0

高危漏洞

6

中危漏洞

5

低危漏洞

6

警告

文件名 wallet.apk
上传者 2754371317
文件大小 15.774823188782MB
MD5 84bf9663a61840204515b6e08b1d3139
包名 com.niqu.wallet
Main Activity com.niqu.wallet.ui.LauncherActivity
Min SDK 17
Target SDK 28

权限列表

# 名称 说明 提示
0 android.permission.GET_TASKS 允许应用程序检索有关当前和最近运行的任务的信息。恶意应用程序可借此发现有关其他应用程序的保密信息。 注意
1 android.permission.READ_PHONE_STATE 允许应用程序访问设备的手机功能。有此权限的应用程序可确定此手机的号码和序列号,是否正在通话,以及对方的号码等。 注意
2 android.permission.SYSTEM_ALERT_WINDOW 允许应用程序显示系统警报窗口。恶意应用程序可借此掌控整个手机屏幕。 注意
3 android.permission.WRITE_SETTINGS 允许应用程序修改系统设置方面的数据。恶意应用程序可借此破坏您的系统配置。 注意
4 android.permission.WRITE_SETTINGS 允许应用程序修改系统设置方面的数据。恶意应用程序可借此破坏您的系统配置。 注意
5 android.permission.ACCESS_NETWORK_STATE 允许应用程序查看所有网络的状态。 提示
6 android.permission.ACCESS_WIFI_STATE 允许应用程序查看有关WLAN状态的信息。 提示
7 android.permission.CAMERA 允许应用程序使用相机拍照,这样应用程序可随时收集进入相机镜头的图像。 提示
8 android.permission.CAMERA 允许应用程序使用相机拍照,这样应用程序可随时收集进入相机镜头的图像。 提示
9 android.permission.CHANGE_NETWORK_STATE 允许应用程序更改网络连接的状态。 提示
10 android.permission.FLASHLIGHT 允许应用程序控制闪光灯。 提示
11 android.permission.INTERNET 允许程序访问网络. 提示
12 android.permission.MOUNT_UNMOUNT_FILESYSTEMS 允许应用程序装载和卸载可移动存储器的文件系统。 提示
13 android.permission.VIBRATE 允许应用程序控制振动器。 提示
14 android.permission.WAKE_LOCK 允许应用程序防止手机进入休眠状态。 提示
15 android.permission.WRITE_EXTERNAL_STORAGE 允许应用程序写入SD卡。 提示

四大组件

组件名称

com.niqu.wallet.ui.LauncherActivity
com.niqu.wallet.ui.MainActivity
com.rain.library.ui.PhotoPickActivity
com.rain.library.ui.PhotoPreviewActivity
com.yalantis.ucrop.UCropActivity
com.niqu.wallet.ui.login.LoginActivity
com.niqu.wallet.ui.login.ForgetActivity
com.niqu.wallet.ui.login.CodeActivity
com.niqu.wallet.ui.login.PasswordActivity
com.niqu.wallet.ui.CommonWebActivity
com.niqu.wallet.ui.setting.SettingActivity
com.niqu.wallet.ui.setting.SetPwdActivity
com.niqu.wallet.ui.setting.GoogleActivity
com.niqu.wallet.ui.certification.CertificationActivity
com.niqu.wallet.ui.certification.UploadActivity
com.niqu.wallet.ui.about.AboutUsActivity
com.niqu.wallet.ui.about.FeedBackActivity
com.niqu.wallet.ui.MessageActivity
com.niqu.wallet.ui.InviterActivity
com.niqu.wallet.ui.addition.AddressActivity
com.niqu.wallet.ui.addition.ChoseActivity
com.niqu.wallet.ui.transfer.TransferActivity
com.niqu.wallet.ui.transfer.ConfirmActivity
com.niqu.wallet.wxapi.WXEntryActivity
com.niqu.wallet.ui.currency.CurrencyActivity
com.niqu.wallet.ui.currency.TradeInfoActivity
com.niqu.wallet.ui.currency.DetailsActivity
com.niqu.wallet.ui.LanguageActivity
com.niqu.wallet.ui.user.UserActivity
com.niqu.wallet.ui.user.NicknameActivity
com.niqu.wallet.ui.setting.GoogleInfoActivity
com.niqu.wallet.ui.addition.AddBookActivity
com.niqu.wallet.ui.addition.AdditionActivity
com.niqu.wallet.ui.otc.OTCMainActivity
com.niqu.wallet.ui.otc.mine.BindActivity
com.niqu.wallet.ui.otc.mine.MyOrderActivity
com.niqu.wallet.ui.otc.mine.CreateActivity
com.niqu.wallet.ui.otc.trade.DealActivity
com.niqu.wallet.ui.otc.OTCDetailActivity
com.niqu.wallet.ui.otc.mine.WeChatActivity
com.niqu.wallet.ui.setting.ExchangeActivity
com.niqu.wallet.ui.discover.DiscoverActivity
com.niqu.wallet.ui.discover.H5Activity
com.niqu.wallet.ui.notice.NoticeActivity
com.niqu.wallet.ui.notice.NoticeInfoActivity
com.niqu.zxing.activity.CaptureActivity
com.niqu.library.PickActivity
com.azhon.appupdate.activity.PermissionActivity

com.niqu.wallet.service.InitializeService
com.azhon.appupdate.service.DownloadService

com.niqu.wallet.utils.UpDateFileProvider
com.niqu.wallet.utils.WalletFileProvider

第三方库

# 库名 介绍
0 com.umeng.analytics 友盟统计分析平台是国内最大的移动应用统计分析平台。
1 android.support.transition A backport of the new Transitions API for Android.
2 com.umeng.analytics.game 友盟游戏统计分析为移动游戏开发者提供了开箱即用的一站式解决方案。
3 okhttp3 An HTTP+SPDY client for Android and Java applications.
4 com.bumptech.glide An image loading and caching library for Android focused on smooth scrolling
5 com.tencent.smtt 腾讯X5浏览服务由QQ浏览器团队出品,致力于优化移动端webview体验的整套解决方案,使用QQ浏览器X5内核SDK和X5云端服务,解决移动端webview使用过程中出现的一切问题,优化用户的浏览体验,同时腾讯还将持续提供后续的更新和优化,为开发者提供最新最优秀的功能和服务。
6 com.google.zxing Official ZXing ("Zebra Crossing") project home
7 com.sothree.slidinguppanel Android Sliding Up Panel Demo
8 com.google.gson A Java serialization library that can convert Java Objects into JSON and back.
9 android.support.multidex DEPRECATED
10 com.umeng.socialize 社会化组件帮您接入和升级各种社交平台,快速武装您的应用!

