0

高危漏洞

0

中危漏洞

0

低危漏洞

5

警告

文件名 822A3C0B41471B9708B959CB39925193.apk?mkey=5e461cd973c6c455&f=8eb5&fsname=com.sscf.investment_3.2.1_2020012016.apk&csr=1bbd&cip=115.198.226.160&proto=https
上传者 JoshZhang
文件大小 33.122406959534MB
MD5 822a3c0b41471b9708b959cb39925193
包名 com.sscf.investment
Main Activity com.sscf.investment.main.SplashActivity
Min SDK 21
Target SDK 26

权限列表

# 名称 说明 提示
0 android.permission.CALL_PHONE 允许应用程序在您不介入的情况下拨打电话。恶意应用程序可借此在您的话费单上产生意外通话费。请注意,此权限不允许应用程序拨打紧急呼救电话。 警告
1 android.permission.READ_SMS 允许应用程序读取您的手机或SIM卡中存储的短信。恶意应用程序可借此读取您的机密信息。 警告
2 android.permission.SEND_SMS 允许应用程序发送短信。恶意应用程序可能会不经您的确认就发送信息,给您带来费用。 警告
3 android.permission.ACCESS_COARSE_LOCATION 访问大概的位置源(例如蜂窝网络数据库)以确定手机的大概位置(如果可以)。恶意应用程序可借此确定您所处的大概位置。 注意
4 android.permission.ACCESS_FINE_LOCATION 访问精准的位置源,例如手机上的全球定位系统(如果有)。恶意应用程序可能会借此确定您所处的位置,并可能消耗额外的电池电量。 注意
5 android.permission.ACCESS_LOCATION_EXTRA_COMMANDS 访问额外的位置信息提供程序命令。恶意应用程序可借此干扰GPS或其他位置源的正常工作。 注意
6 android.permission.BLUETOOTH 允许应用程序查看本地蓝牙手机的配置,以及建立或接受与配对设备的连接。 注意
7 android.permission.GET_TASKS 允许应用程序检索有关当前和最近运行的任务的信息。恶意应用程序可借此发现有关其他应用程序的保密信息。 注意
8 android.permission.READ_PHONE_STATE 允许应用程序访问设备的手机功能。有此权限的应用程序可确定此手机的号码和序列号,是否正在通话,以及对方的号码等。 注意
9 android.permission.RECEIVE_BOOT_COMPLETED 允许应用程序在系统完成启动后即自行启动。这样会延长手机的启动时间,而且如果应用程序一直运行,会降低手机的整体速度。 注意
10 android.permission.RECORD_AUDIO 允许应用程序访问录音路径。 注意
11 android.permission.SYSTEM_ALERT_WINDOW 允许应用程序显示系统警报窗口。恶意应用程序可借此掌控整个手机屏幕。 注意
12 android.permission.WRITE_SETTINGS 允许应用程序修改系统设置方面的数据。恶意应用程序可借此破坏您的系统配置。 注意
13 android.permission.ACCESS_NETWORK_STATE 允许应用程序查看所有网络的状态。 提示
14 android.permission.ACCESS_WIFI_STATE 允许应用程序查看有关WLAN状态的信息。 提示
15 android.permission.BLUETOOTH_ADMIN 允许应用程序配置本地蓝牙手机,以及发现远程设备并与其配对。 提示
16 android.permission.CAMERA 允许应用程序使用相机拍照,这样应用程序可随时收集进入相机镜头的图像。 提示
17 android.permission.CHANGE_NETWORK_STATE 允许应用程序更改网络连接的状态。 提示
18 android.permission.CHANGE_WIFI_STATE 允许应用程序连接到WLAN接入点以及与WLAN接入点断开连接,并对配置的WLAN网络进行更改。 提示
19 android.permission.DISABLE_KEYGUARD 允许应用程序停用键锁和任何关联的密码安全设置。例如,在手机上接听电话时停用键锁,在通话结束后重新启用键锁。 提示
20 android.permission.FLASHLIGHT 允许应用程序控制闪光灯。 提示
21 android.permission.INTERNET 允许程序访问网络. 提示
22 android.permission.MODIFY_AUDIO_SETTINGS 允许应用程序修改整个系统的音频设置,如音量和路由。 提示
23 android.permission.MOUNT_UNMOUNT_FILESYSTEMS 允许应用程序装载和卸载可移动存储器的文件系统。 提示
24 android.permission.READ_LOGS 允许应用程序从系统的各日志文件中读取信息。这样应用程序可以发现您的手机使用情况,但这些信息不应包含任何个人信息或保密信息。 提示
25 android.permission.RESTART_PACKAGES 允许程序自己重启或重启其他程序 提示
26 android.permission.VIBRATE 允许应用程序控制振动器。 提示
27 android.permission.WAKE_LOCK 允许应用程序防止手机进入休眠状态。 提示
28 android.permission.WAKE_LOCK 允许应用程序防止手机进入休眠状态。 提示
29 android.permission.WRITE_EXTERNAL_STORAGE 允许应用程序写入SD卡。 提示

