漏洞分析

0

高危漏洞

2

中危漏洞

0

低危漏洞

2

警告

文件名 Settings.apk
上传者 MrZhai
文件大小 50.35905456543MB
MD5 950691d8fb26a4b03923fbc62a371a47
包名 com.android.settings
Main Activity
Min SDK 27
Target SDK 27

权限列表

# 名称 说明 提示
0 android.permission.CALL_PHONE 允许应用程序在您不介入的情况下拨打电话。恶意应用程序可借此在您的话费单上产生意外通话费。请注意,此权限不允许应用程序拨打紧急呼救电话。 警告
1 android.permission.MASTER_CLEAR 允许应用程序将系统恢复为出厂设置,即清除所有数据、配置以及所安装的应用程序。 警告
2 android.permission.ACCESS_COARSE_LOCATION 访问大概的位置源(例如蜂窝网络数据库)以确定手机的大概位置(如果可以)。恶意应用程序可借此确定您所处的大概位置。 注意
3 android.permission.BLUETOOTH 允许应用程序查看本地蓝牙手机的配置,以及建立或接受与配对设备的连接。 注意
4 android.permission.CLEAR_APP_USER_DATA 允许应用程序清除用户数据。 注意
5 android.permission.COPY_PROTECTED_DATA 允许调用默认的容器服务复制内容。不适用于普通应用程序使用。 注意
6 android.permission.INSTALL_PACKAGES 允许应用程序安装全新的或更新的Android包。恶意应用程序可能会借此添加其具有任意权限的新应用程序。 注意
7 android.permission.MODIFY_PHONE_STATE 允许应用程序控制设备的电话功能。拥有此权限的应用程序可自行切换网络、打开和关闭无线通信等,而不会通知您。 注意
8 android.permission.READ_CONTACTS 允许应用程序读取您手机上存储的所有联系人(地址)数据。恶意应用程序可借此将您的数据发送给其他人。 注意
9 android.permission.READ_PHONE_STATE 允许应用程序访问设备的手机功能。有此权限的应用程序可确定此手机的号码和序列号,是否正在通话,以及对方的号码等。 注意
10 android.permission.REBOOT 允许应用程序强行重新启动手机。 注意
11 android.permission.RECEIVE_BOOT_COMPLETED 允许应用程序在系统完成启动后即自行启动。这样会延长手机的启动时间,而且如果应用程序一直运行,会降低手机的整体速度。 注意
12 android.permission.RECEIVE_BOOT_COMPLETED 允许应用程序在系统完成启动后即自行启动。这样会延长手机的启动时间,而且如果应用程序一直运行,会降低手机的整体速度。 注意
13 android.permission.WRITE_CONTACTS 允许应用程序修改您手机上存储的联系人(地址)数据。恶意应用程序可借此清除或修改您的联系人数据。 注意
14 android.permission.WRITE_SECURE_SETTINGS 允许应用程序修改系统的安全设置数据。普通应用程序不能使用此权限。 注意
15 android.permission.WRITE_SETTINGS 允许应用程序修改系统设置方面的数据。恶意应用程序可借此破坏您的系统配置。 注意
16 android.permission.WRITE_SYNC_SETTINGS 允许应用程序修改同步设置,例如是否为\“联系人\”启用同步。 注意
17 android.permission.WRITE_USER_DICTIONARY 允许应用程序向用户词典中写入新词。 注意
18 android.permission.ACCESS_CHECKIN_PROPERTIES 允许对检入服务上传的属性进行读/写访问。普通应用程序不能使用此权限。 提示
19 android.permission.ACCESS_NETWORK_STATE 允许应用程序查看所有网络的状态。 提示
20 android.permission.ACCESS_WIFI_STATE 允许应用程序查看有关WLAN状态的信息。 提示
21 android.permission.BACKUP 允许应用程序控制系统的备份和还原机制。普通应用程序不能使用此权限。 提示
22 android.permission.BATTERY_STATS 允许修改收集的电池使用情况统计信息。普通应用程序不能使用此权限。 提示
23 android.permission.BLUETOOTH_ADMIN 允许应用程序配置本地蓝牙手机,以及发现远程设备并与其配对。 提示
24 android.permission.CHANGE_CONFIGURATION 允许应用程序更改当前配置,例如语言设置或整体的字体大小。 提示
25 android.permission.CHANGE_WIFI_STATE 允许应用程序连接到WLAN接入点以及与WLAN接入点断开连接,并对配置的WLAN网络进行更改。 提示
26 android.permission.DELETE_PACKAGES 允许应用程序删除Android包。恶意应用程序可借此删除重要的应用程序。 提示
27 android.permission.DEVICE_POWER 允许应用程序打开或关闭手机。 提示
28 android.permission.FORCE_STOP_PACKAGES 允许应用程序强行停止其他应用程序。 提示
29 android.permission.GET_ACCOUNTS 允许应用程序获取手机已知的帐户列表。 提示
30 android.permission.HARDWARE_TEST 允许应用程序控制各外围设备以进行硬件测试。 提示
31 android.permission.INTERNET 允许程序访问网络. 提示
32 android.permission.MANAGE_ACCOUNTS 允许应用程序执行添加、删除帐户及删除其密码之类的操作。 提示
33 android.permission.MODIFY_AUDIO_SETTINGS 允许应用程序修改整个系统的音频设置,如音量和路由。 提示
34 android.permission.MOUNT_UNMOUNT_FILESYSTEMS 允许应用程序装载和卸载可移动存储器的文件系统。 提示
35 android.permission.MOVE_PACKAGE 允许应用程序在内部介质和外部介质之间移动应用程序资源。 提示
36 android.permission.PACKAGE_USAGE_STATS 允许使用统计资料的收集组件修改。普通应用程序不适合使用。 提示
37 android.permission.READ_SYNC_SETTINGS 允许应用程序读取同步设置,例如是否为\“联系人\”启用同步。 提示
38 android.permission.READ_SYNC_STATS 允许应用程序读取同步统计信息;例如已发生的同步历史记录。 提示
39 android.permission.READ_USER_DICTIONARY 允许应用程序读取用户在用户词典中存储的任意私有字词、名称和短语。 提示
40 android.permission.SET_TIME 允许应用程序更改手机的时间。 提示
41 android.permission.STATUS_BAR 允许应用程序停用状态栏或者增删系统图标。 提示
42 android.permission.USE_CREDENTIALS 允许应用程序请求身份验证标记。 提示
43 android.permission.VIBRATE 允许应用程序控制振动器。 提示
44 android.permission.WRITE_APN_SETTINGS 允许应用程序修改APN设置,例如任何APN的代理和端口。 提示
45 android.permission.WRITE_EXTERNAL_STORAGE 允许应用程序写入SD卡。 提示

