0

高危漏洞

5

中危漏洞

3

低危漏洞

5

警告

文件名 123_def5f9d01a9b7e0fed87131be33724e3.apk?yingid=wdj_web&fname=同程旅游&productid=2011&pos=detail-ndownload-com.tongcheng.android&appid=39733&packageid=600898394&apprd=39733&iconUrl=http://android-artworks.25pp.com/fs08/2020/03/17/11/110_9aaab5f484e07a7a22d9be3
上传者 test
文件大小 50.602501869202MB
MD5 335dfec70890412d279b13cfc7dfcd5f
包名 com.tongcheng.android
Main Activity com.tongcheng.android.LoadingActivity
Min SDK 19
Target SDK 28

权限列表

# 名称 说明 提示
0 android.permission.CALL_PHONE 允许应用程序在您不介入的情况下拨打电话。恶意应用程序可借此在您的话费单上产生意外通话费。请注意,此权限不允许应用程序拨打紧急呼救电话。 警告
1 android.permission.ACCESS_COARSE_LOCATION 访问大概的位置源(例如蜂窝网络数据库)以确定手机的大概位置(如果可以)。恶意应用程序可借此确定您所处的大概位置。 注意
2 android.permission.ACCESS_FINE_LOCATION 访问精准的位置源,例如手机上的全球定位系统(如果有)。恶意应用程序可能会借此确定您所处的位置,并可能消耗额外的电池电量。 注意
3 android.permission.ACCESS_LOCATION_EXTRA_COMMANDS 访问额外的位置信息提供程序命令。恶意应用程序可借此干扰GPS或其他位置源的正常工作。 注意
4 android.permission.BLUETOOTH 允许应用程序查看本地蓝牙手机的配置,以及建立或接受与配对设备的连接。 注意
5 android.permission.BROADCAST_STICKY 允许应用程序发送顽固广播,这些广播在结束后仍会保留。恶意应用程序可能会借此使手机耗用太多内存,从而降低其速度或稳定性。 注意
6 android.permission.GET_TASKS 允许应用程序检索有关当前和最近运行的任务的信息。恶意应用程序可借此发现有关其他应用程序的保密信息。 注意
7 android.permission.READ_CALENDAR 允许应用程序读取您手机上存储的所有日历活动。恶意应用程序可借此将您的日历活动发送给其他人。 注意
8 android.permission.READ_CONTACTS 允许应用程序读取您手机上存储的所有联系人(地址)数据。恶意应用程序可借此将您的数据发送给其他人。 注意
9 android.permission.READ_PHONE_STATE 允许应用程序访问设备的手机功能。有此权限的应用程序可确定此手机的号码和序列号,是否正在通话,以及对方的号码等。 注意
10 android.permission.RECEIVE_BOOT_COMPLETED 允许应用程序在系统完成启动后即自行启动。这样会延长手机的启动时间,而且如果应用程序一直运行,会降低手机的整体速度。 注意
11 android.permission.RECORD_AUDIO 允许应用程序访问录音路径。 注意
12 android.permission.SYSTEM_ALERT_WINDOW 允许应用程序显示系统警报窗口。恶意应用程序可借此掌控整个手机屏幕。 注意
13 android.permission.WRITE_CALENDAR 允许应用程序添加或更改日历中的活动,这可能会向邀请对象发送电子邮件。恶意应用程序可能会借此清除或修改您的日历活动,或者向邀请对象发送电子邮件。 注意
14 android.permission.WRITE_SETTINGS 允许应用程序修改系统设置方面的数据。恶意应用程序可借此破坏您的系统配置。 注意
15 android.permission.ACCESS_NETWORK_STATE 允许应用程序查看所有网络的状态。 提示
16 android.permission.ACCESS_WIFI_STATE 允许应用程序查看有关WLAN状态的信息。 提示
17 android.permission.BATTERY_STATS 允许修改收集的电池使用情况统计信息。普通应用程序不能使用此权限。 提示
18 android.permission.BLUETOOTH_ADMIN 允许应用程序配置本地蓝牙手机,以及发现远程设备并与其配对。 提示
19 android.permission.CAMERA 允许应用程序使用相机拍照,这样应用程序可随时收集进入相机镜头的图像。 提示
20 android.permission.CHANGE_NETWORK_STATE 允许应用程序更改网络连接的状态。 提示
21 android.permission.CHANGE_WIFI_STATE 允许应用程序连接到WLAN接入点以及与WLAN接入点断开连接,并对配置的WLAN网络进行更改。 提示
22 android.permission.FLASHLIGHT 允许应用程序控制闪光灯。 提示
23 android.permission.GET_ACCOUNTS 允许应用程序获取手机已知的帐户列表。 提示
24 android.permission.INTERNET 允许程序访问网络. 提示
25 android.permission.KILL_BACKGROUND_PROCESSES 无论内存资源是否紧张,都允许应用程序结束其他应用程序的后台进程。 提示
26 android.permission.MANAGE_ACCOUNTS 允许应用程序执行添加、删除帐户及删除其密码之类的操作。 提示
27 android.permission.MOUNT_UNMOUNT_FILESYSTEMS 允许应用程序装载和卸载可移动存储器的文件系统。 提示
28 android.permission.READ_LOGS 允许应用程序从系统的各日志文件中读取信息。这样应用程序可以发现您的手机使用情况,但这些信息不应包含任何个人信息或保密信息。 提示
29 android.permission.RESTART_PACKAGES 允许程序自己重启或重启其他程序 提示
30 android.permission.VIBRATE 允许应用程序控制振动器。 提示
31 android.permission.WAKE_LOCK 允许应用程序防止手机进入休眠状态。 提示
32 android.permission.WRITE_EXTERNAL_STORAGE 允许应用程序写入SD卡。 提示