四大组件

组件名称

com.sscf.investment.main.SplashActivity
com.sscf.investment.main.MainActivity
com.sscf.investment.detail.SecurityDetailActivity
com.sscf.investment.readingplate.LimitUpMovementActivity
com.sscf.investment.readingplate.LimitUpSettingActivity
com.sscf.investment.readingplate.LimitUpActivity
com.sscf.investment.detail.MultiPeriodStockActivity
com.sscf.investment.detail.ExclusiveConsultantActivity
com.sscf.investment.detail.CommentListActivity
com.sscf.investment.detail.ForeignMovementActivity
com.sscf.investment.detail.PlateRiseActivity
com.sscf.investment.limitup.LimitUpMainActivity
com.sscf.investment.limitup.LimitUpStockListActivity
com.sscf.investment.limitup.LimitUpIntroduceActivity
com.sscf.investment.detail.CommentEditActivity
com.sscf.investment.detail.MemoEditActivity
com.sscf.investment.portfolio.PortfolioGroupManagerActivity
com.sscf.investment.portfolio.PortfolioStockEditActivity
com.sscf.investment.portfolio.PortfolioGroupEditActivity
com.sscf.investment.portfolio.PortfolioRemindActivity
com.sscf.investment.portfolio.PortfolioInfomationActivity
com.sscf.investment.stare.PriceAlertActivity
com.sscf.investment.detail.LineChartActivity
com.sscf.investment.detail.ArticleListActivity
com.sscf.investment.market.StockListInPlateActivity
com.sscf.investment.market.PlateRankActivity
com.sscf.investment.market.StockUpDownListActivity
com.sscf.investment.market.StockTurnoverRateListActivity
com.sscf.investment.market.CapitalFlowStockListActivity
com.sscf.investment.market.IndexFuturesListActivity
com.sscf.investment.market.CapitalFlowStockListInPlateActivity
com.sscf.investment.market.CapitalFlowActivity
com.sscf.investment.market.AHPremiumStockListActivity
com.sscf.investment.setting.login.LoginActivity
com.sscf.investment.setting.login.onekey.OneKeyLoginLoadActivity
com.sscf.investment.setting.UserInfoActivity
com.sscf.investment.setting.login.RegisterAccountActivity
com.sscf.investment.setting.ThirdPartyBindingActivity
com.sscf.investment.setting.ProfileEditActivity
com.sscf.investment.setting.SettingActivity
com.sscf.investment.setting.SettingQKZFActivity
com.sscf.investment.level2.DealDetailAndRestoreActivity
com.sscf.investment.level2.AllBuySellPositionActivity
com.sscf.investment.level2.ThousandQuoteActivity
com.sscf.investment.setting.SettingRefreshFrequencyActivity
com.sscf.investment.setting.BonusPointsActivity
com.sscf.investment.setting.OpenPrivilegeActivity
com.sscf.investment.setting.AboutActivity
com.sscf.investment.setting.SettingKLineActivity
com.sscf.investment.setting.AddCandicatorActivity
com.sscf.investment.setting.SettingSelectListActivity
com.sscf.investment.setting.SettingMAActivity
com.sscf.investment.setting.SettingAmountActivity
com.sscf.investment.setting.SettingCapitalFlowActivity
com.sscf.investment.setting.SettingCapitalVolActivity
com.sscf.investment.setting.SettingBBDActivity
com.sscf.investment.setting.SettingRetailActivity
com.sscf.investment.setting.SettingMACDActivity
com.sscf.investment.information.VideoPlayerActivity
com.sscf.investment.setting.SettingKDJActivity
com.sscf.investment.setting.SettingRSIActivity
com.sscf.investment.setting.SettingBOLLActivity
com.sscf.investment.setting.SettingDMIActivity
com.sscf.investment.setting.SettingCCIActivity
com.sscf.investment.setting.SettingBBIActivity
com.sscf.investment.setting.SettingMIKEActivity
com.sscf.investment.setting.SettingATRActivity
com.sscf.investment.setting.SettingVOSCActivity
com.sscf.investment.setting.SettingTotalVolumeActivity
com.sscf.investment.setting.SettingCapitalGameActivity
com.sscf.investment.setting.SettingENEActivity
com.sscf.investment.setting.SettingVRActivity
com.sscf.investment.setting.SettingDMAActivity
com.sscf.investment.setting.SettingOBVActivity
com.sscf.investment.setting.SettingRealTurnActivity
com.sscf.investment.setting.SettingBIASActivity
com.sscf.investment.setting.SettingDDXActivity
com.sscf.investment.setting.SettingDDEActivity
com.sscf.investment.setting.SettingDDZActivity
com.sscf.investment.setting.SettingMagicNineActivity
com.sscf.investment.setting.SettingEXPMAActivity