静态扫描发现风险点

风险等级 风险名称

中危

检测到当前标志被设置成true或没设置,这会导致adb调试备份允许恶意攻击者复制应用程序数据,造成数据泄露。

中危

检测到1处证书弱校验漏洞。

位置: classes.dex
com.lzy.okgo.e.a$1;

当移动App客户端使用https或ssl/tls进行通信时,如果不校验证书的可信性,将存在中间人攻击漏洞,可导致信息泄露,传输数据被篡改,甚至通过中间人劫持将原有信息替换成恶意链接或恶意代码程序,以达到远程控制等攻击意图。建议:
对SSL证书进行强校验,包括签名CA是否合法、证书是否是自签名、主机域名是否匹配、证书是否过期等。

参考案例:
www.wooyun.org/bugs/wooyun-2014-079358

参考资料:
http://drops.wooyun.org/tips/3296
http://wolfeye.baidu.com/blog/webview-ignore-ssl-error/
https://jaq.alibaba.com/blog.htm?id=60

中危

该app需要移除大部分日志打印代码。
经扫描该包仍存在大量打日志代码,共发现263处打日志代码.(此处扫描的日志打印代码,是指调用android.util.Log.* 打印的.)
详情如下:

位置: classes.dex
com.tencent.smtt.sdk.TbsReaderView;->preOpen(Ljava/lang/String; Z)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.d.a;->b()Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.utils.LogFileUtils;->encrypt(Ljava/lang/String; Ljava/lang/String;)[B==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.sdk.a.g;->a(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.libwebp;->decodeInto([B [I [I)[I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.c.e;->a()Ljava/util/List;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.b.a.f;->a(Landroid/content/Context;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.d;->b(Landroid/content/Context; Lcom/bumptech/glide/e;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.b.a.f;->b(Landroid/content/Context;)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.wxapi.WXEntryActivity;->onStart()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.lzy.okgo.f.d;->b(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.c.e;->a(Landroid/content/Context; Landroid/net/Uri; Ljava/lang/String; [Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.c.a.a.a.a.a;->a(I)Landroid/hardware/Camera;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.c.a;->a(Landroid/content/Context;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.utils.TbsLogClient;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.libwebp;->decodeBase_16bit([B Landroid/graphics/Bitmap$Config;)[I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.D;->log(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.DexClassLoaderProvider;->(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/ClassLoader; Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.QbSdk;->startMiniQBToLoadUrl(Landroid/content/Context; Ljava/lang/String; Ljava/util/HashMap; Landroid/webkit/ValueCallback;)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.library.Country;->getAll(Landroid/content/Context; Lcom/niqu/library/b;)Ljava/util/ArrayList;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.y;->c(Lcom/bumptech/glide/load/engine/a/e; Landroid/graphics/Bitmap; I I)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getAppVersionName(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getAppVersinoCode(Landroid/content/Context; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.a.c;->a(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getGPU(Ljavax/microedition/khronos/opengles/GL10;)[Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.b.b;->a(Landroid/net/Uri; Landroid/net/Uri;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.k;->e()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.sdk.a.g;->a(Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getChannel(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.rain.library.c.a;->a(Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.MLog;->print(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.idtracking.ImprintHandler$a;->b(Lcom/umeng/commonsdk/statistics/proto/d;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->setChannel(Landroid/content/Context; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->MD5(Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.rain.library.weidget.HackyViewPager;->onInterceptTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMLog;->jsonArry(Lorg/json/JSONArray;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.e;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.b.a.f;->b(Landroid/content/Context;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.ReaderWizard;->checkPlugin(Ljava/lang/Object; Landroid/content/Context; Ljava/lang/String; Z)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.TbsReaderView;->a()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.azhon.appupdate.f.e;->a(Ljava/lang/String; I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.zxing.a.b;->a(Landroid/hardware/Camera; Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.zxing.c.e;->c()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.socialize.net.dplus.cache.AtomicFile;->startWrite(Z)Ljava/io/FileOutputStream;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.view.TransformImageView;->a(Ljava/lang/String; Landroid/graphics/Matrix;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.azhon.appupdate.f.e;->a(Ljava/lang/String; D)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.k;->a(Landroid/graphics/Bitmap;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.g;->a(Ljava/lang/String; J Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.m;->b(Lcom/bumptech/glide/load/resource/bitmap/m$c;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getAppVersionName(Landroid/content/Context; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.a.j;->a(Ljava/net/HttpURLConnection;)Ljava/io/InputStream;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.a.a;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Lcom/b/a/b;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->sd(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getOperator(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.b.b;->a()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.zxing.a.b;->a(Landroid/hardware/Camera;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.lzy.okgo.f.d;->a(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.b.a.f;->c(Landroid/content/Context;)Landroid/net/ConnectivityManager;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tbruyelle.rxpermissions2.RxPermissionsFragment;->a([Ljava/lang/String; [I [Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMLog;->jsonObject(Lorg/json/JSONObject;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.e;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.azhon.appupdate.f.e;->a(Ljava/lang/String; Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.b.e;->a(Lcom/bumptech/glide/load/c;)Ljava/io/File;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.e.a.e$a$a;->onPreDraw()Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.zxing.a.b;->a(Landroid/hardware/Camera$Parameters; Landroid/graphics/Point;)Landroid/graphics/Point;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.a.c;->a(Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.j;->a(Lcom/bumptech/glide/load/engine/a/j$a; Ljava/lang/Class;)Ljava/lang/Object;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.c.f;->a(Lcom/yalantis/ucrop/c/f$a;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.socialize.utils.SLog;->selfLog(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.d;->a(Landroid/content/Context; Ljava/lang/String;)Ljava/io/File;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getAppkey(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.b.l;->(Lcom/bumptech/glide/load/engine/b/l$a;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.zxing.c.e$a;->doInBackground([Ljava/lang/Object;)Ljava/lang/Object;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.DexClassLoaderProvider$1;->run()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.a.b;->b(Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.widget.k$2;->onUnavailable()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.e.a.e$a;->a(I I I)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.rain.library.c.a;->a(Ljava/lang/String; I)D==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.a.b;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Lcom/b/a/b;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getSubOSVersion(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.DexLoader;->createDexClassLoader(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/ClassLoader; Landroid/content/Context;)Ldalvik/system/DexClassLoader;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.TbsShareManager;->g(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.config.glide.b;->a(Landroid/support/v4/app/Fragment; Ljava/lang/String; Landroid/widget/ImageView; I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->v(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getCPU()Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->i(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.UCropActivity;->onCreateOptionsMenu(Landroid/view/Menu;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.TbsReaderView;->downloadPlugin(Ljava/lang/String;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.UMConfigure;->init(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String; I Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.a.b$a;->run()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.socialize.net.dplus.cache.CacheExector;->e(Ljava/io/File; Ljava/lang/String;)Ljava/io/File;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.a.c;->b(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String;)J==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.config.glide.b;->a(Landroid/content/Context; Ljava/lang/String; Landroid/widget/ImageView; I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->w(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.zxing.activity.CaptureActivity;->surfaceCreated(Landroid/view/SurfaceHolder;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.a.j;->a(Lcom/bumptech/glide/Priority; Lcom/bumptech/glide/load/a/d$a;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.k;->a(I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tbruyelle.rxpermissions2.RxPermissionsFragment;->e(Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.socialize.net.dplus.cache.CacheExector;->readFile(Ljava/lang/String; Ljava/lang/Class;)Lcom/umeng/socialize/net/dplus/cache/IReader;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.k;->b()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.c.f;->b()I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.b.b;->a()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.widget.k$2;->onAvailable(Landroid/net/Network;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.m;->a(Lcom/bumptech/glide/load/resource/bitmap/m$c; [B I)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.azhon.appupdate.f.e;->a(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.androidkun.xtablayout.XTabLayout;->onMeasure(I I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.c.f;->a([B I)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.X5JsCore;->(Landroid/content/Context;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->setAppkey(Landroid/content/Context; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.e.a.q$a;->a(I I I)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.manager.f;->a(Landroid/content/Context; Lcom/bumptech/glide/manager/c$a;)Lcom/bumptech/glide/manager/c;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.lzy.okgo.f.d;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.socialize.net.dplus.cache.CacheExector;->a()Ljava/io/File;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getAppName(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.utils.t;->a(Ljava/io/File;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.config.b;->a(Lcom/lzy/okgo/model/HttpParams; Ljava/util/Map;)Lcom/lzy/okgo/model/HttpParams;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
