漏洞分析

0

高危漏洞

8

中危漏洞

8

低危漏洞

10

警告

文件名 mmjwt_momo_20180129_oeh.apk
上传者 2271150345@qq.com
文件大小 337.91749191284MB
MD5 60054074d2dac86adf526f72c0a77de3
包名 com.wemomo.game.mmjwt2
Main Activity com.ddianle.activity.IndexActivity
Min SDK 9
Target SDK 19

权限列表

# 名称 说明 提示
0 android.permission.CALL_PHONE 允许应用程序在您不介入的情况下拨打电话。恶意应用程序可借此在您的话费单上产生意外通话费。请注意,此权限不允许应用程序拨打紧急呼救电话。 警告
1 android.permission.PROCESS_OUTGOING_CALLS 允许应用程序处理外拨电话或更改要拨打的号码。恶意应用程序可能会借此监视、另行转接甚至阻止外拨电话。 警告
2 android.permission.READ_SMS 允许应用程序读取您的手机或SIM卡中存储的短信。恶意应用程序可借此读取您的机密信息。 警告
3 android.permission.SEND_SMS 允许应用程序发送短信。恶意应用程序可能会不经您的确认就发送信息,给您带来费用。 警告
4 android.permission.ACCESS_COARSE_LOCATION 访问大概的位置源(例如蜂窝网络数据库)以确定手机的大概位置(如果可以)。恶意应用程序可借此确定您所处的大概位置。 注意
5 android.permission.ACCESS_FINE_LOCATION 访问精准的位置源,例如手机上的全球定位系统(如果有)。恶意应用程序可能会借此确定您所处的位置,并可能消耗额外的电池电量。 注意
6 android.permission.GET_TASKS 允许应用程序检索有关当前和最近运行的任务的信息。恶意应用程序可借此发现有关其他应用程序的保密信息。 注意
7 android.permission.READ_CONTACTS 允许应用程序读取您手机上存储的所有联系人(地址)数据。恶意应用程序可借此将您的数据发送给其他人。 注意
8 android.permission.READ_PHONE_STATE 允许应用程序访问设备的手机功能。有此权限的应用程序可确定此手机的号码和序列号,是否正在通话,以及对方的号码等。 注意
9 android.permission.RECEIVE_BOOT_COMPLETED 允许应用程序在系统完成启动后即自行启动。这样会延长手机的启动时间,而且如果应用程序一直运行,会降低手机的整体速度。 注意
10 android.permission.RECEIVE_SMS 允许应用程序接收和处理短信。恶意应用程序可借此监视您的信息,或者将信息删除而不向您显示。 注意
11 android.permission.RECORD_AUDIO 允许应用程序访问录音路径。 注意
12 android.permission.SYSTEM_ALERT_WINDOW 允许应用程序显示系统警报窗口。恶意应用程序可借此掌控整个手机屏幕。 注意
13 android.permission.WRITE_SETTINGS 允许应用程序修改系统设置方面的数据。恶意应用程序可借此破坏您的系统配置。 注意
14 android.permission.WRITE_SMS 允许应用程序写入手机或SIM卡中存储的短信。恶意应用程序可借此删除您的信息。 注意
15 android.permission.ACCESS_NETWORK_STATE 允许应用程序查看所有网络的状态。 提示
16 android.permission.ACCESS_WIFI_STATE 允许应用程序查看有关WLAN状态的信息。 提示
17 android.permission.CHANGE_NETWORK_STATE 允许应用程序更改网络连接的状态。 提示
18 android.permission.CHANGE_WIFI_STATE 允许应用程序连接到WLAN接入点以及与WLAN接入点断开连接,并对配置的WLAN网络进行更改。 提示
19 android.permission.DISABLE_KEYGUARD 允许应用程序停用键锁和任何关联的密码安全设置。例如,在手机上接听电话时停用键锁,在通话结束后重新启用键锁。 提示
20 android.permission.GET_ACCOUNTS 允许应用程序获取手机已知的帐户列表。 提示
21 android.permission.GET_PACKAGE_SIZE 允许应用程序检索其代码、数据和缓存大小 提示
22 android.permission.INTERNET 允许程序访问网络. 提示
23 android.permission.MANAGE_ACCOUNTS 允许应用程序执行添加、删除帐户及删除其密码之类的操作。 提示
24 android.permission.MOUNT_UNMOUNT_FILESYSTEMS 允许应用程序装载和卸载可移动存储器的文件系统。 提示
25 android.permission.READ_LOGS 允许应用程序从系统的各日志文件中读取信息。这样应用程序可以发现您的手机使用情况,但这些信息不应包含任何个人信息或保密信息。 提示
26 android.permission.RESTART_PACKAGES 允许程序自己重启或重启其他程序 提示
27 android.permission.VIBRATE 允许应用程序控制振动器。 提示
28 android.permission.WAKE_LOCK 允许应用程序防止手机进入休眠状态。 提示
29 android.permission.WRITE_EXTERNAL_STORAGE 允许应用程序写入SD卡。 提示

四大组件

组件名称

com.ddianle.activity.IndexActivity
com.ddianle.activity.MainActivity
com.ddianle.activity.ShareActivity
com.immomo.gamesdk.activity.MDKShareFeedActivity
com.immomo.gamesdk.trade.MDKTradeActivity
com.immomo.gamesdk.trade.AliPayQuickTradeActivity
com.immomo.gamesdk.trade.WechatQuickPayActivity
com.immomo.gamesdk.trade.MDKWebPayActivity
com.immomo.gamesdk.trade.MDKFrinedsListActivity
com.immomo.gamesdk.activity.MDKShareActivity
com.immomo.gamesdk.activity.MDKQuickWebLoginActivity
com.immomo.gamesdk.activity.MDKNewPersionalCenterActivity
com.immomo.gamesdk.activity.MDKEditGuestUserNameActivity
com.immomo.gamesdk.activity.MDKEditGuestUserSexActivity
com.immomo.gamesdk.activity.MDKEditGuestUserPhotoActivity
com.immomo.gamesdk.activity.MDKEditGuestUserAgeActivity
com.immomo.gamesdk.activity.MDKCustomerServiceFeedBackActivity
com.immomo.gamesdk.activity.MDKTradeRecordActivity
com.immomo.gamesdk.activity.MDKTradeRecordItemDetailActivity
com.immomo.gamesdk.activity.MDKWebMyQuestionsActivity
com.immomo.gamesdk.activity.MDKTipsActivity
com.immomo.gamesdk.activity.MDKGuestUserInfoCenterActivity
com.immomo.gamesdk.activity.MDKWebQuestionDetailActivity
com.immomo.gamesdk.activity.MDKWebFeedbackActivity
com.immomo.gamesdk.activity.MDKWebBindActivity
com.immomo.gamesdk.activity.MDKWebMsgCenterActivity
com.alipay.sdk.app.H5PayActivity
com.unionpay.uppay.PayActivity
com.wemomo.game.mmjwt2.wxapi.WXEntryActivity
com.mob.tools.MobUIShell
com.ddianle.common.activity.BirthdayActivity
com.ddianle.common.activity.CameraActivity
com.ddianle.feedback.FeedbackActivity
com.ddianle.share.sinaActivity
com.yangyu.activity.GetInforActivity
com.ddianle.share.QzoneActivity
com.ddianle.share.WeiXinActivity
com.ddianle.common.activity.PayFace

com.immomo.gamesdk.service.DownLoadService
com.baidu.location.f
com.baidu.android.pushservice.PushService
com.baidu.android.pushservice.CommandService

com.ddianle.sdk.BroadcastReciverToken
com.google.ads.conversiontracking.InstallReceiver
com.immomo.gamesdk.demo.ui.CheckUpdateReceiver
com.immomo.gamesdk.receiver.PhoneReceiver
com.ddianle.feedback.push.MyPushMessageReceiver
com.baidu.android.pushservice.PushServiceReceiver
com.baidu.android.pushservice.RegistrationReceiver

第三方库

# 库名 介绍
0 com.tencent.bugly 腾讯Bugly,面向移动开发者提供最专业的Crash监控、崩溃分析等质量跟踪服务,为您修复用户的每一次Crash!
1 com.iflytek 讯飞开放平台作为全球首个开放的智能交互技术服务平台,致力于为开发者打造一站式智能人机交互解决方案。用户可通过互联网、移动互联网,使用任何设备、在任何时间、任何地点,随时随地享受讯飞开放平台提供的“听、说、读、写……”等全方位的人工智能服务。目前,开放平台以“云+端”的形式向开发者提供语音合成、语音识别、语音唤醒、语义理解、人脸识别、个性化彩铃、移动应用分析等多项服务。
2 com.umeng.analytics.game 友盟游戏统计分析为移动游戏开发者提供了开箱即用的一站式解决方案。
3 com.unionpay.uppay 银联支付
4 com.sina.weibo 新浪微博开放平台(Weibo Open Platform)是基于新浪微博海量用户和强大的传播能力,接入第三方合作伙伴服务,向用户提供丰富应用和完善服务的开放平台。将你的服务接入微博平台,有助于推广产品,增加网站/应用的流量、拓展新用户,获得收益。
5 com.umeng.analytics 友盟统计分析平台是国内最大的移动应用统计分析平台。
6 com.alipay.sdk 支付宝移动支付功能
7 cn.sharesdk ShareSDK是中国最大的APP内分享服务提供商,ShareSDK社会化分享全面支持微信,微博,QQ空间,来往,易信,Facebook等国内外40个平台,帮助开发者轻松实现社会化分享、第三方登录、好友关系运用、一键分享、短链转换、评论和赞功能,还有强大的社会化统计分析管理后台,可以实时了解用户、信息流、回流率、传播效率等数据,有效地指导移动APP的日常运营与推广,同时为APP引入更多的社会化流量。
8 com.baidu.lbsapi 百度Android全景SDK是为Android移动平台提供的一套全景图服务接口,面向广大开发者提供全景图的检索、显示和交互功能,从而更加清晰方便地展示目标位置的周边环境。
9 com.baidu.android.pushservice 百度云推送(Push)是一站式APP信息推送平台,为企业和开发者提供免费的消息推送服务,开发者可以通过云推送向用户精准推送通知和自定义消息以提升用户留存率和活跃度。
10 com.unionpay.mobile 银联支付涵盖便民服务、金融服务、商旅出行、休闲娱乐、电子商城等多种应用。可轻松为手机充值、购买保险、查询银行卡余额、预订酒店机票、代购火车票和购买时令商品。随时随地提供“一站式”移动支付生活服务。
11 org.json 根据Gson库使用的要求,将JSONObject格式的String 解析成实体
12 com.tencent.mm.sdk 微信支付

静态扫描发现风险点

风险等级 风险名称

中危

检测到当前标志被设置成true或没设置,这会导致adb调试备份允许恶意攻击者复制应用程序数据,造成数据泄露。

中危

检测到4处证书弱校验漏洞。

位置: classes.dex
m.framework.network.SSLSocketFactoryEx$1;
com.baidu.frontia.base.b.h;
com.baidu.android.pushservice.a.a.b;
com.ddianle.util.SSLSocketFactoryEx$1;

当移动App客户端使用https或ssl/tls进行通信时,如果不校验证书的可信性,将存在中间人攻击漏洞,可导致信息泄露,传输数据被篡改,甚至通过中间人劫持将原有信息替换成恶意链接或恶意代码程序,以达到远程控制等攻击意图。建议:
对SSL证书进行强校验,包括签名CA是否合法、证书是否是自签名、主机域名是否匹配、证书是否过期等。

参考案例:
www.wooyun.org/bugs/wooyun-2014-079358

参考资料:
http://drops.wooyun.org/tips/3296
http://wolfeye.baidu.com/blog/webview-ignore-ssl-error/
https://jaq.alibaba.com/blog.htm?id=60

中危

检测到4处中间人攻击漏洞。

位置: classes.dex
com.baidu.frontia.base.b.g;->(Ljava.security.KeyStore;)V
m.framework.network.NetworkHelper;->getSSLHttpClient()Lorg.apache.http.client.HttpClient;
com.baidu.android.pushservice.a.a.a$b;->(Ljava.security.KeyStore;)V
com.ddianle.util.HttpClientHelper;->getHttpClient()Lorg.apache.http.client.HttpClient;

setHostnameVerifier方法设置ALLOW_ALL_HOSTNAME_VERIFIER,直接接受任意域名,可能造成中间人攻击漏洞。建议:
对SSL证书进行强校验,包括签名CA是否合法、证书是否是自签名、主机域名是否匹配、证书是否过期等。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-042710
http://www.wooyun.org/bugs/wooyun-2010-052339
http://www.wooyun.org/bugs/wooyun-2016-0190773