com.sscf.investment.setting.SettingWRActivity
com.sscf.investment.setting.SettingMessageActivity
com.sscf.investment.setting.SettingLiveActivity
com.sscf.investment.setting.SettingShakeActivity
com.sscf.investment.setting.SwitchNightModeMaskActivity
com.sscf.investment.setting.ModifyNicknameActivity
com.sscf.investment.setting.login.password.PasswordActivity
com.sscf.investment.setting.login.VerifySmsCodeActivity
com.sscf.investment.setting.ModifyCellphone1VerifyPasswordActivity
com.sscf.investment.setting.favor.FavorActivity
com.sscf.investment.setting.DeveloperSettingsActivity
com.sscf.investment.scan.ScanLoginActivity
com.sscf.investment.scan.ScanLoginActivity2
com.sscf.investment.scan.ScanStringResultActivity
com.sscf.investment.message.MessageCenterActivity
com.sscf.investment.message.MessageDetailListActivity
com.sscf.investment.social.FriendsActivity
com.sscf.investment.social.InvestmentAdviserListActivity
com.sscf.investment.social.HomepageActivity
com.sscf.investment.social.FeedListActivity
com.sscf.investment.market.RankDetailActivity
com.sscf.investment.market.PlateSpecialIndexActivity
com.sscf.investment.searchnew.SearchActivity
com.sscf.investment.searchnew.SearchPickerActivity
com.sscf.investment.privilege.ExchangePrivilegeActivity
com.sscf.investment.privilege.CommitInviteCodeActivity
com.tencent.smtt.sdk.VideoActivity
com.sscf.investment.adviser.AdviserDetailsActivity
com.umeng.qq.tencent.AuthActivity
com.sscf.investment.scan.OcrResultActivity
com.sscf.investment.scan.ImportGalleryActivity
com.sscf.investment.discover.DiscoverActivity
com.sscf.investment.information.innerActivity.HotTopicsActivity
com.sscf.investment.setting.UserActivity
com.sscf.investment.singin.SignInActivity
com.sscf.investment.push.lockscreen.LockScreenPushActivity
com.sscf.investment.stockcompetition.StockCompetitionWebActivity
com.sscf.investment.level2.MainForceMonitorActivity
com.sscf.investment.level2.BuyAndSellQueueActivity
com.sscf.investment.capture.CaptureActivity
com.sscf.investment.portfolio.OptionalCapitalDetailActivity
com.sscf.investment.portfolio.IntelligentEarlyWarningSwitchActivity
com.sscf.investment.setting.feedback.FeedbackActivity
com.sscf.investment.setting.feedback.FeedbackRecordActivity
com.sscf.investment.chat.NewIntelligentAnswerWebActivity
com.sscf.investment.setting.market.MarketSettingActivity
com.sscf.investment.market.TopAndBottomRadarActivity
com.sscf.investment.limitup.LimitUpDetailActivity
com.sscf.investment.limitup.LimitUpTreasureActivity
com.sscf.investment.setting.LimitUpQuestionActivity
com.sscf.investment.limitup.LimitUpAnalyzeItemDetailActivity
com.sscf.investment.winnerslist.WinnersListActivity
com.sscf.investment.winnerslist.WinnersListDetailActivity
com.sscf.investment.winnerslist.BusinessDetailActivity
com.sscf.investment.winnerslist.HotMoneyDetailActivity
com.sscf.investment.shortwizard.view.activity.ShortWizardConfigActivity
com.sscf.investment.shortwizard.view.activity.ShortWizardActivity
com.sscf.investment.media.LandScapeVideoPlayerActivity
com.sscf.investment.media.SmallVideoPlayerActivity
com.sscf.investment.market.MarketSHLondonConnectActivity
com.sscf.investment.push.MessageHandlerActivity
com.sscf.investment.push.getui.GeTuiPushActivity
com.sdk.mobile.manager.login.cucc.OauthActivity
com.cmic.sso.sdk.activity.LoginAuthActivity
com.chuanglan.shanyan_sdk.view.ShanYanOneKeyActivity
com.chuanglan.shanyan_sdk.view.CTCCPrivacyProtocolActivity
com.sscf.investment.loader.a.Activity0_singleTask1
com.sscf.investment.loader.a.Activity0_singleInstance1
com.sscf.investment.loader.a.Activity0_task
com.sscf.investment.loader.a.Activity0_fullscreen
com.sscf.investment.loader.a.Activity0_translucent
com.sscf.investment.loader.a.Activity0_translucent_fullscreen
com.sscf.investment.loader.a.Activity0_dialog
com.sscf.investment.loader.a.Activity0
com.sscf.investment.loader.a.Activity1_singleTask1
com.sscf.investment.loader.a.Activity1_singleInstance1
com.sscf.investment.loader.a.Activity1_task
com.sscf.investment.loader.a.Activity1_fullscreen
com.sscf.investment.loader.a.Activity1_translucent
