0

高危漏洞

6

中危漏洞

6

低危漏洞

9

警告

文件名 app-release.apk
上传者 thbt
文件大小 11.738471984863MB
MD5 641f3f2dffc96bf847d7fd8d4efd03c0
包名 com.thbt.rst
Main Activity com.thbt.rst.Default
Min SDK 14
Target SDK 28

权限列表

# 名称 说明 提示
0 android.permission.CALL_PHONE 允许应用程序在您不介入的情况下拨打电话。恶意应用程序可借此在您的话费单上产生意外通话费。请注意,此权限不允许应用程序拨打紧急呼救电话。 警告
1 android.permission.READ_SMS 允许应用程序读取您的手机或SIM卡中存储的短信。恶意应用程序可借此读取您的机密信息。 警告
2 android.permission.SEND_SMS 允许应用程序发送短信。恶意应用程序可能会不经您的确认就发送信息,给您带来费用。 警告
3 android.permission.ACCESS_COARSE_LOCATION 访问大概的位置源(例如蜂窝网络数据库)以确定手机的大概位置(如果可以)。恶意应用程序可借此确定您所处的大概位置。 注意
4 android.permission.ACCESS_FINE_LOCATION 访问精准的位置源,例如手机上的全球定位系统(如果有)。恶意应用程序可能会借此确定您所处的位置,并可能消耗额外的电池电量。 注意
5 android.permission.BLUETOOTH 允许应用程序查看本地蓝牙手机的配置,以及建立或接受与配对设备的连接。 注意
6 android.permission.BROADCAST_STICKY 允许应用程序发送顽固广播,这些广播在结束后仍会保留。恶意应用程序可能会借此使手机耗用太多内存,从而降低其速度或稳定性。 注意
7 android.permission.GET_TASKS 允许应用程序检索有关当前和最近运行的任务的信息。恶意应用程序可借此发现有关其他应用程序的保密信息。 注意
8 android.permission.READ_PHONE_STATE 允许应用程序访问设备的手机功能。有此权限的应用程序可确定此手机的号码和序列号,是否正在通话,以及对方的号码等。 注意
9 android.permission.RECEIVE_BOOT_COMPLETED 允许应用程序在系统完成启动后即自行启动。这样会延长手机的启动时间,而且如果应用程序一直运行,会降低手机的整体速度。 注意
10 android.permission.RECEIVE_SMS 允许应用程序接收和处理短信。恶意应用程序可借此监视您的信息,或者将信息删除而不向您显示。 注意
11 android.permission.WRITE_SETTINGS 允许应用程序修改系统设置方面的数据。恶意应用程序可借此破坏您的系统配置。 注意
12 android.permission.ACCESS_NETWORK_STATE 允许应用程序查看所有网络的状态。 提示
13 android.permission.ACCESS_WIFI_STATE 允许应用程序查看有关WLAN状态的信息。 提示
14 android.permission.AUTHENTICATE_ACCOUNTS 允许应用程序使用AccountManager的帐户身份验证程序功能,包括创建帐户以及获取和设置其密码。 提示
15 android.permission.CHANGE_WIFI_STATE 允许应用程序连接到WLAN接入点以及与WLAN接入点断开连接,并对配置的WLAN网络进行更改。 提示
16 android.permission.DISABLE_KEYGUARD 允许应用程序停用键锁和任何关联的密码安全设置。例如,在手机上接听电话时停用键锁,在通话结束后重新启用键锁。 提示
17 android.permission.EXPAND_STATUS_BAR 允许应用程序展开或收拢状态栏。 提示
18 android.permission.GET_ACCOUNTS 允许应用程序获取手机已知的帐户列表。 提示
19 android.permission.INTERNET 允许程序访问网络. 提示
20 android.permission.MANAGE_ACCOUNTS 允许应用程序执行添加、删除帐户及删除其密码之类的操作。 提示
21 android.permission.MOUNT_UNMOUNT_FILESYSTEMS 允许应用程序装载和卸载可移动存储器的文件系统。 提示
22 android.permission.USE_CREDENTIALS 允许应用程序请求身份验证标记。 提示
23 android.permission.VIBRATE 允许应用程序控制振动器。 提示
24 android.permission.WRITE_EXTERNAL_STORAGE 允许应用程序写入SD卡。 提示

四大组件

组件名称

com.thbt.rst.Default
com.thbt.rst.MainTabFragment
com.thbt.rst.subview.CDSiSetting
com.thbt.rst.subview.RSTWebView
com.thbt.rst.subview.NewsMessage
com.thbt.rst.subview.QR
com.thbt.rst.subview.ObtainInfo
com.thbt.rst.subview.CDSiGeneralInsurance
com.thbt.rst.subview.Hospitalization
com.thbt.rst.subview.CDSiHospitalInspectionItems
com.thbt.rst.subview.Drugs
com.thbt.rst.subview.NewsDetail
com.thbt.rst.subview.TrainDetail
com.thbt.rst.subview.CDSiSearch
com.thbt.rst.subview.CDSiSearchDrug
com.thbt.rst.subview.ShowNews
com.thbt.rst.subview.CDSiUserMoreDetail
com.thbt.rst.subview.MainActivity
com.thbt.rst.subview.CDSiInsuranceInfo
com.thbt.rst.subview.CDSiMaternityMenu
com.thbt.rst.subview.CDSiGeneralMenu
com.thbt.rst.subview.CDSiHospitalization
com.thbt.rst.subview.CDSiMZMXB
com.thbt.rst.subview.CDSiMZTSPay
com.thbt.rst.subview.CDSiAccountInfo
com.thbt.rst.subview.CDSiQGZY
com.thbt.rst.subview.CDSiGeneralDataDisplay
com.thbt.rst.subview.CDSiZHDetail
com.thbt.rst.subview.CDSiInsuranceOtherInfo
com.thbt.rst.subview.CDSiHospitalizationDetail
com.thbt.rst.subview.CDSiYHDK
com.thbt.rst.subview.CDSiJGDH
com.thbt.rst.subview.CDSiJGDHDetail
com.thbt.rst.subview.CDSiHospitalKS
com.thbt.rst.subview.CDSiDrug
com.thbt.rst.subview.CDSiComment
com.thbt.rst.subview.CDSiChangePassword
com.thbt.rst.subview.CDSiFix
com.thbt.rst.subview.CDSiYLaoAccountInfo
com.thbt.rst.subview.CDSiSMSAd
com.thbt.rst.RST.RSTMainTabFragment
com.thbt.rst.RSTSubview.RSTSetting
com.thbt.rst.RSTSubview.RSTWebView
com.thbt.rst.RSTSubview.RSTObtainInfo
com.thbt.rst.RSTSubview.RSTLogin
com.thbt.rst.RSTSubview.RSTBinding
com.thbt.rst.RSTSubview.RSTGeneralDataDisplay
com.thbt.rst.RSTSubview.RSTGeneralMenu
com.thbt.rst.RSTSubview.RSTGeneralInsurance
com.thbt.rst.RSTSubview.RSTMaps
com.thbt.rst.RSTSubview.RSTFixedMechanism
com.thbt.rst.RSTSubview.RSTHospitalization
com.thbt.rst.RSTSubview.RSTHospitalInspectionItems
com.thbt.rst.RSTSubview.RSTDrugs
com.thbt.rst.RSTSubview.RSTSearch
com.thbt.rst.RSTSubview.RSTMyFeedBack
com.thbt.rst.RSTSubview.RSTAddFeedBack
com.thbt.rst.RSTSubview.RSTUnbinding
com.thbt.rst.RSTSubview.RSTUserMoreDetail
com.thbt.rst.subview.CDSiPaymentPager
com.thbt.rst.subview.CDSiQFPager
com.thbt.rst.subview.CDSiDYPager
com.thbt.rst.subview.CDSiZYPager
com.thbt.rst.subview.CDSiCZMM
com.thbt.rst.subview.CDSiLSGS
com.thbt.rst.subview.CDSiZKJD
com.thbt.rst.subview.CDSiYKJL
com.thbt.rst.subview.CDSiKStatus
com.thbt.rst.subview.CDSiInsuranceDetail
com.thbt.rst.subview.CDSiCZInsurance
com.thbt.rst.subview.CDSiCardStatus
com.thbt.rst.subview.CDSiGroupListView
com.thbt.rst.subview.CDSiZYDetail
com.thbt.rst.subview.CDSiMMPager
com.thbt.rst.subview.BaseWebActivity
com.yinhai.si.cd.ui.SiLogin
com.yinhai.si.cd.ui.SiForgetPwd
com.mob.tools.MobUIShell
com.allenliu.versionchecklib.core.VersionDialogActivity
com.allenliu.versionchecklib.core.PermissionDialogActivity
com.blankj.utilcode.util.PermissionUtils$PermissionActivity
com.just.agentweb.ActionActivity

