漏洞分析

0

高危漏洞

6

中危漏洞

1

低危漏洞

3

警告

文件名 android-gems_1.0.6_official.apk
上传者 shuwoom
文件大小 3.1372966766357MB
MD5 8da65847d47270fd62b57b97d181faa3
包名 in.srain.gems
Main Activity in.srain.gems.activity.GHomeActivity
Min SDK 9
Target SDK 19

权限列表

# 名称 说明 提示
0 android.permission.READ_PHONE_STATE 允许应用程序访问设备的手机功能。有此权限的应用程序可确定此手机的号码和序列号,是否正在通话,以及对方的号码等。 注意
1 android.permission.ACCESS_NETWORK_STATE 允许应用程序查看所有网络的状态。 提示
2 android.permission.ACCESS_WIFI_STATE 允许应用程序查看有关WLAN状态的信息。 提示
3 android.permission.INTERNET 允许程序访问网络. 提示

四大组件

组件名称

in.srain.gems.activity.GHomeActivity
in.srain.gems.app.login.LoginActivity
in.srain.gems.activity.MyProfileActivity
in.srain.gems.activity.UserProfileActivity
in.srain.gems.activity.MyFavoriteActivity
in.srain.gems.app.detail.LibDetailActivity
in.srain.gems.activity.libs.OwnLibListActivity
in.srain.gems.activity.libs.PostedLibListActivity
in.srain.gems.activity.libs.FavoriteLibListActivity
android.support.v7.widget.TestActivity

第三方库

# 库名 介绍
0 com.umeng.analytics 友盟统计分析平台是国内最大的移动应用统计分析平台。
1 in.srain.cube.views 可展开,可拖动,可排序,可删除,固定更多的GridView
2 net.simonvt.menudrawer An android custom view which looks like the menu in Path 2.0 (for iOS).
3 com.facebook.cache.common An image management library by FaceBook.
4 com.avast.android.dialogs This is a library for easily constructing Holo and Material Design Dialogs.
5 com.squareup.leakcanary A memory leak detection library for Android and Java.
6 in.srain.cube.views.ptr Ultra Pull to Refresh for Android. Support all the views.
7 com.nineoldandroids Android library for using the Honeycomb animation API on all versions of the platform back to 1.0!
8 in.srain.cube A light package for Android development, it handles loading image and network request.
9 com.facebook.imagepipeline An image management library by FaceBook.
10 de.greenrobot.event Android optimized event bus that simplifies communication between Activities, Fragments, Threads, Services, etc. Less code, better quality.

静态扫描发现风险点

风险等级 风险名称

中危

检测到当前标志被设置成true或没设置,这会导致adb调试备份允许恶意攻击者复制应用程序数据,造成数据泄露。

中危

检测到1个未移除的敏感Test或Debug组件

android.support.v7.widget.TestActivity

建议:
在正式发布app前移除敏感的Test或Debug组件

中危

该app需要移除大部分日志打印代码。
经扫描该包仍存在大量打日志代码,共发现74处打日志代码.(此处扫描的日志打印代码,是指调用android.util.Log.* 打印的.)
详情如下:

位置: classes.dex
com.umeng.analytics.social.b;->d(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
u.aly.br;->a(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.image.impl.DefaultMemoryCache;->clear()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.nineoldandroids.animation.PropertyValuesHolder;->setupValue(Ljava/lang/Object; Lcom/nineoldandroids/animation/Keyframe;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.joanzapata.android.iconify.Utils;->replaceIcons(Ljava/lang/StringBuilder;)Ljava/lang/StringBuilder;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
u.aly.br;->c(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->b(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.ptr.util.PtrCLog;->v(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->d(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.app.XActivity;->showStatus(Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
de.greenrobot.event.util.ExceptionToResourceMapping;->mapThrowable(Ljava/lang/Throwable;)Ljava/lang/Integer;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.ptr.util.PtrCLog;->i(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.util.CLog;->v(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.ScrollHeaderFrame;->onMeasure(I I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
u.aly.br;->d(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
de.greenrobot.event.util.ErrorDialogConfig;->getMessageIdForThrowable(Ljava/lang/Throwable;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.joanzapata.android.iconify.Utils;->resourceToFile(Landroid/content/Context; Ljava/lang/String;)Ljava/io/File;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.ptr.util.PtrCLog;->w(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.image.ImageProvider;->fetchBitmapData(Lin/srain/cube/image/ImageLoader; Lin/srain/cube/image/ImageTask; Lin/srain/cube/image/iface/ImageReSizer;)Landroid/graphics/Bitmap;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
u.aly.br;->d(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
de.greenrobot.event.EventBus;->unregister(Ljava/lang/Object;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->a(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.facebook.imagepipeline.memory.NativeMemoryChunk;->copy(I Lcom/facebook/imagepipeline/memory/NativeMemoryChunk; I I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.GridViewWithHeaderAndFooter$HeaderViewGridAdapter;->getItemViewType(I)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.ScrollHeaderFrame;->onLayout(Z I I I I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
u.aly.br;->c(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
u.aly.br;->e(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.util.CLog;->d(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.ScrollHeaderFrame;->moveTo(I)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.ScrollHeaderFrame;->tryToMove(F)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.util.CLog;->e(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.util.SystemWatcher$1;->run()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.util.CLog;->d(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.facebook.imagepipeline.memory.NativeMemoryChunk;->finalize()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.ptr.util.PtrCLog;->i(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.ptr.util.PtrCLog;->d(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.util.CLog;->i(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.ScrollHeaderFrame;->dispatchTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.nineoldandroids.animation.PropertyValuesHolder;->getPropertyFunction(Ljava/lang/Class; Ljava/lang/String; Ljava/lang/Class;)Ljava/lang/reflect/Method;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
de.greenrobot.event.SubscriberMethodFinder;->findSubscriberMethods(Ljava/lang/Class;)Ljava/util/List;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->c(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.GridViewWithHeaderAndFooter$HeaderViewGridAdapter;->getViewTypeCount()I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.ptr.util.PtrCLog;->w(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.ptr.util.PtrCLog;->v(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.util.CLog;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.nineoldandroids.animation.PropertyValuesHolder$IntPropertyValuesHolder;->setAnimatedValue(Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->e(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
bolts.MeasurementEvent;->sendBroadcast()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->c(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.util.NetworkStatusManager$ConnectivityBroadcastReceiver;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.util.CLog;->i(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.nineoldandroids.animation.PropertyValuesHolder$FloatPropertyValuesHolder;->setAnimatedValue(Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.image.impl.DefaultMemoryCache;->(I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
u.aly.br;->b(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.util.CLog;->w(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.ptr.util.PtrCLog;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
u.aly.br;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/Exception;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.nineoldandroids.animation.PropertyValuesHolder;->setAnimatedValue(Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.util.CLog;->v(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.util.CLog;->w(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.analytics.social.b;->b(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.util.NetworkStatusManager$ConnectivityBroadcastReceiver;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
u.aly.br;->b(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
u.aly.br;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.ptr.util.PtrCLog;->d(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
net.simonvt.menudrawer.MenuDrawer;->logDrawerState(I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
de.greenrobot.event.EventBus;->postSingleEvent(Ljava/lang/Object; Lde/greenrobot/event/EventBus$PostingThreadState;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.image.ImageProvider;->decodeSampledBitmapFromDescriptor(Ljava/io/FileDescriptor; Lin/srain/cube/image/ImageTask; Lin/srain/cube/image/iface/ImageReSizer;)Landroid/graphics/Bitmap;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.GridViewWithHeaderAndFooter$HeaderViewGridAdapter;->getView(I Landroid/view/View; Landroid/view/ViewGroup;)Landroid/view/View;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.nineoldandroids.animation.PropertyValuesHolder;->setupSetterAndGetter(Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.image.ImageProvider;->decodeSampledBitmapFromInputStream(Ljava/io/InputStream; Lin/srain/cube/image/ImageTask; Lin/srain/cube/image/iface/ImageReSizer;)Landroid/graphics/Bitmap;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
in.srain.cube.views.ptr.util.PtrCLog;->e(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

中危

检测到1个WebView远程执行漏洞。

位置: classes.dex
bolts.WebViewAppLinkResolver$2;->then(Lbolts.Task;)Lbolts.Task;

Android API < 17之前版本存在远程代码执行安全漏洞,该漏洞源于程序没有正确限制使用addJavaScriptInterface方法,攻击者可以通过Java反射利用该漏洞执行任意Java对象的方法,导致远程代码执行安全漏洞。
(1)API等于高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252
http://drops.wooyun.org/papers/548

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis
https://developer.android.com/reference/android/webkit/WebView.html