com.sscf.investment.loader.a.Activity1_translucent_fullscreen
com.sscf.investment.loader.a.Activity1_dialog
com.sscf.investment.loader.a.Activity1
com.alipay.sdk.app.H5PayActivity
com.alipay.sdk.app.H5AuthActivity
com.alipay.sdk.app.PayResultActivity
com.alipay.sdk.app.AlipayResultActivity
com.sscf.investment.web.sdk.widget.WebActivity
com.sscf.investment.web.sdk.widget.CommonWebActivity
com.sscf.investment.web.sdk.widget.TradeWebActivity
com.sscf.investment.web.sdk.widget.TeacherYanArticleWebActivity
com.sscf.investment.web.sdk.widget.FullScreenWebActivity
com.sscf.investment.web.sdk.widget.ContentWebActivity
com.sscf.investment.web.sdk.widget.ThirdPartyNewsWebActivity
com.sscf.investment.web.sdk.widget.CommonUnTransparentWebActivity
com.sscf.investment.web.sdk.widget.IntelligentAnswerWebActivity
com.sscf.investment.web.sdk.widget.LiveMsgActivity
com.sscf.investment.web.sdk.photoviewer.ImagePagerActivity
com.umeng.qq.tencent.AssistActivity
com.umeng.socialize.media.WBShareCallBackActivity
com.sina.weibo.sdk.web.WeiboSdkWebActivity
com.sscf.investment.wxapi.WXEntryActivity
com.sscf.investment.wxapi.WXPayEntryActivity
com.sina.weibo.sdk.share.WbShareTransActivity
com.sscf.investment.component.ui.matisse.ui.MatisseActivity
com.sscf.investment.component.ui.matisse.internal.ui.AlbumPreviewActivity
com.sscf.investment.component.ui.matisse.internal.ui.SelectedPreviewActivity
com.igexin.sdk.PushActivity
com.igexin.sdk.GActivity
com.huawei.android.hms.agent.common.HMSAgentActivity
com.huawei.hms.activity.BridgeActivity
com.sscf.investment.pdf.PdfViewerActivity
com.alipay.sdk.auth.AuthActivity
com.sscf.investment.loader.a.ActivityN1NRTS0
com.sscf.investment.loader.a.ActivityN1NRTS1
com.sscf.investment.loader.a.ActivityN1STPTS0
com.sscf.investment.loader.a.ActivityN1STPTS1
com.sscf.investment.loader.a.ActivityN1STTS0
com.sscf.investment.loader.a.ActivityN1STTS1
com.sscf.investment.loader.a.ActivityN1SITS0
com.sscf.investment.loader.a.ActivityN1SITS1
com.sscf.investment.loader.a.ActivityN1SITS2
com.sscf.investment.loader.a.ActivityN1NRNTS0
com.sscf.investment.loader.a.ActivityN1NRNTS1
com.sscf.investment.loader.a.ActivityN1NRNTS2
com.sscf.investment.loader.a.ActivityN1NRNTS3
com.sscf.investment.loader.a.ActivityN1NRNTS4
com.sscf.investment.loader.a.ActivityN1NRNTS5
com.sscf.investment.loader.a.ActivityN1STPNTS0
com.sscf.investment.loader.a.ActivityN1STPNTS1
com.sscf.investment.loader.a.ActivityN1STNTS0
com.sscf.investment.loader.a.ActivityN1STNTS1
com.sscf.investment.loader.a.ActivityN1STNTS2
com.sscf.investment.loader.a.ActivityN1SINTS0
com.sscf.investment.loader.a.ActivityN1SINTS1
com.sscf.investment.loader.a.ActivityN1TA0NRTS0
com.sscf.investment.loader.a.ActivityN1TA0NRTS1
com.sscf.investment.loader.a.ActivityN1TA0STPTS0
com.sscf.investment.loader.a.ActivityN1TA0STPTS1
com.sscf.investment.loader.a.ActivityN1TA0STTS0
com.sscf.investment.loader.a.ActivityN1TA0STTS1
com.sscf.investment.loader.a.ActivityN1TA0NRNTS0
com.sscf.investment.loader.a.ActivityN1TA0NRNTS1
com.sscf.investment.loader.a.ActivityN1TA0NRNTS2
com.sscf.investment.loader.a.ActivityN1TA0NRNTS3
com.sscf.investment.loader.a.ActivityN1TA0NRNTS4
com.sscf.investment.loader.a.ActivityN1TA0NRNTS5
com.sscf.investment.loader.a.ActivityN1TA0STPNTS0
com.sscf.investment.loader.a.ActivityN1TA0STPNTS1
com.sscf.investment.loader.a.ActivityN1TA0STNTS0
com.sscf.investment.loader.a.ActivityN1TA0STNTS1
com.sscf.investment.loader.a.ActivityN1TA0STNTS2
com.sscf.investment.loader.a.ActivityN1TA1NRTS0
com.sscf.investment.loader.a.ActivityN1TA1NRTS1
com.sscf.investment.loader.a.ActivityN1TA1STPTS0
com.sscf.investment.loader.a.ActivityN1TA1STPTS1
com.sscf.investment.loader.a.ActivityN1TA1STTS0
com.sscf.investment.loader.a.ActivityN1TA1STTS1
com.sscf.investment.loader.a.ActivityN1TA1NRNTS0
com.sscf.investment.loader.a.ActivityN1TA1NRNTS1
com.sscf.investment.loader.a.ActivityN1TA1NRNTS2
com.sscf.investment.loader.a.ActivityN1TA1NRNTS3
com.sscf.investment.loader.a.ActivityN1TA1NRNTS4
com.sscf.investment.loader.a.ActivityN1TA1NRNTS5
com.sscf.investment.loader.a.ActivityN1TA1STPNTS0
