimer$AlarmReceiver;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

中危

检测到46条敏感明文信息,建议移除。

位置: classes.dex
'data:image' used in: Lcom/bumptech/glide/load/model/DataUrlLoader$StreamFactory$1;->decode(Ljava/lang/String;)Ljava/io/InputStream;
'data:image' used in: Lcom/bumptech/glide/load/model/DataUrlLoader;->handles(Ljava/lang/String;)Z
'file:///' used in: Lcom/davemorrissey/labs/subscaleview/ImageSource;->(Landroid/net/Uri;)V
'file:///' used in: Lcom/davemorrissey/labs/subscaleview/ImageSource;->uri(Ljava/lang/String;)Lcom/davemorrissey/labs/subscaleview/ImageSource;
'file:///' used in: Lcom/davemorrissey/labs/subscaleview/SubsamplingScaleImageView;->getExifOrientation(Landroid/content/Context; Ljava/lang/String;)I
'file:///android_asset/' used in: Lcom/davemorrissey/labs/subscaleview/decoder/SkiaImageRegionDecoder;->init(Landroid/content/Context; Landroid/net/Uri;)Landroid/graphics/Point;
'file:///android_asset/' used in: Lcom/davemorrissey/labs/subscaleview/SubsamplingScaleImageView;->getExifOrientation(Landroid/content/Context; Ljava/lang/String;)I
'file:///android_asset/' used in: Lcom/davemorrissey/labs/subscaleview/ImageSource;->asset(Ljava/lang/String;)Lcom/davemorrissey/labs/subscaleview/ImageSource;
'file:///android_asset/' used in: Lcom/bumptech/glide/load/model/AssetUriLoader;->()V
'file:///android_asset/' used in: Lcom/davemorrissey/labs/subscaleview/decoder/SkiaImageDecoder;->decode(Landroid/content/Context; Landroid/net/Uri;)Landroid/graphics/Bitmap;
'http://apache.org/xml/features/disallow-doctype-decl' used in: Lezvcard/util/XmlUtils;->applyXXEProtection(Ljavax/xml/parsers/DocumentBuilderFactory;)V
'http://apache.org/xml/features/nonvalidating/load-external-dtd' used in: Lezvcard/util/XmlUtils;->applyXXEProtection(Ljavax/xml/parsers/DocumentBuilderFactory;)V
'http://plus.google.com/' used in: Lcom/google/android/gms/common/internal/zzp;->()V
'http://schemas.android.com/apk/res/android' used in: Landroid/support/v4/content/res/TypedArrayUtils;->hasAttribute(Lorg/xmlpull/v1/XmlPullParser; Ljava/lang/String;)Z
'http://www.gstatic.com/android/hangouts/hangouts_mms_ua_profile.xml' used in: Lcom/android/mms/service_alt/MmsConfig;->loadDeviceUaSettings(Landroid/content/Context;)V
'http://www.w3.org/2001/SMIL20/Language' used in: Lcom/google/android/mms/smil/SmilHelper;->createSmilDocument(Lcom/google/android/mms/pdu_alt/PduBody;)Lorg/w3c/dom/smil/SMILDocument;
'http://www.w3.org/ns/ttml#parameter' used in: Lcom/google/android/exoplayer2/text/ttml/TtmlDecoder;->parseFrameAndTickRates(Lorg/xmlpull/v1/XmlPullParser;)Lcom/google/android/exoplayer2/text/ttml/TtmlDecoder$FrameAndTickRate;
'http://www.w3.org/ns/ttml#parameter' used in: Lcom/google/android/exoplayer2/text/ttml/TtmlDecoder;->parseCellResolution(Lorg/xmlpull/v1/XmlPullParser; Lcom/google/android/exoplayer2/text/ttml/TtmlDecoder$CellResolution;)Lcom/google/android/exoplayer2/text/ttml/TtmlDecoder$CellResolution;
'http://xml.org/sax/features/external-general-entities' used in: Lezvcard/util/XmlUtils;->applyXXEProtection(Ljavax/xml/parsers/DocumentBuilderFactory;)V
'http://xml.org/sax/features/external-parameter-entities' used in: Lezvcard/util/XmlUtils;->applyXXEProtection(Ljavax/xml/parsers/DocumentBuilderFactory;)V
'https://cdn.signal.org' used in: Lorg/thoughtcrime/securesms/push/SignalServiceNetworkAccess;->(Landroid/content/Context;)V
'https://cms.souqcdn.com' used in: Lorg/thoughtcrime/securesms/push/SignalServiceNetworkAccess;->(Landroid/content/Context;)V
'https://maps.google.com/maps' used in: Lorg/thoughtcrime/securesms/components/location/SignalPlace;->getDescription()Ljava/lang/String;
'https://sgnl.link/1KpeYmF' used in: Lorg/thoughtcrime/securesms/InviteActivity;->initializeResources()V
'https://sgnl.link/1KpeYmF' used in: Lorg/thoughtcrime/securesms/ConversationFragment$ConversationFragmentItemClickListener;->lambda$onInviteSharedContactClicked$1$ConversationFragment$ConversationFragmentItemClickListener(Lorg/thoughtcrime/securesms/recipients/Recipient;)V
'https://sgnl.link/1LoIMUl' used in: Lorg/thoughtcrime/securesms/ConversationActivity;->handleInviteLink()V
'https://sgnl.link/1MF56H1' used in: Lorg/thoughtcrime/securesms/ConversationActivity;->handleInviteLink()V
'https://signal.org/legal' used in: Lorg/thoughtcrime/securesms/RegistrationActivity;->onTermsLinkClicked(Landroid/view/View;)V
'https://support.signal.org/hc/en-us/articles/115001434171' used in: Lorg/thoughtcrime/securesms/CreateProfileActivity;->lambda$initializeResources$3$CreateProfileActivity(Landroid/view/View;)V
'https://support.whispersystems.org' used in: Lorg/thoughtcrime/securesms/ConversationListActivity;->handleHelp()V
'https://textsecure-service.whispersystems.org' used in: Lorg/thoughtcrime/securesms/push/SignalServiceNetworkAccess;->(Landroid/content/Context;)V