参考资料:
http://wolfeye.baidu.com/blog/webview-ignore-ssl-error/
https://jaq.alibaba.com/blog.htm?id=60

中危

该app需要移除大部分日志打印代码。
经扫描该包仍存在大量打日志代码,共发现386处打日志代码.(此处扫描的日志打印代码,是指调用android.util.Log.* 打印的.)
详情如下:

位置: classes.dex
com.tencent.bugly.crashreport.CrashReport;->getUserData(Landroid/content/Context; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
ddianlegotyea.DdianleGotyeaInterface$1;->onLogin(I Lcom/gotye/api/GotyeUser;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.alipay.test.a;->a(Landroid/content/Context;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->b(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.mobile.android.pboctransaction.sdapdu.a;->b(Lcom/unionpay/mobile/android/pboctransaction/d;)Ljava/util/ArrayList;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.alipay.test.a;->j(Landroid/content/Context;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->getUserDatasSize(Landroid/content/Context;)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.sdk.UPAgent;->setGlobalKV(Ljava/lang/String; Ljava/lang/Object;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.location.h.i;->run()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.speech.SpeechModuleAidl;->getService(Landroid/os/IBinder;)Landroid/os/IInterface;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.bbalbs.common.util.b;->b()Lcom/baidu/android/bbalbs/common/util/b$b;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.BuglyLog;->w(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.common.activity.BaseActivity;->getServers()Ljava/lang/String;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.sdk.SDKInterfaceImpl$1;->doFailure(Ljava/lang/Exception; I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.activity.MainActivity$1;->onLocDiagnosticMessage(I I Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.mobile.android.utils.j;->a(I Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.api.MDKMomo;->setGameServer(Lcom/immomo/gamesdk/api/GameServer;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.autoupdate.AutoUpdate;->ReadVersionUrl()Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.mobile.android.utils.j;->a(I Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
u.aly.bj;->c(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.common.inface.SDKManager;->invoke(Ljava/lang/Class; Ljava/lang/String; [Ljava/lang/Object;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.mobile.android.pboctransaction.nfc.a;->a(Ljava/lang/String; Ljava/util/HashMap;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.proguard.u;->a(I Ljava/lang/String; [Ljava/lang/Object;)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
ddianle.phone.fixed.PhoneFixed;->showDialog(Ljava/lang/String; Ljava/lang/String; I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.speech.SpeechModuleAidl;->destory()Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.location.BDNotifyListener;->onNotify(Lcom/baidu/location/BDLocation; F)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.autoupdate.AutoUpdate;->ReadLocalVer()Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.alipay.test.a;->h(Landroid/content/Context;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.log.a;->a(Lcom/immomo/gamesdk/log/a$a; Ljava/lang/String; Ljava/lang/StackTraceElement; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->d(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.alipay.test.a;->i(Landroid/content/Context;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
io.fabric.unity.android.FabricInitializer;->initializeFabric(Landroid/content/Context; Lio/fabric/unity/android/FabricInitializer$Caller;)Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.activity.CheckUpdateReceiver;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.util.k;->a(Landroid/content/Context; Ljava/lang/String; I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.api.MDKMomo;->appBecomeActive()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.speech.SpeechModuleAidl$1;->onServiceConnected(Landroid/content/ComponentName; Landroid/os/IBinder;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.b;->b(I Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.f;->run()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
u.aly.bj;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
org.fmod.FMODAudioDevice;->run()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.sdk.SDKInterfaceImpl$1;->doCancel()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.a.a.b;->b(Ljava/lang/String; Ljava/lang/String; Landroid/content/Context;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.alipay.test.a;->c(Landroid/content/Context;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
ddianle.phone.fixed.PhoneFixed;->FixedGame()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->getAppVer()Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->getAppID()Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
u.aly.bj;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.g;->a(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String; Z)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.sunflower.d.g;->d(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.sdk.SDKInterfaceImpl$2;->doSuccess(I Landroid/content/Intent; Landroid/content/Context;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.CommandService;->onStartCommand(Landroid/content/Intent; I I)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.CommandService;->a(Landroid/content/Intent;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->getSdkExtraData()Ljava/util/Map;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.http.manager.k;->a(Ljava/io/InputStream;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.b;->d(I Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.l;->b(Landroid/content/Context;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
ddianlegotyea.VoiceMessage;->stop()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.autoupdate.DeleteFile;->deleteFile(Ljava/lang/String;)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.a.b.a;->a(Landroid/content/Intent;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.a.b.h;->a(Landroid/content/Intent;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
u.aly.bj;->e(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.e;->a(Lcom/google/ads/conversiontracking/d;)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.cloud.d.a.a;->b()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.utils.g;->a(I Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.mobile.android.utils.j;->a(I Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.l;->a(Landroid/content/pm/PackageInfo; [[B)[B==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.util.k;->a(Landroid/content/Context; Ljava/lang/String; J)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.unity.UnityAgent;->printLog(I Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.proguard.a;->c(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.activity.MainActivity;->onCreate(Landroid/os/Bundle;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.mobile.android.pboctransaction.simapdu.b;->a(Lcom/unionpay/mobile/android/pboctransaction/d;)Ljava/util/ArrayList;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.BuglyLog;->v(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.cloud.a.h.a.a;->b(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.f;->a(J)Ljava/util/List;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.common.inface.SDKManager;->invoke(Ljava/lang/Class; Ljava/lang/String; [Ljava/lang/Object;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.location.b;->onServiceConnected(Landroid/content/ComponentName; Landroid/os/IBinder;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.b;->d(I Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.mobile.android.pro.pboc.engine.b;->a(I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.AdWordsConversionReporter;->registerReferrer(Landroid/content/Context; Landroid/net/Uri;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.unity.UnityAgent;->initCrashReport(Landroid/content/Context; Ljava/lang/String; Z Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; J)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.proguard.a;->a(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
ddianlegotyea.DdianleGotyeaInterface;->startVoic(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.location.f.d;->c()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.activity.MainActivity$1;->onReceiveLocation(Lcom/baidu/location/BDLocation;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
ddianlegotyea.DdianleGotyeaInterface$1;->onStartTalk(I Z I Lcom/gotye/api/GotyeChatTarget;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.share.sinaActivity;->onComplete(Lcn/sharesdk/framework/Platform; I Ljava/util/HashMap;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.sdk.SDKUserCenter$6;->doFailure(Ljava/lang/Exception; I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.sunteng.o;->a(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->setUserSceneTag(Landroid/content/Context; I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.autoupdate.AutoUpdate;->resUpdate()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.share.WeiXinActivity;->handleMessage(Landroid/os/Message;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
u.aly.bj;->c(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.font.common.CommonFun;->getString([B Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.crashlytics.android.core.CrashlyticsCore;->isBuildIdValid(Ljava/lang/String; Z)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->putUserData(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.d;->a(Ljava/lang/String; I Z I I Lcom/baidu/android/pushservice/e/a;)Ljava/lang/String;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.cloud.d.a.a;->b()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.location.h.g;->run()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
ddianlegotyea.VoiceMessage;->playVoice()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->c(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.location.c.e$h;->a(Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.activity.MainActivity;->getLocation()Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.speech.SpeakerVerifierAidl;->register(Ljava/lang/String; Ljava/lang/String; Lcom/iflytek/speech/VerifierListener;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->setJavascriptMonitor(Landroid/webkit/WebView; Z Z)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.location.g.a;->d()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.sdk.SDKInterfaceImpl$1;->doSucess(Lcom/immomo/gamesdk/bean/MDKPersional; [Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.activity.ShareActivity$1;->onClick(Landroid/content/DialogInterface; I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.uppay.PayActivity;->onNewIntent(Landroid/content/Intent;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.gotye.api.GotyeUnity3dActivity;->onCreate(Landroid/os/Bundle;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.richmedia.o;->a(Lcom/baidu/android/pushservice/richmedia/n$a; Ljava/lang/String;)Lcom/baidu/android/pushservice/richmedia/n;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.api.MDKMomo;->submitPlayerDataWithDic(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.unity3d.player.g;->Log(I Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.unity3d.player.UnityPlayerNativeActivity;->onCreate(Landroid/os/Bundle;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.cloud.SpeechUtility;->getPlusLocalInfo(Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.c.b;->a(Ljava/io/InputStream;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->setIsAppForeground(Landroid/content/Context; Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->testANRCrash()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.share.QzoneActivity;->handleMessage(Landroid/os/Message;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.receiver.PhoneReceiver$1;->onCallStateChanged(I Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.speech.SpeakerVerifierAidl;->verify(Ljava/lang/String; Ljava/lang/String; Lcom/iflytek/speech/VerifierListener;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.a.a.a;->c(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.f;->a()Landroid/database/sqlite/SQLiteDatabase;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.common.inface.SDKManager;->clipboardText(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.CommandService;->onCreate()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.f;->c()I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.b;->a(Landroid/content/Context; Ljava/lang/String; Z Lcom/tencent/bugly/BuglyStrategy;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
ddianle.phone.message.PhoneMessage;->getAppVersionCode(Landroid/content/Context;)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.sunflower.d.g;->b(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
ddianlegotyea.DdianleGotyeaInterface;->GotyeaInterfaceLogin(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.b.b;->(Landroid/content/Context; Ljava/lang/String; Lcom/baidu/frontia/base/b/a;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
ddianlegotyea.VoiceMessage;->play()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.d.e;->a([B Z)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.speech.SpeakerVerifierAidl;->endSpeak()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
ddianle.phone.message.PhoneMessage;->getResVersion()Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.b;->a(Landroid/content/Context; Lcom/tencent/bugly/BuglyStrategy;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.share.sinaActivity;->onCancel(Lcn/sharesdk/framework/Platform; I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.proguard.v;->b(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.cloud.d.a.a;->a([B I I I)[Lcom/iflytek/cloud/FaceRect;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.feedback.push.HttpUtil;->httpPost(Ljava/lang/String; Ljava/util/Map;)Ljava/lang/String;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.sdk.c;->b()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.util.ConstantUtil;->getValue(Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.alipay.test.a;->d(Landroid/content/Context;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->setUserId(Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.feedback.push.MyPushMessageReceiver;->onMessage(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.AdWordsConversionReporter;->registerReferrer(Landroid/content/Context; Landroid/net/Uri;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.c.b;->e()I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->d(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->isLastSessionCrash()Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->getAllUserDataKeys(Landroid/content/Context;)Ljava/util/Set;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.unity.UnityAgent$1;->run()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.common.activity.BaseActivity$5;->handleMessage(Landroid/os/Message;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.b;->c(I Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.wemomo.game.mmjwt2.wxapi.WXEntryActivity;->onGetMessageFromWXReq(Lcn/sharesdk/wechat/utils/WXMediaMessage;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.location.a.i;->onAuthResult(I Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.PushConstants;->rsaEncrypt(Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.a.a.b;->c(Ljava/lang/String; Ljava/lang/String; Landroid/content/Context;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.d;->a(Lcom/baidu/android/pushservice/d/a;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.CommandService;->onBind(Landroid/content/Intent;)Landroid/os/IBinder;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.sunflower.d.g;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.lbsapi.auth.a;->a(Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.log.a;->a(Lcom/immomo/gamesdk/log/a$a; Ljava/lang/String; Ljava/lang/StackTraceElement; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.mobile.android.pboctransaction.samsung.e;->onError(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.location.g.a;->a(Landroid/os/Message;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->e(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.util.o;->a(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String; I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.a.a.a;->d(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->b(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.alipay.test.a;->l(Landroid/content/Context;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.utils.g;->a(I Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.cloud.d.a.a;->a(Landroid/graphics/Bitmap;)[Lcom/iflytek/cloud/FaceRect;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->a(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.cloud.d.a.a;->b(Landroid/graphics/Bitmap;)[Lcom/iflytek/cloud/FaceRect;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.util.k;->c(Landroid/content/Context; Ljava/lang/String; I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.log.a;->a(Lcom/immomo/gamesdk/log/a$a; Ljava/lang/String; Ljava/lang/StackTraceElement; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.b;->e(I Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.proguard.a;->b(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.mobile.android.pro.pboc.engine.b;->a(Landroid/os/Handler; Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.a.a.b;->d(Ljava/lang/String; Ljava/lang/String; Landroid/content/Context;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.f$a;->onUpgrade(Landroid/database/sqlite/SQLiteDatabase; I I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.api.MDKMomo;->logout()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.sdk.bc;->onSensorChanged(Landroid/hardware/SensorEvent;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
org.fmod.a;->run()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.BuglyLog;->d(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.autoupdate.ResourceLoader;->stopedCallBack(Lcom/ddianle/autoupdate/Task;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
io.fabric.sdk.android.services.common.TimingMetric;->reportToLog()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.util.k;->a(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.mobile.android.pboctransaction.nfc.b$b;->a([B)Lcom/unionpay/mobile/android/pboctransaction/nfc/b$a;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.PushMessageReceiver;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.v;->run()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.alipay.test.a;->m(Landroid/content/Context;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.autoupdate.WelcomeLoadingView;->getImageURI(Ljava/lang/String; Ljava/io/File;)Landroid/net/Uri;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.mobile.android.upviews.b;->handleMessage(Landroid/os/Message;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.api.MDKMomo;->f()Landroid/content/Intent;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.sunteng.o;->c(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.sdk.UPAgent;->removeGlobalKV(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
ddianle.phone.message.PhoneMessage;->getCPUInfo()Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.font.algorithm.NormalCharSeatMgr;->draw([B I)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.unity3d.player.m;->a(Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.sdk.k;->a([Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.activity.ShareActivity;->onActivityResult(I I Landroid/content/Intent;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.c.b$b;->(Landroid/content/Context;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.autoupdate.AutoUpdate;->getExtraPackageSize()Ljava/lang/String;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.common.inface.SDKManager;->invoke([Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.mobile.android.pboctransaction.simapdu.b;->a(Lcom/unionpay/mobile/android/pboctransaction/b; Landroid/content/Context;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->setSessionIntervalMills(J)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.sdk.SDKInterfaceImpl;->setExtendData(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.speech.SpeakerVerifierAidl;->stopSpeak()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.d;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; I)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.proguard.t;->c(Ljava/lang/Runnable;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->getUserSceneTagId(Landroid/content/Context;)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.InstallReceiver;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.unity.UnityAgent$2;->run()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.proguard.t;->a(Ljava/lang/Runnable;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.gotye.api.GotyeRecorder;->stop()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.utils.PackageUtils;->uninstallSilent(Landroid/content/Context; Ljava/lang/String; Z)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.c.b;->b()J==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.arcsoft.hpay100.utils.k;->b(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.autoupdate.AutoUpdate;->Begin()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->setSdkExtraData(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.autoupdate.AutoUpdate;->getMarket()Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.gotye.api.GotyeRecorder;->record()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.util.ConstantUtil;->init(Landroid/content/Context;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->testJavaCrash()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.unity.UnityAgent;->sendUnityMessage(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.BuglyLog;->i(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.activity.ShareActivity;->onActivityResult(I I Landroid/content/Intent;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.autoupdate.AssetsResToSdCardTask;->copyAssetsResToSdCard()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.DoubleClickAudienceReporter;->report()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.unity3d.player.UnityPlayerProxyActivity;->onCreate(Landroid/os/Bundle;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.location.h.h;->run()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.l;->a(Landroid/content/Context;)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.common.activity.BaseActivity;->getAPKInfo()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.a.a.a;->a(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.share.DdianleShareWeiBoInterface;->sharePhoto(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.common.c.c;->b(Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
ddianlegotyea.DdianleGotyeaInterface$1;->onPlayStop(I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.b.f;->a(Lorg/apache/http/client/methods/HttpRequestBase;)Lorg/apache/http/HttpResponse;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.b;->c(I Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.common.activity.BaseActivity$4;->run()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
ddianlegotyea.VoiceMessage;->onPlayStop()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.util.CommonUtils;->getNetworkType(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.common.c.c;->a(Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.alipay.test.a;->f(Landroid/content/Context;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.common.activity.BaseActivity;->captureTexture(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.sdk.SDKInterfaceImpl;->SDK_doLogin()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.utils.g;->a(I Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.sdk.UPAgent;->setReportUncaughtExceptions(Z)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->c(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.a.a.b;->a(Ljava/lang/String; Ljava/lang/String; Landroid/content/Context;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.cloud.a.h.a.a;->a(Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.unity.UnityAgent;->currentActivity()Landroid/app/Activity;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.alipay.test.a;->g(Landroid/content/Context;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.alipay.test.a;->e(Landroid/content/Context;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.utils.PackageUtils;->installSilent(Landroid/content/Context; Ljava/lang/String;)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.feedback.push.PushUtils;->initPush(Landroid/content/Context;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.share.sinaActivity;->onError(Lcn/sharesdk/framework/Platform; I Ljava/lang/Throwable;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.autoupdate.ApkUnInstallReceiver;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
u.aly.bj;->b(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.activity.IndexActivity;->onCreate(Landroid/os/Bundle;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.a.a.a;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->startCrashReport()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.arcsoft.hpay100.utils.k;->a(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.autoupdate.AutoUpdate;->InitVariable()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.e;->a(Lcom/google/ads/conversiontracking/d;)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.trade.MDKFrinedsListActivity$a;->getView(I Landroid/view/View; Landroid/view/ViewGroup;)Landroid/view/View;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.autoupdate.WelcomeLoadingView$AsyncImageTask;->onPostExecute(Landroid/net/Uri;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
ddianle.phone.fixed.PhoneFixed;->getFromAssets(Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.unity3d.player.g;->Log(I Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.util.PushADProvider;->onCreate()Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.proguard.u;->a(I Ljava/lang/String; [Ljava/lang/Object;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
u.aly.bj;->b(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.d.c;->a(Ljava/util/List;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.log.a;->a(Lcom/immomo/gamesdk/log/a$a; Ljava/lang/String; Ljava/lang/StackTraceElement; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.proguard.u;->a(I Ljava/lang/String; [Ljava/lang/Object;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.d;->g(Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.speech.SpeechModuleAidl$1;->onServiceDisconnected(Landroid/content/ComponentName;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.location.g.a;->onCreate(Landroid/content/Context;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->closeCrashReport()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.cloud.a.h.a.a;->a(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.BuglyLog;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
ddianle.phone.fixed.PhoneFixed;->showChooseOptions()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.b.a;->b(Landroid/content/Context;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.autoupdate.AppStateSaved;->readAppStateConfig()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.sdk.k;->a(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->getUserId()Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.sdk.k;->b([Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.common.inface.SDKManager$4;->run()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.sunflower.d.g;->a(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.bbalbs.common.util.b;->b()Lcom/baidu/android/bbalbs/common/util/b$b;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
u.aly.bj;->d(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.utils.g;->a(I Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.activity.MainActivity;->onActivityResult(I I Landroid/content/Intent;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.cloud.a.h.a.a;->c(Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.lbsapi.auth.a;->c(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.f;->d()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.sunteng.o;->b(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.common.inface.SDKManager$3;->run()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.wemomo.game.mmjwt2.wxapi.WXEntryActivity;->onShowMessageFromWXReq(Lcn/sharesdk/wechat/utils/WXMediaMessage;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.b;->e(I Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
ddianlegotyea.DdianleGotyeaInterface$1;->onStopTalk(I Lcom/gotye/api/GotyeMessage; Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
ddianlegotyea.DdianleGotyeaInterface$1;->onSendMessage(I Lcom/gotye/api/GotyeMessage;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->closeNativeReport()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.autoupdate.MyHorizontalScrollView;->gotoPage(I)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.utils.g;->a(I Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->testNativeCrash()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.gotye.api.GotyeAPI;->()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.location.h.i;->run()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
u.aly.bj;->a(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.c.b;->b(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.share.sinaActivity$onclick;->onClick(Landroid/view/View;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.common.activity.BaseActivity;->onCreate(Landroid/os/Bundle;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.mobile.android.utils.j;->a(I Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.mobile.android.widgets.aa;->a(Landroid/view/View;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.alipay.test.a;->k(Landroid/content/Context;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.api.MDKMomo;->registerWithAppinfo(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Landroid/content/Context;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
ddianle.phone.message.PhoneMessage;->getTotalMemory(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.lbsapi.auth.a;->b(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.l;->a(Landroid/content/Context;)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.http.manager.OperateHttpManager;->b(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->setAppVersion(Landroid/content/Context; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.proguard.u;->a(I Ljava/lang/String; [Ljava/lang/Object;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.activity.ShareActivity;->onClick(Landroid/view/View;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.common.receiver.ConnectionChangeReceiver;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.sunflower.d.g;->c(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
ddianlegotyea.VoiceMessage;->download()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->putSdkData(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->postCatchedException(Ljava/lang/Throwable;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.b;->b(I Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.sdk.k;->b(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.log.a;->a(Lcom/immomo/gamesdk/log/a$a; Ljava/lang/String; Ljava/lang/StackTraceElement; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.l;->a(Landroid/content/pm/PackageInfo; [[B)[B==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.e$b;->run()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.d.c;->a(Landroid/content/Context; Ljava/util/ArrayList;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.sunflower.d.g;->f(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.mobile.android.utils.j;->a(I Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.unionpay.mobile.android.pboctransaction.samsung.h;->onTsmDisconnected()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
u.aly.bj;->d(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->removeUserData(Landroid/content/Context; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.alipay.test.a;->b(Landroid/content/Context;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.frontia.base.a.a.a;->b(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
io.fabric.unity.android.BundleKitDataProvider;->getKitData()[Lio/fabric/unity/android/KitData;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.a.b.i;->a(Landroid/content/Intent;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.autoupdate.AutoUpdate;->SaveLocalVer()Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.location.g.a;->onDestroy()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.common.activity.BaseActivity;->savePhoto([B Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.crashreport.CrashReport;->getAppChannel()Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.api.MDKMomo;->g()Landroid/content/Intent;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.ads.conversiontracking.AdWordsConversionReporter;->registerReferrer(Landroid/content/Context; Landroid/net/Uri;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.iflytek.common.c;->a()Lcom/iflytek/common/b/a;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.ddianle.sdk.BroadcastReciverToken;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
ddianlegotyea.DdianleGotyeaInterface$1;->onPlayStart(I Lcom/gotye/api/GotyeMessage;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.location.g.a;->onTaskRemoved(Landroid/content/Intent;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.util.k;->a(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Z I J Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