com.baidu.android.pushservice.PushService
com.baidu.android.pushservice.CommandService
com.allenliu.versionchecklib.core.MyService

com.thbt.rst.push.PushReceiver
com.baidu.android.pushservice.PushServiceReceiver
com.baidu.android.pushservice.RegistrationReceiver
com.just.agentweb.download.NotificationCancelReceiver

com.baidu.android.pushservice.PushInfoProvider
com.allenliu.versionchecklib.core.VersionFileProvider
android.support.v4.content.FileProvider4Util
com.just.agentweb.AgentWebFileProvider

第三方库

# 库名 介绍
0 com.flyco.labelview A Simple Android LabelView.
1 android.support.transition A backport of the new Transitions API for Android.
2 me.dm7.barcodescanner.core Barcode Scanner Libraries for Android
3 me.dm7.barcodescanner Barcode Scanner Libraries for Android
4 com.lsjwzh.widget.recyclerviewpager A ViewPager implemention base on RecyclerView's code. Support fling operation like gallary.
5 com.baidu.mapapi 百度地图 Android SDK是一套基于Android 2.1及以上版本设备的应用程序接口。 您可以使用该套 SDK开发适用于Android系统移动设备的地图应用,通过调用地图SDK接口,您可以轻松访问百度地图服务和数据,构建功能丰富、交互性强的地图类应用程序。
6 com.flyco.tablayout An Android TabLayout Lib has two kinds of TabLayout at present.
7 com.astuetz.viewpager.extensions A set of custom views for the ViewPager from the Android Support Package
8 com.jayfang.dropdownmenu An extension of ResideMenu
9 com.bigkoo.alertview 仿iOS的AlertViewController
10 lecho.lib.hellocharts Charts/graphs library for Android compatible with API 8+, several chart types with support for scaling, scrolling and animations
11 cn.sharesdk ShareSDK是中国最大的APP内分享服务提供商,ShareSDK社会化分享全面支持微信,微博,QQ空间,来往,易信,Facebook等国内外40个平台,帮助开发者轻松实现社会化分享、第三方登录、好友关系运用、一键分享、短链转换、评论和赞功能,还有强大的社会化统计分析管理后台,可以实时了解用户、信息流、回流率、传播效率等数据,有效地指导移动APP的日常运营与推广,同时为APP引入更多的社会化流量。
12 com.baidu.lbsapi 百度Android全景SDK是为Android移动平台提供的一套全景图服务接口,面向广大开发者提供全景图的检索、显示和交互功能,从而更加清晰方便地展示目标位置的周边环境。
13 com.daimajia.slider.library An amazing and convenient Android image slider.
14 com.baidu.android.pushservice 百度云推送(Push)是一站式APP信息推送平台,为企业和开发者提供免费的消息推送服务,开发者可以通过云推送向用户精准推送通知和自定义消息以提升用户留存率和活跃度。
15 android.support.multidex DEPRECATED
16 com.baidu.mobstat 百度移动统计SDK
17 com.wang.avi Yet another android custom progress view for your music player

静态扫描发现风险点

风险等级 风险名称

中危

检测到2处证书弱校验漏洞。

位置: classes.dex
com.c.a.a.m$1;
com.allenliu.versionchecklib.core.a.a$a;

当移动App客户端使用https或ssl/tls进行通信时,如果不校验证书的可信性,将存在中间人攻击漏洞,可导致信息泄露,传输数据被篡改,甚至通过中间人劫持将原有信息替换成恶意链接或恶意代码程序,以达到远程控制等攻击意图。建议:
对SSL证书进行强校验,包括签名CA是否合法、证书是否是自签名、主机域名是否匹配、证书是否过期等。

参考案例:
www.wooyun.org/bugs/wooyun-2014-079358

参考资料:
http://drops.wooyun.org/tips/3296
http://wolfeye.baidu.com/blog/webview-ignore-ssl-error/
https://jaq.alibaba.com/blog.htm?id=60

中危

该app需要移除大部分日志打印代码。
经扫描该包仍存在大量打日志代码,共发现115处打日志代码.(此处扫描的日志打印代码,是指调用android.util.Log.* 打印的.)
详情如下:

位置: classes.dex
com.baidu.mapapi.map.TileOverlay;->a(I I I)Lcom/baidu/mapapi/map/Tile;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.mapapi.favorite.FavoriteManager;->getAllFavPois()Ljava/util/List;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.iarcuschin.simpleratingbar.SimpleRatingBar;->a(F)F==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.LogUtils;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.mobstat.g;->b()Lcom/baidu/mobstat/g$b;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.a;->b(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.blankj.utilcode.util.ProcessUtils;->getForegroundProcessName()Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.blankj.utilcode.util.NetworkUtils;->isAvailableByPing(Ljava/lang/String;)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.allenliu.versionchecklib.core.VersionDialogActivity;->onCreate(Landroid/os/Bundle;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebView$AgentWebClient;->onPageFinished(Landroid/webkit/WebView; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebUtils;->clearCache(Landroid/content/Context; I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebUtils;->clearCacheFolder(Ljava/io/File; I)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.lsjwzh.widget.recyclerviewpager.LoopRecyclerViewPager;->n(I)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebView$AgentWebChrome;->onJsPrompt(Landroid/webkit/WebView; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Landroid/webkit/JsPromptResult;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.blankj.utilcode.util.LogUtils;->print2File(I Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.bbalbs.common.util.b;->b()Lcom/baidu/android/bbalbs/common/util/b$b;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebView$AgentWebClient;->onPageStarted(Landroid/webkit/WebView; Ljava/lang/String; Landroid/graphics/Bitmap;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebView$AgentWebChrome;->onProgressChanged(Landroid/webkit/WebView; I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.platform.comapi.NativeLoader;->a(Ljava/lang/Throwable;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.blankj.utilcode.util.SpanUtils$CustomImageSpan;->getDrawable()Landroid/graphics/drawable/Drawable;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.h.t;->J(Landroid/content/Context;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.LogUtils;->i(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.b;->b(Ljava/lang/String; Ljava/lang/String; Landroid/content/Context;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.blankj.utilcode.util.ToastUtils$ApplicationContextWrapperForApi25$WindowManagerWrapper;->addView(Landroid/view/View; Landroid/view/ViewGroup$LayoutParams;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.allenliu.versionchecklib.core.VersionDialogActivity;->onNewIntent(Landroid/content/Intent;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.JsCallJava;->(Ljava/lang/Object; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebUtils;->clearCacheFolder(Ljava/io/File; I)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.mapapi.favorite.FavoriteManager;->getFavPoi(Ljava/lang/String;)Lcom/baidu/mapapi/favorite/FavoritePoiInfo;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.JsCallback;->apply([Ljava/lang/Object;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
cn.bingoogolapple.swipebacklayout.c;->onMeasure(I I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.yinhai.si.cd.a.j;->b(Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.platform.comapi.util.e;->b(Landroid/content/Context;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.b;->d(Ljava/lang/String; Ljava/lang/String; Landroid/content/Context;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.blankj.utilcode.util.KeyboardUtils;->clickBlankArea2HideSoftInput()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.blankj.utilcode.util.PermissionUtils$PermissionActivity;->onCreate(Landroid/os/Bundle;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.yinhai.si.cd.a.a.j;->a(Ljava/lang/String;)Ljava/io/InputStream;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.itrus.raapi.implement.ClientForAndroid;->b(Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.blankj.utilcode.util.AppUtils;->installAppSilent(Ljava/io/File; Ljava/lang/String; Z)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.dinuscxj.refresh.c;->b(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.iarcuschin.simpleratingbar.SimpleRatingBar;->b()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.blankj.utilcode.util.FragmentUtils;->operate(I Landroid/support/v4/app/i; Landroid/support/v4/app/n; Landroid/support/v4/app/f; [Landroid/support/v4/app/f;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.lsjwzh.widget.recyclerviewpager.LoopRecyclerViewPager;->d(I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
cn.bingoogolapple.swipebacklayout.c;->drawChild(Landroid/graphics/Canvas; Landroid/view/View; J)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.h.t;->k(Landroid/content/Context; Ljava/lang/String;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.bbalbs.common.util.b;->b()Lcom/baidu/android/bbalbs/common/util/b$b;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
me.dm7.barcodescanner.core.c;->setAutoFocus(Z)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.lbsapi.auth.a;->c(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.platform.comapi.NativeLoader;->b(Ljava/lang/String; Ljava/lang/String;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.mapapi.favorite.FavoriteManager;->updateFavPoi(Ljava/lang/String; Lcom/baidu/mapapi/favorite/FavoritePoiInfo;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.b;->a(Ljava/lang/String; Ljava/lang/String; Landroid/content/Context;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.lsjwzh.widget.recyclerviewpager.LoopRecyclerViewPagerAdapter;->onBindViewHolder(Landroid/support/v7/widget/RecyclerView$w; I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.blankj.utilcode.util.CrashUtils;->input2File(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.blankj.utilcode.util.AppUtils;->uninstallAppSilent(Ljava/lang/String; Z Z)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.DefaultChromeClient;->openFileChooser(Landroid/webkit/ValueCallback;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.a;->a(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.a;->d(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.yinhai.si.cd.bus.CdSi$LoginBackBroadcastReceiver;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.h.t;->M(Landroid/content/Context;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.mapapi.map.TileOverlayOptions;->setPositionFromBounds(Lcom/baidu/mapapi/model/LatLngBounds;)Lcom/baidu/mapapi/map/TileOverlayOptions;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.blankj.utilcode.util.AppUtils;->isAppRoot()Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.daimajia.slider.library.Tricks.a;->setOffscreenPageLimit(I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.platform.comjni.map.basemap.a;->k()Landroid/os/Bundle;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.i.e;->b()Lcom/baidu/android/pushservice/i/e$b;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
a.a.a.a.h.b;->c(Ljava/lang/Object;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.lbsapi.auth.a;->b(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.mapapi.favorite.FavoriteManager;->clearAllFavPois()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.a;->c(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebView;->addJavascriptInterface(Ljava/lang/Object; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.yinhai.si.cd.ui.SiLogin;->v()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.b;->c(Ljava/lang/String; Ljava/lang/String; Landroid/content/Context;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.JsCallJava;->getReturn(Lorg/json/JSONObject; I Ljava/lang/Object; J)Ljava/lang/String;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.mapapi.map.t;->run()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.yinhai.si.cd.ui.SiLogin;->v()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.yinhai.si.cd.bus.h;->onCancelled()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.yinhai.si.cd.a.j;->c(Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
a.a.a.a.h.b;->d(Ljava/lang/Object;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.yanzhenjie.permission.b;->a()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.JsCallJava;->genJavaMethodSign(Ljava/lang/reflect/Method;)Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.platform.comapi.util.e;->b()Landroid/os/Bundle;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
android.arch.lifecycle.f;->d()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.blankj.utilcode.util.ZipUtils;->unzipFileByKeyword(Ljava/io/File; Ljava/io/File; Ljava/lang/String;)Ljava/util/List;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
a.a.a.a.h.b;->a(Ljava/lang/Object;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.platform.comapi.a;->a(Lcom/baidu/platform/comapi/util/PermissionCheck$b;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.iarcuschin.simpleratingbar.SimpleRatingBar;->setStarSize(F)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.h.t;->a(Ljava/lang/String; Landroid/content/Context;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.e.a;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.mobstat.g;->b()Lcom/baidu/mobstat/g$b;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.mapapi.map.TileOverlayOptions;->tileProvider(Lcom/baidu/mapapi/map/TileProvider;)Lcom/baidu/mapapi/map/TileOverlayOptions;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.mapapi.map.PolylineOptions;->customTextureList(Ljava/util/List;)Lcom/baidu/mapapi/map/PolylineOptions;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.i.e;->b()Lcom/baidu/android/pushservice/i/e$b;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.blankj.utilcode.util.CrashUtils$1;->uncaughtException(Ljava/lang/Thread; Ljava/lang/Throwable;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
a.a.a.a.h.b;->b(Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.yinhai.si.cd.a.j;->a(Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.mapapi.common.Logger;->logE(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.iarcuschin.simpleratingbar.SimpleRatingBar$b;->a(I)Lcom/iarcuschin/simpleratingbar/SimpleRatingBar$b;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.blankj.utilcode.util.ThreadUtils$SimpleTask;->onCancel()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.h.t;->h(Landroid/content/Context;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.daimajia.slider.library.Tricks.a;->c(I)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.dinuscxj.refresh.c;->a(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.LogUtils;->v(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.mapapi.map.Polyline;->a(Landroid/os/Bundle;)Landroid/os/Bundle;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.lbsapi.auth.a;->a(Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.mapapi.map.MapView;->onLayout(Z I I I I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.mapapi.favorite.FavoriteManager;->add(Lcom/baidu/mapapi/favorite/FavoritePoiInfo;)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.mapapi.favorite.FavoriteManager;->deleteFavPoi(Ljava/lang/String;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.jni.PushSocket;->a(Landroid/content/Context;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.yinhai.si.cd.ui.SiLogin;->F()Landroid/app/Dialog;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.JsCallJava;->(Ljava/lang/Object; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.yanzhenjie.permission.a;->a(Ljava/lang/Object; Ljava/lang/Class; I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebView;->addJavascriptInterface(Ljava/lang/Object; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
lecho.lib.hellocharts.c.d;->a([C F I [C)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.baidu.android.pushservice.h.t;->j(Landroid/content/Context; Ljava/lang/String;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.DefaultChromeClient;->openFileChooser(Landroid/webkit/ValueCallback; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.blankj.utilcode.util.LogUtils;->input2File(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.allenliu.versionchecklib.b.a;->a(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