位置: classes2.dex
'file:///android_asset/' used in: Lorg/thoughtcrime/securesms/scribbles/StickerSelectFragment$StickersAdapter;->onBindViewHolder(Lorg/thoughtcrime/securesms/scribbles/StickerSelectFragment$StickersAdapter$StickerViewHolder; I)V
'file:///android_asset/' used in: Lorg/thoughtcrime/securesms/components/emoji/parsing/EmojiPageBitmap;->loadPage()Landroid/graphics/Bitmap;
'http://127.0.0.1:%d/%s' used in: Lorg/thoughtcrime/securesms/attachments/AttachmentServer;->getUri()Landroid/net/Uri;
'http://magic.google.com' used in: Lorg/thoughtcrime/securesms/mms/LegacyMmsConnection$2;->(Lorg/thoughtcrime/securesms/mms/LegacyMmsConnection; Ljava/lang/String;)V
'http://www.google.com/oha/rdf/ua-profile-kila.xml' used in: Lorg/thoughtcrime/securesms/mms/LegacyMmsConnection$2;->(Lorg/thoughtcrime/securesms/mms/LegacyMmsConnection; Ljava/lang/String;)V
'http://xmlpull.org/v1/doc/features.html#process-namespaces' used in: Lorg/thoughtcrime/securesms/database/XmlBackup;->(Ljava/lang/String;)V
'https://api.giphy.com/v1/gifs/search?api_key=3o6ZsYH6U6Eri53TXy&offset=%d&limit=' used in: Lorg/thoughtcrime/securesms/giph/net/GiphyGifLoader;->getSearchUrl()Ljava/lang/String;
'https://api.giphy.com/v1/gifs/trending?api_key=3o6ZsYH6U6Eri53TXy&offset=%d&limit=' used in: Lorg/thoughtcrime/securesms/giph/net/GiphyGifLoader;->getTrendingUrl()Ljava/lang/String;
'https://api.giphy.com/v1/stickers/search?q=cat&api_key=3o6ZsYH6U6Eri53TXy&offset=%d&limit=' used in: Lorg/thoughtcrime/securesms/giph/net/GiphyStickerLoader;->getSearchUrl()Ljava/lang/String;
'https://api.giphy.com/v1/stickers/trending?api_key=3o6ZsYH6U6Eri53TXy&offset=%d&limit=' used in: Lorg/thoughtcrime/securesms/giph/net/GiphyStickerLoader;->getTrendingUrl()Ljava/lang/String;
'https://debuglogs.org' used in: Lorg/thoughtcrime/securesms/logsubmit/SubmitLogFragment$SubmitToPastebinAsyncTask;->doInBackground([Ljava/lang/Void;)Ljava/lang/String;
'https://debuglogs.org/' used in: Lorg/thoughtcrime/securesms/logsubmit/SubmitLogFragment$SubmitToPastebinAsyncTask;->doInBackground([Ljava/lang/Void;)Ljava/lang/String;
'https://play.google.com/store/apps/details?id=' used in: Lorg/thoughtcrime/securesms/components/reminder/OutdatedBuildReminder;->lambda$new$0$OutdatedBuildReminder(Landroid/content/Context; Landroid/view/View;)V
'https://play.google.com/store/apps/details?id=' used in: Lorg/thoughtcrime/securesms/components/reminder/ExpiredBuildReminder;->lambda$new$0$ExpiredBuildReminder(Landroid/content/Context; Landroid/view/View;)V
'https://sgnl.link/1KpeYmF' used in: Lorg/thoughtcrime/securesms/contactshare/SharedContactDetailsActivity;->lambda$null$7$SharedContactDetailsActivity(Lorg/thoughtcrime/securesms/recipients/Recipient;)V