android.arch.lifecycle.f;->e()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.e;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.c.f;->a()I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMLog;->jsonArry(Ljava/lang/String; Lorg/json/JSONArray;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.y;->b(Lcom/bumptech/glide/load/engine/a/e; Landroid/graphics/Bitmap; I I)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->sw(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.wxapi.WXEntryActivity;->onStop()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.sdk.a.e;->a(Landroid/graphics/Bitmap;)Ljava/lang/String;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.e.i;->a(Lcom/bumptech/glide/load/engine/t; Ljava/lang/Object; Lcom/bumptech/glide/load/DataSource;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.azhon.appupdate.f.e;->c(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getAppVersionCode(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.lzy.okgo.f.d;->c(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.utils.r;->a(Ljava/lang/Object; Ljava/lang/String; [Ljava/lang/Class; [Ljava/lang/Object;)Ljava/lang/Object;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.socialize.utils.SLog;->welcome()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getDeviceType(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.o;->b(Lcom/bumptech/glide/load/engine/a/e; Landroid/graphics/drawable/Drawable; I I)Landroid/graphics/Bitmap;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->se(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->setLastAppkey(Landroid/content/Context; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.c.e;->a()Ljava/util/List;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.QbSdk;->initForinitAndNotLoadSo(Landroid/content/Context;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.X5JsCore;->a(Ljava/lang/String; [Ljava/lang/Class; [Ljava/lang/Object;)Ljava/lang/Object;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.zxing.a.a;->(Landroid/content/Context; Landroid/hardware/Camera;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.a.c;->b(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String;)J==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.manager.e$1;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.sdk.a.e;->b(Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getImsi(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.x;->a(Landroid/content/Context; Lcom/tencent/smtt/sdk/CookieManager$a; Ljava/lang/String; Z Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.a.b$a;->run()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.libwebp;->decodeBase([B [I [I)[I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.socialize.net.dplus.cache.AtomicFile;->a(Ljava/io/File; Ljava/io/File;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.a.c;->a(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.a.b;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.view.TransformImageView;->c()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.rain.library.c.a;->a(Ljava/io/File;)J==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.TbsVideo;->openVideo(Landroid/content/Context; Ljava/lang/String; Landroid/os/Bundle;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.x;->b(Ljava/lang/Object;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getNetworkOperatorName(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.d.a;->a(Ljava/nio/ByteBuffer; I I Lcom/bumptech/glide/gifdecoder/e; Lcom/bumptech/glide/load/f;)Lcom/bumptech/glide/load/resource/d/e;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.manager.k;->handleMessage(Landroid/os/Message;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->encryptBySHA1(Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.X5JsCore;->a(Landroid/content/Context; Landroid/os/Looper;)Lcom/tencent/smtt/export/external/jscore/interfaces/IX5JsVirtualMachine;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.sdk.a.g;->c(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.MLog;->print(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.ReaderWizard;->onSizeChanged(Ljava/lang/Object; I I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.m;->a(Lcom/bumptech/glide/load/resource/bitmap/m$b;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getNetworkAccessMode(Landroid/content/Context;)[Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.config.glide.b;->a(Landroid/app/Activity; Ljava/lang/String; Landroid/widget/ImageView; I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.TbsMediaFactory;->a()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.k;->a(J)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.e;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.view.TransformImageView;->setScaleType(Landroid/widget/ImageView$ScaleType;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMLog;->jsonObject(Ljava/lang/String; Lorg/json/JSONObject;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.ReaderWizard;->initTbsReader(Ljava/lang/Object; Landroid/content/Context;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getUTDID(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.wxapi.WXEntryActivity;->onPause()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->sv(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.ReaderWizard;->doCommand(Ljava/lang/Object; Ljava/lang/Integer; Ljava/lang/Object; Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.library.PyAdapter;->onClick(Landroid/view/View;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.zxing.c.e;->b()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.b.e;->a(Lcom/bumptech/glide/load/c; Lcom/bumptech/glide/load/engine/b/a$b;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getLastAppkey(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.ReaderWizard;->destroy(Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.sdk.a.g;->c(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.libwebp;->loadWepLibraryIfNeed(Landroid/content/Context;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.libwebp;->loadWepLibraryIfNeed(Landroid/content/Context; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.a.b;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.W;->log(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.b;->a(Landroid/content/Context; Lorg/json/JSONObject; Lorg/json/JSONObject;)Lorg/json/JSONObject;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getMac(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.e;->a(Lcom/bumptech/glide/load/engine/t; Ljava/io/File; Lcom/bumptech/glide/load/f;)Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.DexClassLoaderProvider$2;->run()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.e.a.q$a$a;->onPreDraw()Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.b.a.j;->a(J I)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.zxing.a.d;->onPreviewFrame([B Landroid/hardware/Camera;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getFileMD5(Ljava/io/File;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getDisplayResolution(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.a.c;->a(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.s;->b()Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.n;->a(I I Ljava/lang/String; Landroid/graphics/BitmapFactory$Options; Landroid/graphics/Bitmap; I I J)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.c.e;->a(Landroid/content/Context; Landroid/net/Uri;)Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.n;->a(Ljava/io/InputStream; Landroid/graphics/BitmapFactory$Options; Lcom/bumptech/glide/load/resource/bitmap/DownsampleStrategy; Lcom/bumptech/glide/load/DecodeFormat; Z I I Z Lcom/bumptech/glide/load/resource/bitmap/n$a;)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.MLog;->print(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.I;->log(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.n;->a(Lcom/bumptech/glide/load/ImageHeaderParser$ImageType; Ljava/io/InputStream; Lcom/bumptech/glide/load/resource/bitmap/n$a; Lcom/bumptech/glide/load/engine/a/e; Lcom/bumptech/glide/load/resource/bitmap/DownsampleStrategy; I I I I I Landroid/graphics/BitmapFactory$Options;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.b;->a(Landroid/content/Context;)J==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.azhon.appupdate.f.e;->a(Ljava/lang/String; Ljava/lang/Long;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.c.a.a.a.a.a;->a(I)Landroid/hardware/Camera;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.b.b;->b(Landroid/net/Uri; Landroid/net/Uri;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.E;->log(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.a.b;->b(Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.zxing.a.b;->a(Landroid/hardware/Camera$Parameters; Landroid/graphics/Point;)Landroid/graphics/Point;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getLocale(Landroid/content/Context;)Ljava/util/Locale;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.gifdecoder.f;->n()Landroid/graphics/Bitmap;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.sdk.a.g;->b(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.widget.k$2;->onCapabilitiesChanged(Landroid/net/Network; Landroid/net/NetworkCapabilities;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.k;->a(J)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getRegisteredOperator(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.lzy.okgo.f.d;->d(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->si(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.k;->d(I I Landroid/graphics/Bitmap$Config;)Landroid/graphics/Bitmap;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.service.InitializeService$1;->onViewInitFinished(Z)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.utils.LogFileUtils;->encryptKey(Ljava/lang/String; Ljava/lang/String;)[B==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.m;->a(Lcom/bumptech/glide/load/resource/bitmap/m$c; Lcom/bumptech/glide/load/engine/a/b;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.a.a;->b(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.TbsReaderView;->openFile(Landroid/os/Bundle;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.util.a.a$b;->acquire()Ljava/lang/Object;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.wxapi.WXEntryActivity;->onResume()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.widget.k$2;->onLinkPropertiesChanged(Landroid/net/Network; Landroid/net/LinkProperties;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.e.i;->a(Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.sdk.a.e;->c(Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.MLog;->print(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.c.f;->a(Landroid/media/ExifInterface; I I Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.zxing.a.b;->a(Landroid/hardware/Camera; Z)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.j;->c(I)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.a.a.a.a;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.j;->a(Ljava/lang/String; J Lcom/bumptech/glide/load/c;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.widget.k$2;->onLosing(Landroid/net/Network; I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->d(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.a.a.n$1;->onError(Ljava/lang/Throwable;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.azhon.appupdate.f.e;->a(Ljava/lang/String; F)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.d;->k()Lcom/bumptech/glide/b;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.UMConfigure;->init(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String; I Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.ReaderWizard;->openFile(Ljava/lang/Object; Landroid/content/Context; Landroid/os/Bundle; Landroid/widget/FrameLayout;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.libwebp;->incDecode([B [I [I)[I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getSubOSName(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.engine.a.k;->d(I I Landroid/graphics/Bitmap$Config;)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.MLog;->print(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.ui.login.LoginActivity;->a(Lcom/niqu/wallet/bean/VersionBean;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.zxing.a.c;->a(Landroid/view/SurfaceHolder;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.utils.c;->onTick(J)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.d.a;->a(Lcom/bumptech/glide/gifdecoder/d; I I)I==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.e;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.zxing.a.c;->a(Landroid/view/SurfaceHolder;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.manager.m;->a(Lcom/bumptech/glide/e/c;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.yalantis.ucrop.b.a;->a()Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.azhon.appupdate.f.e;->b(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.resource.bitmap.n;->a(Lcom/bumptech/glide/load/ImageHeaderParser$ImageType; Ljava/io/InputStream; Lcom/bumptech/glide/load/resource/bitmap/n$a; Lcom/bumptech/glide/load/engine/a/e; Lcom/bumptech/glide/load/resource/bitmap/DownsampleStrategy; I I I I I Landroid/graphics/BitmapFactory$Options;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.DexClassLoaderProvider$2;->run()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.sothree.slidinguppanel.SlidingUpPanelLayout;->setPanelState(Lcom/sothree/slidinguppanel/SlidingUpPanelLayout$PanelState;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.zxing.activity.CaptureActivity;->a(Landroid/view/SurfaceHolder;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.utils.j;->b(Ljava/io/File;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.UMConfigure;->setLogEnabled(Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.a.a.n$1;->onComplete()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.wallet.widget.k$2;->onLost(Landroid/net/Network;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.niqu.sdk.a.g;->b(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.ReaderWizard;->userStatistics(Ljava/lang/Object; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