com.sscf.investment.loader.a.ActivityN1TA1STPNTS1
com.sscf.investment.loader.a.ActivityN1TA1STNTS0
com.sscf.investment.loader.a.ActivityN1TA1STNTS1
com.sscf.investment.loader.a.ActivityN1TA1STNTS2
com.sscf.investment.loader.a.ActivityP0NRTS0
com.sscf.investment.loader.a.ActivityP0NRTS1
com.sscf.investment.loader.a.ActivityP0STPTS0
com.sscf.investment.loader.a.ActivityP0STPTS1
com.sscf.investment.loader.a.ActivityP0STTS0
com.sscf.investment.loader.a.ActivityP0STTS1
com.sscf.investment.loader.a.ActivityP0SITS0
com.sscf.investment.loader.a.ActivityP0SITS1
com.sscf.investment.loader.a.ActivityP0SITS2
com.sscf.investment.loader.a.ActivityP0NRNTS0
com.sscf.investment.loader.a.ActivityP0NRNTS1
com.sscf.investment.loader.a.ActivityP0NRNTS2
com.sscf.investment.loader.a.ActivityP0NRNTS3
com.sscf.investment.loader.a.ActivityP0NRNTS4
com.sscf.investment.loader.a.ActivityP0NRNTS5
com.sscf.investment.loader.a.ActivityP0STPNTS0
com.sscf.investment.loader.a.ActivityP0STPNTS1
com.sscf.investment.loader.a.ActivityP0STNTS0
com.sscf.investment.loader.a.ActivityP0STNTS1
com.sscf.investment.loader.a.ActivityP0STNTS2
com.sscf.investment.loader.a.ActivityP0SINTS0
com.sscf.investment.loader.a.ActivityP0SINTS1
com.sscf.investment.loader.a.ActivityP0TA0NRTS0
com.sscf.investment.loader.a.ActivityP0TA0NRTS1
com.sscf.investment.loader.a.ActivityP0TA0STPTS0
com.sscf.investment.loader.a.ActivityP0TA0STPTS1
com.sscf.investment.loader.a.ActivityP0TA0STTS0
com.sscf.investment.loader.a.ActivityP0TA0STTS1
com.sscf.investment.loader.a.ActivityP0TA0NRNTS0
com.sscf.investment.loader.a.ActivityP0TA0NRNTS1
com.sscf.investment.loader.a.ActivityP0TA0NRNTS2
com.sscf.investment.loader.a.ActivityP0TA0NRNTS3
com.sscf.investment.loader.a.ActivityP0TA0NRNTS4
com.sscf.investment.loader.a.ActivityP0TA0NRNTS5
com.sscf.investment.loader.a.ActivityP0TA0STPNTS0
com.sscf.investment.loader.a.ActivityP0TA0STPNTS1
com.sscf.investment.loader.a.ActivityP0TA0STNTS0
com.sscf.investment.loader.a.ActivityP0TA0STNTS1
com.sscf.investment.loader.a.ActivityP0TA0STNTS2
com.sscf.investment.loader.a.ActivityP0TA1NRTS0
com.sscf.investment.loader.a.ActivityP0TA1NRTS1
com.sscf.investment.loader.a.ActivityP0TA1STPTS0
com.sscf.investment.loader.a.ActivityP0TA1STPTS1
com.sscf.investment.loader.a.ActivityP0TA1STTS0
com.sscf.investment.loader.a.ActivityP0TA1STTS1
com.sscf.investment.loader.a.ActivityP0TA1NRNTS0
com.sscf.investment.loader.a.ActivityP0TA1NRNTS1
com.sscf.investment.loader.a.ActivityP0TA1NRNTS2
com.sscf.investment.loader.a.ActivityP0TA1NRNTS3
com.sscf.investment.loader.a.ActivityP0TA1NRNTS4
com.sscf.investment.loader.a.ActivityP0TA1NRNTS5
com.sscf.investment.loader.a.ActivityP0TA1STPNTS0
com.sscf.investment.loader.a.ActivityP0TA1STPNTS1
com.sscf.investment.loader.a.ActivityP0TA1STNTS0
com.sscf.investment.loader.a.ActivityP0TA1STNTS1
com.sscf.investment.loader.a.ActivityP0TA1STNTS2
com.sscf.investment.loader.a.ActivityP1NRTS0
com.sscf.investment.loader.a.ActivityP1NRTS1
com.sscf.investment.loader.a.ActivityP1STPTS0
com.sscf.investment.loader.a.ActivityP1STPTS1
com.sscf.investment.loader.a.ActivityP1STTS0
com.sscf.investment.loader.a.ActivityP1STTS1
com.sscf.investment.loader.a.ActivityP1SITS0
com.sscf.investment.loader.a.ActivityP1SITS1
com.sscf.investment.loader.a.ActivityP1SITS2
com.sscf.investment.loader.a.ActivityP1NRNTS0
com.sscf.investment.loader.a.ActivityP1NRNTS1
com.sscf.investment.loader.a.ActivityP1NRNTS2
com.sscf.investment.loader.a.ActivityP1NRNTS3
com.sscf.investment.loader.a.ActivityP1NRNTS4
com.sscf.investment.loader.a.ActivityP1NRNTS5
com.sscf.investment.loader.a.ActivityP1STPNTS0
com.sscf.investment.loader.a.ActivityP1STPNTS1
com.sscf.investment.loader.a.ActivityP1STNTS0
com.sscf.investment.loader.a.ActivityP1STNTS1
com.sscf.investment.loader.a.ActivityP1STNTS2
com.sscf.investment.loader.a.ActivityP1SINTS0
com.sscf.investment.loader.a.ActivityP1SINTS1
com.sscf.investment.loader.a.ActivityP1TA0NRTS0
com.sscf.investment.loader.a.ActivityP1TA0NRTS1
com.sscf.investment.loader.a.ActivityP1TA0STPTS0
com.sscf.investment.loader.a.ActivityP1TA0STPTS1
com.sscf.investment.loader.a.ActivityP1TA0STTS0