四大组件

组件名称

com.tongcheng.android.LoadingActivity
com.tongcheng.android.module.callback.WXPayEntryActivity
com.tongcheng.android.module.callback.WXEntryActivity
com.tongcheng.android.module.bombscreen.BombScreenActivity
com.tongcheng.android.module.homepage.activity.MineUpdateTipsActivity
com.tongcheng.android.module.address.AddressEditorActivity
com.tongcheng.android.module.address.AddressListActivity
com.tongcheng.android.module.account.AccountDialogActivity
com.tongcheng.android.module.launch.FirstIntroActivity
com.tongcheng.android.module.launch.FirstIntroADActivity
com.tongcheng.android.module.homepage.HomeVideoAdWebActivity
com.tongcheng.android.module.homepage.SpecialTourActivity
com.tongcheng.android.TongchengMainActivity
com.tongcheng.android.module.globalsearch.SpeechSearchActivity
com.tongcheng.android.module.destination.DestinationHomeActivity
com.tongcheng.android.module.member.MyWalletActivity
com.tongcheng.android.module.member.PaySettingActivity
com.tongcheng.android.module.member.lock.WalletLockActivity
com.tongcheng.android.module.member.MyWalletFingerprintActivity
com.tongcheng.android.module.member.MyWalletSmallPaymentActivity
com.tongcheng.android.module.member.MyWalletBonusActivity
com.tongcheng.android.module.member.MyWalletMoreServiceActivity
com.tongcheng.android.module.member.lock.SetPatternActivity
com.tongcheng.android.module.member.lock.ConfirmPatternActivity
com.tongcheng.android.module.member.lock.ConfirmPatternToUpdateActivity
com.tongcheng.android.module.member.lock.NormalConfirmPatternActivity
com.tongcheng.android.module.member.lock.TTBWebConfirmPatternActivity
com.tongcheng.android.module.member.CitySelectResidenceActivity
com.tongcheng.android.module.member.NewBondCashActivity
com.tongcheng.android.module.member.ExpressProgressInfoActivity
com.tongcheng.android.module.member.CommonInfoActivity
com.tongcheng.android.module.member.MoreSettingActivity
com.tongcheng.android.module.account.AvatarCropActivity
com.tongcheng.android.module.account.AlterNickNameActivity
com.tongcheng.android.module.account.AlterEmailActivity
com.tongcheng.android.module.account.AlterEmailStepOneActivity
com.tongcheng.android.module.account.MemberHeadPortraitActivity
com.tongcheng.android.module.account.ThirdAccountManageActivity
com.tongcheng.android.module.account.ProfileActivity
com.tongcheng.android.module.account.AreaCodeListActivity
com.tongcheng.android.module.account.AccountAndSecurityActivity
com.tongcheng.android.module.account.ForgetPasswordActivity
com.tongcheng.android.module.account.RegisterActivity
com.tongcheng.android.module.account.RegisterSetPasswordActivity
com.tongcheng.android.module.account.ResetPasswordStepOneActivity
com.tongcheng.android.module.account.ResetPasswordStepTwoActivity
com.tongcheng.android.module.account.UpdatePasswordActivity
com.tongcheng.android.module.account.MobileBindActivity
com.tongcheng.android.module.account.ThirdAccountBindActivity
com.tongcheng.android.module.account.AlterPasswordActivity
com.tongcheng.android.module.account.MobileBindInterceptActivity
com.tongcheng.android.module.ordercombination.NonMemberOrderListActivity
com.tongcheng.android.module.message.MessageCategoryDetailActivity
com.tongcheng.android.module.message.MessageOnlineServiceActivity
com.tongcheng.android.project.scenery.SceneryKeywordSearchActivity
com.tongcheng.android.project.scenery.publicmodule.map.SceneryMapListActivity
com.tongcheng.android.project.scenery.SceneryChoosePaymentActivity
com.tongcheng.android.project.scenery.SceneryInvoiceMessageActivity
com.tongcheng.android.project.scenery.SceneryRefundActivity
com.tongcheng.android.project.scenery.SceneryRefundProgressActivity
com.tongcheng.android.project.scenery.SceneryRefundFailureActivity
com.tongcheng.android.project.scenery.SceneryElectronTicketActivity
com.tongcheng.android.project.scenery.publicmodule.orderbusiness.OrderListScenery
com.tongcheng.android.project.scenery.SceneryAgencyVideoActivity
com.tongcheng.android.project.scenery.orderdetail.OrderSceneryDetail
com.tongcheng.android.project.scenery.publicmodule.comment.SceneryCommentListActivity
com.tongcheng.android.project.scenery.publicmodule.comment.SceneryWriteCommentActivity
com.tongcheng.android.project.scenery.publicmodule.traveller.SceneryInsuranceOrderOperateActivity
com.tongcheng.android.project.scenery.publicmodule.orderbusiness.SceneryRefundDetailActivity
com.tongcheng.android.project.scenery.orderdetail.SceneryOrderTrackActivity
com.tongcheng.android.project.scenery.citylist.CitySelectSceneryActivity
com.tongcheng.android.project.train.TrainPaymentOptionActivity
com.tongcheng.android.project.train.TrainOrderPayFailureActivity
com.tongcheng.android.project.train.orderbusiness.OrderTrainList
com.tongcheng.android.project.train.cityselectbusiness.TrainCitySelectWebappActivity
com.tongcheng.android.project.train.directpaybusiness.TrainDirectPayBusinessActivity
com.tongcheng.android.project.train.cityselectbusiness.CitySelectTrainActivity
com.tongcheng.android.project.train.TrainScanFaceActivity
com.tongcheng.android.project.flight.dynamic.FlightDynamicListActivity
com.tongcheng.android.project.flight.dynamic.FlightDynamicDetailActivity
com.tongcheng.android.project.flight.orderbusiness.OrderListFlight
com.tongcheng.android.project.flight.FlightMainFragmentActivity
com.tongcheng.android.project.flight.FlightPriceTrendDetailActivity
com.tongcheng.android.project.flight.FlightAirportCityActivity
com.tongcheng.android.project.flight.scrollcalendar.FlightChooseTicketCalendarActivity
com.tongcheng.android.project.flight.scrollcalendar.FlightSpecialBackCalendarActivity
com.tongcheng.android.project.flight.scrollcalendar.FlightSpecialOutwardCalendarActivity
com.tongcheng.android.project.flight.FlightNewChoosePaymentActivity
com.tongcheng.android.project.flight.FlightPriceTrendAcitivity
com.tongcheng.android.project.flight.comment.FlightInlandWriteCommentActivity
com.tongcheng.android.project.flight.traveler.FlightNewTravelerListActivity
com.tongcheng.android.project.flight.traveler.FlightNewTravelerEditorActivity
com.tongcheng.android.project.flight.traveler.editor.FlightIdentifyActivity
com.tongcheng.android.project.flight.citylist.CitySelectFlightActivity
com.tongcheng.android.project.flight.citylist.FlightCityListActivity
com.tongcheng.android.project.flight.traveler.FlightTravelerIDCardScanEnsureActivity
com.tongcheng.android.project.iflight.traveler.countrylist.FlightCountryListActivity
com.tongcheng.android.project.flight.insured.FlightInsuredListActivity
com.tongcheng.android.project.flight.insured.FlightInsuredEditActivity
com.tongcheng.android.project.group.business.destination.search.TravelGroupDestinationKeyWordSearchActionActivity
com.tongcheng.android.project.group.common.comment.TravelGroupCommentListActivity
com.tongcheng.android.project.group.business.order.detail.TravelGroupRefundDetailActivity
com.tongcheng.android.project.group.common.comment.GenTuanTravelWriteCommentActivity
com.tongcheng.android.project.travel.TravelModifyOrderActiviy
com.tongcheng.android.project.travel.TravelOrderRefundReqActiviy
com.tongcheng.android.project.travel.TravelRefundDetailActivity
com.tongcheng.android.project.travel.TravelModifyProgressActivity
com.tongcheng.android.project.travel.TravelNewHotelDetailActivity
com.tongcheng.android.project.travel.TravelNewSceneryDetailActivity
com.tongcheng.android.project.travel.TravelDetailTrafficInfoNewActivity
com.tongcheng.android.project.travel.weekendsubject.WeekendSubjectLineList
com.tongcheng.android.project.travel.weekendsubject.WeekendSubjectList
com.tongcheng.android.project.travel.TravelNewChangeOrderActivity
com.tongcheng.android.project.travel.TravelChangeTouristActivity
com.tongcheng.android.project.travel.TravelTouristListActivity
com.tongcheng.android.project.travel.TravelModifyOrderSuccessActivity
com.tongcheng.android.project.travel.TravelModifyOrderFailureActivity
com.tongcheng.android.project.travel.TravelTrafficStepListActivity
com.tongcheng.android.project.travel.TravelImageMainActivity
com.tongcheng.android.project.travel.TravelKeyWordSearchActivity
com.tongcheng.android.project.travel.TravelChoosePaymentsActivity
com.tongcheng.android.project.travel.destination.TravelDestinationKeyWordSearchActionActivity
com.tongcheng.android.project.travel.TravelPaySuccessActivity
com.tongcheng.android.project.travel.comment.CommentFailureActivity
com.tongcheng.android.project.travel.TravelOrderRepeatActivity
com.tongcheng.android.project.travel.orderbusiness.OrderListTravel
com.tongcheng.android.project.travel.orderbusiness.OrderTravelDetail
com.tongcheng.android.project.travel.presell.TravelOrderSaleDetailActivity
com.tongcheng.android.project.travel.TravelWeekendCardListActivity
com.tongcheng.android.project.travel.TravelWeekendCardNumsActivity
com.tongcheng.android.project.travel.TravelActiveWeekendCardActivity
com.tongcheng.android.project.travel.TravelActiveWeekendCardSuccessActivity
com.tongcheng.android.project.travel.comment.TravelCommentListActivity
com.tongcheng.android.project.travel.comment.TravelWriteCommentActivity
com.tongcheng.android.project.travel.TravelSendInvoiceActivity
com.tongcheng.android.project.travel.scrollcalendar.WeekendTravelOrderCalendarActivity
com.tongcheng.android.project.travel.scrollcalendar.WeekendTravelOrderSceneryCalendarActivity
com.tongcheng.android.project.travel.calendar.TravelOrderNewCalendarActivity
com.tongcheng.android.project.travel.TravelCollectionBrowsedActivity
com.tongcheng.android.project.travel.TravelOrderDetailTouristActivity
com.tongcheng.android.project.travel.TravelOrderDetailRetreatInfoActivity
com.tongcheng.android.project.cruise.CruiseChoosePaymentActivity
com.tongcheng.android.project.cruise.CruiseCardChoosePaymentActivity
com.tongcheng.android.project.cruise.CruiseNoMemberOrderListActivity
com.tongcheng.android.project.cruise.CruiseCardOrderDetailActivity
com.tongcheng.android.project.cruise.comment.CruiseCommentListActivity
com.tongcheng.android.project.cruise.comment.CruiseWriteCommentActivity
com.tongcheng.android.project.cruise.CruiseOrderTrackActivity
com.tongcheng.android.project.cruise.CruiseDetailIntroduceActivity
com.tongcheng.android.project.cruise.CruiseConsumerPlaceListActivity
com.tongcheng.android.project.cruise.CruiseCabinListActivity
com.tongcheng.android.project.cruise.CruisePortMapActivity
com.tongcheng.android.project.cruise.CruiseCancelOrderActivity
com.tongcheng.android.project.cruise.CruiseCancelSuccessActivity
com.tongcheng.android.project.cruise.CruiseRefundDetailActivity
com.tongcheng.android.project.cruise.CruisePickDeckRoomActivity
com.tongcheng.android.project.vacation.activity.VacationDestSelectActivity
com.tongcheng.android.project.vacation.activity.VacationVisaInfoActivity
com.tongcheng.android.project.vacation.activity.dynamic.VacationDynamicOrderFlightHotelActivity
com.tongcheng.android.project.vacation.activity.VacationOrderDetailActivity
com.tongcheng.android.project.vacation.activity.VacationElectronicContractActivity
com.tongcheng.android.project.vacation.activity.VacationTravellerSelectActivity
com.tongcheng.android.project.vacation.activity.VacationAdditionalOrderActivity
com.tongcheng.android.project.vacation.activity.VacationOrderListActivity
com.tongcheng.android.project.vacation.activity.VacationChoosePaymentActivity
com.tongcheng.android.project.vacation.activity.VacationCommentListActivity
com.tongcheng.android.project.vacation.activity.VacationWriteCommentActivity
com.tongcheng.android.project.vacation.activity.VacationCancelOrderReasonActivity
com.tongcheng.android.project.vacation.activity.VacationRefundReasonActivity
com.tencent.tauth.AuthActivity
com.tongcheng.android.module.travelassistant.calendarmanage.ScheduleDetailActivity
com.tongcheng.android.module.travelassistant.calendarmanage.ScheduleAddCategoryActivity
com.tongcheng.android.module.travelassistant.calendarmanage.ScheduleAddDescribeActivity
com.tongcheng.android.module.travelassistant.calendarmanage.ScheduleAddAlarmActivity
com.tongcheng.android.module.travelassistant.calendarmanage.ScheduleAddAddressActivity
com.tongcheng.android.module.travelassistant.calendarmanage.ScheduleAddActivity
com.tongcheng.android.module.travelassistant.route.AssistantFlightDetailActivity
com.tongcheng.android.module.travelassistant.route.AssistantTrainDetailActivity
com.tongcheng.android.module.travelassistant.route.poi.flight.POIFlightQueryActivity
com.tongcheng.android.module.travelassistant.route.poi.flight.POIFlightSearchListActivity
com.tongcheng.android.module.travelassistant.route.train.TrainQueryActivity
com.tongcheng.android.module.travelassistant.route.train.TrainIdResultActivity
com.tongcheng.android.module.travelassistant.route.train.TrainStationResultActivity
com.tongcheng.android.module.travelassistant.route.hotel.HotelQueryListActivity
com.tongcheng.android.module.travelassistant.route.scenery.SceneryQueryListActivity
com.tongcheng.android.module.travelassistant.calendarmanage.ScheduleSearchActivity
com.tongcheng.android.module.travelassistant.calendarmanage.AssistantMonthCalendarActivity
com.tongcheng.android.module.travelassistant.AirportNavigationActivity
com.tongcheng.android.module.travelassistant.route.hotel.AddHotelHomeActivity
com.tongcheng.android.module.travelassistant.route.hotel.AssistantCitySelectHotelActivity
com.tongcheng.android.module.travelassistant.route.hotel.AssistantHotelCitySearchActivity
com.tongcheng.android.module.travelassistant.route.hotel.AssistantHotelKeyWordActivity