中危

检测到6个WebView远程执行漏洞。

位置: classes.dex
com.tencent.smtt.sdk.JsContext;->addJavascriptInterface(Ljava.lang.Object; Ljava.lang.String;)V
com.niqu.wallet.ui.discover.H5Activity;->l()V
com.tencent.smtt.sdk.WebView;->addJavascriptInterface(Ljava.lang.Object; Ljava.lang.String;)V
com.tencent.smtt.sdk.X5JsCore;->addJavascriptInterface(Ljava.lang.Object; Ljava.lang.String;)V
com.tencent.smtt.sdk.JsVirtualMachine$a;->addJavascriptInterface(Ljava.lang.Object; Ljava.lang.String;)V
com.tencent.smtt.sdk.WebView;->addJavascriptInterface(Ljava.lang.Object; Ljava.lang.String;)V

Android API < 17之前版本存在远程代码执行安全漏洞,该漏洞源于程序没有正确限制使用addJavaScriptInterface方法,攻击者可以通过Java反射利用该漏洞执行任意Java对象的方法,导致远程代码执行安全漏洞。
(1)API等于高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252
http://drops.wooyun.org/papers/548

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis
https://developer.android.com/reference/android/webkit/WebView.html

中危

检测到150条敏感明文信息,建议移除。

位置: classes.dex
'10.0.0.172' used in: Lcom/umeng/commonsdk/statistics/internal/c;->(Landroid/content/Context;)V
'10.0.0.172' used in: Lcom/umeng/commonsdk/stateless/e;->(Landroid/content/Context;)V
'data:image' used in: Lcom/bumptech/glide/load/b/e;->a(Ljava/lang/Object;)Z
'data:image' used in: Lcom/bumptech/glide/load/b/e$c$1;->b(Ljava/lang/String;)Ljava/io/InputStream;
'http://debugtbs.qq.com' used in: Lcom/tencent/smtt/sdk/WebView;->showDebugView(Ljava/lang/String;)Z
'http://debugx5.qq.com' used in: Lcom/tencent/smtt/sdk/WebView;->showDebugView(Ljava/lang/String;)Z
'http://hydra.alibaba.com/' used in: Lcom/a/a/a/b;->b(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;
'http://j.5flyyou.com/divine.php/Url/Platform/divine?gid=1001&src=1139' used in: Lcom/niqu/wallet/ui/discover/H5Activity;->a()V
'http://m.dolulu.com.cn/mobile/index/index?state=c7d6ab54d848f6375da38b79ca9c725c' used in: Lcom/niqu/wallet/ui/discover/H5Activity;->a()V
'http://mdc.html5.qq.com/mh?channel_id=50079&u=' used in: Lcom/tencent/smtt/sdk/a/d;->a(Landroid/content/Context;)Lcom/tencent/smtt/sdk/a/d$a;
'http://mqqad.html5.qq.com/adjs' used in: Lcom/tencent/smtt/utils/v;->(Landroid/content/Context;)V
'http://pms.mb.qq.com/rsp204' used in: Lcom/tencent/smtt/sdk/ag;->n()Z
'http://schemas.android.com/apk/res/android' used in: Landroid/support/v4/content/res/TypedArrayUtils;->hasAttribute(Lorg/xmlpull/v1/XmlPullParser; Ljava/lang/String;)Z
'http://soft.tbs.imtt.qq.com/17421/tbs_res_imtt_tbs_DebugPlugin_DebugPlugin.tbs' used in: Lcom/tencent/smtt/utils/i;->run()V
'http://wup.imtt.qq.com:8080' used in: Lcom/tencent/smtt/utils/v;->(Landroid/content/Context;)V
'http://www.shandw.com/pc/auth/3thAuth/?' used in: Lcom/niqu/wallet/ui/discover/H5Activity;->a()V
'http://xmlpull.org/v1/doc/features.html#indent-output' used in: Lcom/a/a/c/a/a;->setFeature(Ljava/lang/String; Z)V
'http://xmlpull.org/v1/doc/features.html#indent-output' used in: Lcom/a/a/c/a/e;->a(Ljava/util/Map; Ljava/io/OutputStream;)V
'https://api.weixin.qq.com/sns/oauth2/access_token?' used in: Lcom/umeng/weixin/handler/UmengWXHandler;->a(Ljava/lang/String; Lcom/umeng/socialize/UMAuthListener;)V
'https://api.weixin.qq.com/sns/oauth2/refresh_token?' used in: Lcom/umeng/weixin/handler/UmengWXHandler;->b(Ljava/lang/String;)Ljava/util/Map;
'https://api.weixin.qq.com/sns/oauth2/refresh_token?appid=' used in: Lcom/umeng/weixin/handler/UmengWXHandler;->authorize(Lcom/umeng/socialize/UMAuthListener;)V
'https://api.weixin.qq.com/sns/userinfo?access_token=' used in: Lcom/umeng/weixin/handler/UmengWXHandler;->a(Lcom/umeng/socialize/UMAuthListener;)V
'https://cfg.imtt.qq.com/tbs?v=2&mk=' used in: Lcom/tencent/smtt/utils/v;->(Landroid/content/Context;)V
'https://cmnsguider.yunos.com:443/genDeviceToken' used in: Lcom/umeng/commonsdk/statistics/idtracking/s;->b(Ljava/lang/String;)Ljava/lang/String;
'https://developer.umeng.com/docs/66632/detail/' used in: Lcom/umeng/socialize/utils/UrlUtil;->makeUrl(Ljava/lang/String;)Ljava/lang/String;
'https://developer.umeng.com/docs/66632/detail/' used in: Lcom/umeng/commonsdk/debug/UMLogUtils;->makeUrl(Ljava/lang/String;)Ljava/lang/String;
'https://log.tbs.qq.com/ajax?c=dl&k=' used in: Lcom/tencent/smtt/utils/v;->(Landroid/content/Context;)V
'https://log.tbs.qq.com/ajax?c=pu&tk=' used in: Lcom/tencent/smtt/utils/v;->(Landroid/content/Context;)V
'https://log.tbs.qq.com/ajax?c=pu&v=2&k=' used in: Lcom/tencent/smtt/utils/v;->(Landroid/content/Context;)V
'https://log.tbs.qq.com/ajax?c=ucfu&k=' used in: Lcom/tencent/smtt/utils/v;->(Landroid/content/Context;)V
'https://log.tbs.qq.com/ajax?c=ul&v=2&k=' used in: Lcom/tencent/smtt/utils/v;->(Landroid/content/Context;)V
'https://log.umsns.com/' used in: Lcom/umeng/socialize/net/base/SocializeRequest;->(Landroid/content/Context; Ljava/lang/String; Ljava/lang/Class; I Lcom/umeng/socialize/net/utils/URequest$RequestMethod;)V
'https://log.umsns.com/' used in: Lcom/umeng/socialize/view/OauthDialog;->getUrl(Lcom/umeng/socialize/bean/SHARE_MEDIA;)Ljava/lang/String;
'https://log.umsns.com/link/weixin/download/' used in: Lcom/umeng/weixin/handler/UmengWXHandler;->share(Lcom/umeng/socialize/ShareContent; Lcom/umeng/socialize/UMShareListener;)Z
'https://log.umsns.com/link/weixin/download/' used in: Lcom/umeng/weixin/handler/UmengWXHandler;->authorize(Lcom/umeng/socialize/UMAuthListener;)V
'https://m.zdtn.com/spread/index/38779?username=' used in: Lcom/niqu/wallet/ui/discover/H5Activity;->a()V
'https://mobile.umeng.com/images/pic/home/social/img-1.png' used in: Lcom/umeng/socialize/net/LinkcardRequest;->h()Lorg/json/JSONObject;
'https://mobile.umeng.com/images/pic/home/social/img-1.png' used in: Lcom/umeng/socialize/net/LinkcardRequest;->f()Lorg/json/JSONObject;
'https://ouplog.umeng.com' used in: Lcom/umeng/commonsdk/stateless/a;->()V
'https://www.bitcv.com/api/sdk/addTranAddr' used in: Lcom/niqu/wallet/a/a/b;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Z)V
'https://www.bitcv.com/api/sdk/addUserAsset' used in: Lcom/niqu/wallet/a/a/e;->a(I)V
'https://www.bitcv.com/api/sdk/checkAddr' used in: Lcom/niqu/wallet/a/a/c;->a(Ljava/lang/String;)V
'https://www.bitcv.com/api/sdk/checkAddr' used in: Lcom/niqu/wallet/a/a/ad;->b(Ljava/lang/String;)V
'https://www.bitcv.com/api/sdk/checkAddr' used in: Lcom/niqu/wallet/a/a/b;->a(Ljava/lang/String;)V
'https://www.bitcv.com/api/sdk/checkPayVcode' used in: Lcom/niqu/wallet/a/a/n;->a(Ljava/lang/String;)V
'https://www.bitcv.com/api/sdk/delTranAddr' used in: Lcom/niqu/wallet/a/a/b;->a(I)V
'https://www.bitcv.com/api/sdk/getAddrTokenList' used in: Lcom/niqu/wallet/a/a/b;->d()V
'https://www.bitcv.com/api/sdk/getFinanceDetail' used in: Lcom/niqu/wallet/a/a/ac;->a(Ljava/lang/String;)V
'https://www.bitcv.com/api/sdk/getFinanceDetail' used in: Lcom/niqu/wallet/a/a/ad;->c(Ljava/lang/String;)V