com.sscf.investment.loader.a.ActivityP1TA0STTS1
com.sscf.investment.loader.a.ActivityP1TA0NRNTS0
com.sscf.investment.loader.a.ActivityP1TA0NRNTS1
com.sscf.investment.loader.a.ActivityP1TA0NRNTS2
com.sscf.investment.loader.a.ActivityP1TA0NRNTS3
com.sscf.investment.loader.a.ActivityP1TA0NRNTS4
com.sscf.investment.loader.a.ActivityP1TA0NRNTS5
com.sscf.investment.loader.a.ActivityP1TA0STPNTS0
com.sscf.investment.loader.a.ActivityP1TA0STPNTS1
com.sscf.investment.loader.a.ActivityP1TA0STNTS0
com.sscf.investment.loader.a.ActivityP1TA0STNTS1
com.sscf.investment.loader.a.ActivityP1TA0STNTS2
com.sscf.investment.loader.a.ActivityP1TA1NRTS0
com.sscf.investment.loader.a.ActivityP1TA1NRTS1
com.sscf.investment.loader.a.ActivityP1TA1STPTS0
com.sscf.investment.loader.a.ActivityP1TA1STPTS1
com.sscf.investment.loader.a.ActivityP1TA1STTS0
com.sscf.investment.loader.a.ActivityP1TA1STTS1
com.sscf.investment.loader.a.ActivityP1TA1NRNTS0
com.sscf.investment.loader.a.ActivityP1TA1NRNTS1
com.sscf.investment.loader.a.ActivityP1TA1NRNTS2
com.sscf.investment.loader.a.ActivityP1TA1NRNTS3
com.sscf.investment.loader.a.ActivityP1TA1NRNTS4
com.sscf.investment.loader.a.ActivityP1TA1NRNTS5
com.sscf.investment.loader.a.ActivityP1TA1STPNTS0
com.sscf.investment.loader.a.ActivityP1TA1STPNTS1
com.sscf.investment.loader.a.ActivityP1TA1STNTS0
com.sscf.investment.loader.a.ActivityP1TA1STNTS1
com.sscf.investment.loader.a.ActivityP1TA1STNTS2
com.sscf.investment.loader.a.ActivityP2NRTS0
com.sscf.investment.loader.a.ActivityP2NRTS1
com.sscf.investment.loader.a.ActivityP2STPTS0
com.sscf.investment.loader.a.ActivityP2STPTS1
com.sscf.investment.loader.a.ActivityP2STTS0
com.sscf.investment.loader.a.ActivityP2STTS1
com.sscf.investment.loader.a.ActivityP2SITS0
com.sscf.investment.loader.a.ActivityP2SITS1
com.sscf.investment.loader.a.ActivityP2SITS2
com.sscf.investment.loader.a.ActivityP2NRNTS0
com.sscf.investment.loader.a.ActivityP2NRNTS1
com.sscf.investment.loader.a.ActivityP2NRNTS2
com.sscf.investment.loader.a.ActivityP2NRNTS3
com.sscf.investment.loader.a.ActivityP2NRNTS4
com.sscf.investment.loader.a.ActivityP2NRNTS5
com.sscf.investment.loader.a.ActivityP2STPNTS0
com.sscf.investment.loader.a.ActivityP2STPNTS1
com.sscf.investment.loader.a.ActivityP2STNTS0
com.sscf.investment.loader.a.ActivityP2STNTS1
com.sscf.investment.loader.a.ActivityP2STNTS2
com.sscf.investment.loader.a.ActivityP2SINTS0
com.sscf.investment.loader.a.ActivityP2SINTS1
com.sscf.investment.loader.a.ActivityP2TA0NRTS0
com.sscf.investment.loader.a.ActivityP2TA0NRTS1
com.sscf.investment.loader.a.ActivityP2TA0STPTS0
com.sscf.investment.loader.a.ActivityP2TA0STPTS1
com.sscf.investment.loader.a.ActivityP2TA0STTS0
com.sscf.investment.loader.a.ActivityP2TA0STTS1
com.sscf.investment.loader.a.ActivityP2TA0NRNTS0
com.sscf.investment.loader.a.ActivityP2TA0NRNTS1
com.sscf.investment.loader.a.ActivityP2TA0NRNTS2
com.sscf.investment.loader.a.ActivityP2TA0NRNTS3
com.sscf.investment.loader.a.ActivityP2TA0NRNTS4
com.sscf.investment.loader.a.ActivityP2TA0NRNTS5
com.sscf.investment.loader.a.ActivityP2TA0STPNTS0
com.sscf.investment.loader.a.ActivityP2TA0STPNTS1
com.sscf.investment.loader.a.ActivityP2TA0STNTS0
com.sscf.investment.loader.a.ActivityP2TA0STNTS1
com.sscf.investment.loader.a.ActivityP2TA0STNTS2
com.sscf.investment.loader.a.ActivityP2TA1NRTS0
com.sscf.investment.loader.a.ActivityP2TA1NRTS1
com.sscf.investment.loader.a.ActivityP2TA1STPTS0
com.sscf.investment.loader.a.ActivityP2TA1STPTS1
com.sscf.investment.loader.a.ActivityP2TA1STTS0
com.sscf.investment.loader.a.ActivityP2TA1STTS1
com.sscf.investment.loader.a.ActivityP2TA1NRNTS0
com.sscf.investment.loader.a.ActivityP2TA1NRNTS1
com.sscf.investment.loader.a.ActivityP2TA1NRNTS2
com.sscf.investment.loader.a.ActivityP2TA1NRNTS3
com.sscf.investment.loader.a.ActivityP2TA1NRNTS4
com.sscf.investment.loader.a.ActivityP2TA1NRNTS5
com.sscf.investment.loader.a.ActivityP2TA1STPNTS0
com.sscf.investment.loader.a.ActivityP2TA1STPNTS1
com.sscf.investment.loader.a.ActivityP2TA1STNTS0
com.sscf.investment.loader.a.ActivityP2TA1STNTS1
com.sscf.investment.loader.a.ActivityP2TA1STNTS2