com.tencent.connect.common.AssistActivity
com.tongcheng.debug.DebugActivity
com.tongcheng.debug.plugin.account.DebugAccountManageActivity
com.tongcheng.debug.plugin.location.DebugLocationActivity
com.tongcheng.debug.plugin.location.DebugMapActivity
com.tongcheng.debug.plugin.web.webapp.H5CallLogActivity
com.tongcheng.debug.plugin.web.webapp.H5CallLogDetailsActivity
com.tongcheng.debug.plugin.abtest.ABDebugActivity
com.tongcheng.debug.plugin.assistant.dialogs.DebugAccountChooseActivity
com.tongcheng.debug.plugin.assistant.dialogs.DebugVersionChooseActivity
com.tongcheng.debug.plugin.assistant.dialogs.DebugWebappChooseActivity
com.tongcheng.debug.plugin.assistant.dialogs.DebugUIGaugeActivity
com.tongcheng.debug.plugin.launch.AnalyzerResultActivity
com.tongcheng.debug.plugin.launch.AnalyzerResultDetailActivity
com.tongcheng.debug.RNDebugActivity
com.tongcheng.debug.plugin.rn.RNPackageActivity
com.tongcheng.debug.plugin.pageload.PageLoadingTimeActivity
com.tongcheng.android.module.ordercombination.OrderCenterActivity
com.tongcheng.android.module.ordercombination.HistoryOrderListActivity
com.tongcheng.android.module.ordercombination.query.PhoneQueryOrderActivity
com.tongcheng.android.module.ordercombination.query.PhoneQueryOrderResultActivity
com.tongcheng.android.module.ordercombination.OrderServiceContentActivity
com.tongcheng.android.module.refund.OrderRefundListActivity
com.tongcheng.android.module.ordercombination.ServiceSearchActivity
com.tongcheng.android.project.disport.activity.DisportChoosePaymentActivity
com.tongcheng.android.project.disport.activity.DisportPayFailureActivity
com.tongcheng.android.project.disport.activity.DisportWriteCommentActivity
com.tongcheng.android.project.disport.activity.DisportOrderDetailActivity
com.tongcheng.android.project.disport.activity.OverseasListActivity
com.tongcheng.android.project.disport.activity.OverseasCancelChangeActivity
com.alipay.sdk.app.H5PayActivity
com.tongcheng.android.project.guide.activity.SelectAreaDiscoveryActivity
com.tongcheng.android.project.guide.activity.SelectDiscoveryActivity
com.tongcheng.android.project.guide.activity.GuidePOIDetailsActivity
com.tongcheng.android.project.guide.activity.GuideWriteCommentActivity
com.tongcheng.android.project.guide.activity.SearchNearActivity
com.tongcheng.android.project.guide.activity.PhotoListActivity
com.tongcheng.android.project.guide.activity.POISearchActivity
com.tongcheng.android.project.guide.activity.ContentPOIListActivity
com.tongcheng.android.project.guide.activity.AreaCommonActivity
com.tongcheng.android.project.guide.activity.IndependentCommentListActivity
com.tongcheng.android.project.guide.activity.AreaPhotoListActivity
com.tongcheng.android.project.guide.activity.AreaNationProvinceActivity
com.tongcheng.android.project.guide.activity.TravelHeadlineActivity
com.tongcheng.android.project.guide.activity.SelectDestinationActivity
com.tongcheng.android.project.guide.activity.GuideDestinationSearchActivity
com.tongcheng.android.project.guide.activity.TravelGuideActivity
com.tongcheng.android.project.guide.activity.PoiNearHotelActivity
com.tongcheng.android.project.guide.activity.GuideAskWayActivity
com.tongcheng.android.project.guide.activity.GuideMapActivity
com.tongcheng.android.project.guide.activity.GuideSearchMoreListActivity
com.tongcheng.android.project.guide.activity.SearchMoreDetailActivity
com.tongcheng.android.project.guide.activity.GuideTagRecommandListAcitvity
com.tongcheng.android.project.guide.activity.GuideRewardListAcitvity
com.tongcheng.android.project.inland.business.city.dest.CitySelectInlandDestinationActivity
com.tongcheng.android.project.inland.business.order.InlandTravelOrderListActivity
com.tongcheng.android.project.inland.common.comment.InlandTravelCommentListActivity
com.tongcheng.android.project.inland.common.contacts.flight.InlandFlightTravelerListActivity
com.tongcheng.android.project.inland.common.contacts.flight.InlandFlightTravelerEditorActivity
com.tongcheng.android.project.vacation.traveler.VacationTravelerListActivity
com.tongcheng.android.project.vacation.traveler.VacationTravelerEditorActivity
com.tongcheng.android.project.inland.business.order.detail.InlandTravelOrderDetailActivity
com.tongcheng.android.project.inland.common.comment.InlandTravelWriteCommentActivity
com.tongcheng.android.project.inland.business.order.InlandTravelChoosePaymentActivity
com.tongcheng.android.project.inland.business.order.reactive.InlandReactiveFlightConfirmActivity
com.tongcheng.android.project.inland.business.order.reactive.InlandFlightReSelectActivity
com.tongcheng.android.project.inland.business.order.reactive.InlandMultiFlightReSelectActivity
com.tongcheng.android.project.inland.business.order.detail.InlandOrderInsuranceDetailActivity
com.tongcheng.android.project.diary.user.DiaryUserInfoActivity
com.tongcheng.android.project.diary.write.DiaryEditActivity
com.tongcheng.android.project.diary.write.DiaryTagActivity
com.tongcheng.android.project.diary.user.DiaryTaInfoActivity
com.tongcheng.android.project.diary.write.DiaryPoiDragActivity
com.tongcheng.android.project.diary.photo.DiaryCommonImageShowActivity
com.tongcheng.android.project.diary.write.DiaryIndexActivity
com.tongcheng.android.project.diary.write.DiaryWriteTitleActivity
com.tongcheng.android.project.diary.weiyouji.DiaryWeiCreateActivity
com.tongcheng.android.project.diary.weiyouji.DiaryWeiChoiceActivity
com.tongcheng.android.project.diary.weiyouji.DiaryWeiEditTextActivity
com.tongcheng.android.project.diary.write.DiaryUploadActivity
com.tongcheng.android.project.diary.photo.DiaryPhotoPickerActivity
com.tongcheng.android.project.diary.poi.DiaryPoiActivity
com.tongcheng.android.project.diary.poi.DiaryPoiSearchActivity
com.tongcheng.android.project.diary.DiaryListActivity
com.tongcheng.android.project.diary.DiaryDetailActivity
com.tongcheng.android.project.diary.DiaryHomeActivity
com.tongcheng.android.project.diary.user.DiaryCommentListActivity
com.tongcheng.android.project.diary.DiaryBestActivity
com.tongcheng.android.project.diary.weiyouji.DiaryWeiyoujiListActivity
com.tongcheng.android.project.diary.weiyouji.DiaryWeiyoujiSubjectActivity
com.tongcheng.android.project.diary.weiyouji.DiaryWeiyoujiDetailActivity
com.tongcheng.android.project.diary.weiyouji.DiaryUserWeiyoujiActivity
com.tongcheng.android.project.diary.weiyouji.DiaryPoiWeiyoujiActivity
com.tongcheng.android.project.diary.weiyouji.DiaryWeiVideoPlayerActivity
com.tongcheng.android.project.diary.weiyouji.DiaryWeiyoujiDivisionActivity
com.tongcheng.android.module.member.MoreAboutActivity
com.tongcheng.android.project.visa.VisaRefundDetailActivity
com.tongcheng.android.project.visa.VisaOrderPaymentActivity
com.tongcheng.android.project.visa.proposer.VisaProposerActivity
com.tongcheng.android.project.visa.proposer.VisaProposerAddActivity
com.tongcheng.android.project.visa.proposer.VisaProposerEditActivity
com.tongcheng.android.project.visa.VisaOrderRepeatActivity
com.tongcheng.android.project.visa.VisaPayFailureActivity
com.tongcheng.android.project.visa.VisaCommentListActivity
com.tongcheng.android.project.visa.VisaWriteCommentActivity
com.tongcheng.android.webapp.activity.WebappPayPlatformActivity
com.tongcheng.android.module.push.XGActivity
com.tongcheng.android.project.hotel.HotelHomeActivity
com.tongcheng.android.project.hotel.MyHotelActivity
com.tongcheng.android.project.hotel.HotelCitySearchActivity
com.tongcheng.android.project.hotel.CitySelectHotelActivity
com.tongcheng.android.project.hotel.HotelKeyWordActivity
com.tongcheng.android.project.hotel.HotelKeyWordItemSelectedActivity
tc_home.TcHomeDialogActivity
com.tongcheng.android.project.ihotel.GlobalHotelRefundDetailActivity
com.tongcheng.android.project.ihotel.GlobalHotelRefundActivity
com.tongcheng.android.project.ihotel.comment.GlobalHotelWriteCommentActivity
com.tongcheng.android.project.iflight.FlightHomeActivity
com.tongcheng.android.project.iflight.traveler.InterFlightTravelerEditorActivity
com.tongcheng.android.project.iflight.traveler.IFlightNewTravelerEditorActivity
com.tongcheng.android.project.iflight.traveler.InterFlightTravelerListActivity
com.tongcheng.android.project.iflight.traveler.InterFlightNewTravelerListActivity
com.tongcheng.android.project.iflight.FlightInterNewChoosePaymentActivity
com.tongcheng.android.project.iflight.UnionNewChoosePaymentActivity
com.tongcheng.android.project.iflight.FlightInterGradationPaymentActivity
com.tongcheng.android.project.iflight.scrollcalendar.FlightInterListCalendarActivity
com.tongcheng.android.project.iflight.scrollcalendar.IFlightListCalendarActivity
com.tongcheng.android.project.iflight.comment.FlightInternationalWriteCommentActivity
com.tongcheng.android.project.iflight.IFlightListActivity
com.tongcheng.android.project.iflight.IFlightRoundListActivity
com.tongcheng.android.project.iflight.citylist.FlightCitySelectActivity
com.tongcheng.android.project.iflight.IFlightBookingActivity
com.tongcheng.android.project.iflight.IFlightCabinSelectActivity
com.tongcheng.android.project.iflight.IFlightBookingInstructionActivity
com.tongcheng.android.project.iflight.IFlightNoticeWindowActivity
com.tongcheng.android.project.iflight.traveler.IFlightTravelerPassportScanEnsureActivity
com.tongcheng.android.project.iflight.scrollcalendar.hybridcalendar.FlightSingleCalendarActivity
com.tongcheng.android.project.iflight.scrollcalendar.hybridcalendar.FlightRoundTripCalendarNewActivity
com.tongcheng.android.project.iflight.IFlightGiftActivity
com.tongcheng.android.project.iflight.insured.IFlightInsuredListActivity
com.tongcheng.android.project.iflight.insured.IFlightInsuredEditActivity
com.elong.hotel.activity.ConponRulesActivity
com.elong.hotel.activity.HotelDatePickerActivity
com.elong.hotel.activity.HotelDetailPopPhotoActivity
com.elong.hotel.activity.HotelDetailsActivity
com.elong.hotel.activity.HotelDetailsActivityNew
com.elong.hotel.activity.HotelRenQiRankingListActivity
com.elong.hotel.activity.HotelDetailsMapActivity
com.elong.hotel.activity.NewHotelListActivity
com.elong.hotel.activity.HotelHistoryListActivity
com.elong.hotel.activity.HotelListMapActivity
com.elong.hotel.activity.HotelOrderActivity
com.elong.tchotel.fillin.activity.TCHotelOrderInvoiceActivity
com.elong.hotel.activity.HotelOrderSuccessActivity
com.elong.hotel.activity.HotelPhotosActivity
com.elong.hotel.activity.HotelCommentOnPhotosActivity
com.elong.hotel.activity.HotelKanJiaShareActivity
com.elong.hotel.activity.HotelPhotoManagementActivity
com.elong.hotel.activity.HotelPhotosBigActivity
com.elong.hotel.activity.HotelPhotosWithDiscriptionActivity
com.elong.hotel.activity.HotelPhotosWithDiscriptionNewActivity
com.elong.hotel.activity.HotelRecomandNewActivity
com.elong.hotel.activity.HotelReportErrorActivity
com.elong.hotel.activity.HotelSearchKeyWordSelectActivityNew
com.elong.hotel.activity.customer.HotelSelectCustomerNewActivity
com.elong.hotel.activity.customer.HotelSelectCustomerAddActivity
com.elong.hotel.activity.HotelSelectTicketCustomerActivity
com.elong.hotel.activity.myelong.HotelOrderDetailsActivity
com.elong.hotel.activity.HotelTransferRoomFillinActivity
com.elong.hotel.activity.myelong.HotelOrderExpressFlowActivity
com.elong.hotel.activity.myelong.HotelOrderFlowActivity
com.elong.hotel.activity.myelong.HotelOrderTradeFlowActivity
com.elong.hotel.activity.myelong.OrderManagerHotelListActivity
com.elong.hotel.activity.myelong.OrderManagerHotelListLoginActivity
com.elong.hotel.activity.myelong.PhotoAlbumActivity
com.elong.hotel.activity.myelong.PhotoListActivity
com.elong.hotel.activity.payment.HotelPaymentCounterImpl
com.elong.hotel.activity.payment.PreHotelPaymengCounterImpl
com.elong.hotel.activity.payment.VouchHotelPaymengCounterImpl
com.elong.hotel.activity.payment.BookingHotelPaymentCounter
com.elong.hotel.activity.payment.creditcard.HotelCreditCardPayImpl
com.elong.hotel.activity.HotelListTalentRecommendActivity
com.elong.hotel.activity.NewHotelDetailsNearByListActivity
com.elong.hotel.activity.HotelBookPopActivity
com.elong.hotel.activity.HotelRoomDetailsPopActivity
com.elong.hotel.activity.HotelBookActivity
com.elong.hotel.activity.fillin.HotelOrderHongbaoSelectActivity
com.elong.hotel.activity.HotelDatePickerNewActivity
com.elong.hotel.activity.HotelDetailKindlyReminderActivity
com.elong.hotel.activity.HotelMyTransferentialOrderActivity
com.elong.hotel.activity.HotelNavigationActivity
com.elong.hotel.activity.HotelUploadImageActivity
com.elong.hotel.activity.HotelUploadImageEditActivity
com.elong.hotel.activity.myelong.HotelRefundDetailActivity
com.elong.hotel.activity.HotelFacilitiesAndKitsinfoActivity
com.elong.hotel.activity.HotelCommentRoomPopActivity
com.elong.hotel.activity.HotelOrderCancelResearchActivity
com.elong.hotel.activity.NewHotelDetailsMapActivity
com.elong.hotel.baidulbs.mapactivity.CheckRouteActivity
com.elong.hotel.baidulbs.mapactivity.SelectPositionActivity
com.elong.hotel.baidulbs.mapactivity.HotelMapNavigationActivity
com.elong.hotel.activity.NoHouseWebActivity
com.elong.hotel.activity.customer.HotelPolicyHolderSelectActivity
com.elong.hotel.activity.customer.HotelPolicyHolderAddActivity
com.elong.hotel.activity.my_hotel.HotelMyActivity
com.elong.hotel.activity.HotelSupplyInfoActivity
com.elong.hotel.activity.HotelSupplyImageActivity
com.elong.hotel.activity.HotelCommonHongbaoPopActivity
com.elong.hotel.activity.fillin.HotelOrderFillinCheckInDesActivity
com.elong.hotel.activity.OperationWebViewDialogActivity
com.elong.tchotel.order.OrderDetailActivity
com.elong.tchotel.order.ApplyRefundActivity
com.elong.tchotel.order.InsuranceDetailActivity