位置: assets/WechatPay.apk
com.tencent.a.a.a.a.h;->b(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.b.r;->b(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.a.a.a.a.e;->b(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.b.r;->X(Landroid/content/Context;)Lorg/json/JSONArray;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.a.a.a.a.d;->b(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.wechat.pay.wxapi.WXPayEntryActivity;->onResp(Lcom/tencent/mm/sdk/modelbase/BaseResp;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.sdk.openapi.WXApiImplV10$ActivityLifecycleCb;->onActivityPaused(Landroid/app/Activity;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.b.b;->error(Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.a.a.a.a.b;->b(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.a.a.a.a.b;->b()Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.wechat.pay.ui.WechatShareActivity;->downLoadIcon()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.sdk.b.b;->f(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.wechat.pay.ui.WechatShareActivity;->onResume()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.sdk.b.b;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.b.b;->debug(Ljava/lang/Object;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.sdk.openapi.WXApiImplV10$ActivityLifecycleCb$1;->run()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.b.r;->W(Landroid/content/Context;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.b.b;->b(Ljava/lang/Object;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.a.a.a.a.e;->b()Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.sdk.b.b;->g(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.b.r;->c(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.b.b;->warn(Ljava/lang/Object;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.a.a.a.a.d;->b()Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.sdk.openapi.WXApiImplV10$ActivityLifecycleCb;->onActivityResumed(Landroid/app/Activity;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.b.r;->W(Landroid/content/Context;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.sdk.openapi.WXApiImplV10$ActivityLifecycleCb$2;->run()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.wechat.pay.ui.WechatShareActivity$1;->run()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.sdk.b.b;->h(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.wechat.pay.wxapi.WXEntryActivity;->onResume()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.immomo.gamesdk.wechat.pay.wxapi.WXEntryActivity;->onResp(Lcom/tencent/mm/sdk/modelbase/BaseResp;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.a.a.a.a.h;->c(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I

中危

检测到13个WebView远程执行漏洞。

位置: classes.dex
com.arcsoft.hpay100.web.HPayWebView;->init(Landroid.app.Activity; Landroid.os.Handler; Lcom.arcsoft.hpay100.config.HPaySMS; Ljava.lang.String; Lcom.arcsoft.hpay100.HPaySdkCallback; Lcom.arcsoft.hpay100.web.HPayWebViewLoad;)V
com.immomo.gamesdk.activity.MDKNewPersionalCenterActivity;->d()V
com.immomo.gamesdk.activity.MDKQuickWebLoginActivity;->b()V
com.immomo.gamesdk.activity.MDKWebFeedbackActivity;->a()V
com.immomo.gamesdk.activity.MDKWebMsgCenterActivity;->c()V
com.immomo.gamesdk.activity.MDKWebMyQuestionsActivity;->a()V
com.immomo.gamesdk.api.AdPopupWindowUtils;->initViewsBottom()V
com.immomo.gamesdk.api.AdPopupWindowUtils;->initViewsCenter()V
com.immomo.gamesdk.trade.MDKWebPayActivity;->b()V
com.immomo.gamesdk.trade.MDKWebPayActivity;->b()V
com.immomo.gamesdk.widget.AnnouncementView;->initView()V
com.tencent.bugly.crashreport.CrashReport;->setJavascriptMonitor(Landroid.webkit.WebView; Z Z)Z
com.unionpay.WebViewJavascriptBridge;->(Landroid.app.Activity; Landroid.webkit.WebView; Lcom.unionpay.ab;)V