'https://www.bitcv.com/api/sdk/getFinanceList' used in: Lcom/niqu/wallet/a/a/f;->a(I I I Z)V
'https://www.bitcv.com/api/sdk/getTokenDetail' used in: Lcom/niqu/wallet/a/a/g;->a(I)V
'https://www.bitcv.com/api/sdk/getTokenList' used in: Lcom/niqu/wallet/a/a/e;->d()V
'https://www.bitcv.com/api/sdk/getTokenWallet' used in: Lcom/niqu/wallet/a/a/c;->a(I)V
'https://www.bitcv.com/api/sdk/getTranAddr' used in: Lcom/niqu/wallet/a/a/b;->a(I Z)V
'https://www.bitcv.com/api/sdk/getTranTokenList' used in: Lcom/niqu/wallet/a/a/e;->a(Ljava/lang/String;)V
'https://www.bitcv.com/api/sdk/getUserAsset' used in: Lcom/niqu/wallet/a/a/u;->b(I)V
'https://www.bitcv.com/api/sdk/getUserAsset' used in: Lcom/niqu/wallet/a/a/f;->a(I)V
'https://www.bitcv.com/api/sdk/getUserAssetList' used in: Lcom/niqu/wallet/a/a/o;->a(I Z)V
'https://www.bitcv.com/api/sdk/getWalletList' used in: Lcom/niqu/wallet/a/a/c;->d()V
'https://www.bitcv.com/api/sdk/hideUserAsset' used in: Lcom/niqu/wallet/a/a/e;->b(I)V
'https://www.bitcv.com/api/sdk/parseAddr' used in: Lcom/niqu/wallet/a/a/ad;->a(Ljava/lang/String;)V
'https://www.bitcv.com/api/sdk/parseAddr' used in: Lcom/niqu/wallet/a/a/b;->b(Ljava/lang/String;)V
'https://www.bitcv.com/api/sdk/parseAddr' used in: Lcom/niqu/wallet/a/a/o;->a(Ljava/lang/String;)V
'https://www.bitcv.com/api/sdk/updTranAddr' used in: Lcom/niqu/wallet/a/a/b;->a(I I Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Z)V
'https://www.bitcv.com/api/sdk/verifyGaCode' used in: Lcom/niqu/wallet/a/a/ab;->b(Ljava/lang/String; Ljava/lang/String;)V
'https://www.bitcv.com/api/sdk/verifyGaCode' used in: Lcom/niqu/wallet/a/a/u;->a(Ljava/lang/String; Ljava/lang/String;)V
'https://www.bitcv.com/api/sdk/verifyGaCode' used in: Lcom/niqu/wallet/a/a/j;->a(Ljava/lang/String; Ljava/lang/String;)V
'https://www.bitcv.com/api/sdk/verifyGaCode' used in: Lcom/niqu/wallet/a/a/ad;->a(Ljava/lang/String; Ljava/lang/String;)V
'https://www.lxt2019.com/' used in: Lcom/niqu/wallet/ui/CommonWebActivity;->a()V
'https://www.lxt2019.com/' used in: Lcom/niqu/wallet/a/a/k;->e()Ljava/lang/String;
'https://www.lxt2019.com/' used in: Lcom/niqu/wallet/ui/otc/OTCDetailActivity;->p()V
'https://www.lxt2019.com/' used in: Lcom/niqu/wallet/ui/adapter/OtcOrderListAdapter;->a(Lcom/chad/library/adapter/base/BaseViewHolder; Lcom/niqu/wallet/bean/OtcOrderListBean$DataBean;)V
'https://www.lxt2019.com/' used in: Lcom/niqu/wallet/ui/otc/OTCDetailActivity;->a(I I)V
'https://www.lxt2019.com/' used in: Lcom/niqu/wallet/ui/otc/OTCDetailActivity;->b(Landroid/view/View;)Z
'https://www.lxt2019.com/' used in: Lcom/niqu/wallet/ui/otc/OTCDetailActivity;->a(Landroid/view/View;)Z
'https://www.lxt2019.com/' used in: Lcom/niqu/wallet/ui/otc/OTCDetailActivity;->c(Landroid/view/View;)Z
'https://www.lxt2019.com/' used in: Lcom/niqu/wallet/ui/certification/UploadActivity;->a(Lcom/niqu/wallet/bean/CertificationBean;)V
'https://www.lxt2019.com/' used in: Lcom/niqu/wallet/ui/otc/trade/DealActivity;->l()V
'https://www.lxt2019.com/' used in: Lcom/niqu/wallet/a/a/k;->d()Ljava/lang/String;
'https://www.lxt2019.com/' used in: Lcom/niqu/wallet/ui/otc/mine/MineFragment;->o()V
'https://www.lxt2019.com/' used in: Lcom/niqu/wallet/ui/otc/mine/BindActivity;->a(Lcom/niqu/wallet/bean/WxOrAliPayBean;)V
'https://www.lxt2019.com/' used in: Lcom/niqu/wallet/ui/user/UserActivity;->a(Lcom/niqu/wallet/bean/UserInfoBean;)V
'https://www.lxt2019.com/' used in: Lcom/niqu/wallet/ui/MainActivity;->a(Lcom/niqu/wallet/bean/UserInfoBean;)V
'https://www.lxt2019.com/api/' used in: Lcom/niqu/wallet/config/d;->b(Ljava/lang/String; Lcom/lzy/okgo/model/HttpParams; Ljava/lang/String; Ljava/lang/Class; Ljava/lang/String;)Lio/reactivex/z;
'https://www.lxt2019.com/api/' used in: Lcom/niqu/wallet/config/d;->a(Ljava/lang/String; Lcom/lzy/okgo/model/HttpParams; Ljava/lang/String; Ljava/lang/Class; Ljava/lang/String;)Lio/reactivex/z;
'https://www.lxt2019.com/api/' used in: Lcom/niqu/wallet/config/d;->a(Ljava/lang/String; Lcom/lzy/okgo/model/HttpParams; Ljava/util/Map; Ljava/lang/String; Ljava/lang/Class; Ljava/lang/String;)Lio/reactivex/z;
'https://www.lxt2019.com/api/' used in: Lcom/niqu/wallet/config/d;->c(Ljava/lang/String; Lcom/lzy/okgo/model/HttpParams; Ljava/lang/String; Ljava/lang/Class; Ljava/lang/String;)Lio/reactivex/z;
'https://www.lxt2019.com/api/addGaSecret' used in: Lcom/niqu/wallet/a/a/n;->a(Ljava/lang/String; Ljava/lang/String;)V
'https://www.lxt2019.com/api/countryCode' used in: Lcom/niqu/wallet/a/a/n;->d()V
'https://www.lxt2019.com/api/getCode' used in: Lcom/niqu/wallet/a/a/n;->a(Ljava/lang/String; Ljava/lang/String; I)V
'https://www.lxt2019.com/api/getFeeList' used in: Lcom/niqu/wallet/a/a/ad;->b(Ljava/lang/String; Ljava/lang/String;)V
'https://www.lxt2019.com/api/getFeeList' used in: Lcom/niqu/wallet/a/a/u;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/util/List; I D)V
'https://www.lxt2019.com/api/getGaSecret' used in: Lcom/niqu/wallet/a/a/j;->d()V
'https://www.lxt2019.com/api/getJudgeCode' used in: Lcom/niqu/wallet/a/a/n;->b(Ljava/lang/String;)V
'https://www.lxt2019.com/api/getMessageList' used in: Lcom/niqu/wallet/a/a/o;->a(I)V
'https://www.lxt2019.com/api/getMessageList' used in: Lcom/niqu/wallet/a/a/p;->a(I Z)V
'https://www.lxt2019.com/api/getMessageRead' used in: Lcom/niqu/wallet/a/a/p;->a(I)V
'https://www.lxt2019.com/api/getMessageRead' used in: Lcom/niqu/wallet/a/a/ac;->a(I)V
'https://www.lxt2019.com/api/getPayVcode' used in: Lcom/niqu/wallet/a/a/n;->f()V
'https://www.lxt2019.com/api/getRealNameInfo' used in: Lcom/niqu/wallet/a/a/d;->d()V
'https://www.lxt2019.com/api/getRealNameInfo' used in: Lcom/niqu/wallet/a/a/ae;->d()V
'https://www.lxt2019.com/api/getUserInfo' used in: Lcom/niqu/wallet/a/a/x;->a(Z)V
'https://www.lxt2019.com/api/getUserInfo' used in: Lcom/niqu/wallet/a/a/af;->a(Z)V
'https://www.lxt2019.com/api/getUserInfo' used in: Lcom/niqu/wallet/a/a/j;->a(Z)V
'https://www.lxt2019.com/api/getUserInfo' used in: Lcom/niqu/wallet/a/a/o;->a(Z)V
'https://www.lxt2019.com/api/login' used in: Lcom/niqu/wallet/a/a/n;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; I I)V
'https://www.lxt2019.com/api/outLogin' used in: Lcom/niqu/wallet/a/a/af;->d()V
'https://www.lxt2019.com/api/pwdgetCode' used in: Lcom/niqu/wallet/a/a/n;->b(Ljava/lang/String; Ljava/lang/String;)V
'https://www.lxt2019.com/api/realNameAuth' used in: Lcom/niqu/wallet/a/a/d;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)V
'https://www.lxt2019.com/api/setGooleUnbundling' used in: Lcom/niqu/wallet/a/a/j;->b(Ljava/lang/String; Ljava/lang/String;)V
'https://www.lxt2019.com/api/setOpinion' used in: Lcom/niqu/wallet/a/a/a;->a(Ljava/lang/String;)V