中危

检测到1使用全局可读写操作文件。

位置: classes.dex
com.google.android.gms.flags.impl.zzb$1;->zzbhq()Landroid.content.SharedPreferences;===>getSharedPreferences

在使用getDir、getSharedPreferences(SharedPreference)或openFileOutput时,如果设置了全局的可读权限,攻击者恶意读取文件内容,获取敏感信息。在设置文件属性时如果设置全局可写,攻击者可能会篡改、伪造内容,可以能会进行诈骗等行为,造成用户财产损失。建议:
(1)使用MODE_PRIVATE模式创建内部存储文件。
(2)加密存储敏感数据。
(3)避免在文件中存储明文和敏感信息。

参考案例:
http://wooyun.org/bugs/wooyun-2010-047172
http://wooyun.org/bugs/wooyun-2010-054438
http://wooyun.org/bugs/wooyun-2010-0151270

参考资料:
https://jaq.alibaba.com/blog.htm?id=56
https://jaq.alibaba.com/blog.htm?id=58
http://wolfeye.baidu.com/blog/global-rw-of-file
http://wolfeye.baidu.com/blog/global-rw-of-sharepreference/

低危

检测到2处SecureRandom使用不当。

位置: classes.dex
org.spongycastle.jcajce.provider.keystore.bc.BcKeyStoreSpi$StoreEntry;->
org.spongycastle.crypto.prng.SP800SecureRandom;->setSeed

SecureRandom的使用不当会导致生成的随机数可被预测,该漏洞存在于Android系统随机生成数字串安全密钥的环节中。该漏洞的生成原因是对SecureRandom类的不正确使用方式导致生成的随机数不随机。建议:
(1)不要使用自定义随机源代替系统默认随机源(推荐)除非有特殊需求,在使用SecureRandom类时,不要调用以下函数:SecureRandom类下SecureRandom(byte[]seed)、setSeed(long seed)和setSeed(byte[]seed)方法。
(2)在调用setSeed方法前先调用任意nextXXX方法。具体做法是调用setSeed方法前先调用一次SecureRandom#nextBytes(byte[]bytes)方法,可以避免默认随机源被替代,详细见参考资料。

参考资料:
https://developer.android.com/reference/java/security/SecureRandom.html
http://drops.wooyun.org/papers/5164
http://jaq.alibaba.com/blog.htm?id=47

低危

检测到3处使用了DES弱加密算法。

位置: classes.dex
'DES/ECB/NoPadding' used in: Lorg/apache/http/impl/auth/NTLMEngineImpl;->lmResponse([B [B)[B
'DES/ECB/NoPadding' used in: Lorg/apache/http/impl/auth/NTLMEngineImpl;->lmHash(Ljava/lang/String;)[B
'DES/ECB/NoPadding' used in: Lorg/apache/http/impl/auth/NTLMEngineImpl$CipherGen;->getLanManagerSessionKey()[B

使用弱加密算法会大大增加黑客攻击的概率,黑客可能会破解隐私数据、猜解密钥、中间人攻击等,造成隐私信息的泄漏,甚至造成财产损失。建议使用AES加密算法。

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

低危

检测到3处AES/DES弱加密风险。

位置: classes.dex
Lorg/apache/http/impl/auth/NTLMEngineImpl;->lmResponse([B [B)[B
Lorg/apache/http/impl/auth/NTLMEngineImpl$CipherGen;->getLanManagerSessionKey()[B
Lorg/apache/http/impl/auth/NTLMEngineImpl;->lmHash(Ljava/lang/String;)[B