中危

检测到11条敏感明文信息,建议移除。

位置: classes.dex
'10.0.0.172' used in: Lu/aly/t;->(Landroid/content/Context;)V
'http://alog.umeng.co/app_logs' used in: Lcom/umeng/analytics/a;->()V
'http://alog.umeng.com/app_logs' used in: Lcom/umeng/analytics/a;->()V
'http://log.umsns.com/share/api/' used in: Lcom/umeng/analytics/social/f;->a(Landroid/content/Context; Ljava/lang/String; [Lcom/umeng/analytics/social/UMPlatformData;)[Ljava/lang/String;
'http://oc.umeng.co/check_config_update' used in: Lcom/umeng/analytics/a;->()V
'http://oc.umeng.com/check_config_update' used in: Lcom/umeng/analytics/a;->()V
'http://www.android-gems.com/api/' used in: Lin/srain/gems/request/API;->()V
'http://www.android-gems.com/login?from=app' used in: Lin/srain/gems/app/login/LoginActivity;->createContentView()Landroid/view/View;
'http://www.huqiu.dev.android-gems.com/api/' used in: Lin/srain/gems/request/API;->()V
'http://www.huqiu.dev.android-gems.com/login?from=app' used in: Lin/srain/gems/app/login/LoginActivity;->createContentView()Landroid/view/View;
'javascript:boltsWebViewAppLinkResolverResult.setValue((function() { var metaTags = document.getElementsByTagName(\'meta\'); var results = []; for (var i = 0; i < metaTags.length; i++) { var property = metaTags[i].getAttribute(\'property\'); if (property && property.substring(0, \'al:\'.length) === \'al:\') { var tag = { "property": metaTags[i].getAttribute(\'property\') }; if (metaTags[i].hasAttribute(\'content\')) { tag[\'content\'] = metaTags[i].getAttribute(\'content\'); } results.push(tag); } } return JSON.stringify(results);})())' used in: Lbolts/WebViewAppLinkResolver$2$1;->runJavaScript(Landroid/webkit/WebView;)V

中危

检测到3处setSavePassword密码明文存储漏洞。

位置: classes.dex
bolts.WebViewAppLinkResolver$2;
in.srain.gems.web.WebViewController;
com.umeng.analytics.MobclickAgentJSInterface;

webview的保存密码功能默认设置为true。Webview会明文保存网站上的密码到本地私有文件”databases/webview.db”中。对于可以被root的系统环境或者配合其他漏洞(如webview的同源绕过漏洞),攻击者可以获取到用户密码。
建议:显示设置webView.getSetting().setSavePassword(false)。

参考案例:
www.wooyun.org/bugs/wooyun-2010-021420
www.wooyun.org/bugs/wooyun-2013-020246

参考资料:
http://wolfeye.baidu.com/blog/
www.claudxiao.net/2013/03/android-webview-cache/

低危

检测到4个WebView系统隐藏接口未移除。

位置: classes.dex
com.umeng.analytics.MobclickAgentJSInterface;->(Landroid.content.Context; Landroid.webkit.WebView; Landroid.webkit.WebChromeClient;)V
in.srain.gems.web.WebViewController;->(Landroid.webkit.WebView;)V
com.umeng.analytics.MobclickAgentJSInterface;->(Landroid.content.Context; Landroid.webkit.WebView;)V
bolts.WebViewAppLinkResolver$2;->then(Lbolts.Task;)Lbolts.Task;

android webview组件包含3个隐藏的系统接口:searchBoxJavaBridge_,accessibilityTraversal以及accessibility,恶意程序可以利用它们实现远程代码执行。
如果使用了WebView,那么使用WebView.removeJavascriptInterface(String name) API,显示的移除searchBoxJavaBridge_、accessibility、accessibilityTraversal这三个接口。

参考资料:
http://wolfeye.baidu.com/blog/android-webview/
http://blog.csdn.net/u013107656/article/details/51729398
http://wolfeye.baidu.com/blog/android-webview-cve-2014-7224/

警告

检测到4潜在的XSS漏洞。

位置: classes.dex
com.umeng.analytics.MobclickAgentJSInterface;->(Landroid.content.Context; Landroid.webkit.WebView;)V
com.umeng.analytics.MobclickAgentJSInterface;->(Landroid.content.Context; Landroid.webkit.WebView; Landroid.webkit.WebChromeClient;)V
in.srain.gems.web.WebViewController;->(Landroid.webkit.WebView;)V
bolts.WebViewAppLinkResolver$2;->then(Lbolts.Task;)Lbolts.Task;

允许WebView执行JavaScript(setJavaScriptEnabled),有可能导致XSS攻击。建议尽量避免使用。
(1)API等于高高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
u(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis

警告

检测到2处IvParameterSpec的使用。

位置: classes.dex
com.umeng.analytics.b;->a([B [B)[B
com.umeng.analytics.b;->b([B [B)[B

使用IVParameterSpec函数,如果使用了固定的初始化向量,那么密码文本可预测性高得多,容易受到字典攻击等。建议禁止使用常量初始化矢量构造IVParameterSpec,使用聚安全提供的安全组件。

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

警告

检测到2处使用了加解密算法。密钥处理不当可能会导致信息泄露。

位置: classes.dex
com.umeng.analytics.b;->a([B [B)[B
com.umeng.analytics.b;->b([B [B)[B

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0105766
http://www.wooyun.org/bugs/wooyun-2015-0162907
http://www.wooyun.org/bugs/wooyun-2010-0187287

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html


动态扫描发现风险点

风险等级 风险名称

服务端分析

风险等级 风险名称

警告

检测到?处XSS漏洞。
开发中...

警告

检测到?处XSS跨站漏洞。
开发中...

应用证书