'https://www.lxt2019.com/api/setPassword' used in: Lcom/niqu/wallet/a/a/l;->a(Ljava/lang/String; Ljava/lang/String;)V
'https://www.lxt2019.com/api/setPaywd' used in: Lcom/niqu/wallet/a/a/ab;->a(Ljava/lang/String; Ljava/lang/String;)V
'https://www.lxt2019.com/api/setUserNickname' used in: Lcom/niqu/wallet/a/a/af;->b(Ljava/lang/String;)V
'https://www.lxt2019.com/api/setUserPhoto' used in: Lcom/niqu/wallet/a/a/af;->a(Ljava/lang/String;)V
'https://www.lxt2019.com/api/tranToken' used in: Lcom/niqu/wallet/a/a/ad;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)V
'https://www.lxt2019.com/api/tranToken' used in: Lcom/niqu/wallet/a/a/u;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)V
'https://www.lxt2019.com/api/v2/getCenterAdd' used in: Lcom/niqu/wallet/a/a/u;->a(I)V
'https://www.lxt2019.com/api/v2/getExchangeRate' used in: Lcom/niqu/wallet/a/a/x;->d()V
'https://www.lxt2019.com/api/v2/getExchangeRate' used in: Lcom/niqu/wallet/a/a/i;->d()V
'https://www.lxt2019.com/api/v2/getExchangeRate' used in: Lcom/niqu/wallet/a/a/o;->d()V
'https://www.lxt2019.com/api/v2/getNoticeInfo' used in: Lcom/niqu/wallet/a/a/r;->a(I)V
'https://www.lxt2019.com/api/v2/getNoticeList' used in: Lcom/niqu/wallet/a/a/s;->a(I Z)V
'https://www.lxt2019.com/api/v2/getOrderTradInfo' used in: Lcom/niqu/wallet/a/a/w;->a(Ljava/lang/String; Z)V
'https://www.lxt2019.com/api/v2/getOtcOrderList' used in: Lcom/niqu/wallet/a/a/aa;->a(I I I Z)V
'https://www.lxt2019.com/api/v2/getTradMenuList' used in: Lcom/niqu/wallet/a/a/aa;->a(I)V
'https://www.lxt2019.com/api/v2/getUserBankCard' used in: Lcom/niqu/wallet/a/a/t;->d()V
'https://www.lxt2019.com/api/v2/getUserOrderCenterList' used in: Lcom/niqu/wallet/a/a/z;->a(I I Z)V
'https://www.lxt2019.com/api/v2/getUserSubmitOrderList' used in: Lcom/niqu/wallet/a/a/q;->a(I I Z)V
'https://www.lxt2019.com/api/v2/getUserWZAccount' used in: Lcom/niqu/wallet/a/a/t;->a(I)V
'https://www.lxt2019.com/api/v2/getVersionUpdate' used in: Lcom/niqu/wallet/a/a/n;->e()V
'https://www.lxt2019.com/api/v2/setComplaint' used in: Lcom/niqu/wallet/a/a/w;->a(I Ljava/lang/String;)V
'https://www.lxt2019.com/api/v2/setCompletedPay' used in: Lcom/niqu/wallet/a/a/w;->a(Ljava/lang/String; I)V
'https://www.lxt2019.com/api/v2/setCurrencyOrder' used in: Lcom/niqu/wallet/a/a/u;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/util/List; I D D)V
'https://www.lxt2019.com/api/v2/setDeterminePay' used in: Lcom/niqu/wallet/a/a/w;->a(Ljava/lang/String;)V
'https://www.lxt2019.com/api/v2/setNoticeRead' used in: Lcom/niqu/wallet/a/a/s;->a(I)V
'https://www.lxt2019.com/api/v2/setOrderModify' used in: Lcom/niqu/wallet/a/a/q;->a(I I)V
'https://www.lxt2019.com/api/v2/setOrderUndo' used in: Lcom/niqu/wallet/a/a/q;->a(I)V
'https://www.lxt2019.com/api/v2/setTradBuy' used in: Lcom/niqu/wallet/a/a/u;->a(Lcom/niqu/wallet/bean/AssetBean$DataBean; I Ljava/lang/String; I)V
'https://www.lxt2019.com/api/v2/setTradBuy' used in: Lcom/niqu/wallet/a/a/v;->a(I Ljava/lang/String; I)V
'https://www.lxt2019.com/api/v2/setUserBankCard' used in: Lcom/niqu/wallet/a/a/t;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)V
'https://www.lxt2019.com/api/v2/setUserCallWeChat' used in: Lcom/niqu/wallet/a/a/y;->a(Ljava/lang/String;)V
'https://www.lxt2019.com/api/v2/setUserWZAccount' used in: Lcom/niqu/wallet/a/a/t;->a(Ljava/lang/String; Ljava/lang/String; I)V
'https://www.lxt2019.com/h5/' used in: Lcom/niqu/wallet/ui/notice/NoticeInfoActivity;->a()V
"javascript:document.getElementsByTagName('HEAD').item(0).removeChild(document.getElementById('QQBrowserSDKNightMode'));" used in: Lcom/tencent/smtt/sdk/WebView;->switchNightMode(Z)V
"javascript:document.getElementsByTagName('HEAD').item(0).removeChild(document.getElementById('QQBrowserSDKNightMode'));" used in: Lcom/tencent/smtt/sdk/WebView;->(Landroid/content/Context; Landroid/util/AttributeSet; I Ljava/util/Map; Z)V
"javascript:var style = document.createElement('style');style.type='text/css';style.id='QQBrowserSDKNightMode';style.innerHTML='html,body{background:none !important;background-color: #1d1e2a !important;}html *{background-color: #1d1e2a !important; color:#888888 !important;border-color:#3e4f61 !important;text-shadow:none !important;box-shadow:none !important;}a,a *{border-color:#4c5b99 !important; color:#2d69b3 !important;text-decoration:none !important;}a:visited,a:visited *{color:#a600a6 !important;}a:active,a:active *{color:#5588AA !important;}input,select,textarea,option,button{background-image:none !important;color:#AAAAAA !important;border-color:#4c5b99 !important;}form,div,button,span{background-color:#1d1e2a !important; border-color:#4c5b99 !important;}img{opacity:0.5}';document.getElementsByTagName('HEAD').item(0).appendChild(style);" used in: Lcom/tencent/smtt/sdk/WebView;->switchNightMode(Z)V
"javascript:var style = document.createElement('style');style.type='text/css';style.id='QQBrowserSDKNightMode';style.innerHTML='html,body{background:none !important;background-color: #1d1e2a !important;}html *{background-color: #1d1e2a !important; color:#888888 !important;border-color:#3e4f61 !important;text-shadow:none !important;box-shadow:none !important;}a,a *{border-color:#4c5b99 !important; color:#2d69b3 !important;text-decoration:none !important;}a:visited,a:visited *{color:#a600a6 !important;}a:active,a:active *{color:#5588AA !important;}input,select,textarea,option,button{background-image:none !important;color:#AAAAAA !important;border-color:#4c5b99 !important;}form,div,button,span{background-color:#1d1e2a !important; border-color:#4c5b99 !important;}img{opacity:0.5}';document.getElementsByTagName('HEAD').item(0).appendChild(style);" used in: Lcom/tencent/smtt/sdk/WebView;->switchToNightMode()V
"javascript:var style = document.createElement('style');style.type='text/css';style.id='QQBrowserSDKNightMode';style.innerHTML='html,body{background:none !important;background-color: #1d1e2a !important;}html *{background-color: #1d1e2a !important; color:#888888 !important;border-color:#3e4f61 !important;text-shadow:none !important;box-shadow:none !important;}a,a *{border-color:#4c5b99 !important; color:#2d69b3 !important;text-decoration:none !important;}a:visited,a:visited *{color:#a600a6 !important;}a:active,a:active *{color:#5588AA !important;}input,select,textarea,option,button{background-image:none !important;color:#AAAAAA !important;border-color:#4c5b99 !important;}form,div,button,span{background-color:#1d1e2a !important; border-color:#4c5b99 !important;}img{opacity:0.5}';document.getElementsByTagName('HEAD').item(0).appendChild(style);" used in: Lcom/tencent/smtt/sdk/WebView;->(Landroid/content/Context; Landroid/util/AttributeSet; I Ljava/util/Map; Z)V
'www.qq.com' used in: Lcom/tencent/smtt/sdk/ag;->l()Z