使用AES/DES/DESede加密算法时,如果使用ECB模式,容易受到攻击风险,造成信息泄露。建议在使用AES/DES/DESede加密算法时,应显示指定使用CBC或CFB加密模式

参考资料:
http://blog.csdn.net/u013107656/article/details/51997957
https://developer.android.com/reference/javax/crypto/Cipher.html
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

低危

非debug包,需要通过打包平台proguard脚本,移除大部分系统输出代码。
经扫描该包仍存在大量系统输出代码,共发现9处系统输出代码.(此处扫描的系统输出代码,是指调用System.out.print*输出的,本应在打包平台移除的系统输出代码.)
各个bundle系统输出代码详情如下:

位置: classes.dex
com.google.devtools.build.android.desugar.runtime.ThrowableExtension;
org.spongycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
com.bumptech.glide.disklrucache.DiskLruCache;
org.spongycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi;
org.spongycastle.jce.provider.JCEStreamCipher;
org.spongycastle.jce.provider.BrokenJCEBlockCipher;
org.spongycastle.crypto.engines.NaccacheSternEngine;
com.fasterxml.jackson.core.util.VersionUtil;
net.sqlcipher.DatabaseUtils;

警告

检测到1处addFlags使用Intent.FLAG_ACTIVITY_NEW_TASK。

位置: classes2.dex
org.thoughtcrime.securesms.service.KeyCachingService;->onTaskRemoved

APP创建Intent传递数据到其他Activity,如果创建的Activity不是在同一个Task中打开,就很可能被其他的Activity劫持读取到Intent内容,跨Task的Activity通过Intent传递敏感信息是不安全的。建议:
尽量避免使用包含FLAG_ACTIVITY_NEW_TASK标志的Intent来传递敏感信息。

参考资料:
http://wolfeye.baidu.com/blog/intent-data-leak

警告

检测到21个导出的组件接收其他app的消息,这些组件会被其他app引用并导致dos攻击。

activity org.thoughtcrime.securesms.DeviceProvisioningActivity
activity org.thoughtcrime.securesms.ShareActivity
activity org.thoughtcrime.securesms.ConversationListActivity
activity org.thoughtcrime.securesms.ApplicationPreferencesActivity
activity org.thoughtcrime.securesms.SmsSendtoActivity
activity org.thoughtcrime.securesms.webrtc.VoiceCallShare
activity org.thoughtcrime.securesms.ClearProfileAvatarActivity
activity org.thoughtcrime.securesms.ShortcutLauncherActivity
service org.thoughtcrime.securesms.service.AccountAuthenticatorService
service org.thoughtcrime.securesms.service.ContactsSyncAdapterService
receiver org.thoughtcrime.securesms.service.SmsDeliveryListener
receiver org.thoughtcrime.securesms.service.BootReceiver
receiver org.thoughtcrime.securesms.service.DirectoryRefreshListener
receiver org.thoughtcrime.securesms.service.RotateSignedPreKeyListener
receiver org.thoughtcrime.securesms.service.LocalBackupListener
receiver org.thoughtcrime.securesms.service.PersistentConnectionBootListener
receiver org.thoughtcrime.securesms.notifications.LocaleChangedReceiver
receiver org.thoughtcrime.securesms.notifications.MessageNotifier$ReminderReceiver
receiver org.thoughtcrime.securesms.notifications.DeleteNotificationReceiver
receiver org.thoughtcrime.securesms.ExperienceUpgradeActivity$AppUpgradeReceiver
receiver org.thoughtcrime.securesms.service.PanicResponderListener

建议:
(1)最小化组件暴露。对不会参与跨应用调用的组件建议显示添加android:exported="false"属性。
(2)设置组件访问权限。对provider设置权限,同时将权限的protectionLevel设置为"signature"或"signatureOrSystem"。
(3)组件传输数据验证。对组件之间,特别是跨应用的组件之间的数据传入与返回做验证和增加异常处理,防止恶意调试数据传入,更要防止敏感数据返回。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0169746
http://www.wooyun.org/bugs/wooyun-2010-0104965

参考资料:
http://jaq.alibaba.com/blog.htm?spm=0.0.0.0.Wz4OeC&id=55
《Android安全技术解密与防范》