中危

检测到7个WebView远程执行漏洞。

位置: classes.dex
com.baidu.mobstat.StatService;->a(Landroid.content.Context; Landroid.webkit.WebView; Landroid.webkit.WebViewClient; Landroid.webkit.WebChromeClient; Z)V
com.just.agentweb.AgentWebView;->addJavascriptInterface(Ljava.lang.Object; Ljava.lang.String;)V
com.baidu.mobstat.am$b;->onPageFinished(Landroid.webkit.WebView; Ljava.lang.String; Lcom.baidu.mobstat.bs;)V
com.baidu.mobstat.am$b;->onPageStarted(Landroid.webkit.WebView; Ljava.lang.String; Lcom.baidu.mobstat.bs;)V
com.baidu.mobstat.bc$b;->onPageFinished(Landroid.webkit.WebView; Ljava.lang.String; Lcom.baidu.mobstat.bs;)V
com.baidu.mobstat.bc$b;->onPageStarted(Landroid.webkit.WebView; Ljava.lang.String; Lcom.baidu.mobstat.bs;)V
com.just.agentweb.JsInterfaceHolderImpl;->addJavaObjectDirect(Ljava.lang.String; Ljava.lang.Object;)Lcom.just.agentweb.JsInterfaceHolder;

Android API < 17之前版本存在远程代码执行安全漏洞,该漏洞源于程序没有正确限制使用addJavaScriptInterface方法,攻击者可以通过Java反射利用该漏洞执行任意Java对象的方法,导致远程代码执行安全漏洞。
(1)API等于高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252
http://drops.wooyun.org/papers/548

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis
https://developer.android.com/reference/android/webkit/WebView.html