中危

检测到3处setSavePassword密码明文存储漏洞。

位置: classes.dex
com.umeng.socialize.view.BaseDialog;
com.niqu.wallet.ui.CommonWebActivity;
com.tencent.smtt.sdk.WebSettings;

webview的保存密码功能默认设置为true。Webview会明文保存网站上的密码到本地私有文件”databases/webview.db”中。对于可以被root的系统环境或者配合其他漏洞(如webview的同源绕过漏洞),攻击者可以获取到用户密码。
建议:显示设置webView.getSetting().setSavePassword(false)。

参考案例:
www.wooyun.org/bugs/wooyun-2010-021420
www.wooyun.org/bugs/wooyun-2013-020246

参考资料:
http://wolfeye.baidu.com/blog/
www.claudxiao.net/2013/03/android-webview-cache/

低危

检测到2个WebView系统隐藏接口未移除。

位置: classes.dex
com.umeng.socialize.view.BaseDialog;->setUpWebView()Z
com.niqu.wallet.ui.CommonWebActivity;->a()V

android webview组件包含3个隐藏的系统接口:searchBoxJavaBridge_,accessibilityTraversal以及accessibility,恶意程序可以利用它们实现远程代码执行。
如果使用了WebView,那么使用WebView.removeJavascriptInterface(String name) API,显示的移除searchBoxJavaBridge_、accessibility、accessibilityTraversal这三个接口。