警告

检测到2个导出的隐式Service组件。
service org.thoughtcrime.securesms.service.AccountAuthenticatorService
service org.thoughtcrime.securesms.service.ContactsSyncAdapterService

建议:为了确保应用的安全性,启动Service时,请始终使用显式Intent,且不要为服务声明Intent过滤器。使用隐式Intent启动服务存在安全隐患,因为您无法确定哪些服务将响应Intent,且用户无法看到哪些服务已启动。从Android 5.0(API 级别 21)开始,如果使用隐式 Intent 调用 bindService(),系统会抛出异常。

参考资料:
https://developer.android.com/guide/components/intents-filters.html#Types

警告

检测2处組件設置了android.intent.category.BROWSABLE属性。
org.thoughtcrime.securesms.DeviceProvisioningActivity
org.thoughtcrime.securesms.SmsSendtoActivity


在AndroidManifest文件中定义了android.intent.category.BROWSABLE属性的组件,可以通过浏览器唤起,这会导致远程命令执行漏洞攻击。建议:
(1)APP中任何接收外部输入数据的地方都是潜在的攻击点,过滤检查来自网页的参数。
(2)不要通过网页传输敏感信息,有的网站为了引导已经登录的用户到APP上使用,会使用脚本动态的生成URL Scheme的参数,其中包括了用户名、密码或者登录态token等敏感信息,让用户打开APP直接就登录了。恶意应用也可以注册相同的URL Sechme来截取这些敏感信息。Android系统会让用户选择使用哪个应用打开链接,但是如果用户不注意,就会使用恶意应用打开,导致敏感信息泄露或者其他风险。

參考案例:
http://www.wooyun.org/bugs/wooyun-2014-073875
http://www.wooyun.org/bugs/wooyun-2014-067798

参考资料:
http://wolfeye.baidu.com/blog/intent-scheme-url/
http://www.jssec.org/dl/android_securecoding_en.pdf
http://drops.wooyun.org/mobile/15202
http://blog.csdn.net/l173864930/article/details/36951805
http://drops.wooyun.org/papers/2893

警告

检测到35处IvParameterSpec的使用。

位置: classes.dex
org.spongycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi;->createCipher(I [C Lorg.spongycastle.asn1.x509.AlgorithmIdentifier;)Ljavax.crypto.Cipher;
org.spongycastle.jcajce.provider.symmetric.AES$AlgParamGen;->engineGenerateParameters()Ljava.security.AlgorithmParameters;
org.spongycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;->localEngineGetParameterSpec(Ljava.lang.Class;)Ljava.security.spec.AlgorithmParameterSpec;
org.spongycastle.jcajce.provider.symmetric.CAST5$AlgParamGen;->engineGenerateParameters()Ljava.security.AlgorithmParameters;
org.spongycastle.jcajce.provider.symmetric.CAST5$AlgParams;->localEngineGetParameterSpec(Ljava.lang.Class;)Ljava.security.spec.AlgorithmParameterSpec;
org.spongycastle.jcajce.provider.symmetric.Camellia$AlgParamGen;->engineGenerateParameters()Ljava.security.AlgorithmParameters;
org.spongycastle.jcajce.provider.symmetric.DES$AlgParamGen;->engineGenerateParameters()Ljava.security.AlgorithmParameters;
org.spongycastle.jcajce.provider.symmetric.DESede$AlgParamGen;->engineGenerateParameters()Ljava.security.AlgorithmParameters;
org.spongycastle.jcajce.provider.symmetric.GOST28147$AlgParamGen;->engineGenerateParameters()Ljava.security.AlgorithmParameters;
org.spongycastle.jcajce.provider.symmetric.IDEA$AlgParamGen;->engineGenerateParameters()Ljava.security.AlgorithmParameters;
org.spongycastle.jcajce.provider.symmetric.IDEA$AlgParams;->localEngineGetParameterSpec(Ljava.lang.Class;)Ljava.security.spec.AlgorithmParameterSpec;
org.spongycastle.jcajce.provider.symmetric.Noekeon$AlgParamGen;->engineGenerateParameters()Ljava.security.AlgorithmParameters;
org.spongycastle.jcajce.provider.symmetric.RC2$AlgParamGen;->engineGenerateParameters()Ljava.security.AlgorithmParameters;
org.spongycastle.jcajce.provider.symmetric.RC2$AlgParams;->localEngineGetParameterSpec(Ljava.lang.Class;)Ljava.security.spec.AlgorithmParameterSpec;
org.spongycastle.jcajce.provider.symmetric.RC5$AlgParamGen;->engineGenerateParameters()Ljava.security.AlgorithmParameters;
org.spongycastle.jcajce.provider.symmetric.RC6$AlgParamGen;->engineGenerateParameters()Ljava.security.AlgorithmParameters;
org.spongycastle.jcajce.provider.symmetric.SEED$AlgParamGen;->engineGenerateParameters()Ljava.security.AlgorithmParameters;
org.spongycastle.jcajce.provider.symmetric.Shacal2$AlgParamGen;->engineGenerateParameters()Ljava.security.AlgorithmParameters;