中危

检测到116条敏感明文信息,建议移除。

位置: classes.dex
'10.0.0.172' used in: Lcom/baidu/platform/comapi/commonutils/SysUpdateUtil;->updateNetworkProxy(Landroid/content/Context;)V
'10.0.0.172' used in: Lcom/baidu/mobstat/bv;->()V
'10.0.0.172' used in: Lcom/baidu/lbsapi/auth/g;->b()Ljavax/net/ssl/HttpsURLConnection;
'10.0.0.200' used in: Lcom/baidu/platform/comapi/commonutils/SysUpdateUtil;->updateNetworkProxy(Landroid/content/Context;)V
'10.0.0.200' used in: Lcom/baidu/mobstat/bv;->()V
'10.0.0.200' used in: Lcom/baidu/lbsapi/auth/g;->b()Ljavax/net/ssl/HttpsURLConnection;
'10.95.41.15' used in: Lcom/baidu/android/pushservice/h;->b(Landroid/content/Context;)V
'296166717@qq.com' used in: Lcom/thbt/rst/subview/MainActivity;->onClick(Landroid/view/View;)V
'http://10.95.41.15:8080' used in: Lcom/baidu/android/pushservice/h;->b(Landroid/content/Context;)V
'http://10.95.41.15:8080' used in: Lcom/baidu/android/pushservice/h;->b(Landroid/content/Context;)V
'http://api.share.mob.com:80' used in: Lcn/sharesdk/framework/b/c;->g()V
'http://c.data.mob.com/v2/cdata' used in: Lcom/mob/a/e;->b(Landroid/content/Context;)Ljava/lang/String;
'http://datax.baidu.com/xs.gif' used in: Lcom/baidu/mobstat/ah;->()V
'http://devs.data.mob.com:80/dinfo' used in: Lcom/mob/a/b/b;->c(Landroid/content/Context; Lcom/mob/a/a;)Ljava/util/HashMap;
'http://devs.data.mob.com:80/dinfo' used in: Lcom/mob/a/b/b;->a(Landroid/content/Context; Lcom/mob/a/a; Ljava/util/HashMap; Z)Ljava/lang/String;
'http://devs.data.mob.com:80/dsign' used in: Lcom/mob/a/b/b;->a(Landroid/content/Context; Lcom/mob/a/a; Ljava/util/HashMap;)V
'http://dxp.baidu.com/upgrade' used in: Lcom/baidu/mobstat/ah;->()V
'http://hmma.baidu.com/app.gif' used in: Lcom/baidu/mobstat/Config;->()V
'http://l.mob.com/url/ShareSdkMapping.do' used in: Lcn/sharesdk/framework/b/c;->m()Ljava/lang/String;
'http://m.baidu.com' used in: Lcom/baidu/android/pushservice/h;->()V
'http://m.data.mob.com/v2/cconf' used in: Lcom/mob/a/c;->t(Landroid/content/Context;)Ljava/lang/String;
'http://openmobile.qq.com/api/check?' used in: Lcn/sharesdk/tencent/qq/b;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Lcn/sharesdk/framework/PlatformActionListener;)V
'http://openrcv.baidu.com/1010/bplus.gif' used in: Lcom/baidu/mobstat/z;->()V
'http://schemas.android.com/apk/res/android' used in: Landroid/support/v4/content/res/f;->a(Lorg/xmlpull/v1/XmlPullParser; Ljava/lang/String;)Z
'http://schemas.android.com/apk/res/android' used in: Lcom/flyco/tablayout/SlidingTabLayout;->(Landroid/content/Context; Landroid/util/AttributeSet; I)V
'http://schemas.android.com/apk/res/android' used in: Lcom/flyco/tablayout/CommonTabLayout;->(Landroid/content/Context; Landroid/util/AttributeSet; I)V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/RSTSubview/RSTAddFeedBack;->e()V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/subview/NewsDetail;->g()V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/c/c;->a(Landroid/content/Context; Ljava/lang/String; Ljava/util/Map; Lcom/thbt/rst/c/b; Z Ljava/lang/String; I Z Z)V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/RST/RSTQuery;->g()V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/Query;->g()V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/RSTSubview/RSTSearch;->a(Z I I)V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/RSTSubview/RSTLogin;->a(Ljava/lang/String;)V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/RSTSubview/RSTGeneralInsurance;->f()V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/RSTSubview/RSTFixedMechanism;->a(Ljava/lang/Boolean;)V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/c/c$2;->a(I [La/a/a/a/e; [B)V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/fragment/News;->a(Z)V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/Mine;->r()V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/RST/RSTQuery;->a(Ljava/lang/String;)V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/util/j;->a(Landroid/content/Context; Z Z)V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/RST/RSTMine;->c()V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/Query;->a(Ljava/lang/String;)V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/RSTSubview/RSTMyFeedBack;->a(Z)V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/subview/CDSiSMSAd;->g()V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/fragment/ConsultFragment;->a(Z)V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/RST/RSTMine;->d()V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/RSTSubview/RSTBinding;->e()V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/RSTSubview/RSTUnbinding;->onClick(Landroid/view/View;)V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/RSTFragment/RSTHospitalInspectionItemsFragment;->e()V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/fragment/CDSiPaymentFragment;->f()V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/RSTSubview/RSTDrugs;->a(Z)V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/subview/Drugs;->a(Z)V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/subview/CDSiGeneralInsurance;->h()V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/subview/CDSiZHDetail;->h()V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/fragment/GeneralInformation;->a(Z)V
'http://scsp.base.gzjybt.com.cn:2180/sp/RstInfServletV3' used in: Lcom/thbt/rst/RSTSubview/RSTGeneralDataDisplay;->f()V
'http://scsp.base.gzjybt.com.cn:2180/sp/app/MassageSinup.html' used in: Lcom/thbt/rst/RSTSubview/RSTBinding;->onClick(Landroid/view/View;)V
'http://scsp.base.gzjybt.com.cn:2180/sp/app/apk/rst_cd.apk' used in: Lcom/thbt/rst/RSTSubview/RSTLogin$3;->a(Ljava/lang/Object; I)V
'http://scsp.base.gzjybt.com.cn:2180/sp/app/cooperation.html' used in: Lcom/thbt/rst/subview/CDSiSetting;->onChildClick(Landroid/widget/ExpandableListView; Landroid/view/View; I I J)Z
'http://scsp.base.gzjybt.com.cn:2180/sp/app/cooperation.html' used in: Lcom/thbt/rst/RSTSubview/RSTSetting;->onChildClick(Landroid/widget/ExpandableListView; Landroid/view/View; I I J)Z
'http://scsp.base.gzjybt.com.cn:2180/sp/app/forgetpassword.html' used in: Lcom/thbt/rst/RSTSubview/RSTBinding;->onClick(Landroid/view/View;)V
'http://scsp.base.gzjybt.com.cn:2180/sp/app/forgetpassword.html' used in: Lcom/thbt/rst/RSTSubview/RSTLogin;->onClick(Landroid/view/View;)V
'http://scsp.base.gzjybt.com.cn:2180/sp/app/forgetpassword.html' used in: Lcom/thbt/rst/RSTSubview/RSTUnbinding;->onClick(Landroid/view/View;)V
'http://scsp.base.gzjybt.com.cn:2180/sp/app/team.html' used in: Lcom/thbt/rst/subview/CDSiSetting;->onChildClick(Landroid/widget/ExpandableListView; Landroid/view/View; I I J)Z
'http://scsp.base.gzjybt.com.cn:2180/sp/app/team.html' used in: Lcom/thbt/rst/RSTSubview/RSTSetting;->onChildClick(Landroid/widget/ExpandableListView; Landroid/view/View; I I J)Z
'http://scsp.base.gzjybt.com.cn:2180/sp/app/version.html' used in: Lcom/thbt/rst/RSTSubview/RSTSetting;->h()V
'http://scsp.base.gzjybt.com.cn:2180/sp/app/version.html' used in: Lcom/thbt/rst/subview/CDSiSetting;->i()V
'http://up.sharesdk.cn/upload/image' used in: Lcn/sharesdk/framework/b/c;->k()Ljava/lang/String;
'http://weibo.com/cdrsj' used in: Lcom/thbt/rst/subview/CDSiSetting;->onChildClick(Landroid/widget/ExpandableListView; Landroid/view/View; I I J)Z
'http://weibo.com/cdrsj' used in: Lcom/thbt/rst/RSTSubview/RSTSetting;->onChildClick(Landroid/widget/ExpandableListView; Landroid/view/View; I I J)Z
'http://www.cdhrss.gov.cn/json/news.jsp' used in: Lcom/thbt/rst/fragment/ConsultFragment;->a(Z)V
'http://www.cdhrss.gov.cn/json/news_detail.jsp' used in: Lcom/thbt/rst/subview/ShowNews;->g()V
'http://www.myapp.com/down/' used in: Lcn/sharesdk/tencent/qq/f$2;->shouldOverrideUrlLoading(Landroid/webkit/WebView; Ljava/lang/String;)Z
'http://xmlpull.org/v1/doc/features.html#process-namespaces' used in: Lorg/xmlpull/v1/XmlPullParserFactory;->setNamespaceAware(Z)V
'http://xmlpull.org/v1/doc/features.html#process-namespaces' used in: Lorg/xmlpull/v1/XmlPullParserFactory;->isNamespaceAware()Z
'http://xmlpull.org/v1/doc/features.html#validation' used in: Lorg/xmlpull/v1/XmlPullParserFactory;->isValidating()Z
'http://xmlpull.org/v1/doc/features.html#validation' used in: Lorg/xmlpull/v1/XmlPullParserFactory;->setValidating(Z)V
'https://api.map.baidu.com/sdkcs/verify' used in: Lcom/baidu/lbsapi/auth/LBSAuthManager;->a(Z Ljava/lang/String; Ljava/util/Hashtable; [Ljava/lang/String; Ljava/lang/String;)V
'https://api.map.baidu.com/sdkcs/verify' used in: Lcom/baidu/lbsapi/auth/LBSAuthManager;->a(Z Ljava/lang/String; Ljava/util/Hashtable; Ljava/lang/String;)V
'https://api.tuisong.baidu.com/rest/3.0/clientfile/updatesdkconfig' used in: Lcom/baidu/android/pushservice/config/ModeConfig;->(Landroid/content/Context;)V
'https://api.tuisong.baidu.com/rest/3.0/oem/upload_unbind_oem' used in: Lcom/baidu/android/pushservice/message/a/d$1;->a()V
'https://api.weixin.qq.com/sns/oauth2/access_token' used in: Lcn/sharesdk/wechat/utils/g$1;->run()V
'https://api.weixin.qq.com/sns/oauth2/refresh_token' used in: Lcn/sharesdk/wechat/utils/g;->a()Z
'https://api.weixin.qq.com/sns/userinfo' used in: Lcn/sharesdk/wechat/utils/g$2;->run()V
'https://datax.baidu.com/xs.gif' used in: Lcom/baidu/mobstat/ah;->()V
'https://dxp.baidu.com/autoTracker' used in: Lcom/baidu/mobstat/bn;->a(Landroid/content/Context;)Ljava/lang/String;
'https://dxp.baidu.com/circleConfig?' used in: Lcom/baidu/mobstat/bn;->a(Landroid/content/Context; Ljava/lang/String;)Ljava/lang/String;
'https://dxp.baidu.com/upgrade' used in: Lcom/baidu/mobstat/ah;->()V
'https://dxp.baidu.com/vizParser' used in: Lcom/baidu/mobstat/bn;->a()Ljava/lang/String;
'https://graph.qq.com' used in: Lcn/sharesdk/tencent/qq/b;->b(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Lcn/sharesdk/framework/PlatformActionListener;)V
'https://graph.qq.com' used in: Lcn/sharesdk/tencent/qzone/b;->b(Ljava/lang/String; Ljava/lang/String;)Ljava/util/HashMap;
'https://graph.qq.com/oauth2.0/m_authorize?response_type=token&client_id=' used in: Lcn/sharesdk/tencent/qq/b;->getAuthorizeUrl()Ljava/lang/String;
'https://graph.qq.com/oauth2.0/m_authorize?response_type=token&client_id=' used in: Lcn/sharesdk/tencent/qzone/b;->getAuthorizeUrl()Ljava/lang/String;
'https://graph.qq.com/oauth2.0/me' used in: Lcn/sharesdk/tencent/qzone/b;->e(Ljava/lang/String;)Ljava/util/HashMap;
'https://graph.qq.com/oauth2.0/me' used in: Lcn/sharesdk/tencent/qq/b;->c(Ljava/lang/String;)Ljava/util/HashMap;
'https://graph.qq.com/photo/upload_pic' used in: Lcn/sharesdk/tencent/qzone/b;->a(Ljava/lang/String; Ljava/lang/String;)Ljava/util/HashMap;
'https://graph.qq.com/user/get_simple_userinfo' used in: Lcn/sharesdk/tencent/qq/b;->e(Ljava/lang/String;)Ljava/util/HashMap;
'https://graph.qq.com/user/get_simple_userinfo' used in: Lcn/sharesdk/tencent/qzone/b;->d(Ljava/lang/String;)Ljava/util/HashMap;
'https://hack.tuisong.baidu.com/statistics/msg_ack' used in: Lcom/baidu/android/pushservice/h/f$1;->a()V
'https://hack.tuisong.baidu.com/statistics/msg_action' used in: Lcom/baidu/android/pushservice/h/f$2;->a()V
'https://hack.tuisong.baidu.com/statistics/msg_action' used in: Lcom/baidu/android/pushservice/h/f$3;->a()V
'https://hack.tuisong.baidu.com/statistics/xiaomi/msg_ack' used in: Lcom/baidu/android/pushservice/h/f$1;->a()V
'https://hack.tuisong.baidu.com/statistics/xiaomi/msg_action' used in: Lcom/baidu/android/pushservice/h/f$2;->a()V
'https://hmma.baidu.com/app.gif' used in: Lcom/baidu/mobstat/Config;->()V
'https://hmma.baidu.com/auto.gif' used in: Lcom/baidu/mobstat/LogSender;->a(Landroid/content/Context; Ljava/lang/String; Z)Z
'https://lbsonline.pushct.baidu.com/lbsupload' used in: Lcom/baidu/android/pushservice/f/g;->(Landroid/content/Context;)V
'https://od.cdhrss.gov.cn:8045/yhjypt/forSdk/?.do' used in: Lcom/yinhai/si/cd/a/a/o;->e(Ljava/lang/String;)Ljava/lang/String;
'https://openrcv.baidu.com/1010/bplus.gif' used in: Lcom/baidu/mobstat/z;->()V
'https://statsonline.pushct.baidu.com/pushlog_special' used in: Lcom/baidu/android/pushservice/f/n;->b(J J I I)Z
'javascript:%s.callback(%d, %d %s);' used in: Lcom/just/agentweb/JsCallback;->apply([Ljava/lang/Object;)V
'javascript:(function(b){console.log("' used in: Lcom/just/agentweb/JsCallJava;->(Ljava/lang/Object; Ljava/lang/String;)V
'javascript:try{' used in: Lcom/just/agentweb/AgentWebView;->buildTryCatchInjectJS(Ljava/lang/String;)Ljava/lang/String;
'javascript:try{(function(){if(window.' used in: Lcom/just/agentweb/AgentWebView;->buildNotRepeatInjectJS(Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;
"javascript:window._automtj.getViewportTree('android', '" used in: Lcom/baidu/mobstat/bs;->b(Landroid/app/Activity; Landroid/webkit/WebView; Landroid/graphics/Rect;)V
'test@test.com' used in: Lcom/yinhai/si/cd/bus/h;->a([Ljava/lang/Void;)Ljava/lang/String;
'www.baidu.com' used in: Lcom/baidu/android/pushservice/h/t;->A(Landroid/content/Context;)Ljava/lang/String;