Android API < 17之前版本存在远程代码执行安全漏洞,该漏洞源于程序没有正确限制使用addJavaScriptInterface方法,攻击者可以通过Java反射利用该漏洞执行任意Java对象的方法,导致远程代码执行安全漏洞。
(1)API等于高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252
http://drops.wooyun.org/papers/548

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis
https://developer.android.com/reference/android/webkit/WebView.html

中危

检测到202条敏感明文信息,建议移除。

位置: classes.dex
'10.0.0.172' used in: Lcom/arcsoft/hpay100/net/d;->(Landroid/content/Context; I I Z Z)V
'10.0.0.172' used in: Lu/aly/r;->(Landroid/content/Context;)V
'10.0.0.172' used in: Lcom/baidu/lbsapi/auth/g;->b()Ljavax/net/ssl/HttpsURLConnection;
'10.0.0.172' used in: Lcom/baidu/frontia/base/b/a;->a(Landroid/content/Context; Landroid/net/NetworkInfo;)V
'10.0.0.172' used in: Lcom/baidu/location/h/f;->()V
'10.0.0.172' used in: Lcom/baidu/location/h/f;->a(Landroid/content/Context; Landroid/net/NetworkInfo;)I
'10.0.0.200' used in: Lcom/baidu/frontia/base/b/a;->a(Landroid/content/Context; Landroid/net/NetworkInfo;)V
'10.0.0.200' used in: Lcom/baidu/location/h/f;->a(Landroid/content/Context; Landroid/net/NetworkInfo;)I
'10.0.0.200' used in: Lcom/baidu/lbsapi/auth/g;->b()Ljavax/net/ssl/HttpsURLConnection;
'http://%s/%s' used in: Lcom/baidu/location/e/d$c;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)V
'http://140.207.168.45/g/d' used in: Lcom/unionpay/sdk/c;->()V
'http://alog.umeng.co/app_logs' used in: Lcom/umeng/analytics/a;->()V
'http://alog.umeng.com/app_logs' used in: Lcom/umeng/analytics/a;->()V
'http://android.bugly.qq.com/rqd/async' used in: Lcom/tencent/bugly/crashreport/common/strategy/StrategyBean;->()V
'http://api.exc.mob.com:80' used in: Lcom/mob/commons/logcollector/c;->()V
'http://api.share.mob.com:80' used in: Lcn/sharesdk/framework/b/c;->j()V
'http://api.tuisong.baidu.com' used in: Lcom/baidu/android/pushservice/ag;->()V
'http://api.tuisong.baidu.com/rest/3.0/clientad/update_ad_status' used in: Lcom/baidu/android/pushservice/util/a;->()V
'http://api0.tuisong.baidu.com' used in: Lcom/baidu/android/pushservice/ag;->()V
'http://api1.tuisong.baidu.com' used in: Lcom/baidu/android/pushservice/ag;->()V
'http://api2.tuisong.baidu.com' used in: Lcom/baidu/android/pushservice/ag;->()V
'http://api3.tuisong.baidu.com' used in: Lcom/baidu/android/pushservice/ag;->()V
'http://api4.tuisong.baidu.com' used in: Lcom/baidu/android/pushservice/ag;->()V
'http://api5.tuisong.baidu.com' used in: Lcom/baidu/android/pushservice/ag;->()V
'http://api6.tuisong.baidu.com' used in: Lcom/baidu/android/pushservice/ag;->()V
'http://api7.tuisong.baidu.com' used in: Lcom/baidu/android/pushservice/ag;->()V
'http://api8.tuisong.baidu.com' used in: Lcom/baidu/android/pushservice/ag;->()V
'http://api9.tuisong.baidu.com' used in: Lcom/baidu/android/pushservice/ag;->()V
'http://bs.baidu.com/lapp-runtime/picture/runtime_baidu.png' used in: Lcom/baidu/android/pushservice/e/m;->d(Landroid/content/Context; Landroid/graphics/Bitmap;)Landroid/graphics/Bitmap;
'http://cca.mob.com:80/ca' used in: Lcom/mob/commons/appcollector/RuntimeCollector;->a(Ljava/util/ArrayList;)Z
'http://cca.mob.com:80/ca' used in: Lcom/mob/commons/appcollector/RuntimeCollector;->(Landroid/content/Context; Ljava/lang/String;)V
'http://cca.mob.com:80/ca' used in: Lcom/mob/commons/appcollector/PackageCollector;->(Landroid/content/Context; Ljava/lang/String;)V
'http://cca.mob.com:80/ca' used in: Lcom/mob/commons/appcollector/PackageCollector;->a(Ljava/lang/String; Ljava/util/ArrayList;)Z
'http://cca.mob.com:80/caconf' used in: Lcom/mob/commons/appcollector/a;->f()V
'http://cca.mob.com:80/caconf' used in: Lcom/mob/commons/appcollector/a;->(Landroid/content/Context; Ljava/lang/String;)V
'http://data.openspeech.cn/index.php/clientrequest/clientcollect/isCollect' used in: Lcom/iflytek/sunflower/task/a;->a()V
'http://dev.voicecloud.cn/msc/help.html' used in: Lcom/iflytek/cloud/resource/b;->()V
'http://dev.voicecloud.cn/msc/help.html' used in: Lcom/iflytek/cloud/resource/c;->()V
'http://dev.voicecloud.cn/msc/help.html' used in: Lcom/iflytek/cloud/resource/a;->()V
'http://devs.data.mob.com/macinfo' used in: Lcom/mob/commons/iosbridge/UDPServer;->a(Ljava/lang/String; Ljava/lang/String;)Z
'http://devs.data.mob.com/udpsconf' used in: Lcom/mob/commons/iosbridge/UDPServer;->c()Z
'http://devs.data.mob.com:80/dinfo' used in: Lcom/mob/commons/authorize/a;->c(Landroid/content/Context; Lcom/mob/commons/authorize/MobProduct;)Ljava/util/HashMap;
'http://devs.data.mob.com:80/dinfo' used in: Lcom/mob/commons/authorize/a;->a(Landroid/content/Context; Lcom/mob/commons/authorize/MobProduct; Ljava/util/HashMap; Z)Ljava/lang/String;
'http://devs.data.mob.com:80/dsign' used in: Lcom/mob/commons/authorize/a;->a(Landroid/content/Context; Lcom/mob/commons/authorize/MobProduct; Ljava/util/HashMap;)V
'http://fee.arc-soft.com:26000/gamefee/sdk/before_create_order' used in: Lcom/arcsoft/hpay100/config/e;->run()V
'http://fee.arc-soft.com:26000/gamefee/sdk/create_order' used in: Lcom/arcsoft/hpay100/config/g;->run()V
'http://fee.arc-soft.com:26000/gamefee/sdk/dot_upload' used in: Lcom/arcsoft/hpay100/config/am;->run()V
'http://fee.arc-soft.com:26000/gamefee/sdk/init' used in: Lcom/arcsoft/hpay100/config/d;->run()V
'http://fee.arc-soft.com:26000/gamefee/sdk/reg_ver_confirm' used in: Lcom/arcsoft/hpay100/config/q;->run()V
'http://fee.arc-soft.com:26000/gamefee/sdk/usr_reg_check' used in: Lcom/arcsoft/hpay100/config/i;->run()V
'http://fee.arc-soft.com:26000/gamefee/sdk/ver_confirm' used in: Lcom/arcsoft/hpay100/config/m;->run()V
'http://h5.m.taobao.com/trade/paySuccess.html?bizOrderId=$OrderId$&' used in: Lcom/alipay/sdk/data/a;->a(Ljava/lang/String;)V
'http://h5.m.taobao.com/trade/paySuccess.html?bizOrderId=$OrderId$&' used in: Lcom/alipay/sdk/data/a;->b(Ljava/lang/String;)V
'http://h5.m.taobao.com/trade/paySuccess.html?bizOrderId=$OrderId$&' used in: Lcom/alipay/sdk/data/a;->b()Lcom/alipay/sdk/data/a;
'http://h5.m.taobao.com/trade/paySuccess.html?bizOrderId=$OrderId$&' used in: Lcom/alipay/sdk/data/a;->()V
'http://h5.m.taobao.com/trade/paySuccess.html?bizOrderId=$OrderId$&' used in: Lcom/alipay/sdk/data/b;->run()V
'http://h5.m.taobao.com/trade/paySuccess.html?bizOrderId=$OrderId$&' used in: Lcom/alipay/sdk/data/a;->d()V
'http://h5.m.taobao.com/trade/paySuccess.html?bizOrderId=$OrderId$&' used in: Lcom/alipay/sdk/data/a;->a(Lcom/alipay/sdk/data/a; Ljava/lang/String;)V
'http://hostname/' used in: Lcom/google/ads/conversiontracking/InstallReceiver;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V
'http://hostname/?' used in: Lcom/google/ads/conversiontracking/g;->a(Landroid/net/Uri;)Lcom/google/ads/conversiontracking/g$b;
'http://hxqd.openspeech.cn/launchconfig' used in: Lcom/iflytek/common/a/d;->a()V
'http://i.mb.biddingx.com/mb_track/get_campaign_info' used in: Lcom/sunteng/f$a;->d()Ljava/lang/String;
'http://i.mb.biddingx.com/mb_track/report_dmp' used in: Lcom/sunteng/f$c;->a([Ljava/lang/Object;)Ljava/lang/Object;
'http://img.immomo.com' used in: Lcom/immomo/gamesdk/trade/k;->a(Ljava/lang/String; Z I)Ljava/lang/String;
'http://img.immomo.com/album/' used in: Lcom/immomo/gamesdk/activity/b;->getPhotoImageUrl(Ljava/lang/String;)Ljava/lang/String;
'http://img.momocdn.com' used in: Lcom/immomo/gamesdk/http/manager/JsonParser;->a(Ljava/lang/String; Z I)Ljava/lang/String;
'http://img.momocdn.com/cache/900/cacerts/MomoRootCA.der' used in: Lcom/immomo/gamesdk/http/manager/RefereeService$2;->run()V
'http://img.momocdn.com/cache/900/cacerts/MomoRootCA.der' used in: Lcom/immomo/gamesdk/http/manager/j$2;->run()V
'http://itsdata.map.baidu.com/long-conn-gps/sdk.php' used in: Lcom/baidu/location/a/e;->run()V
'http://iws.openspeech.cn/online_param/config_update.php' used in: Lcom/iflytek/sunflower/task/i;->a()V
'http://l.mob.com/url/ShareSdkMapping.do' used in: Lcn/sharesdk/framework/b/c;->q()Ljava/lang/String;
'http://l5.ddianle.com' used in: Lcom/ddianle/share/sinaActivity$onclick;->onClick(Landroid/view/View;)V
'http://lbsonline.pushct.baidu.com/lbsupload' used in: Lcom/baidu/android/pushservice/f/i;->(Landroid/content/Context;)V
'http://loc.map.baidu.com/apigetindoordata.php' used in: Lcom/baidu/location/c/a/a;->a()V
'http://loc.map.baidu.com/cc.php' used in: Lcom/baidu/location/a/c$a;->a()V
'http://loc.map.baidu.com/gpsz' used in: Lcom/baidu/location/b/a$a;->a()V
'http://loc.map.baidu.com/indoorlocbuildinginfo.php' used in: Lcom/baidu/location/c/a;->a()V
'http://loc.map.baidu.com/indoorlocbuildinginfo.php' used in: Lcom/baidu/location/c/a;->(Landroid/content/Context;)V
'http://loc.map.baidu.com/iofd.php' used in: Lcom/baidu/location/h/k;->()V
'http://loc.map.baidu.com/oqur.php' used in: Lcom/baidu/location/h/k;->()V
'http://loc.map.baidu.com/rtbu.php' used in: Lcom/baidu/location/h/k;->()V
'http://loc.map.baidu.com/sdk.php' used in: Lcom/baidu/location/h/k;->()V
'http://loc.map.baidu.com/sdk_ep.php' used in: Lcom/baidu/location/h/k;->()V
'http://loc.map.baidu.com/tcu.php' used in: Lcom/baidu/location/h/k;->()V
'http://loc.map.baidu.com/user_err.php' used in: Lcom/baidu/location/h/k;->()V
'http://loc.map.baidu.com/wloc' used in: Lcom/baidu/location/h/k;->()V
'http://log.umsns.com/share/api/' used in: Lcom/umeng/analytics/social/f;->a(Landroid/content/Context; Ljava/lang/String; [Lcom/umeng/analytics/social/UMPlatformData;)[Ljava/lang/String;
'http://m.alipay.com/?action=h5quit' used in: Lcom/alipay/sdk/util/l;->a(Landroid/webkit/WebView; Ljava/lang/String; Landroid/app/Activity;)Z
'http://m.baidu.com' used in: Lcom/baidu/android/pushservice/ag;->()V
'http://m.baidu.com/lightapp/' used in: Lcom/baidu/android/pushservice/e/m;->a(Landroid/content/Context; Ljava/lang/String; Lcom/baidu/android/pushservice/e/c;)V
'http://m.baidu.com/lightapp/' used in: Lcom/baidu/android/pushservice/e/m;->a(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)V
'http://mcgw.alipay.com/sdklog.do' used in: Lcom/alipay/sdk/packet/impl/c;->a(Landroid/content/Context; Ljava/lang/String;)Lcom/alipay/sdk/packet/b;
'http://mobile.unionpay.com/getclient?platform=android&type=securepayplugin' used in: Lcom/unionpay/UPPayAssistEx;->()V
'http://mobilegw-1-64.test.alipay.net/mgw.htm' used in: Lcom/alipay/apmobilesecuritysdk/b/a;->c()Ljava/lang/String;
'http://mobilegw-1-64.test.alipay.net/mgw.htm' used in: Lcom/alipay/apmobilesecuritysdk/b/a;->c()Ljava/lang/String;
'http://mobilegw.aaa.alipay.net/mgw.htm' used in: Lcom/alipay/apmobilesecuritysdk/b/a;->c()Ljava/lang/String;
'http://mobilegw.aaa.alipay.net/mgw.htm' used in: Lcom/alipay/apmobilesecuritysdk/b/a;->c()Ljava/lang/String;
'http://mobilegw.alipay.com/mgw.htm' used in: Lcom/alipay/sdk/cons/a;->()V
'http://mobilegw.stable.alipay.net/mgw.htm' used in: Lcom/alipay/apmobilesecuritysdk/b/a;->c()Ljava/lang/String;
'http://mobilegw.stable.alipay.net/mgw.htm' used in: Lcom/alipay/apmobilesecuritysdk/b/a;->c()Ljava/lang/String;
'http://oc.umeng.co/check_config_update' used in: Lcom/umeng/analytics/a;->()V
'http://oc.umeng.com/check_config_update' used in: Lcom/umeng/analytics/a;->()V
'http://ofloc.map.baidu.com/offline_loc' used in: Lcom/baidu/location/e/h;->()V
'http://open.voicecloud.cn/s?' used in: Lcom/iflytek/cloud/SpeechUtility;->getComponentUrl()Ljava/lang/String;
'http://openapi.openspeech.cn/webapi/wfr.do' used in: Lcom/iflytek/cloud/d/a/b;->(Landroid/content/Context; Lcom/iflytek/cloud/b/a;)V
'http://plus.google.com/' used in: Lcom/google/ads/conversiontracking/o;->()V
'http://referee.immomo.com/config' used in: Lcom/immomo/gamesdk/http/manager/l;->a(Ljava/util/concurrent/atomic/AtomicInteger;)Ljava/util/List;
'http://referee.immomo.com/config' used in: Lcom/immomo/gamesdk/http/manager/i;->a(Ljava/util/concurrent/atomic/AtomicInteger;)Ljava/util/List;
'http://rqd.uu.qq.com/rqd/sync' used in: Lcom/tencent/bugly/crashreport/common/strategy/StrategyBean;->()V
'http://scs.openspeech.cn/scs' used in: Lcom/iflytek/sunflower/a/a;->()V
'http://statsonline.pushct.baidu.com/pushlog_special' used in: Lcom/baidu/android/pushservice/f/s;->b(J J I I)Z
'http://t.mb.biddingx.com/mb_track/push' used in: Lcom/sunteng/f$b;->d()Ljava/lang/Boolean;