位置: classes2.dex
org.thoughtcrime.securesms.backup.FullBackupExporter$BackupFrameOutputStream;->write(Ljava.io.OutputStream; Lorg.thoughtcrime.securesms.backup.BackupProtos$BackupFrame;)V
org.thoughtcrime.securesms.backup.FullBackupExporter$BackupFrameOutputStream;->writeStream(Ljava.io.InputStream;)V
org.thoughtcrime.securesms.backup.FullBackupImporter$BackupRecordInputStream;->readFrame(Ljava.io.InputStream;)Lorg.thoughtcrime.securesms.backup.BackupProtos$BackupFrame;
org.thoughtcrime.securesms.backup.FullBackupImporter$BackupRecordInputStream;->readAttachmentTo(Ljava.io.OutputStream; I)V
org.thoughtcrime.securesms.crypto.ClassicDecryptingPartInputStream;->createFor(Lorg.thoughtcrime.securesms.crypto.AttachmentSecret; Ljava.io.File;)Ljava.io.InputStream;
org.thoughtcrime.securesms.crypto.ModernDecryptingPartInputStream;->createFor(Lorg.thoughtcrime.securesms.crypto.AttachmentSecret; [B Ljava.io.InputStream; J)Ljava.io.InputStream;
org.thoughtcrime.securesms.crypto.ModernEncryptingPartOutputStream;->createFor(Lorg.thoughtcrime.securesms.crypto.AttachmentSecret; Ljava.io.File; Z)Landroid.util.Pair;
org.thoughtcrime.securesms.glide.cache.EncryptedCoder;->createEncryptedInputStream([B Ljava.io.File;)Ljava.io.InputStream;
org.thoughtcrime.securesms.glide.cache.EncryptedCoder;->createEncryptedOutputStream([B Ljava.io.File;)Ljava.io.OutputStream;
org.thoughtcrime.securesms.logging.LogFile$Reader;->readEntry()Ljava.lang.String;
org.thoughtcrime.securesms.logging.LogFile$Writer;->writeEntry(Ljava.lang.String;)V
org.whispersystems.libsignal.groups.GroupCipher;->getCipherText([B [B [B)[B
org.whispersystems.libsignal.groups.GroupCipher;->getPlainText([B [B [B)[B
org.whispersystems.libsignal.kdf.DerivedMessageSecrets;->([B)V
org.whispersystems.libsignal.state.SessionState;->removeMessageKeys(Lorg.whispersystems.libsignal.ecc.ECPublicKey; I)Lorg.whispersystems.libsignal.ratchet.MessageKeys;
org.whispersystems.signalservice.api.crypto.AttachmentCipherInputStream;->(Ljava.io.InputStream; [B J)V
org.whispersystems.signalservice.api.messages.SignalServiceEnvelope;->getPlaintext([B Ljavax.crypto.spec.SecretKeySpec;)[B

使用IVParameterSpec函数,如果使用了固定的初始化向量,那么密码文本可预测性高得多,容易受到字典攻击等。建议禁止使用常量初始化矢量构造IVParameterSpec,使用聚安全提供的安全组件。