中危

检测到7处setSavePassword密码明文存储漏洞。

位置: classes.dex
com.thbt.rst.RSTSubview.RSTWebView;
com.thbt.rst.subview.ShowNews;
com.just.agentweb.AgentWebUtils;
com.thbt.rst.subview.NewsDetail;
com.just.agentweb.AgentWebView;
com.baidu.mobstat.StatService;
com.thbt.rst.subview.RSTWebView;

webview的保存密码功能默认设置为true。Webview会明文保存网站上的密码到本地私有文件”databases/webview.db”中。对于可以被root的系统环境或者配合其他漏洞(如webview的同源绕过漏洞),攻击者可以获取到用户密码。
建议:显示设置webView.getSetting().setSavePassword(false)。

参考案例:
www.wooyun.org/bugs/wooyun-2010-021420
www.wooyun.org/bugs/wooyun-2013-020246

参考资料:
http://wolfeye.baidu.com/blog/
www.claudxiao.net/2013/03/android-webview-cache/

中危

检测到4使用全局可读写操作文件。

位置: classes.dex
com.baidu.android.pushservice.i.e;->a(Ljava.lang.String;)Z===>openFileOutput
com.baidu.android.bbalbs.common.util.b;->a(Ljava.lang.String;)Z===>openFileOutput
com.baidu.mobstat.CarUUID;->a(Landroid.content.Context; Ljava.lang.String;)Z===>openFileOutput
com.baidu.mobstat.g;->a(Ljava.lang.String;)Z===>openFileOutput

在使用getDir、getSharedPreferences(SharedPreference)或openFileOutput时,如果设置了全局的可读权限,攻击者恶意读取文件内容,获取敏感信息。在设置文件属性时如果设置全局可写,攻击者可能会篡改、伪造内容,可以能会进行诈骗等行为,造成用户财产损失。建议:
(1)使用MODE_PRIVATE模式创建内部存储文件。
(2)加密存储敏感数据。
(3)避免在文件中存储明文和敏感信息。

参考案例:
http://wooyun.org/bugs/wooyun-2010-047172
http://wooyun.org/bugs/wooyun-2010-054438
http://wooyun.org/bugs/wooyun-2010-0151270

参考资料:
https://jaq.alibaba.com/blog.htm?id=56
https://jaq.alibaba.com/blog.htm?id=58
http://wolfeye.baidu.com/blog/global-rw-of-file
http://wolfeye.baidu.com/blog/global-rw-of-sharepreference/

低危

检测到11个WebView系统隐藏接口未移除。

位置: classes.dex
com.just.agentweb.AbsAgentWebSettings;->settings(Landroid.webkit.WebView;)V
com.just.agentweb.AgentWebUtils;->clearWebViewAllCache(Landroid.content.Context; Landroid.webkit.WebView;)V
cn.sharesdk.tencent.qq.f;->a()Lcn.sharesdk.framework.authorize.RegisterView;
com.thbt.rst.subview.NewsDetail;->f()V
com.baidu.android.pushservice.richmedia.MediaViewActivity;->onCreate(Landroid.os.Bundle;)V
cn.sharesdk.framework.authorize.e;->b()Lcn.sharesdk.framework.authorize.RegisterView;
com.thbt.rst.subview.RSTWebView;->g()V
com.thbt.rst.subview.ShowNews;->e()V
com.baidu.mobstat.StatService;->a(Landroid.content.Context; Landroid.webkit.WebView; Landroid.webkit.WebViewClient; Landroid.webkit.WebChromeClient; Z)V
cn.sharesdk.tencent.qzone.d;->a()Lcn.sharesdk.framework.authorize.RegisterView;
com.thbt.rst.RSTSubview.RSTWebView;->f()V

android webview组件包含3个隐藏的系统接口:searchBoxJavaBridge_,accessibilityTraversal以及accessibility,恶意程序可以利用它们实现远程代码执行。
如果使用了WebView,那么使用WebView.removeJavascriptInterface(String name) API,显示的移除searchBoxJavaBridge_、accessibility、accessibilityTraversal这三个接口。

参考资料:
http://wolfeye.baidu.com/blog/android-webview/
http://blog.csdn.net/u013107656/article/details/51729398
http://wolfeye.baidu.com/blog/android-webview-cve-2014-7224/

低危

检测到3处使用了DES弱加密算法。

位置: classes.dex
'DES/ECB/NoPadding' used in: La/a/a/a/i/a/j$a;->t()[B
'DES/ECB/NoPadding' used in: La/a/a/a/i/a/j;->h(Ljava/lang/String;)[B
'DES/ECB/NoPadding' used in: La/a/a/a/i/a/j;->d([B [B)[B

使用弱加密算法会大大增加黑客攻击的概率,黑客可能会破解隐私数据、猜解密钥、中间人攻击等,造成隐私信息的泄漏,甚至造成财产损失。建议使用AES加密算法。

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

低危

检测8处Intent Scheme URI漏洞。

位置: classes.dex
Lcom/baidu/android/pushservice/PushMessageReceiver;->handleIntentUri(Landroid/content/Context; Lcom/xiaomi/mipush/sdk/MiPushMessage; Lcom/baidu/android/pushservice/message/b;)V
Lcom/baidu/android/pushservice/PushMessageReceiver;->startApplicationLauncher(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)V
Lcom/baidu/android/pushservice/PushServiceReceiver;->a(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String; Lcom/baidu/android/pushservice/message/PublicMsg;)V
Lcom/baidu/android/pushservice/message/PublicMsg;->startApplicationLauncher(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String;)V
Lcom/baidu/android/pushservice/message/PublicMsg;->handle(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String;)V
Lcom/baidu/android/pushservice/message/PublicMsg;->handlePrivateNotification(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)V
Lcom/just/agentweb/DefaultWebClient;->lookup(Ljava/lang/String;)Z
Lcom/just/agentweb/DefaultWebClient;->queryActiviesNumber(Ljava/lang/String;)I