'http://tips.immomo.com/?faq_version=2/' used in: Lcom/immomo/gamesdk/activity/MDKWebMyQuestionsActivity$4;->onPageStarted(Landroid/webkit/WebView; Ljava/lang/String; Landroid/graphics/Bitmap;)V
'http://tips.immomo.com/?faq_version=2/' used in: Lcom/immomo/gamesdk/activity/MDKWebFeedbackActivity$4;->onPageStarted(Landroid/webkit/WebView; Ljava/lang/String; Landroid/graphics/Bitmap;)V
'http://tips.immomo.com/?faq_version=2/' used in: Lcom/immomo/gamesdk/activity/MDKWebMyQuestionsActivity$4;->shouldOverrideUrlLoading(Landroid/webkit/WebView; Ljava/lang/String;)Z
'http://tips.immomo.com/?faq_version=2/' used in: Lcom/immomo/gamesdk/activity/MDKWebFeedbackActivity$4;->shouldOverrideUrlLoading(Landroid/webkit/WebView; Ljava/lang/String;)Z
'http://up.sharesdk.cn/upload/image' used in: Lcn/sharesdk/framework/b/c;->o()Ljava/lang/String;
'http://weibo.com/' used in: Lcn/sharesdk/sina/weibo/SinaWeibo;->userInfor(Ljava/lang/String;)V
'http://weibo.com/' used in: Lcn/sharesdk/sina/weibo/SinaWeibo;->filterFriendshipInfo(I Ljava/util/HashMap;)Ljava/util/HashMap;
'http://www.immomo.com/download/momo.apk' used in: Lcom/immomo/gamesdk/api/MDKMomo;->getMomoAPKDownloadUrl()Ljava/lang/String;
'http://www.immomogame.com/xdjwt' used in: Lcom/ddianle/share/DdianleShareWeiBoInterface;->()V
'http://www.immomogame.com/xdjwt' used in: Lcom/ddianle/activity/MainActivity;->onCreate(Landroid/os/Bundle;)V
'http://xmlpull.org/v1/doc/features.html#indent-output' used in: Lcom/ta/utdid2/b/a/a;->setFeature(Ljava/lang/String; Z)V
'http://xmlpull.org/v1/doc/features.html#indent-output' used in: Lcom/ta/utdid2/b/a/e;->a(Ljava/util/Map; Ljava/io/OutputStream;)V
'https://api.map.baidu.com/sdkcs/verify' used in: Lcom/baidu/lbsapi/auth/LBSAuthManager;->a(Z Ljava/lang/String; Ljava/util/Hashtable; [Ljava/lang/String; Ljava/lang/String;)V
'https://api.map.baidu.com/sdkcs/verify' used in: Lcom/baidu/lbsapi/auth/LBSAuthManager;->a(Z Ljava/lang/String; Ljava/util/Hashtable; Ljava/lang/String;)V
'https://api.weibo.com/2/friendships/create.json' used in: Lcn/sharesdk/sina/weibo/g;->d(Ljava/lang/String;)Ljava/util/HashMap;
'https://api.weibo.com/2/friendships/followers.json' used in: Lcn/sharesdk/sina/weibo/g;->d(I I Ljava/lang/String;)Ljava/util/HashMap;
'https://api.weibo.com/2/friendships/friends.json' used in: Lcn/sharesdk/sina/weibo/g;->b(I I Ljava/lang/String;)Ljava/util/HashMap;
'https://api.weibo.com/2/friendships/friends/bilateral.json' used in: Lcn/sharesdk/sina/weibo/g;->c(I I Ljava/lang/String;)Ljava/util/HashMap;
'https://api.weibo.com/2/statuses/update.json' used in: Lcn/sharesdk/sina/weibo/g;->a(Ljava/lang/String; F F)Ljava/util/HashMap;
'https://api.weibo.com/2/statuses/upload.json' used in: Lcn/sharesdk/sina/weibo/g;->b(Ljava/lang/String; Ljava/lang/String; F F)Ljava/util/HashMap;
'https://api.weibo.com/2/statuses/upload_url_text.json' used in: Lcn/sharesdk/sina/weibo/g;->a(Ljava/lang/String; Ljava/lang/String; F F)Ljava/util/HashMap;
'https://api.weibo.com/2/statuses/user_timeline.json' used in: Lcn/sharesdk/sina/weibo/g;->a(I I Ljava/lang/String;)Ljava/util/HashMap;
'https://api.weibo.com/2/users/show.json' used in: Lcn/sharesdk/sina/weibo/g;->c(Ljava/lang/String;)Ljava/util/HashMap;
'https://api.weibo.com/oauth2/access_token' used in: Lcn/sharesdk/sina/weibo/g;->a(Landroid/content/Context; Ljava/lang/String;)Ljava/lang/String;
'https://api.weibo.com/oauth2/default.html' used in: Lcn/sharesdk/sina/weibo/g;->getRedirectUri()Ljava/lang/String;
'https://api.weixin.qq.com/sns/oauth2/access_token' used in: Lcn/sharesdk/wechat/utils/h;->run()V
'https://api.weixin.qq.com/sns/userinfo' used in: Lcn/sharesdk/wechat/utils/i;->run()V
'https://daup.map.baidu.com/cltr/rcvr' used in: Lcom/baidu/location/h/k;->e()Ljava/lang/String;
'https://e.crashlytics.com/spi/v2/events' used in: Lio/fabric/sdk/android/services/settings/DefaultSettingsJsonTransform;->buildAnalyticsSessionDataFrom(Lorg/json/JSONObject;)Lio/fabric/sdk/android/services/settings/AnalyticsSettingsData;
'https://game-api.immomo.com' used in: Lcom/immomo/gamesdk/http/manager/d;->()V
'https://game-api.immomo.com/game' used in: Lcom/immomo/gamesdk/http/manager/BaseAPI;->()V
'https://game.immomo.com/activity/2015/adsdk/index' used in: Lcom/immomo/gamesdk/api/AdPopupWindowUtils;->()V
'https://game.immomo.com/center/fly/bigr' used in: Lcom/immomo/gamesdk/activity/i;->d()V
'https://game.immomo.com/register/?action=bindPage' used in: Lcom/immomo/gamesdk/activity/MDKQuickWebLoginActivity$4;->onPageFinished(Landroid/webkit/WebView; Ljava/lang/String;)V
'https://game.immomo.com/register/?action=bindPageV2' used in: Lcom/immomo/gamesdk/activity/MDKWebBindActivity;->()V
'https://game.immomo.com/register/?action=loginPageV2' used in: Lcom/immomo/gamesdk/activity/MDKQuickWebLoginActivity;->()V
'https://game.immomo.com/register/?action=momoidlogin' used in: Lcom/immomo/gamesdk/activity/MDKQuickWebLoginActivity$4;->onPageFinished(Landroid/webkit/WebView; Ljava/lang/String;)V
'https://game.immomo.com/sdk/gameinner/announcement/index?' used in: Lcom/immomo/gamesdk/widget/AnnouncementView;->()V
'https://game.immomo.com/sdk/usercenter/index' used in: Lcom/immomo/gamesdk/activity/MDKNewPersionalCenterActivity;->()V
'https://game.immomo.com/sdk/usercenter/message' used in: Lcom/immomo/gamesdk/activity/MDKWebMsgCenterActivity;->d()V
'https://game.immomo.com/sdk/usercenter/message' used in: Lcom/immomo/gamesdk/activity/MDKWebMsgCenterActivity$2;->onReceivedError(Landroid/webkit/WebView; I Ljava/lang/String; Ljava/lang/String;)V
'https://game.immomo.com/service/getip.txt' used in: Lcom/immomo/gamesdk/http/manager/UserIpManager$1;->run()V
'https://graph.qq.com' used in: Lcn/sharesdk/tencent/qzone/f;->b(Ljava/lang/String; Ljava/lang/String;)Ljava/util/HashMap;
'https://graph.qq.com/oauth2.0/m_authorize?response_type=token&client_id=' used in: Lcn/sharesdk/tencent/qzone/f;->getAuthorizeUrl()Ljava/lang/String;
'https://graph.qq.com/oauth2.0/me' used in: Lcn/sharesdk/tencent/qzone/f;->e(Ljava/lang/String;)Ljava/util/HashMap;
'https://graph.qq.com/photo/upload_pic' used in: Lcn/sharesdk/tencent/qzone/f;->a(Ljava/lang/String; Ljava/lang/String;)Ljava/util/HashMap;
'https://graph.qq.com/user/get_simple_userinfo' used in: Lcn/sharesdk/tencent/qzone/f;->d(Ljava/lang/String;)Ljava/util/HashMap;
'https://loc.map.baidu.com/sdk.php' used in: Lcom/baidu/location/h/k;->()V
'https://mclient.alipay.com/home/exterfaceAssign.htm?' used in: Lcom/alipay/sdk/app/PayTask;->pay(Ljava/lang/String; Z)Ljava/lang/String;
'https://mobilegw.alipay.com/mgw.htm' used in: Lcom/alipay/apmobilesecuritysdk/b/a;->c()Ljava/lang/String;
'https://mobilegw.alipaydev.com/mgw.htm' used in: Lcom/alipay/sdk/util/k;->a(Landroid/content/Context;)Ljava/lang/String;
'https://ofloc.map.baidu.com/offline_loc' used in: Lcom/baidu/location/e/g$a;->b()V
'https://ofloc.map.baidu.com/offline_loc' used in: Lcom/baidu/location/e/k$a;->b()V
'https://ofloc.map.baidu.com/offline_loc' used in: Lcom/baidu/location/e/d$c;->g()V
'https://open.weibo.cn/oauth2/authorize?' used in: Lcn/sharesdk/sina/weibo/g;->getAuthorizeUrl()Ljava/lang/String;
'https://pubads.g.doubleclick.net/activity;dc_iu=' used in: Lcom/google/ads/conversiontracking/g;->a(Lcom/google/ads/conversiontracking/g$c; Lcom/google/ads/conversiontracking/i$a;)Ljava/lang/String;
'https://pubads.g.doubleclick.net/activity;xsp=' used in: Lcom/google/ads/conversiontracking/g;->a(Lcom/google/ads/conversiontracking/g$c; Ljava/lang/String; Ljava/lang/String; Lcom/google/ads/conversiontracking/i$a; Ljava/lang/String;)Ljava/lang/String;
'https://settings.crashlytics.com/spi/v2/platforms/android/apps/%s/settings' used in: Lio/fabric/sdk/android/services/settings/Settings;->initialize(Lio/fabric/sdk/android/Kit; Lio/fabric/sdk/android/services/common/IdManager; Lio/fabric/sdk/android/services/network/HttpRequestFactory; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Lio/fabric/sdk/android/services/settings/Settings;
'https://wappaygw.alipay.com/home/exterfaceAssign.htm?' used in: Lcom/alipay/sdk/app/PayTask;->pay(Ljava/lang/String; Z)Ljava/lang/String;
'https://www.googleadservices.com/pagead/conversion/' used in: Lcom/google/ads/conversiontracking/g;->c(Lcom/google/ads/conversiontracking/g$c; Ljava/lang/String; Ljava/lang/String; Lcom/google/ads/conversiontracking/i$a; Ljava/lang/String;)Ljava/lang/String;
'https://www.googleadservices.com/pagead/conversion/' used in: Lcom/google/ads/conversiontracking/g;->b(Lcom/google/ads/conversiontracking/g$c; Ljava/lang/String; Ljava/lang/String; Lcom/google/ads/conversiontracking/i$a; Ljava/lang/String;)Ljava/lang/String;
'https://www.immomo.com/feedback/list/?action=gameFaqDetail&faq_version=2' used in: Lcom/immomo/gamesdk/activity/MDKWebQuestionDetailActivity;->()V
'https://www.immomo.com/feedback/list/?action=indexForGame&faq_version=2' used in: Lcom/immomo/gamesdk/activity/MDKWebMyQuestionsActivity;->()V
'https://www.immomo.com/feedback/list/?action=showFirstPageForGame&' used in: Lcom/immomo/gamesdk/activity/MDKWebFeedbackActivity;->()V
"javascript:IYUE.req_callback('" used in: Lcom/arcsoft/hpay100/web/HPayJavascript$7$1;->run()V
"javascript:IYUE.req_callback('" used in: Lcom/arcsoft/hpay100/web/HPayJavascript$6$1;->run()V
"javascript:IYUE.returVerifyCode('" used in: Lcom/arcsoft/hpay100/web/HPayWebActivity$7;->chanage()V
"javascript:IYUE.returVerifyCode('" used in: Lcom/arcsoft/hpay100/web/HPayWebFullActivity$7;->chanage()V
"javascript:WebViewJavascriptBridge._handleMessageFromJava('%s');" used in: Lcom/unionpay/WebViewJavascriptBridge;->_dispatchMessage(Ljava/util/Map;)V
'javascript:document.body.innerHTML="' used in: Lcom/immomo/gamesdk/trade/MDKWebPayActivity$3;->onReceivedError(Landroid/webkit/WebView; I Ljava/lang/String; Ljava/lang/String;)V
'javascript:document.body.innerHTML="' used in: Lcom/immomo/gamesdk/activity/MDKWebMyQuestionsActivity$4;->onReceivedError(Landroid/webkit/WebView; I Ljava/lang/String; Ljava/lang/String;)V
'javascript:document.body.innerHTML="' used in: Lcom/immomo/gamesdk/activity/MDKNewPersionalCenterActivity$2;->onReceivedError(Landroid/webkit/WebView; I Ljava/lang/String; Ljava/lang/String;)V
'javascript:document.body.innerHTML="' used in: Lcom/immomo/gamesdk/activity/MDKQuickWebLoginActivity$4;->onReceivedError(Landroid/webkit/WebView; I Ljava/lang/String; Ljava/lang/String;)V
'javascript:document.body.innerHTML="' used in: Lcom/immomo/gamesdk/widget/AnnouncementView$1;->onReceivedError(Landroid/webkit/WebView; I Ljava/lang/String; Ljava/lang/String;)V
'javascript:document.body.innerHTML="' used in: Lcom/immomo/gamesdk/activity/MDKWebQuestionDetailActivity$4;->onReceivedError(Landroid/webkit/WebView; I Ljava/lang/String; Ljava/lang/String;)V
'javascript:document.body.innerHTML="' used in: Lcom/immomo/gamesdk/activity/MDKWebMsgCenterActivity$2;->onReceivedError(Landroid/webkit/WebView; I Ljava/lang/String; Ljava/lang/String;)V
'javascript:document.body.innerHTML="' used in: Lcom/immomo/gamesdk/api/AdPopupWindowUtils$2;->onReceivedError(Landroid/webkit/WebView; I Ljava/lang/String; Ljava/lang/String;)V
'javascript:document.body.innerHTML="' used in: Lcom/immomo/gamesdk/activity/MDKWebFeedbackActivity$4;->onReceivedError(Landroid/webkit/WebView; I Ljava/lang/String; Ljava/lang/String;)V
'javascript:document.body.innerHTML="' used in: Lcom/immomo/gamesdk/activity/MDKWebBindActivity$4;->onReceivedError(Landroid/webkit/WebView; I Ljava/lang/String; Ljava/lang/String;)V
"javascript:hpay_func.inputPhone('" used in: Lcom/arcsoft/hpay100/web/HPayWebView$4;->run()V
"javascript:hpay_func.inputPhoneAndGetVerifyCode('" used in: Lcom/arcsoft/hpay100/web/HPayWebView$4;->run()V
"javascript:hpay_func.inputVerifyCode('" used in: Lcom/arcsoft/hpay100/web/HPayWebActivity$7;->chanage()V
"javascript:hpay_func.inputVerifyCode('" used in: Lcom/arcsoft/hpay100/web/HPayWebFullActivity$7;->chanage()V
"javascript:momo_btn_controller.setImageSrc('" used in: Lcom/immomo/gamesdk/utils/WebObject;->a(Ljava/io/File;)V
'www.baidu.com' used in: Lcom/baidu/android/pushservice/util/n;->y(Landroid/content/Context;)Ljava/lang/String;
'www.immomo.com' used in: Lcom/immomo/gamesdk/http/manager/d$1;->()V