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

警告

检测到4处provider的grantUriPermissions设置为true。
org.thoughtcrime.securesms.providers.PartProvider
org.thoughtcrime.securesms.providers.MmsBodyProvider
android.support.v4.content.FileProvider
com.klinker.android.send_message.MmsFileProvider


grant-uri-permission若设置为true,可被其它程序员通过uri访问到content provider的内容,容易造成信息泄露。

参考资料:
https://security.tencent.com/index.php/blog/msg/6

警告

检测到52处使用了加解密算法。密钥处理不当可能会导致信息泄露。

位置: classes.dex
org.spongycastle.jce.provider.JCEStreamCipher;->engineUnwrap([B Ljava.lang.String; I)Ljava.security.Key;
org.spongycastle.jcajce.provider.symmetric.DES$KeyGenerator;->engineGenerateKey()Ljavax.crypto.SecretKey;
org.spongycastle.jcajce.provider.asymmetric.util.BaseCipherSpi;->engineUnwrap([B Ljava.lang.String; I)Ljava.security.Key;
org.spongycastle.jcajce.provider.symmetric.util.BaseWrapCipher;->engineUnwrap([B Ljava.lang.String; I)Ljava.security.Key;
org.spongycastle.jcajce.provider.symmetric.DES$KeyFactory;->engineGetKeySpec(Ljavax.crypto.SecretKey; Ljava.lang.Class;)Ljava.security.spec.KeySpec;
org.spongycastle.jcajce.provider.symmetric.DESede$KeyGenerator;->engineGenerateKey()Ljavax.crypto.SecretKey;
org.spongycastle.jcajce.provider.symmetric.DESede$KeyFactory;->engineGetKeySpec(Ljavax.crypto.SecretKey; Ljava.lang.Class;)Ljava.security.spec.KeySpec;
org.spongycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory;->engineTranslateKey(Ljavax.crypto.SecretKey;)Ljavax.crypto.SecretKey;
org.spongycastle.jcajce.provider.symmetric.DES$KeyFactory;->engineGenerateSecret(Ljava.security.spec.KeySpec;)Ljavax.crypto.SecretKey;
org.spongycastle.jcajce.provider.symmetric.DESede$KeyFactory;->engineGenerateSecret(Ljava.security.spec.KeySpec;)Ljavax.crypto.SecretKey;
org.spongycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory;->engineGetKeySpec(Ljavax.crypto.SecretKey; Ljava.lang.Class;)Ljava.security.spec.KeySpec;
org.spongycastle.jcajce.provider.keystore.bc.BcKeyStoreSpi;->decodeKey(Ljava.io.DataInputStream;)Ljava.security.Key;
org.spongycastle.jcajce.provider.asymmetric.dh.KeyAgreementSpi;->engineGenerateSecret(Ljava.lang.String;)Ljavax.crypto.SecretKey;
org.spongycastle.jcajce.provider.asymmetric.ec.KeyAgreementSpi;->engineGenerateSecret(Ljava.lang.String;)Ljavax.crypto.SecretKey;
org.spongycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;->engineGenerateKey()Ljavax.crypto.SecretKey;
org.spongycastle.jce.provider.BrokenJCEBlockCipher;->engineUnwrap([B Ljava.lang.String; I)Ljava.security.Key;