tc_home.AdvsActivity
com.tongcheng.android.project.hotel.HotelChoosePaymentGuaranteeActivity
com.tongcheng.android.project.hotel.HotelDetailIntroductionActivity
com.tongcheng.android.project.hotel.HotelDetailMapActivity
com.tongcheng.android.project.hotel.HotelMapActivity
com.tongcheng.android.project.hotel.HotelOrderFailureActivity
com.tongcheng.android.project.hotel.HotelPhoneDialogActivity
com.tongcheng.android.project.hotel.HotelPopupRNActivity
com.tongcheng.android.project.hotel.HotelRefundDetailActivity
com.tongcheng.android.project.hotel.HTDChoosePaymentActivity
com.tongcheng.android.project.hotel.widget.HotelWebViewActivity
com.tongcheng.android.project.hotel.widget.HotelHtmlActivity
com.tongcheng.android.project.hotel.comment.HotelWriteCommentActivity
com.tongcheng.android.project.hotel.comment.HotelCommentListActivity
com.tongcheng.android.project.hotel.widget.HotelErrorDialogActivity
com.elong.hotel.utils.TEWebViewUtils
com.elong.hotel.activity.HotelFacilitiesActivity
com.elong.globalhotel.activity.GlobalHotelNewCitySelectActivity
com.elong.globalhotel.activity.GlobalHotelRestructCitySelectActivity
com.elong.globalhotel.activity.GlobalHotelRestructCitySuggestActivity
com.elong.globalhotel.activity.GlobalHotelRestructSearchKeyWordSelectActivity
com.elong.globalhotel.activity.GlobalHotelCustomerPickActivity
com.elong.globalhotel.activity.GlobalHotelRestructSelectPersonActivity
com.elong.globalhotel.activity.GlobalHotelListMapActivity
com.elong.globalhotel.activity.GlobalHotelConfirmLetterActivity
com.elong.globalhotel.activity.InsuranceUserInfoActivity
com.elong.globalhotel.activity.GlobalHotelListActivity
com.elong.globalhotel.activity.GlobalHotelCommentPhotosActivity
com.elong.globalhotel.activity.GlobalHotelCommentNewActivity
com.elong.globalhotel.activity.GlobalHotelPhotoCommentReplyActivity
com.elong.globalhotel.activity.GlobalHotelNewPhotoListActivity
com.elong.globalhotel.activity.GlobalHotelPhotosActivity
com.elong.globalhotel.activity.GlobalHotelRestructDatePickerPopActivity
com.elong.globalhotel.activity.GlobalHotelRestructDetailsActivity
com.elong.globalhotel.activity.GlobalHotelRestructDetailMapActivity
com.elong.globalhotel.activity.GlobalHotelRestructOrderSuccessActivity
com.elong.globalhotel.activity.GlobalHotelRestructSelectTravelerActivity
com.elong.globalhotel.activity.GlobalHotelTranslateActivity
com.elong.globalhotel.activity.GlobalHotelInvoiceActivity
com.elong.globalhotel.activity.GlobalHotelRestructInsuranceIntroduceActivity
com.elong.globalhotel.activity.GlobalHotelWebViewActivity
com.elong.globalhotel.activity.GlobalHotelStrategyActivity
com.elong.globalhotel.activity.GlobalHotelMyRedPaperListActivity
com.elong.paymentimpl.GlobalHotelRestructPaymentCounterImpl
com.elong.paymentimpl.GlobalHotelRestructPaymentBookingImpl
com.elong.paymentimpl.creditcard.GlobalHotelRestructCreditCardPayImpl
com.elong.globalhotel.activity.GlobalHotelOrderListActivity
dom.elong.globalhotel.view.GlobalHotelOrderListUnLoginActivity
com.elong.globalhotel.activity.GlobalHotelOrderDetailActivity
com.elong.globalhotel.activity.GlobalHotelOrderDetailOrderWorkflowActivity
com.elong.globalhotel.activity.GlobalHotelCommentFillinActivity
com.elong.globalhotel.activity.GlobalHotelCommentSuccessActivity
com.elong.globalhotel.activity.PhotoAlbumFirstLevelActivity
com.elong.globalhotel.activity.PhotoAlbumSecondLevelActivity
com.elong.globalhotel.activity.GlobalHotelRecordVideoActivity
com.elong.globalhotel.activity.GlobalHotelUserCommentListActivity
com.elong.globalhotel.activity.UserCommentPhotosExplorerActivity
com.elong.globalhotel.activity.GlobalHotelUserCommentDetailActivity
com.elong.globalhotel.activity.GlobalHotelUserMyCommentListActivity
com.elong.globalhotel.activity.GlobalHotelCommentMessageListActivity
com.elong.globalhotel.activity.PhotoAlbumMultiSelectorActivity
com.elong.globalhotel.activity.GlobalHotelRedPaperSelectActivity
com.elong.globalhotel.activity.GlobalHotelHappyGiftSelectActivity
com.elong.globalhotel.activity.GlobalHotelAskRoadActivity
com.elong.globalhotel.activity.GlobalHotelHomeSearchActivity
com.elong.globalhotel.payment.GlobalHotelTcPaymentBookingImpl
com.elong.globalhotel.payment.GlobalHotelTcPaymentCounterImpl
com.elong.globalhotel.activity.GlobalHotelOrderCreditCardActivity
com.elong.globalhotel.activity.orderfillin.GlobalHotelOrderFillinActivity
com.elong.globalhotel.activity.specialneed.GlobalHotelSpecialNeedActivity
com.elong.globalhotel.activity.orderfillin.GlobalHotelSelectTravelerActivity
com.elong.globalhotel.activity.NewStarPriceActivity
com.elong.globalhotel.activity.GlobalHotelPhotosDialogActivity
com.elong.android.minsu.city.CitySwitchActivity
com.elong.android.minsu.activity.MinSuDatePickerActivity
com.elong.android.minsu.search.SearchActivity
com.elong.activity.others.WebViewActivity
com.elong.activity.others.LoginActivity
com.elong.utils.permissions.AppSettingsDialogHolderActivity
com.elong.video.ElongVideoPlayerActivity
com.tongcheng.android.module.map.TcMapActivity
com.tongcheng.android.module.map.LookRouteActivity
com.tongcheng.android.module.map.GoogleJsMapActivity
com.tongcheng.android.module.webapp.WebViewActivity
com.tongcheng.android.module.webapp.activity.pay.WebappPaymentSuccessActivity
com.tongcheng.android.module.webapp.activity.map.WebappMapActivity
com.tongcheng.android.module.webapp.activity.comment.WebappWriteCommentActivity
com.tongcheng.android.module.webapp.activity.comment.WebappCommentListActivity
com.tongcheng.android.module.webapp.activity.scrollcalendar.WebappCalendarActivity
com.tongcheng.android.module.webapp.activity.WeishequPhotoUploadActivity
com.tongcheng.android.module.webapp.activity.StaticWebViewActivity
com.tongcheng.android.module.webapp.activity.ModalWebViewActivity
com.tongcheng.android.module.webapp.activity.order.WebappNonLoginOrderListActivity
com.tongcheng.android.module.webapp.activity.invoice.WebappInvoiceActivity
com.tongcheng.android.module.webapp.activity.citylist.CitySelectWebappActivity
com.tongcheng.android.module.traveler.CitySelectPlaceActivity
com.tongcheng.android.module.redpackage.ChoseRedPackageActivity
com.tongcheng.android.module.payment.CommonPayFailureActivity
com.tongcheng.android.module.payment.QQPayResultActivity
com.tongcheng.android.module.payment.PayResultHelpActivity
com.tongcheng.android.module.payment.PaymentPasswordActivity
com.tongcheng.android.module.traveler.TravelerListActivity
com.tongcheng.android.module.traveler.TravelerEditorActivity
com.tongcheng.android.module.traveler.certscan.TravelerIDCardScanEnsureActivity
com.tongcheng.android.module.traveler.certscan.TravelerPassportScanEnsureActivity
com.tongcheng.android.module.traveler.NationalitySelectActivity
com.tongcheng.android.rn.RNActivity
com.tongcheng.android.rn.module.component.RNCalendarActivity
com.tongcheng.android.rn.module.component.RNPriceCalendarActivity
com.facebook.react.devsupport.DevSettingsActivity
com.mob.tools.MobUIShell
cn.sharesdk.tencent.qq.ReceiveActivity
com.tongcheng.android.module.account.LoginActivity
com.tongcheng.android.module.account.bridge.LoginInterceptActivity
com.tongcheng.android.module.pay.bankcard.activity.BankCardBindActivity
com.tongcheng.android.module.pay.bankcard.activity.BankCardBindCheckActivity
com.tongcheng.android.module.pay.bankcard.activity.BankCardPayActivity
com.tongcheng.android.module.pay.bankcard.activity.BankCardPayCheckActivity
com.tongcheng.android.module.pay.bankcard.activity.BankCardGuaranteeActivity
com.tongcheng.android.module.pay.bankcard.activity.BankCardGuaranteeCheckActivity
com.tongcheng.android.module.pay.bankcard.activity.BankCardWildActivity
com.tongcheng.android.module.pay.bankcard.activity.BankCardWildCheckActivity
com.tongcheng.android.module.pay.payway.bankcard.BankCardSupportListActivity
com.tongcheng.android.module.pay.payway.ELPaySubmitSuccessActivity
com.tongcheng.android.module.pay.payway.bankcard.PaymentBankCardDetailActivity
com.tongcheng.android.module.pay.payway.PayWap
com.tongcheng.android.module.pay.payway.CCBPayActivity
com.tongcheng.android.module.recognition.activity.BankCardDistinguishActivity
com.tongcheng.android.module.recognition.activity.IDCardScanActivity
com.tongcheng.android.module.recognition.activity.PassportTakePhotoActivity
com.tongcheng.android.module.ordertrack.OrderTrackActivity
com.tongcheng.android.module.comment.ImageDetailActivity
com.tongcheng.android.module.comment.CommentSubmitResultActivity
com.tongcheng.android.module.comment.center.CommentEditMediaActivity
com.tongcheng.android.module.comment.center.CommentEditActivity
com.tongcheng.android.module.comment.CommentImageShowActivity
com.tongcheng.android.module.comment.travelcounselor.TravelConsultantWriteCommentActivity
com.tongcheng.android.module.ask.AskListActivity
com.tongcheng.android.module.ask.AskDetailActivity
com.tongcheng.android.module.ask.PersonalAskListActivity
com.tongcheng.android.module.ask.WriteAskActivity
com.tongcheng.android.module.video.UniversalVideoActivity
com.tongcheng.android.module.video.exo.VideoPlayerActivity
com.tongcheng.android.module.qrcode.QRCodeResultActivity
com.tongcheng.android.module.qrcode.CaptureActivity
com.tongcheng.android.module.qrcode.ScannerHistoryActivity
com.tongcheng.android.module.image.photoup.photopick.ImageShowPhotoPickerActivity
com.tongcheng.android.module.media.MediaViewerBucketActivity
com.tongcheng.android.module.media.MediaPickerActivity
com.tongcheng.android.module.media.MediaViewerActivity
com.tongcheng.android.module.photo.PhotoPickerActivity
com.tongcheng.android.module.photo.PhotoPickViewerActivity
com.tongcheng.android.module.photo.PhotoShowActivity
com.tongcheng.android.module.photo.PhotoShowActivityWithName
com.tongcheng.android.module.photo.PhotoShowActivityWithDesc
com.tongcheng.android.module.photo.crop.ImageCropActivity
com.sdk.mobile.manager.login.cucc.OauthActivity
com.cmic.sso.sdk.activity.LoginAuthActivity
com.chuanglan.shanyan_sdk.view.ShanYanOneKeyActivity
com.chuanglan.shanyan_sdk.view.CTCCPrivacyProtocolActivity
com.alipay.sdk.app.AlipayResultActivity
com.tongcheng.recognition.ScanFaceActivity
com.tongcheng.recognition.ScanIDCardActivity
com.vivo.push.sdk.LinkProxyClientActivity
com.alipay.sdk.app.H5AuthActivity
com.alipay.sdk.app.PayResultActivity
com.alipay.sdk.app.H5OpenAuthActivity
com.sina.weibo.sdk.web.WeiboSdkWebActivity
com.sina.weibo.sdk.share.WbShareResultActivity
com.sina.weibo.sdk.share.WbShareTransActivity
com.sina.weibo.sdk.share.WbShareToStoryActivity
com.tencent.android.tpush.XGPushActivity
com.huawei.hms.activity.BridgeActivity
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_00
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_01
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_02
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_03
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_04
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_05
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_06
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_07
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_08
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_09
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_00_T
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_01_T
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_02_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_00
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_01
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_02
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_03
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_04
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_05
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_06
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_07
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_08
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_09
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_00_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_01_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_02_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_00
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_01
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_02
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_03
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_04
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_05
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_06
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_07
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_08
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_09
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_00_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_01_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_02_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_00
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_01
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_02
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_03
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_04
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_05
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_06
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_07
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_08
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_09
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_00_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_01_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_02_T