位置: assets/WechatPay.apk
'10.0.0.172' used in: Lcom/tencent/wxop/stat/b/l;->v(Landroid/content/Context;)Lorg/apache/http/HttpHost;
'10.0.0.200' used in: Lcom/tencent/wxop/stat/b/l;->v(Landroid/content/Context;)Lorg/apache/http/HttpHost;
'http://pingma.qq.com:80/mstat/report' used in: Lcom/tencent/wxop/stat/c;->()V
'https://game.immomo.com/charge/weixin/wxfpay/index' used in: Lcom/immomo/gamesdk/wechat/pay/ui/WechatShareActivity$1;->run()V

中危

检测到18处setSavePassword密码明文存储漏洞。

位置: classes.dex
cn.sharesdk.framework.authorize.g;
com.immomo.gamesdk.activity.MDKNewPersionalCenterActivity;
com.immomo.gamesdk.trade.MDKWebPayActivity;
com.immomo.gamesdk.activity.MDKQuickWebLoginActivity;
com.umeng.analytics.MobclickAgentJSInterface;
com.iflytek.sunflower.CollectorJs;
com.immomo.gamesdk.activity.MDKWebFeedbackActivity;
com.immomo.gamesdk.activity.MDKWebBindActivity;
com.immomo.gamesdk.activity.MDKWebMsgCenterActivity;
com.tencent.bugly.crashreport.CrashReport;
com.immomo.gamesdk.api.AdPopupWindowUtils;
com.baidu.android.pushservice.richmedia.MediaViewActivity;
com.immomo.gamesdk.activity.MDKWebMyQuestionsActivity;
com.unionpay.mobile.android.upviews.b;
cn.sharesdk.tencent.qzone.i;
com.unionpay.WebViewJavascriptBridge;
com.immomo.gamesdk.activity.MDKWebQuestionDetailActivity;
com.immomo.gamesdk.widget.AnnouncementView;

webview的保存密码功能默认设置为true。Webview会明文保存网站上的密码到本地私有文件”databases/webview.db”中。对于可以被root的系统环境或者配合其他漏洞(如webview的同源绕过漏洞),攻击者可以获取到用户密码。
建议:显示设置webView.getSetting().setSavePassword(false)。

参考案例:
www.wooyun.org/bugs/wooyun-2010-021420
www.wooyun.org/bugs/wooyun-2013-020246

参考资料:
http://wolfeye.baidu.com/blog/
www.claudxiao.net/2013/03/android-webview-cache/

中危

检测到3使用全局可读写操作文件。

位置: classes.dex
com.unionpay.a;->onReceive(Landroid.content.Context; Landroid.content.Intent;)V===>openFileOutput
com.unionpay.UPPayAssistEx;->a(Landroid.content.Context; Ljava.lang.String;)Ljava.lang.String;===>openFileOutput
com.unionpay.UPPayAssistEx;->installUPPayPlugin(Landroid.content.Context;)Z===>openFileOutput

在使用getDir、getSharedPreferences(SharedPreference)或openFileOutput时,如果设置了全局的可读权限,攻击者恶意读取文件内容,获取敏感信息。在设置文件属性时如果设置全局可写,攻击者可能会篡改、伪造内容,可以能会进行诈骗等行为,造成用户财产损失。建议:
(1)使用MODE_PRIVATE模式创建内部存储文件。
(2)加密存储敏感数据。
(3)避免在文件中存储明文和敏感信息。

参考案例:
http://wooyun.org/bugs/wooyun-2010-047172
http://wooyun.org/bugs/wooyun-2010-054438
http://wooyun.org/bugs/wooyun-2010-0151270

参考资料:
https://jaq.alibaba.com/blog.htm?id=56
https://jaq.alibaba.com/blog.htm?id=58
http://wolfeye.baidu.com/blog/global-rw-of-file
http://wolfeye.baidu.com/blog/global-rw-of-sharepreference/

低危

检测到1处SecureRandom使用不当。

位置: classes.dex
com.tencent.bugly.proguard.a;->a

SecureRandom的使用不当会导致生成的随机数可被预测,该漏洞存在于Android系统随机生成数字串安全密钥的环节中。该漏洞的生成原因是对SecureRandom类的不正确使用方式导致生成的随机数不随机。建议:
(1)不要使用自定义随机源代替系统默认随机源(推荐)除非有特殊需求,在使用SecureRandom类时,不要调用以下函数:SecureRandom类下SecureRandom(byte[]seed)、setSeed(long seed)和setSeed(byte[]seed)方法。
(2)在调用setSeed方法前先调用任意nextXXX方法。具体做法是调用setSeed方法前先调用一次SecureRandom#nextBytes(byte[]bytes)方法,可以避免默认随机源被替代,详细见参考资料。

参考资料:
https://developer.android.com/reference/java/security/SecureRandom.html
http://drops.wooyun.org/papers/5164
http://jaq.alibaba.com/blog.htm?id=47