位置: classes2.dex
org.whispersystems.signalservice.api.messages.SignalServiceEnvelope;->getCipherKey(Ljava.lang.String;)Ljavax.crypto.spec.SecretKeySpec;
org.thoughtcrime.securesms.backup.FullBackupExporter$BackupFrameOutputStream;->(Ljava.io.File; Ljava.lang.String;)V
org.thoughtcrime.securesms.glide.cache.EncryptedCoder;->createEncryptedInputStream([B Ljava.io.File;)Ljava.io.InputStream;
org.whispersystems.signalservice.api.crypto.AttachmentCipherInputStream;->(Ljava.io.InputStream; [B J)V
org.thoughtcrime.securesms.logging.LogFile$Writer;->writeEntry(Ljava.lang.String;)V
org.whispersystems.signalservice.api.crypto.AttachmentCipherOutputStream;->([B Ljava.io.OutputStream;)V
org.thoughtcrime.securesms.crypto.MasterSecretUtil;->getMacForPassphrase(Ljava.lang.String; [B I)Ljavax.crypto.Mac;
org.thoughtcrime.securesms.crypto.MasterSecretUtil;->generateMasterSecret(Landroid.content.Context; Ljava.lang.String;)Lorg.thoughtcrime.securesms.crypto.MasterSecret;
org.thoughtcrime.securesms.crypto.ClassicDecryptingPartInputStream;->verifyMac(Lorg.thoughtcrime.securesms.crypto.AttachmentSecret; Ljava.io.File;)V
org.whispersystems.libsignal.state.SessionState;->removeMessageKeys(Lorg.whispersystems.libsignal.ecc.ECPublicKey; I)Lorg.whispersystems.libsignal.ratchet.MessageKeys;
org.whispersystems.libsignal.groups.GroupCipher;->getCipherText([B [B [B)[B
org.thoughtcrime.securesms.crypto.ModernDecryptingPartInputStream;->createFor(Lorg.thoughtcrime.securesms.crypto.AttachmentSecret; [B Ljava.io.InputStream; J)Ljava.io.InputStream;
org.whispersystems.signalservice.api.crypto.AttachmentCipherInputStream;->createFor(Ljava.io.File; J [B [B)Ljava.io.InputStream;
org.thoughtcrime.securesms.crypto.AsymmetricMasterCipher;->deriveCipherKey([B)Ljavax.crypto.spec.SecretKeySpec;
org.thoughtcrime.securesms.crypto.MasterSecret;->(Landroid.os.Parcel;)V
org.thoughtcrime.securesms.logging.LogFile$Reader;->readEntry()Ljava.lang.String;
org.whispersystems.libsignal.groups.ratchet.SenderChainKey;->getDerivative([B [B)[B
org.thoughtcrime.securesms.crypto.ModernEncryptingPartOutputStream;->createFor(Lorg.thoughtcrime.securesms.crypto.AttachmentSecret; Ljava.io.File; Z)Landroid.util.Pair;
org.whispersystems.signalservice.api.messages.SignalServiceEnvelope;->getMacKey(Ljava.lang.String;)Ljavax.crypto.spec.SecretKeySpec;
org.thoughtcrime.securesms.crypto.AsymmetricMasterCipher;->getDigestedBytes([B I)[B
org.thoughtcrime.securesms.crypto.AsymmetricMasterCipher;->deriveMacKey([B)Ljavax.crypto.spec.SecretKeySpec;
org.whispersystems.libsignal.ratchet.ChainKey;->getBaseMaterial([B)[B
org.whispersystems.signalservice.internal.crypto.ProvisioningCipher;->getCiphertext([B [B)[B
org.whispersystems.signalservice.internal.crypto.ProvisioningCipher;->getMac([B [B)[B
org.thoughtcrime.securesms.backup.FullBackupImporter$BackupRecordInputStream;->readFrame(Ljava.io.InputStream;)Lorg.thoughtcrime.securesms.backup.BackupProtos$BackupFrame;
org.thoughtcrime.securesms.backup.FullBackupExporter$BackupFrameOutputStream;->write(Ljava.io.OutputStream; Lorg.thoughtcrime.securesms.backup.BackupProtos$BackupFrame;)V
org.thoughtcrime.securesms.crypto.ClassicDecryptingPartInputStream;->createFor(Lorg.thoughtcrime.securesms.crypto.AttachmentSecret; Ljava.io.File;)Ljava.io.InputStream;
org.thoughtcrime.securesms.glide.cache.EncryptedCoder;->createEncryptedOutputStream([B Ljava.io.File;)Ljava.io.OutputStream;
org.thoughtcrime.securesms.backup.FullBackupExporter$BackupFrameOutputStream;->writeStream(Ljava.io.InputStream;)V
org.whispersystems.libsignal.kdf.HKDF;->expand([B [B I)[B
org.thoughtcrime.securesms.backup.FullBackupImporter$BackupRecordInputStream;->(Ljava.io.File; Ljava.lang.String;)V
org.whispersystems.libsignal.kdf.HKDF;->extract([B [B)[B
org.thoughtcrime.securesms.crypto.MasterSecretUtil;->getMasterSecret(Landroid.content.Context; Ljava.lang.String;)Lorg.thoughtcrime.securesms.crypto.MasterSecret;
org.thoughtcrime.securesms.backup.FullBackupImporter$BackupRecordInputStream;->readAttachmentTo(Ljava.io.OutputStream; I)V
org.whispersystems.libsignal.groups.GroupCipher;->getPlainText([B [B [B)[B
org.whispersystems.libsignal.kdf.DerivedMessageSecrets;->([B)V

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0105766
http://www.wooyun.org/bugs/wooyun-2015-0162907
http://www.wooyun.org/bugs/wooyun-2010-0187287

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html


动态扫描发现风险点

风险等级 风险名称

服务端分析

风险等级 风险名称

警告

检测到?处XSS漏洞。
开发中...

警告

检测到?处XSS跨站漏洞。
开发中...

应用证书