com.amap.api.location.APSService
com.baidu.speech.VoiceRecognitionService
com.vivo.push.sdk.service.CommandClientService
com.tencent.tinker.lib.service.TinkerPatchForeService
com.tencent.tinker.lib.service.TinkerPatchService
com.tencent.tinker.lib.service.TinkerPatchService$InnerService
com.tencent.tinker.lib.service.DefaultTinkerResultService
com.tencent.android.tpush.rpc.XGRemoteService
com.tencent.android.tpush.service.XGPushServiceV4
com.xiaomi.push.service.XMPushService
com.xiaomi.push.service.XMJobService
com.xiaomi.mipush.sdk.PushMessageHandler
com.xiaomi.mipush.sdk.MessageHandleService

com.tongcheng.android.module.travelassistant.calendarmanage.localpush.AssistantAlarmReceiver
com.tongcheng.android.module.travelassistant.calendarmanage.localpush.AssistantAlarmUpdateReceiver
com.tongcheng.android.module.push.TCPushMessageReceiver
com.tongcheng.android.module.lockpattern.LoginBroadCastReceive
com.tongcheng.android.module.localpush.AlarmManagerReceiver
com.tongcheng.module.xgpush.XGPushMessageReceiver
com.tongcheng.module.xgpush.TCInitPushReceiver
com.tongcheng.module.xgpush.VivoPushMessageReceiverImpl
com.tencent.android.tpush.XGPushReceiver
com.xiaomi.push.service.receivers.NetworkStatusReceiver
com.xiaomi.push.service.receivers.PingReceiver
com.tencent.android.mipush.XMPushMessageReceiver
com.tencent.android.hwpush.HWPushMessageReceiver
com.huawei.hms.support.api.push.PushEventReceiver