低危

检测到21个WebView系统隐藏接口未移除。

位置: classes.dex
com.unionpay.WebViewJavascriptBridge;->(Landroid.app.Activity; Landroid.webkit.WebView; Lcom.unionpay.ab;)V
cn.sharesdk.framework.authorize.g;->b()Lcn.sharesdk.framework.authorize.RegisterView;
com.immomo.gamesdk.trade.MDKWebPayActivity;->a(Landroid.webkit.WebView; Landroid.view.View;)V
com.immomo.gamesdk.activity.MDKWebMyQuestionsActivity;->a(Landroid.webkit.WebView; Landroid.view.View;)V
com.immomo.gamesdk.api.AdPopupWindowUtils;->loadUrl()V
com.immomo.gamesdk.activity.MDKQuickWebLoginActivity;->a(Landroid.webkit.WebView; Landroid.view.View;)V
com.immomo.gamesdk.activity.MDKWebQuestionDetailActivity;->a(Landroid.webkit.WebView; Landroid.view.View;)V
com.immomo.gamesdk.api.AdPopupWindowUtils;->initWebView(Landroid.webkit.WebView; I)V
com.umeng.analytics.MobclickAgentJSInterface;->(Landroid.content.Context; Landroid.webkit.WebView;)V
com.baidu.android.pushservice.richmedia.MediaViewActivity;->onCreate(Landroid.os.Bundle;)V
com.immomo.gamesdk.trade.MDKWebPayActivity;->c()V
com.immomo.gamesdk.widget.AnnouncementView;->initWebView()V
com.umeng.analytics.MobclickAgentJSInterface;->(Landroid.content.Context; Landroid.webkit.WebView; Landroid.webkit.WebChromeClient;)V
com.immomo.gamesdk.activity.MDKWebFeedbackActivity;->a(Landroid.webkit.WebView; Landroid.view.View;)V
com.immomo.gamesdk.activity.MDKQuickWebLoginActivity;->c()V
com.immomo.gamesdk.activity.MDKWebMsgCenterActivity;->c()V
com.iflytek.sunflower.CollectorJs;->(Landroid.content.Context; Landroid.webkit.WebView; Landroid.webkit.WebChromeClient;)V
cn.sharesdk.tencent.qzone.i;->a()Lcn.sharesdk.framework.authorize.RegisterView;
com.immomo.gamesdk.activity.MDKNewPersionalCenterActivity;->d()V
com.immomo.gamesdk.activity.MDKWebBindActivity;->a(Landroid.webkit.WebView; Landroid.view.View;)V
com.tencent.bugly.crashreport.CrashReport;->setJavascriptMonitor(Landroid.webkit.WebView; Z Z)Z

android webview组件包含3个隐藏的系统接口:searchBoxJavaBridge_,accessibilityTraversal以及accessibility,恶意程序可以利用它们实现远程代码执行。
如果使用了WebView,那么使用WebView.removeJavascriptInterface(String name) API,显示的移除searchBoxJavaBridge_、accessibility、accessibilityTraversal这三个接口。

参考资料:
http://wolfeye.baidu.com/blog/android-webview/
http://blog.csdn.net/u013107656/article/details/51729398
http://wolfeye.baidu.com/blog/android-webview-cve-2014-7224/

低危

检测到4处使用了DES弱加密算法。

位置: classes.dex
'DES/CBC/PKCS5Padding' used in: Lcom/unionpay/sdk/r;->a([B [B)[B
'DES/CBC/PKCS5Padding' used in: Lcom/unionpay/sdk/r;->b([B [B)[B
'DES/CBC/PKCS5Padding' used in: Lcom/tencent/bugly/proguard/ad;->a([B)[B
'DES/CBC/PKCS5Padding' used in: Lcom/unionpay/sdk/r;->c([B [B)[B

使用弱加密算法会大大增加黑客攻击的概率,黑客可能会破解隐私数据、猜解密钥、中间人攻击等,造成隐私信息的泄漏,甚至造成财产损失。建议使用AES加密算法。

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

低危

检测3处Intent Scheme URI漏洞。

位置: classes.dex
Lcom/baidu/android/pushservice/message/PublicMsg;->startApplicationLauncher(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String;)V
Lcom/baidu/android/pushservice/message/PublicMsg;->handle(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String;)V
Lcom/baidu/android/pushservice/message/PublicMsg;->handlePrivateNotification(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)V


Intent Scheme URI是一种特殊的URL格式,用来通过Web页面启动已安装应用的Activity组件,大多数主流浏览器都支持此功能。如果在app中,没有检查获取到的load_url的值,攻击者可以构造钓鱼网站,诱导用户点击加载,就可以盗取用户信息。所以,对Intent URI的处理不当时,就会导致基于Intent的攻击。建议:
如果使用了Intent.parseUri函数,获取的intent必须严格过滤,intent至少包含addCategory(“android.intent.category.BROWSABLE”),setComponent(null),setSelector(null)3个策略。

参考资料:
http://wolfeye.baidu.com/blog/intent-scheme-url/
http://drops.wooyun.org/papers/2893
http://drops.wooyun.org/mobile/15202

低危

检测到15处AES/DES弱加密风险。

位置: classes.dex
Lcom/mob/tools/utils/Data;->AES128Encode([B [B)[B
Lm/framework/utils/Data;->AES128Encode(Ljava/lang/String; Ljava/lang/String;)[B
Lcom/arcsoft/hpay100/utils/h;->a(Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;
Lcom/unionpay/utils/c;->a(I [B [B)[B
com.alipay.sdk.encrypt.b;->a(I Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
com.arcsoft.hpay100.utils.g;->b(Ljava.lang.String; [B)[B
Lcom/mob/tools/utils/Data;->AES128Encode(Ljava/lang/String; Ljava/lang/String;)[B
Lcom/unionpay/mobile/android/hce/a;->a(Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;
com.arcsoft.hpay100.utils.g;->a(Ljava.lang.String; [B)[B
Lcom/mob/tools/utils/Data;->AES128Decode([B [B)[B
Lm/framework/utils/Data;->AES128Decode([B [B)[B
Lcom/unionpay/mobile/android/utils/d;->a(I [B [B)[B
Lcom/arcsoft/hpay100/utils/h;->b(Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;
Lcom/unionpay/mobile/android/hce/a;->b(Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;
Lm/framework/utils/Data;->AES128Encode([B Ljava/lang/String;)[B

使用AES/DES/DESede加密算法时,如果使用ECB模式,容易受到攻击风险,造成信息泄露。建议在使用AES/DES/DESede加密算法时,应显示指定使用CBC或CFB加密模式

参考资料:
http://blog.csdn.net/u013107656/article/details/51997957
https://developer.android.com/reference/javax/crypto/Cipher.html
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

低危

非debug包,需要通过打包平台proguard脚本,移除大部分系统输出代码。
经扫描该包仍存在大量系统输出代码,共发现16处系统输出代码.(此处扫描的系统输出代码,是指调用System.out.print*输出的,本应在打包平台移除的系统输出代码.)
各个bundle系统输出代码详情如下:

位置: classes.dex
com.ddianle.share.WeiXinActivity;
com.ddianle.sdk.BroadcastReciverToken;
com.tencent.bugly.proguard.f;
cn.sharesdk.framework.b.e;
com.ddianle.autoupdate.UnZipTask;
com.ddianle.share.sinaActivity;
com.mob.commons.iosbridge.UDPServer;
com.immomo.gamesdk.http.ScheduledThreadPoolTest;
com.immomo.gamesdk.luajava.Console;
com.immomo.gamesdk.luajava.LuaObject;
com.baidu.android.pushservice.util.n;
com.ddianle.share.QzoneActivity;
com.immomo.gamesdk.http.ScheduledThreadPoolTest$1;
com.immomo.gamesdk.utils.TimeUtils;
com.mob.tools.utils.R;
cn.sharesdk.framework.utils.ShareSDKR;

低危

检测到2处主机名弱校验检测漏洞。

位置: classes.dex
com.mob.tools.network.NetworkHelper$3;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z
com.unionpay.sdk.az;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z

自定义HostnameVerifier类,却不实现其verify方法验证域名直接返回true,直接接受任意域名。建议:
对SSL证书进行强校验,包括签名CA是否合法、证书是否是自签名、主机域名是否匹配、证书是否过期等。

参考资料:
http://drops.wooyun.org/tips/3296
https://www.91ri.org/12534.html

低危

检测到1处地方在自定义实现的WebViewClient类在onReceivedSslError调用proceed()方法。

位置: classes.dex
com.alipay.sdk.auth.AuthActivity$b;->onReceivedSslError(Landroid.webkit.WebView; Landroid.webkit.SslErrorHandler; Landroid.net.http.SslError;)V

Android WebView组件加载网页发生证书认证错误时,会调用WebViewClient类的onReceivedSslError方法,如果该方法实现调用了handler.proceed()来忽略该证书错误,则会受到中间人攻击的威胁,可能导致隐私泄露。建议:
当发生证书认证错误时,采用默认的处理方法handler.cancel(),停止加载问题页面当发生证书认证错误时,采用默认的处理方法handler.cancel(),停止加载问题页面。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0109266

参考资料:
https://jaq.alibaba.com/blog.htm?id=60
http://wolfeye.baidu.com/blog/webview-ignore-ssl-error/

警告

检测到23处addFlags使用Intent.FLAG_ACTIVITY_NEW_TASK。

位置: classes.dex
cn.sharesdk.wechat.utils.WechatHelper;->a
com.unionpay.a;->onReceive
com.ddianle.autoupdate.AutoUpdate;->InstallAPK
com.iflytek.cloud.SpeechUtility;->openEngineSettings
com.baidu.android.pushservice.PushServiceReceiver;->onReceive
cn.sharesdk.wechat.utils.j;->a
com.baidu.android.pushservice.message.a.e;->a
com.baidu.android.pushservice.message.a.e;->b
com.immomo.gamesdk.utils.PackageUtils;->uninstallNormal
com.immomo.gamesdk.utils.WebObject;->openUrl
com.baidu.android.pushservice.richmedia.d;->onItemClick
com.unionpay.UPPayAssistEx;->a
com.baidu.android.pushservice.PushServiceReceiver$a;->a
com.baidu.android.pushservice.message.PublicMsg;->handle
com.baidu.android.pushservice.e.m;->a
com.baidu.android.pushservice.richmedia.h;->a
com.immomo.gamesdk.utils.PackageUtils;->installNormal
com.baidu.android.pushservice.message.PublicMsg;->handlePrivateNotification
com.iflytek.cloud.ui.a$a;->onClick
com.ddianle.feedback.push.MyPushMessageReceiver;->updateContent
com.iflytek.cloud.ui.a.e;->e
com.mob.tools.FakeActivity$1;->handleMessage

位置: assets/WechatPay.apk
com.tencent.mm.sdk.a.a;->a

APP创建Intent传递数据到其他Activity,如果创建的Activity不是在同一个Task中打开,就很可能被其他的Activity劫持读取到Intent内容,跨Task的Activity通过Intent传递敏感信息是不安全的。建议:
尽量避免使用包含FLAG_ACTIVITY_NEW_TASK标志的Intent来传递敏感信息。

参考资料:
http://wolfeye.baidu.com/blog/intent-data-leak

警告

检测到13个导出的组件接收其他app的消息,这些组件会被其他app引用并导致dos攻击。

activity com.ddianle.activity.MainActivity
activity com.wemomo.game.mmjwt2.wxapi.WXEntryActivity
activity com.mob.tools.MobUIShell
service com.immomo.gamesdk.service.DownLoadService
service com.baidu.android.pushservice.PushService
service com.baidu.android.pushservice.CommandService
receiver com.ddianle.sdk.BroadcastReciverToken
receiver com.google.ads.conversiontracking.InstallReceiver
receiver com.immomo.gamesdk.demo.ui.CheckUpdateReceiver
receiver com.immomo.gamesdk.receiver.PhoneReceiver
receiver com.ddianle.feedback.push.MyPushMessageReceiver
receiver com.baidu.android.pushservice.PushServiceReceiver
receiver com.baidu.android.pushservice.RegistrationReceiver

建议:
(1)最小化组件暴露。对不会参与跨应用调用的组件建议显示添加android:exported="false"属性。
(2)设置组件访问权限。对provider设置权限,同时将权限的protectionLevel设置为"signature"或"signatureOrSystem"。
(3)组件传输数据验证。对组件之间,特别是跨应用的组件之间的数据传入与返回做验证和增加异常处理,防止恶意调试数据传入,更要防止敏感数据返回。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0169746
http://www.wooyun.org/bugs/wooyun-2010-0104965

参考资料:
http://jaq.alibaba.com/blog.htm?spm=0.0.0.0.Wz4OeC&id=55
《Android安全技术解密与防范》

警告

检测到2个导出的隐式Service组件。
service com.immomo.gamesdk.service.DownLoadService
service com.baidu.android.pushservice.PushService