参考资料:
http://wolfeye.baidu.com/blog/android-webview/
http://blog.csdn.net/u013107656/article/details/51729398
http://wolfeye.baidu.com/blog/android-webview-cve-2014-7224/

低危

检测到4处AES/DES弱加密风险。

位置: classes.dex
Lcom/tencent/smtt/utils/o;->a([B Ljava/lang/String;)[B
Lcom/tencent/smtt/utils/o;->b([B Ljava/lang/String;)[B
Lcom/tencent/smtt/utils/o;->c([B)[B
Lcom/tencent/smtt/utils/o;->()V

使用AES/DES/DESede加密算法时,如果使用ECB模式,容易受到攻击风险,造成信息泄露。建议在使用AES/DES/DESede加密算法时,应显示指定使用CBC或CFB加密模式

参考资料:
http://blog.csdn.net/u013107656/article/details/51997957
https://developer.android.com/reference/javax/crypto/Cipher.html
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

低危

非debug包,需要通过打包平台proguard脚本,移除大部分系统输出代码。
经扫描该包仍存在大量系统输出代码,共发现5处系统输出代码.(此处扫描的系统输出代码,是指调用System.out.print*输出的,本应在打包平台移除的系统输出代码.)
各个bundle系统输出代码详情如下:

位置: classes.dex
com.umeng.commonsdk.stateless.f;
io.reactivex.exceptions.CompositeException$c;
com.scwang.smartrefresh.layout.SmartRefreshLayout;
com.umeng.commonsdk.framework.b;
com.bumptech.glide.b.a;

低危

检测到1处主机名弱校验检测漏洞。

位置: classes.dex
com.lzy.okgo.e.a$2;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z

自定义HostnameVerifier类,却不实现其verify方法验证域名直接返回true,直接接受任意域名。建议:
对SSL证书进行强校验,包括签名CA是否合法、证书是否是自签名、主机域名是否匹配、证书是否过期等。

参考资料:
http://drops.wooyun.org/tips/3296
https://www.91ri.org/12534.html

低危

检测到3处RSA算法不使用padding。

位置: classes.dex
'RSA/ECB/NoPadding' used in: Lcom/tencent/smtt/utils/o;->()V
'RSA/ECB/NoPadding' used in: Lcom/tencent/smtt/utils/p;->c()Ljava/lang/String;
'RSA/ECB/NoPadding' used in: Lcom/tencent/smtt/utils/p;->a(Ljava/lang/String;)Ljava/lang/String;

使用RSA公钥时通常会绑定一个padding,原因是为了防止一些依赖于no padding时对RSA算法的攻击。

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

警告

检测到12处addFlags使用Intent.FLAG_ACTIVITY_NEW_TASK。

位置: classes.dex
com.azhon.appupdate.f.f;->a
com.azhon.appupdate.f.a;->a
com.tencent.smtt.sdk.bg;->b
com.niqu.wallet.widget.k;->onCreate
com.niqu.wallet.utils.a;->d
com.umeng.weixin.umengwx.WeChat;->launchShare
com.azhon.appupdate.activity.PermissionActivity;->a
com.tencent.smtt.sdk.a.d;->a
com.umeng.socialize.handler.UMMoreHandler;->share
com.tencent.smtt.sdk.bg;->onError
com.niqu.sdk.a.p;->d
com.tencent.smtt.sdk.v;->a

APP创建Intent传递数据到其他Activity,如果创建的Activity不是在同一个Task中打开,就很可能被其他的Activity劫持读取到Intent内容,跨Task的Activity通过Intent传递敏感信息是不安全的。建议:
尽量避免使用包含FLAG_ACTIVITY_NEW_TASK标志的Intent来传递敏感信息。

参考资料:
http://wolfeye.baidu.com/blog/intent-data-leak

警告

检测到1个导出的组件接收其他app的消息,这些组件会被其他app引用并导致dos攻击。

activity com.niqu.wallet.wxapi.WXEntryActivity

建议:
(1)最小化组件暴露。对不会参与跨应用调用的组件建议显示添加android:exported="false"属性。
(2)设置组件访问权限。对provider设置权限,同时将权限的protectionLevel设置为"signature"或"signatureOrSystem"。
(3)组件传输数据验证。对组件之间,特别是跨应用的组件之间的数据传入与返回做验证和增加异常处理,防止恶意调试数据传入,更要防止敏感数据返回。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0169746
http://www.wooyun.org/bugs/wooyun-2010-0104965

参考资料:
http://jaq.alibaba.com/blog.htm?spm=0.0.0.0.Wz4OeC&id=55
《Android安全技术解密与防范》

警告

检测到2潜在的XSS漏洞。

位置: classes.dex
com.umeng.socialize.view.BaseDialog;->setUpWebView()Z
com.niqu.wallet.ui.CommonWebActivity;->a()V

允许WebView执行JavaScript(setJavaScriptEnabled),有可能导致XSS攻击。建议尽量避免使用。
(1)API等于高高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
u(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis

警告

检测到5处IvParameterSpec的使用。

位置: classes.dex
com.a.a.b.a.a;->a([B [B)[B
com.a.a.b.a.a;->b([B [B)[B
com.umeng.commonsdk.stateless.f;->a([B [B)[B
com.umeng.commonsdk.statistics.common.DataHelper;->decrypt([B [B)[B
com.umeng.commonsdk.statistics.common.DataHelper;->encrypt([B [B)[B

使用IVParameterSpec函数,如果使用了固定的初始化向量,那么密码文本可预测性高得多,容易受到字典攻击等。建议禁止使用常量初始化矢量构造IVParameterSpec,使用聚安全提供的安全组件。

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

警告

检测到2处provider的grantUriPermissions设置为true。
com.niqu.wallet.utils.UpDateFileProvider
com.niqu.wallet.utils.WalletFileProvider


grant-uri-permission若设置为true,可被其它程序员通过uri访问到content provider的内容,容易造成信息泄露。

参考资料:
https://security.tencent.com/index.php/blog/msg/6

警告

检测到12处使用了加解密算法。密钥处理不当可能会导致信息泄露。

位置: classes.dex
okio.HashingSource;->(Lokio.Source; Lokio.ByteString; Ljava.lang.String;)V
com.a.a.b.a.a;->b([B [B)[B
com.umeng.commonsdk.stateless.f;->a([B [B)[B
com.umeng.commonsdk.statistics.common.DataHelper;->encrypt([B [B)[B
okio.ByteString;->hmac(Ljava.lang.String; Lokio.ByteString;)Lokio.ByteString;
okio.Buffer;->hmac(Ljava.lang.String; Lokio.ByteString;)Lokio.ByteString;
com.a.a.d.d;->a([B)Ljava.lang.String;
com.tencent.smtt.utils.LogFileUtils;->encryptKey(Ljava.lang.String; Ljava.lang.String;)[B
com.umeng.commonsdk.statistics.common.DataHelper;->decrypt([B [B)[B
com.tencent.smtt.utils.LogFileUtils;->encrypt(Ljava.lang.String; Ljava.lang.String;)[B
okio.HashingSink;->(Lokio.Sink; Lokio.ByteString; Ljava.lang.String;)V
com.a.a.b.a.a;->a([B [B)[B

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0105766
http://www.wooyun.org/bugs/wooyun-2015-0162907
http://www.wooyun.org/bugs/wooyun-2010-0187287

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html


动态扫描发现风险点

风险等级 风险名称

服务端分析

风险等级 风险名称

警告

检测到?处XSS漏洞。
开发中...

警告

检测到?处XSS跨站漏洞。
开发中...

应用证书