android.support.v4.content.FileProvider
com.tencent.android.tpush.XGPushProvider
com.tencent.android.tpush.SettingsContentProvider
com.huawei.hms.update.provider.UpdateProvider
com.tencent.mid.api.MidProvider

第三方库

# 库名 介绍
0 com.alibaba.fastjson Fast JSON Processor https://github.com/alibaba/fastjson/wiki
1 com.amap.api 高德LBS开放平台将高德最专业的定位、地图、搜索、导航等能力,以API、SDK等形式向广大开发者免费开放
2 android.support.transition A backport of the new Transitions API for Android.
3 android.support.multidex DEPRECATED
4 pl.droidsonroids.gif Views and Drawable for displaying animated GIFs on Android
5 okhttp3 An HTTP+SPDY client for Android and Java applications.
6 com.android.volley volley
7 com.alipay.sdk 支付宝移动支付功能
8 cn.sharesdk ShareSDK是中国最大的APP内分享服务提供商,ShareSDK社会化分享全面支持微信,微博,QQ空间,来往,易信,Facebook等国内外40个平台,帮助开发者轻松实现社会化分享、第三方登录、好友关系运用、一键分享、短链转换、评论和赞功能,还有强大的社会化统计分析管理后台,可以实时了解用户、信息流、回流率、传播效率等数据,有效地指导移动APP的日常运营与推广,同时为APP引入更多的社会化流量。
9 com.nostra13.universalimageloader Powerful and flexible library for loading, caching and displaying images on Android.
10 com.google.zxing Official ZXing ("Zebra Crossing") project home
11 com.baidu.lbsapi 百度Android全景SDK是为Android移动平台提供的一套全景图服务接口,面向广大开发者提供全景图的检索、显示和交互功能,从而更加清晰方便地展示目标位置的周边环境。
12 com.google.gson A Java serialization library that can convert Java Objects into JSON and back.
13 com.baidu.mapapi 百度地图 Android SDK是一套基于Android 2.1及以上版本设备的应用程序接口。 您可以使用该套 SDK开发适用于Android系统移动设备的地图应用,通过调用地图SDK接口,您可以轻松访问百度地图服务和数据,构建功能丰富、交互性强的地图类应用程序。
14 com.facebook.imagepipeline An image management library by FaceBook.
15 com.facebook.imagepipeline An image management library by FaceBook.
16 com.facebook.cache.common An image management library by FaceBook.
17 com.tencent.bugly 腾讯Bugly,面向移动开发者提供最专业的Crash监控、崩溃分析等质量跟踪服务,为您修复用户的每一次Crash!
18 com.tencent.connect 腾讯开放平台
19 okhttp3 An HTTP+SPDY client for Android and Java applications.
20 com.tencent.android.tpush 多种推送方式灵活方便\n推送目标分类 精准营销\n推送数据统计 效果跟踪
21 com.tencent.tauth 腾讯QQ互联平台为广大开发者整理了SDK列表,辅助开发者快速接入QQ登录、分享等功能。QQ互联是腾讯旗下的开放平台,通过QQ互联,网站主和开发者可以申请接入QQ登录、用户可以使用QQ账号登录接入的站点,通过添加分享和赞组件,将站点内容分享到QQ空间和朋友网,通过获取API授权,网站主还可以将用户操作同步到QQ空间和朋友网。
22 com.sina.weibo 新浪微博开放平台(Weibo Open Platform)是基于新浪微博海量用户和强大的传播能力,接入第三方合作伙伴服务,向用户提供丰富应用和完善服务的开放平台。将你的服务接入微博平台,有助于推广产品,增加网站/应用的流量、拓展新用户,获得收益。
23 okhttp3 An HTTP+SPDY client for Android and Java applications.
24 org.json 根据Gson库使用的要求,将JSONObject格式的String 解析成实体
25 okhttp3 An HTTP+SPDY client for Android and Java applications.
26 pl.droidsonroids.gif Views and Drawable for displaying animated GIFs on Android
27 com.xiaomi.mipush.sdk 小米推送(MiPush)是小米公司为开发者提供的消息推送服务,通过在云端和客户端之间建立一条稳定、可靠的长连接,为开发者提供向客户端应用推送实时消息的服务,帮助开发者有效地拉动用户活跃。
28 de.greenrobot.dao greenDAO is a light & fast ORM solution for Android that maps objects to SQLite databases.
29 de.greenrobot.event Android optimized event bus that simplifies communication between Activities, Fragments, Threads, Services, etc. Less code, better quality.