com.sscf.investment.level2.Level2PermissionService
com.sscf.investment.push.getui.GeTuiPushService
com.sscf.investment.push.getui.GeTuiIntentService
com.sscf.investment.loader.s.ServiceN1
com.sscf.investment.loader.s.Service0
com.sscf.investment.loader.s.Service1
com.qihoo360.replugin.component.service.server.PluginPitServiceUI
com.sscf.investment.component.point.service.PointSyncService
com.igexin.sdk.PushService
com.huawei.hms.support.api.push.service.HmsMsgService
com.meizu.cloud.pushsdk.NotificationService
com.igexin.sdk.OppoPushService
com.xiaomi.mipush.sdk.PushMessageHandler
com.xiaomi.mipush.sdk.MessageHandleService
com.qihoo360.replugin.component.service.server.PluginPitServiceGuard
com.qihoo360.replugin.component.service.server.PluginPitServiceP0
com.qihoo360.replugin.component.service.server.PluginPitServiceP1
com.qihoo360.replugin.component.service.server.PluginPitServiceP2

com.sscf.investment.main.NetStateReceiver
com.sscf.investment.home.LocalHomeBroadcastReceiver
com.sscf.investment.index.LocalIndexBroadcastReceiver
com.sscf.investment.push.lockscreen.LockScreenMsgReceiver
com.sscf.investment.push.PushClickReceiver
com.sscf.investment.sdk.main.manager.OneShotAlarm
com.igexin.sdk.PushReceiver
com.igexin.sdk.HmsPushReceiver
com.igexin.sdk.HmsPushSubReceiver
com.meizu.cloud.pushsdk.SystemReceiver
com.igexin.sdk.FlymePushReceiver
com.igexin.sdk.MiuiPushReceiver