建议:为了确保应用的安全性,启动Service时,请始终使用显式Intent,且不要为服务声明Intent过滤器。使用隐式Intent启动服务存在安全隐患,因为您无法确定哪些服务将响应Intent,且用户无法看到哪些服务已启动。从Android 5.0(API 级别 21)开始,如果使用隐式 Intent 调用 bindService(),系统会抛出异常。

参考资料:
https://developer.android.com/guide/components/intents-filters.html#Types

警告

检测1处組件設置了android.intent.category.BROWSABLE属性。
com.mob.tools.MobUIShell


在AndroidManifest文件中定义了android.intent.category.BROWSABLE属性的组件,可以通过浏览器唤起,这会导致远程命令执行漏洞攻击。建议:
(1)APP中任何接收外部输入数据的地方都是潜在的攻击点,过滤检查来自网页的参数。
(2)不要通过网页传输敏感信息,有的网站为了引导已经登录的用户到APP上使用,会使用脚本动态的生成URL Scheme的参数,其中包括了用户名、密码或者登录态token等敏感信息,让用户打开APP直接就登录了。恶意应用也可以注册相同的URL Sechme来截取这些敏感信息。Android系统会让用户选择使用哪个应用打开链接,但是如果用户不注意,就会使用恶意应用打开,导致敏感信息泄露或者其他风险。

參考案例:
http://www.wooyun.org/bugs/wooyun-2014-073875
http://www.wooyun.org/bugs/wooyun-2014-067798

参考资料:
http://wolfeye.baidu.com/blog/intent-scheme-url/
http://www.jssec.org/dl/android_securecoding_en.pdf
http://drops.wooyun.org/mobile/15202
http://blog.csdn.net/l173864930/article/details/36951805
http://drops.wooyun.org/papers/2893

警告

检测到21潜在的XSS漏洞。

位置: classes.dex
cn.sharesdk.framework.authorize.g;->b()Lcn.sharesdk.framework.authorize.RegisterView;
cn.sharesdk.tencent.qzone.i;->a()Lcn.sharesdk.framework.authorize.RegisterView;
com.alipay.sdk.auth.AuthActivity;->onCreate(Landroid.os.Bundle;)V
com.alipay.sdk.util.l;->a(Landroid.app.Activity; Ljava.lang.String; Ljava.lang.String;)Landroid.webkit.WebView;
com.arcsoft.hpay100.web.HPayWebView;->init(Landroid.app.Activity; Landroid.os.Handler; Lcom.arcsoft.hpay100.config.HPaySMS; Ljava.lang.String; Lcom.arcsoft.hpay100.HPaySdkCallback; Lcom.arcsoft.hpay100.web.HPayWebViewLoad;)V
com.baidu.android.pushservice.richmedia.MediaViewActivity;->onCreate(Landroid.os.Bundle;)V
com.iflytek.sunflower.CollectorJs;->(Landroid.content.Context; Landroid.webkit.WebView; Landroid.webkit.WebChromeClient;)V
com.immomo.gamesdk.activity.MDKNewPersionalCenterActivity;->d()V
com.immomo.gamesdk.activity.MDKQuickWebLoginActivity;->a(Landroid.webkit.WebView; Landroid.view.View;)V
com.immomo.gamesdk.activity.MDKWebBindActivity;->a(Landroid.webkit.WebView; Landroid.view.View;)V
com.immomo.gamesdk.activity.MDKWebFeedbackActivity;->a(Landroid.webkit.WebView; Landroid.view.View;)V
com.immomo.gamesdk.activity.MDKWebMsgCenterActivity;->c()V
com.immomo.gamesdk.activity.MDKWebMyQuestionsActivity;->a(Landroid.webkit.WebView; Landroid.view.View;)V
com.immomo.gamesdk.activity.MDKWebQuestionDetailActivity;->a(Landroid.webkit.WebView; Landroid.view.View;)V
com.immomo.gamesdk.api.AdPopupWindowUtils;->initWebView(Landroid.webkit.WebView; I)V
com.immomo.gamesdk.trade.MDKWebPayActivity;->a(Landroid.webkit.WebView; Landroid.view.View;)V
com.immomo.gamesdk.widget.AnnouncementView;->initWebView()V
com.umeng.analytics.MobclickAgentJSInterface;->(Landroid.content.Context; Landroid.webkit.WebView;)V
com.umeng.analytics.MobclickAgentJSInterface;->(Landroid.content.Context; Landroid.webkit.WebView; Landroid.webkit.WebChromeClient;)V
com.unionpay.WebViewJavascriptBridge;->(Landroid.app.Activity; Landroid.webkit.WebView; Lcom.unionpay.ab;)V
com.unionpay.mobile.android.upviews.b;->(Landroid.content.Context; Lcom.unionpay.mobile.android.upviews.b$a;)V

允许WebView执行JavaScript(setJavaScriptEnabled),有可能导致XSS攻击。建议尽量避免使用。
(1)API等于高高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
u(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis

警告

检测到22处IvParameterSpec的使用。

位置: classes.dex
com.alipay.b.a.a.a.a.c;->a(Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
com.alipay.b.a.a.a.a.c;->a([B [B)[B
com.alipay.b.a.a.a.a.c;->b(Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
com.alipay.b.a.a.a.a.c;->b(Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
com.alipay.sdk.encrypt.e;->a(Ljava.lang.String; [B)[B
com.alipay.sdk.encrypt.e;->b(Ljava.lang.String; [B)[B
com.baidu.android.bbalbs.common.a.a;->a(Ljava.lang.String; Ljava.lang.String; [B)[B
com.baidu.android.bbalbs.common.a.a;->b(Ljava.lang.String; Ljava.lang.String; [B)[B
com.baidu.frontia.base.d.a;->a(Ljava.lang.String; Ljava.lang.String; [B)[B
com.baidu.frontia.base.d.a;->b(Ljava.lang.String; Ljava.lang.String; [B)[B
com.immomo.gamesdk.utils.AesCBCUtils;->decrypt(Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
com.immomo.gamesdk.utils.AesCBCUtils;->encrypt(Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
com.ta.utdid2.a.a.a;->a([B [B)[B
com.ta.utdid2.a.a.a;->b([B [B)[B
com.tencent.bugly.proguard.a;->a(I [B [B)[B
com.tencent.bugly.proguard.ac;->a([B)[B
com.tencent.bugly.proguard.ad;->a([B)[B
com.unionpay.sdk.bj;->a(Ljava.lang.String;)Ljava.lang.String;
com.unionpay.sdk.bj;->b(Ljava.lang.String;)Ljava.lang.String;
com.unionpay.sdk.r;->a([B [B)[B
com.unionpay.sdk.r;->b([B [B)[B
com.unionpay.sdk.r;->c([B [B)[B

使用IVParameterSpec函数,如果使用了固定的初始化向量,那么密码文本可预测性高得多,容易受到字典攻击等。建议禁止使用常量初始化矢量构造IVParameterSpec,使用聚安全提供的安全组件。

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

警告

检测到4处使用空Intent构造PendingIntent。

位置: classes.dex
com.baidu.android.pushservice.PushServiceReceiver;->showAdvertiseNotifiation(Landroid.content.Context; Ljava.lang.String; Ljava.lang.String; Lcom.baidu.android.pushservice.message.PublicMsg; Ljava.lang.String; Ljava.lang.String;)V
com.baidu.android.pushservice.PushServiceReceiver$a;->a(Lcom.baidu.android.pushservice.richmedia.b; Lcom.baidu.android.pushservice.richmedia.m;)V
com.baidu.android.pushservice.richmedia.h;->a(Lcom.baidu.android.pushservice.richmedia.b; Lcom.baidu.android.pushservice.richmedia.m;)V
com.baidu.android.pushservice.a.b.i;->(Landroid.content.Context; Ljava.lang.String; Ljava.lang.String;)V

使用pendingIntent时候,如果使用了一个空Intent,会导致恶意用户劫持Intent的内容。禁止使用空intent去构造pendingIntent。建议:
禁止使用空intent去构造pendingIntent。

参考资料:
http://wolfeye.baidu.com/blog/pendingintent-leak-information
http://bbs.mob.com/thread-5249-1-1.html

警告

检测到1处socket通信。

位置: classes.dex
Lcom.mob.commons.iosbridge.UDPServer;->d

Android应用通常使用PF_UNIX、PF_INET、PF_NETLINK等不同domain的socket来进行本地IPC或者远程网络通信,这些暴露的socket代表了潜在的本地或远程攻击面,历史上也出现过不少利用socket进行拒绝服务、root提权或者远程命令执行的案例特别是PF_INET类型的网络socket,可以通过网络与Android应用通信,其原本用于linux环境下开放网络服务,由于缺乏对网络调用者身份或者本地调用者id、permission等细粒度的安全检查机制,在实现不当的情况下,可以突破Android的沙箱限制,以被攻击应用的权限执行命令,通常出现比较严重的漏洞

参考案例:
http://www.wooyun.org/bugs/wooyun-2015-0148406
http://www.wooyun.org/bugs/wooyun-2015-0145365

参考资料:
http://wolfeye.baidu.com/blog/open-listen-port
http://blog.csdn.net/jltxgcy/article/details/50686858
https://www.bigniu.com/article/view/10
http://drops.wooyun.org/mobile/6973

警告

检测到 6处url没有使用安全的https链接。

位置: classes.dex
http://m.alipay.com/
http://mcgw.alipay.com/
http://mobilegw-1-64.test.alipay.net/
http://mobilegw.aaa.alipay.net/
http://mobilegw.alipay.com/
http://mobilegw.stable.alipay.net/

参考资料:
https://jaq.alibaba.com/blog.htm?id=60
https://developer.android.com/training/articles/security-ssl.html

警告

检测到28处使用了加解密算法。密钥处理不当可能会导致信息泄露。

位置: classes.dex
com.unionpay.sdk.bj;->b(Ljava.lang.String;)Ljava.lang.String;
m.framework.utils.Data;->AES128Encode([B Ljava.lang.String;)[B
com.baidu.android.bbalbs.common.a.a;->b(Ljava.lang.String; Ljava.lang.String; [B)[B
com.ta.utdid2.device.c;->b([B)Ljava.lang.String;
com.ta.utdid2.a.a.a;->b([B [B)[B
com.unionpay.utils.c;->a(I [B [B)[B
m.framework.utils.Data;->AES128Encode(Ljava.lang.String; Ljava.lang.String;)[B
com.baidu.android.bbalbs.common.a.a;->a(Ljava.lang.String; Ljava.lang.String; [B)[B
com.alipay.sdk.encrypt.b;->a(I Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
com.baidu.frontia.base.d.a;->b(Ljava.lang.String; Ljava.lang.String; [B)[B
com.tencent.bugly.proguard.ac;->a([B)[B
com.immomo.gamesdk.utils.AesCBCUtils;->encrypt(Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
com.ta.utdid2.a.a.a;->a([B [B)[B
com.alipay.b.a.a.a.a.c;->a(Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
com.alipay.sdk.encrypt.e;->b(Ljava.lang.String; [B)[B
com.alipay.sdk.encrypt.e;->a(Ljava.lang.String; [B)[B
com.mob.tools.utils.Data;->AES128Encode([B [B)[B
com.unionpay.mobile.android.utils.d;->a(I [B [B)[B
com.tencent.bugly.proguard.a;->a(I [B [B)[B
com.alipay.b.a.a.a.a.c;->b(Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
com.immomo.gamesdk.utils.AesCBCUtils;->decrypt(Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
com.mob.tools.utils.Data;->AES128Encode(Ljava.lang.String; Ljava.lang.String;)[B
m.framework.utils.Data;->AES128Decode([B [B)[B
cn.sharesdk.framework.utils.a;->a(Ljava.lang.String; Ljava.lang.String; Ljava.util.ArrayList; Lcn.sharesdk.framework.utils.a$a;)Ljava.util.ArrayList;
com.unionpay.sdk.bj;->c(Ljava.lang.String;)Ljavax.crypto.spec.SecretKeySpec;
com.baidu.frontia.base.d.a;->a(Ljava.lang.String; Ljava.lang.String; [B)[B
com.mob.tools.utils.Data;->AES128Decode([B [B)[B
com.alipay.b.a.a.a.a.c;->a([B [B)[B

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0105766
http://www.wooyun.org/bugs/wooyun-2015-0162907
http://www.wooyun.org/bugs/wooyun-2010-0187287

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html


动态扫描发现风险点

风险等级 风险名称

服务端分析

风险等级 风险名称

警告

检测到?处XSS漏洞。
开发中...

警告

检测到?处XSS跨站漏洞。
开发中...

应用证书