静态扫描发现风险点

风险等级 风险名称

中危

检测到6处证书弱校验漏洞。

位置: classes.dex
com.chuanglan.shanyan_sdk.b.c$1;
com.megvii.licensemanager.b$a;

位置: classes3.dex
com.sdk.base.framework.b.j;
com.sdk.base.module.a.b;

位置: classes5.dex
com.tongcheng.android.project.diary.a.a;

位置: classes6.dex
com.tongcheng.netframe.chain.ChainContext$a$2;

当移动App客户端使用https或ssl/tls进行通信时,如果不校验证书的可信性,将存在中间人攻击漏洞,可导致信息泄露,传输数据被篡改,甚至通过中间人劫持将原有信息替换成恶意链接或恶意代码程序,以达到远程控制等攻击意图。建议:
对SSL证书进行强校验,包括签名CA是否合法、证书是否是自签名、主机域名是否匹配、证书是否过期等。

参考案例:
www.wooyun.org/bugs/wooyun-2014-079358

参考资料:
http://drops.wooyun.org/tips/3296
http://wolfeye.baidu.com/blog/webview-ignore-ssl-error/
https://jaq.alibaba.com/blog.htm?id=60

中危

检测到16个未移除的敏感Test或Debug组件

com.tongcheng.debug.DebugActivity
com.tongcheng.debug.plugin.account.DebugAccountManageActivity
com.tongcheng.debug.plugin.location.DebugLocationActivity
com.tongcheng.debug.plugin.location.DebugMapActivity
com.tongcheng.debug.plugin.web.webapp.H5CallLogActivity
com.tongcheng.debug.plugin.web.webapp.H5CallLogDetailsActivity
com.tongcheng.debug.plugin.abtest.ABDebugActivity
com.tongcheng.debug.plugin.assistant.dialogs.DebugAccountChooseActivity
com.tongcheng.debug.plugin.assistant.dialogs.DebugVersionChooseActivity
com.tongcheng.debug.plugin.assistant.dialogs.DebugWebappChooseActivity
com.tongcheng.debug.plugin.assistant.dialogs.DebugUIGaugeActivity
com.tongcheng.debug.plugin.launch.AnalyzerResultActivity
com.tongcheng.debug.plugin.launch.AnalyzerResultDetailActivity
com.tongcheng.debug.RNDebugActivity
com.tongcheng.debug.plugin.rn.RNPackageActivity
com.tongcheng.debug.plugin.pageload.PageLoadingTimeActivity

建议:
在正式发布app前移除敏感的Test或Debug组件

中危

检测到1处中间人攻击漏洞。

位置: classes.dex
com.android.volley.d;->b()Lorg.apache.http.conn.ssl.SSLSocketFactory;

setHostnameVerifier方法设置ALLOW_ALL_HOSTNAME_VERIFIER,直接接受任意域名,可能造成中间人攻击漏洞。建议:
对SSL证书进行强校验,包括签名CA是否合法、证书是否是自签名、主机域名是否匹配、证书是否过期等。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-042710
http://www.wooyun.org/bugs/wooyun-2010-052339
http://www.wooyun.org/bugs/wooyun-2016-0190773

参考资料:
http://wolfeye.baidu.com/blog/webview-ignore-ssl-error/
https://jaq.alibaba.com/blog.htm?id=60

中危

检测到13个WebView远程执行漏洞。

位置: classes.dex
com.elong.activity.others.WebViewActivity;->onCreate(Landroid.os.Bundle;)V
com.loc.q;->a()V

位置: classes2.dex
com.facebook.react.views.webview.ReactWebViewManager$ReactWebView;->setMessagingEnabled(Z)V
com.elong.lib.ui.view.TEWebView;->init(Landroid.content.Context;)V
com.elong.globalhotel.activity.fragment.BaseJsBridgeWebViewFragment;->initWebView()V
com.elong.globalhotel.activity.GlobalHotelRestructDetailMapActivity;->onCreate(Landroid.os.Bundle;)V

位置: classes3.dex
com.tencent.bugly.crashreport.CrashReport$1;->addJavascriptInterface(Lcom.tencent.bugly.crashreport.crash.h5.H5JavaScriptInterface; Ljava.lang.String;)V

位置: classes4.dex
com.tongcheng.android.module.pay.payway.PayWap;->initView()V

位置: classes5.dex
com.tongcheng.android.module.webapp.view.webapp.BaseWebappLayout;->initHandler()V
com.tongcheng.android.module.webapp.WebViewActivity;->injectExtraInterface()V

位置: classes6.dex
com.tongcheng.simplebridge.h;->a()V
com.tongcheng.android.widget.webview.InnerDynamicWebView;->loadJavaJavaScript()V
com.tongcheng.webview.WebView;->addJavascriptInterface(Ljava.lang.Object; Ljava.lang.String;)V

Android API < 17之前版本存在远程代码执行安全漏洞,该漏洞源于程序没有正确限制使用addJavaScriptInterface方法,攻击者可以通过Java反射利用该漏洞执行任意Java对象的方法,导致远程代码执行安全漏洞。
(1)API等于高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252
http://drops.wooyun.org/papers/548

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis
https://developer.android.com/reference/android/webkit/WebView.html

中危

检测到25处setSavePassword密码明文存储漏洞。

位置: classes.dex
cn.sharesdk.tencent.qq.a;
com.chuanglan.shanyan_sdk.view.ProgressWebView;
com.cmic.sso.sdk.widget.a;
com.loc.q;
com.chuanglan.shanyan_sdk.view.CTCCPrivacyProtocolActivity;

位置: classes2.dex
com.elong.globalhotel.activity.GlobalHotelBaseWebViewActivity;
com.elong.lib.ui.view.TEWebView;
com.elong.hotel.activity.HotelNavigationActivity;
com.elong.globalhotel.activity.GlobalHotelWebViewActivity;
com.facebook.react.views.webview.ReactWebViewManager$ReactWebView;
com.elong.globalhotel.activity.fragment.BaseJsBridgeWebViewFragment;
com.facebook.react.views.webview.ReactWebViewManager;
com.elong.hotel.activity.NoHouseWebActivity;
com.elong.globalhotel.activity.fragment.GlobalHotelWebViewFragment;
com.elong.globalhotel.activity.GlobalHotelRestructDetailMapActivity;
com.elong.globalhotel.activity.GlobalHotelStrategyActivity;

位置: classes3.dex
com.sdk.base.framework.g.e.a;
com.tencent.open.SocialApiIml;
com.tencent.mid.util.StatCommonHelper;
com.tencent.bugly.crashreport.CrashReport$1;
com.sdk.mobile.manager.login.views.CucWebView;

位置: classes4.dex
com.tongcheng.android.module.common.a;
com.tongcheng.android.module.pay.payway.CCBPayActivity;

位置: classes6.dex
com.tongcheng.webview.WebSettings;
com.tongcheng.webview.WebView;

webview的保存密码功能默认设置为true。Webview会明文保存网站上的密码到本地私有文件”databases/webview.db”中。对于可以被root的系统环境或者配合其他漏洞(如webview的同源绕过漏洞),攻击者可以获取到用户密码。
建议:显示设置webView.getSetting().setSavePassword(false)。

参考案例:
www.wooyun.org/bugs/wooyun-2010-021420
www.wooyun.org/bugs/wooyun-2013-020246

参考资料:
http://wolfeye.baidu.com/blog/
www.claudxiao.net/2013/03/android-webview-cache/

低危

检测9处Intent Scheme URI漏洞。

位置: classes.dex
Lcom/huawei/hms/support/api/push/a/a/a;->g()V
Lcom/huawei/hms/support/api/push/a/c/h;->b(Landroid/content/Context; Lcom/huawei/hms/support/api/push/a/b/a;)Landroid/content/Intent;

位置: classes3.dex
Lcom/tencent/android/tpush/XGPushProvider;->insert(Landroid/net/Uri; Landroid/content/ContentValues;)Landroid/net/Uri;
Lcom/tencent/android/tpush/e/a;->c(Landroid/content/Context;)Ljava/util/ArrayList;
Lcom/tencent/android/tpush/service/channel/b;->a(Z Ljava/lang/String;)I
Lcom/tencent/android/tpush/rpc/d;->a(Ljava/lang/String; Lcom/tencent/android/tpush/rpc/b;)V

位置: classes6.dex
Lcom/xiaomi/mipush/sdk/av;->a(Landroid/content/Context; Ljava/lang/String; Ljava/util/Map;)Landroid/content/Intent;
Lcom/xiaomi/push/service/bs;->b(Landroid/content/Context; Ljava/lang/String; I Ljava/util/Map;)Landroid/content/Intent;
Lcom/vivo/push/c/s;->a(Lcom/vivo/push/y;)V


Intent Scheme URI是一种特殊的URL格式,用来通过Web页面启动已安装应用的Activity组件,大多数主流浏览器都支持此功能。如果在app中,没有检查获取到的load_url的值,攻击者可以构造钓鱼网站,诱导用户点击加载,就可以盗取用户信息。所以,对Intent URI的处理不当时,就会导致基于Intent的攻击。建议:
如果使用了Intent.parseUri函数,获取的intent必须严格过滤,intent至少包含addCategory(“android.intent.category.BROWSABLE”),setComponent(null),setSelector(null)3个策略。

参考资料:
http://wolfeye.baidu.com/blog/intent-scheme-url/
http://drops.wooyun.org/papers/2893
http://drops.wooyun.org/mobile/15202

低危

检测到8处主机名弱校验检测漏洞。

位置: classes.dex
com.android.volley.toolbox.HurlStack$2;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z
com.chuanglan.shanyan_sdk.b.c$2;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z
com.megvii.licensemanager.b$1;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z

位置: classes2.dex
com.elong.common.b.a$1$1;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z
com.elong.framework.net.b.a$1;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z

位置: classes3.dex
com.sdk.base.framework.b.i;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z

位置: classes5.dex
com.tongcheng.android.project.diary.weiyouji.DiaryWeiCreateActivity$24;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z

位置: classes6.dex
com.tongcheng.netframe.chain.ChainContext$a$1;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z

自定义HostnameVerifier类,却不实现其verify方法验证域名直接返回true,直接接受任意域名。建议:
对SSL证书进行强校验,包括签名CA是否合法、证书是否是自签名、主机域名是否匹配、证书是否过期等。

参考资料:
http://drops.wooyun.org/tips/3296
https://www.91ri.org/12534.html

低危

检测到3处地方在自定义实现的WebViewClient类在onReceivedSslError调用proceed()方法。

位置: classes.dex
com.alipay.sdk.app.b;->onReceivedSslError(Landroid.webkit.WebView; Landroid.webkit.SslErrorHandler; Landroid.net.http.SslError;)V