android.support.v4.content.FileProvider
com.qihoo360.replugin.component.process.ProcessPitProviderUI
com.sscf.investment.loader.p.ProviderN1
com.qihoo360.replugin.component.process.ProcessPitProviderLoader0
com.sscf.investment.loader.p.Provider0
com.qihoo360.replugin.component.process.ProcessPitProviderLoader1
com.sscf.investment.loader.p.Provider1
com.qihoo360.replugin.component.provider.PluginPitProviderUI
com.qihoo360.replugin.packages.PluginFastInstallProvider
com.huawei.hms.update.provider.UpdateProvider
com.qihoo360.replugin.component.process.ProcessPitProviderPersist
com.qihoo360.replugin.component.provider.PluginPitProviderPersist
com.qihoo360.mobilesafe.svcmanager.ServiceProvider
com.qihoo360.replugin.component.provider.PluginPitProviderP0
com.qihoo360.replugin.component.process.ProcessPitProviderP0
com.qihoo360.replugin.component.provider.PluginPitProviderP1
com.qihoo360.replugin.component.process.ProcessPitProviderP1
com.qihoo360.replugin.component.provider.PluginPitProviderP2
com.qihoo360.replugin.component.process.ProcessPitProviderP2

第三方库

# 库名 介绍

静态扫描发现风险点

风险等级 风险名称

警告

检测到22个导出的组件接收其他app的消息,这些组件会被其他app引用并导致dos攻击。

activity com.sscf.investment.main.MainActivity
activity com.umeng.qq.tencent.AuthActivity
activity com.sscf.investment.push.getui.GeTuiPushActivity
activity com.alipay.sdk.app.PayResultActivity
activity com.alipay.sdk.app.AlipayResultActivity
activity com.sscf.investment.web.sdk.widget.WebActivity
activity com.sina.weibo.sdk.web.WeiboSdkWebActivity
activity com.sscf.investment.wxapi.WXEntryActivity
activity com.sscf.investment.wxapi.WXPayEntryActivity
activity com.sina.weibo.sdk.share.WbShareTransActivity
activity com.igexin.sdk.GActivity
service com.sscf.investment.push.getui.GeTuiPushService
service com.huawei.hms.support.api.push.service.HmsMsgService
service com.meizu.cloud.pushsdk.NotificationService
service com.igexin.sdk.OppoPushService
service com.xiaomi.mipush.sdk.PushMessageHandler
receiver com.sscf.investment.main.NetStateReceiver
receiver com.igexin.sdk.PushReceiver
receiver com.igexin.sdk.HmsPushSubReceiver
receiver com.meizu.cloud.pushsdk.SystemReceiver
receiver com.igexin.sdk.FlymePushReceiver
receiver com.igexin.sdk.MiuiPushReceiver

建议:
(1)最小化组件暴露。对不会参与跨应用调用的组件建议显示添加android:exported="false"属性。
(2)设置组件访问权限。对provider设置权限,同时将权限的protectionLevel设置为"signature"或"signatureOrSystem"。
(3)组件传输数据验证。对组件之间,特别是跨应用的组件之间的数据传入与返回做验证和增加异常处理,防止恶意调试数据传入,更要防止敏感数据返回。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0169746
http://www.wooyun.org/bugs/wooyun-2010-0104965

参考资料:
http://jaq.alibaba.com/blog.htm?spm=0.0.0.0.Wz4OeC&id=55
《Android安全技术解密与防范》

警告

检测到2个导出的隐式Service组件。
service com.huawei.hms.support.api.push.service.HmsMsgService
service com.igexin.sdk.OppoPushService

建议:为了确保应用的安全性,启动Service时,请始终使用显式Intent,且不要为服务声明Intent过滤器。使用隐式Intent启动服务存在安全隐患,因为您无法确定哪些服务将响应Intent,且用户无法看到哪些服务已启动。从Android 5.0(API 级别 21)开始,如果使用隐式 Intent 调用 bindService(),系统会抛出异常。

参考资料:
https://developer.android.com/guide/components/intents-filters.html#Types

警告

检测2处組件設置了android.intent.category.BROWSABLE属性。
com.sscf.investment.main.MainActivity
com.umeng.qq.tencent.AuthActivity


在AndroidManifest文件中定义了android.intent.category.BROWSABLE属性的组件,可以通过浏览器唤起,这会导致远程命令执行漏洞攻击。建议:
(1)APP中任何接收外部输入数据的地方都是潜在的攻击点,过滤检查来自网页的参数。
(2)不要通过网页传输敏感信息,有的网站为了引导已经登录的用户到APP上使用,会使用脚本动态的生成URL Scheme的参数,其中包括了用户名、密码或者登录态token等敏感信息,让用户打开APP直接就登录了。恶意应用也可以注册相同的URL Sechme来截取这些敏感信息。Android系统会让用户选择使用哪个应用打开链接,但是如果用户不注意,就会使用恶意应用打开,导致敏感信息泄露或者其他风险。

參考案例:
http://www.wooyun.org/bugs/wooyun-2014-073875
http://www.wooyun.org/bugs/wooyun-2014-067798

参考资料:
http://wolfeye.baidu.com/blog/intent-scheme-url/
http://www.jssec.org/dl/android_securecoding_en.pdf
http://drops.wooyun.org/mobile/15202
http://blog.csdn.net/l173864930/article/details/36951805
http://drops.wooyun.org/papers/2893

警告

检测到2处provider的grantUriPermissions设置为true。
android.support.v4.content.FileProvider
com.huawei.hms.update.provider.UpdateProvider


grant-uri-permission若设置为true,可被其它程序员通过uri访问到content provider的内容,容易造成信息泄露。

参考资料:
https://security.tencent.com/index.php/blog/msg/6

警告

这个app应该声明permission的"android:protectionLevel"属性值为"signature"或者"signatureOrSystem",保证其他app无法注册或者从这个app接收消息。有安全隐患的permission如下:
getui.permission.GetuiService.com.sscf.investment normal

动态扫描发现风险点

风险等级 风险名称

服务端分析

风险等级 风险名称

警告

检测到?处XSS漏洞。
开发中...

警告

检测到?处XSS跨站漏洞。
开发中...

应用证书