Intent Scheme URI是一种特殊的URL格式,用来通过Web页面启动已安装应用的Activity组件,大多数主流浏览器都支持此功能。如果在app中,没有检查获取到的load_url的值,攻击者可以构造钓鱼网站,诱导用户点击加载,就可以盗取用户信息。所以,对Intent URI的处理不当时,就会导致基于Intent的攻击。建议:
如果使用了Intent.parseUri函数,获取的intent必须严格过滤,intent至少包含addCategory(“android.intent.category.BROWSABLE”),setComponent(null),setSelector(null)3个策略。

参考资料:
http://wolfeye.baidu.com/blog/intent-scheme-url/
http://drops.wooyun.org/papers/2893
http://drops.wooyun.org/mobile/15202

低危

检测到10处AES/DES弱加密风险。

位置: classes.dex
Lcom/thbt/rst/util/d;->b(Ljava/lang/String;)Ljava/lang/String;
Lcom/thbt/rst/util/d;->a(Ljava/lang/String;)Ljava/lang/String;
La/a/a/a/i/a/j$a;->t()[B
Lcom/mob/tools/utils/b;->a([B [B)[B
Lcom/baidu/mobstat/bt$b;->b(I [B)[B
La/a/a/a/i/a/j;->d([B [B)[B
Lcom/mob/tools/utils/b;->a(Ljava/lang/String; Ljava/lang/String;)[B
La/a/a/a/i/a/j;->h(Ljava/lang/String;)[B
Lcom/baidu/mobstat/bt$b;->a(I [B)[B
Lcom/mob/tools/utils/b;->b([B [B)[B

使用AES/DES/DESede加密算法时,如果使用ECB模式,容易受到攻击风险,造成信息泄露。建议在使用AES/DES/DESede加密算法时,应显示指定使用CBC或CFB加密模式

参考资料:
http://blog.csdn.net/u013107656/article/details/51997957
https://developer.android.com/reference/javax/crypto/Cipher.html
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

低危

非debug包,需要通过打包平台proguard脚本,移除大部分系统输出代码。
经扫描该包仍存在大量系统输出代码,共发现12处系统输出代码.(此处扫描的系统输出代码,是指调用System.out.print*输出的,本应在打包平台移除的系统输出代码.)
各个bundle系统输出代码详情如下:

位置: classes.dex
com.baidu.mobstat.cc;
com.d.a.a.a.a.a.a;
cn.sharesdk.framework.b.d;
com.blankj.utilcode.util.ThreadUtils;
cn.sharesdk.onekeyshare.themes.classic.EditPage;
com.itrus.raapi.implement.ClientForAndroid;
org.xmlpull.v1.XmlPullParserException;
com.baidu.android.pushservice.h.t;
com.scwang.smartrefresh.layout.SmartRefreshLayout;
com.baidu.mobstat.cg;
com.mob.tools.utils.R;
cn.sharesdk.framework.utils.ShareSDKR;

低危

检测到1处主机名弱校验检测漏洞。

位置: classes.dex
com.allenliu.versionchecklib.core.a.a$b;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z

自定义HostnameVerifier类,却不实现其verify方法验证域名直接返回true,直接接受任意域名。建议:
对SSL证书进行强校验,包括签名CA是否合法、证书是否是自签名、主机域名是否匹配、证书是否过期等。

参考资料:
http://drops.wooyun.org/tips/3296
https://www.91ri.org/12534.html

警告

检测到26处addFlags使用Intent.FLAG_ACTIVITY_NEW_TASK。

位置: classes.dex
com.blankj.utilcode.util.DeviceUtils;->shutdown
com.blankj.utilcode.util.IntentUtils;->getIntent
com.baidu.android.pushservice.PushMessageReceiver;->handleIntentUri
cn.sharesdk.wechat.utils.h;->a
com.baidu.android.pushservice.PushServiceReceiver$a;->a
com.just.agentweb.download.DefaultDownloadImpl;->preDownload
com.baidu.android.pushservice.message.a.f;->b
com.baidu.android.pushservice.message.a.f;->a
com.blankj.utilcode.util.PermissionUtils$PermissionActivity;->start
com.blankj.utilcode.util.ProcessUtils;->getForegroundProcessName
com.blankj.utilcode.util.ActivityUtils;->startActivity
com.baidu.android.pushservice.richmedia.MediaListActivity$4;->a
com.blankj.utilcode.util.PermissionUtils;->launchAppDetailsSettings
com.mob.tools.a$1;->handleMessage
com.blankj.utilcode.util.ActivityUtils;->getLauncherActivity
com.allenliu.versionchecklib.core.AVersionService;->h
cn.sharesdk.wechat.utils.WechatHelper;->a
com.allenliu.versionchecklib.core.AVersionService;->a
com.baidu.android.pushservice.message.PublicMsg;->handle
com.thbt.rst.util.i;->a
com.just.agentweb.download.Downloader;->onPostExecute
com.baidu.android.pushservice.message.PublicMsg;->handlePrivateNotification
com.blankj.utilcode.util.ActivityUtils;->startActivities
com.baidu.android.pushservice.richmedia.MediaListActivity$2;->onItemClick
com.just.agentweb.download.DownloadNotifier;->onDownloadFinished
com.allenliu.versionchecklib.b.b;->a

APP创建Intent传递数据到其他Activity,如果创建的Activity不是在同一个Task中打开,就很可能被其他的Activity劫持读取到Intent内容,跨Task的Activity通过Intent传递敏感信息是不安全的。建议:
尽量避免使用包含FLAG_ACTIVITY_NEW_TASK标志的Intent来传递敏感信息。

参考资料:
http://wolfeye.baidu.com/blog/intent-data-leak

警告

检测到1个导出的组件接收其他app的消息,这些组件会被其他app引用并导致dos攻击。

service com.allenliu.versionchecklib.core.MyService

建议:
(1)最小化组件暴露。对不会参与跨应用调用的组件建议显示添加android:exported="false"属性。
(2)设置组件访问权限。对provider设置权限,同时将权限的protectionLevel设置为"signature"或"signatureOrSystem"。
(3)组件传输数据验证。对组件之间,特别是跨应用的组件之间的数据传入与返回做验证和增加异常处理,防止恶意调试数据传入,更要防止敏感数据返回。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0169746
http://www.wooyun.org/bugs/wooyun-2010-0104965

参考资料:
http://jaq.alibaba.com/blog.htm?spm=0.0.0.0.Wz4OeC&id=55
《Android安全技术解密与防范》

警告

检测1处組件設置了android.intent.category.BROWSABLE属性。
com.mob.tools.MobUIShell


在AndroidManifest文件中定义了android.intent.category.BROWSABLE属性的组件,可以通过浏览器唤起,这会导致远程命令执行漏洞攻击。建议:
(1)APP中任何接收外部输入数据的地方都是潜在的攻击点,过滤检查来自网页的参数。
(2)不要通过网页传输敏感信息,有的网站为了引导已经登录的用户到APP上使用,会使用脚本动态的生成URL Scheme的参数,其中包括了用户名、密码或者登录态token等敏感信息,让用户打开APP直接就登录了。恶意应用也可以注册相同的URL Sechme来截取这些敏感信息。Android系统会让用户选择使用哪个应用打开链接,但是如果用户不注意,就会使用恶意应用打开,导致敏感信息泄露或者其他风险。