位置: classes2.dex
com.elong.globalhotel.hybird.web.client.WebViewClientImpl;->onReceivedSslError(Landroid.webkit.WebView; Landroid.webkit.SslErrorHandler; Landroid.net.http.SslError;)V
com.elong.globalhotel.web.WebViewClientImpl;->onReceivedSslError(Landroid.webkit.WebView; Landroid.webkit.SslErrorHandler; Landroid.net.http.SslError;)V

Android WebView组件加载网页发生证书认证错误时,会调用WebViewClient类的onReceivedSslError方法,如果该方法实现调用了handler.proceed()来忽略该证书错误,则会受到中间人攻击的威胁,可能导致隐私泄露。建议:
当发生证书认证错误时,采用默认的处理方法handler.cancel(),停止加载问题页面当发生证书认证错误时,采用默认的处理方法handler.cancel(),停止加载问题页面。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0109266

参考资料:
https://jaq.alibaba.com/blog.htm?id=60
http://wolfeye.baidu.com/blog/webview-ignore-ssl-error/

警告

检测到30个导出的组件接收其他app的消息,这些组件会被其他app引用并导致dos攻击。

activity com.tongcheng.android.module.callback.WXPayEntryActivity
activity com.tongcheng.android.module.callback.WXEntryActivity
activity com.tongcheng.android.project.flight.FlightMainFragmentActivity
activity com.tongcheng.android.project.guide.activity.AreaCommonActivity
activity com.tongcheng.android.project.guide.activity.IndependentCommentListActivity
activity com.tongcheng.android.project.guide.activity.AreaNationProvinceActivity
activity com.tongcheng.android.module.push.XGActivity
activity com.tongcheng.android.project.hotel.HotelHomeActivity
activity com.tongcheng.android.module.payment.QQPayResultActivity
activity com.mob.tools.MobUIShell
activity cn.sharesdk.tencent.qq.ReceiveActivity
activity com.alipay.sdk.app.AlipayResultActivity
activity com.alipay.sdk.app.PayResultActivity
activity com.sina.weibo.sdk.share.WbShareResultActivity
activity-alias com.tongcheng.android.wxapi.WXPayEntryActivity
activity-alias com.tongcheng.android.wxapi.WXEntryActivity
service com.vivo.push.sdk.service.CommandClientService
service com.tencent.android.tpush.rpc.XGRemoteService
service com.tencent.android.tpush.service.XGPushServiceV4
service com.xiaomi.mipush.sdk.PushMessageHandler
receiver com.tongcheng.android.module.travelassistant.calendarmanage.localpush.AssistantAlarmReceiver
receiver com.tongcheng.android.module.travelassistant.calendarmanage.localpush.AssistantAlarmUpdateReceiver
receiver com.tongcheng.android.module.localpush.AlarmManagerReceiver
receiver com.tongcheng.module.xgpush.XGPushMessageReceiver
receiver com.tongcheng.module.xgpush.VivoPushMessageReceiverImpl
receiver com.tencent.android.tpush.XGPushReceiver
receiver com.xiaomi.push.service.receivers.NetworkStatusReceiver
receiver com.tencent.android.mipush.XMPushMessageReceiver
receiver com.tencent.android.hwpush.HWPushMessageReceiver
receiver com.huawei.hms.support.api.push.PushEventReceiver

建议:
(1)最小化组件暴露。对不会参与跨应用调用的组件建议显示添加android:exported="false"属性。
(2)设置组件访问权限。对provider设置权限,同时将权限的protectionLevel设置为"signature"或"signatureOrSystem"。
(3)组件传输数据验证。对组件之间,特别是跨应用的组件之间的数据传入与返回做验证和增加异常处理,防止恶意调试数据传入,更要防止敏感数据返回。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0169746
http://www.wooyun.org/bugs/wooyun-2010-0104965

参考资料:
http://jaq.alibaba.com/blog.htm?spm=0.0.0.0.Wz4OeC&id=55
《Android安全技术解密与防范》

警告

检测到1个导出的隐式Service组件。
service com.tencent.android.tpush.rpc.XGRemoteService

建议:为了确保应用的安全性,启动Service时,请始终使用显式Intent,且不要为服务声明Intent过滤器。使用隐式Intent启动服务存在安全隐患,因为您无法确定哪些服务将响应Intent,且用户无法看到哪些服务已启动。从Android 5.0(API 级别 21)开始,如果使用隐式 Intent 调用 bindService(),系统会抛出异常。

参考资料:
https://developer.android.com/guide/components/intents-filters.html#Types

警告

检测5处組件設置了android.intent.category.BROWSABLE属性。
com.tongcheng.android.LoadingActivity
com.tongcheng.android.module.push.XGActivity
com.tongcheng.android.module.payment.QQPayResultActivity
cn.sharesdk.tencent.qq.ReceiveActivity
com.alipay.sdk.app.AlipayResultActivity


在AndroidManifest文件中定义了android.intent.category.BROWSABLE属性的组件,可以通过浏览器唤起,这会导致远程命令执行漏洞攻击。建议:
(1)APP中任何接收外部输入数据的地方都是潜在的攻击点,过滤检查来自网页的参数。
(2)不要通过网页传输敏感信息,有的网站为了引导已经登录的用户到APP上使用,会使用脚本动态的生成URL Scheme的参数,其中包括了用户名、密码或者登录态token等敏感信息,让用户打开APP直接就登录了。恶意应用也可以注册相同的URL Sechme来截取这些敏感信息。Android系统会让用户选择使用哪个应用打开链接,但是如果用户不注意,就会使用恶意应用打开,导致敏感信息泄露或者其他风险。

參考案例:
http://www.wooyun.org/bugs/wooyun-2014-073875
http://www.wooyun.org/bugs/wooyun-2014-067798

参考资料:
http://wolfeye.baidu.com/blog/intent-scheme-url/
http://www.jssec.org/dl/android_securecoding_en.pdf
http://drops.wooyun.org/mobile/15202
http://blog.csdn.net/l173864930/article/details/36951805
http://drops.wooyun.org/papers/2893

警告

检测到29潜在的XSS漏洞。

位置: classes.dex
cn.sharesdk.sina.weibo.sdk.a.a;->e()V
com.alipay.sdk.widget.WebViewWindow;->c(Landroid.content.Context;)V
com.alipay.sdk.widget.WebViewWindow;->c(Landroid.content.Context;)V
com.chuanglan.shanyan_sdk.view.CTCCPrivacyProtocolActivity;->onCreate(Landroid.os.Bundle;)V
com.cmic.sso.sdk.widget.a;->c()V
com.loc.q;->a()V
cn.sharesdk.tencent.qq.a;->c()V
cn.sharesdk.tencent.qq.f;->a()Lcn.sharesdk.framework.authorize.RegisterView;
cn.sharesdk.tencent.qzone.d;->a()Lcn.sharesdk.framework.authorize.RegisterView;
com.alipay.sdk.widget.h;->a(Landroid.webkit.WebView; Landroid.content.Context;)V
cn.sharesdk.framework.authorize.g;->b()Lcn.sharesdk.framework.authorize.RegisterView;

位置: classes2.dex
com.elong.lib.ui.view.TEWebView;->init(Landroid.content.Context;)V
com.mob.commons.j;->c()Landroid.webkit.WebView;
com.elong.globalhotel.activity.fragment.BaseJsBridgeWebViewFragment;->initWebView()V
com.elong.globalhotel.activity.fragment.BaseJsBridgeWebViewFragment;->onResume()V
com.elong.globalhotel.activity.fragment.GlobalHotelWebViewFragment;->onCreateView(Landroid.view.LayoutInflater; Landroid.view.ViewGroup; Landroid.os.Bundle;)Landroid.view.View;
com.elong.hotel.activity.HotelNavigationActivity;->onCreate(Landroid.os.Bundle;)V
com.elong.hotel.activity.NoHouseWebActivity;->initData()V
com.elong.globalhotel.activity.GlobalHotelBaseWebViewActivity;->initWebViewSet(Landroid.webkit.WebView;)V
com.elong.globalhotel.activity.GlobalHotelRestructDetailMapActivity;->onCreate(Landroid.os.Bundle;)V
com.elong.globalhotel.activity.GlobalHotelStrategyActivity;->onCreate(Landroid.os.Bundle;)V

位置: classes3.dex
com.sdk.mobile.manager.login.views.CucWebView;->init(Landroid.content.Context;)V
com.tencent.connect.auth.a;->d()V
com.sina.weibo.sdk.web.WeiboSdkWebActivity;->initWebView()V
com.tencent.bugly.crashreport.CrashReport$1;->setJavaScriptEnabled(Z)V
com.tencent.open.SocialApiIml;->writeEncryToken(Landroid.content.Context;)V
com.tencent.open.TDialog;->b()V
com.tencent.open.c;->c()V

位置: classes4.dex
com.tongcheng.android.module.pay.payway.CCBPayActivity;->initLayout()V

允许WebView执行JavaScript(setJavaScriptEnabled),有可能导致XSS攻击。建议尽量避免使用。
(1)API等于高高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
u(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis

警告

检测到2处provider的grantUriPermissions设置为true。
android.support.v4.content.FileProvider
com.huawei.hms.update.provider.UpdateProvider


grant-uri-permission若设置为true,可被其它程序员通过uri访问到content provider的内容,容易造成信息泄露。

参考资料:
https://security.tencent.com/index.php/blog/msg/6


动态扫描发现风险点

风险等级 风险名称

服务端分析

风险等级 风险名称

警告

检测到?处XSS漏洞。
开发中...

警告

检测到?处XSS跨站漏洞。
开发中...

应用证书