參考案例:
http://www.wooyun.org/bugs/wooyun-2014-073875
http://www.wooyun.org/bugs/wooyun-2014-067798

参考资料:
http://wolfeye.baidu.com/blog/intent-scheme-url/
http://www.jssec.org/dl/android_securecoding_en.pdf
http://drops.wooyun.org/mobile/15202
http://blog.csdn.net/l173864930/article/details/36951805
http://drops.wooyun.org/papers/2893

警告

检测到9潜在的XSS漏洞。

位置: classes.dex
com.baidu.android.pushservice.richmedia.MediaViewActivity;->onCreate(Landroid.os.Bundle;)V
com.baidu.mobstat.StatService;->a(Landroid.content.Context; Landroid.webkit.WebView; Landroid.webkit.WebViewClient; Landroid.webkit.WebChromeClient; Z)V
cn.sharesdk.tencent.qq.f;->a()Lcn.sharesdk.framework.authorize.RegisterView;
cn.sharesdk.tencent.qzone.d;->a()Lcn.sharesdk.framework.authorize.RegisterView;
com.just.agentweb.AbsAgentWebSettings;->settings(Landroid.webkit.WebView;)V
cn.sharesdk.framework.authorize.e;->b()Lcn.sharesdk.framework.authorize.RegisterView;
com.thbt.rst.RSTSubview.RSTWebView;->f()V
com.thbt.rst.subview.NewsDetail;->f()V
com.thbt.rst.subview.RSTWebView;->g()V

允许WebView执行JavaScript(setJavaScriptEnabled),有可能导致XSS攻击。建议尽量避免使用。
(1)API等于高高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
u(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis

警告

检测到10处IvParameterSpec的使用。

位置: classes.dex
com.baidu.android.bbalbs.common.a.a;->a(Ljava.lang.String; Ljava.lang.String; [B)[B
com.baidu.android.bbalbs.common.a.a;->b(Ljava.lang.String; Ljava.lang.String; [B)[B
com.baidu.android.pushservice.PushMessageReceiver;->decryptXmOrigMsg(Landroid.content.Context; Lcom.xiaomi.xmpush.thrift.h;)Ljava.lang.Object;
com.baidu.android.pushservice.i.a;->a(Ljava.lang.String; Ljava.lang.String; [B)[B
com.baidu.android.pushservice.i.a;->b(Ljava.lang.String; Ljava.lang.String; [B)[B
com.baidu.mobstat.a;->a(Ljava.lang.String; Ljava.lang.String; [B)[B
com.baidu.mobstat.a;->b(Ljava.lang.String; Ljava.lang.String; [B)[B
com.baidu.mobstat.bt$a;->a([B [B [B)[B
com.blankj.utilcode.util.EncryptUtils;->symmetricTemplate([B [B Ljava.lang.String; Ljava.lang.String; [B Z)[B
com.itrus.raapi.implement.b;->a([B [B [B)[B

使用IVParameterSpec函数,如果使用了固定的初始化向量,那么密码文本可预测性高得多,容易受到字典攻击等。建议禁止使用常量初始化矢量构造IVParameterSpec,使用聚安全提供的安全组件。

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

警告

检测到3处provider的grantUriPermissions设置为true。
com.allenliu.versionchecklib.core.VersionFileProvider
android.support.v4.content.FileProvider4Util
com.just.agentweb.AgentWebFileProvider


grant-uri-permission若设置为true,可被其它程序员通过uri访问到content provider的内容,容易造成信息泄露。

参考资料:
https://security.tencent.com/index.php/blog/msg/6

警告

检测到4处使用空Intent构造PendingIntent。

位置: classes.dex
com.baidu.android.pushservice.h.t;->a(Landroid.content.Context; Lcom.baidu.android.pushservice.message.k; [B)V
com.baidu.android.pushservice.PushServiceReceiver$a;->a(Lcom.baidu.android.pushservice.richmedia.a; Lcom.baidu.android.pushservice.richmedia.b;)V
com.just.agentweb.download.DownloadNotifier;->initBuilder(Lcom.just.agentweb.download.DownloadTask;)V
com.baidu.android.pushservice.richmedia.MediaListActivity$4;->a(Lcom.baidu.android.pushservice.richmedia.a; Lcom.baidu.android.pushservice.richmedia.b;)V

使用pendingIntent时候,如果使用了一个空Intent,会导致恶意用户劫持Intent的内容。禁止使用空intent去构造pendingIntent。建议:
禁止使用空intent去构造pendingIntent。

参考资料:
http://wolfeye.baidu.com/blog/pendingintent-leak-information
http://bbs.mob.com/thread-5249-1-1.html

警告

这个app应该声明permission的"android:protectionLevel"属性值为"signature"或者"signatureOrSystem",保证其他app无法注册或者从这个app接收消息。有安全隐患的permission如下:
baidu.push.permission.WRITE_PUSHINFOPROVIDER.com.thbt.rst normal

警告

检测到21处使用了加解密算法。密钥处理不当可能会导致信息泄露。

位置: classes.dex
com.mob.tools.utils.b;->a([B [B)[B
com.mob.tools.utils.b;->a(Ljava.lang.String; Ljava.lang.String;)[B
com.baidu.android.bbalbs.common.a.a;->a(Ljava.lang.String; Ljava.lang.String; [B)[B
com.baidu.android.pushservice.PushMessageReceiver;->decryptXmOrigMsg(Landroid.content.Context; Lcom.xiaomi.xmpush.thrift.h;)Ljava.lang.Object;
com.blankj.utilcode.util.EncryptUtils;->symmetricTemplate([B [B Ljava.lang.String; Ljava.lang.String; [B Z)[B
com.baidu.mobstat.a;->a(Ljava.lang.String; Ljava.lang.String; [B)[B
com.baidu.mobstat.bt$a;->a([B [B [B)[B
com.baidu.mobstat.bt$b;->b(I [B)[B
com.baidu.android.pushservice.i.a;->a(Ljava.lang.String; Ljava.lang.String; [B)[B
com.blankj.utilcode.util.EncryptUtils;->hmacTemplate([B [B Ljava.lang.String;)[B
a.a.a.a.i.a.j;->g([B I)Ljava.security.Key;
com.mob.tools.utils.b;->b([B [B)[B
com.baidu.android.pushservice.i.a;->b(Ljava.lang.String; Ljava.lang.String; [B)[B
com.thbt.rst.util.d;->b(Ljava.lang.String;)Ljava.lang.String;
com.baidu.mobstat.a;->b(Ljava.lang.String; Ljava.lang.String; [B)[B
a.a.a.a.i.a.j;->b([B [B)[B
com.itrus.raapi.implement.b;->a([B [B [B)[B
com.baidu.android.bbalbs.common.a.a;->b(Ljava.lang.String; Ljava.lang.String; [B)[B
com.thbt.rst.util.d;->a(Ljava.lang.String;)Ljava.lang.String;
cn.sharesdk.framework.utils.a;->a(Ljava.lang.String; Ljava.lang.String; Ljava.util.ArrayList; Lcn.sharesdk.framework.utils.a$a;)Ljava.util.ArrayList;
com.baidu.mobstat.bt$b;->a(I [B)[B

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0105766
http://www.wooyun.org/bugs/wooyun-2015-0162907
http://www.wooyun.org/bugs/wooyun-2010-0187287

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html


动态扫描发现风险点

风险等级 风险名称

服务端分析

风险等级 风险名称

警告

检测到?处XSS漏洞。
开发中...

警告

检测到?处XSS跨站漏洞。
开发中...

应用证书