四大组件

组件名称

com.android.settings.Settings
com.android.settings.SubSettings
com.android.settings.CreateShortcut
com.android.settings.Settings$NetworkDashboardActivity
com.android.settings.Settings$ConnectedDeviceDashboardActivity
com.android.settings.AirplaneModeVoiceActivity
com.android.settings.search.SearchActivity
com.android.settings.Settings$WifiSettingsActivity
com.android.settings.wifi.WifiPickerActivity
com.android.settings.Settings$ConfigureWifiSettingsActivity
com.android.settings.Settings$SavedAccessPointsSettingsActivity
com.android.settings.Settings$WifiInfoActivity
com.android.settings.wifi.WifiConfigInfo
com.android.settings.Settings$WifiAPITestActivity
com.android.settings.wifi.WifiStatusTest
com.android.settings.wifi.WifiNoInternetDialog
com.android.settings.Settings$ApnSettingsActivity
com.android.settings.Settings$AssistGestureSettingsActivity
com.android.settings.TetherProvisioningActivity
com.android.settings.Settings$TetherSettingsActivity
com.android.settings.Settings$WifiP2pSettingsActivity
com.android.settings.Settings$VpnSettingsActivity
com.vivo.settings.vpn.VpnConfigEditActivity
com.vivo.settings.vpn.VpnConfigDetailActivity
com.android.settings.Settings$DateTimeSettingsActivity
com.android.settings.Settings$LocalePickerActivity
com.android.settings.Settings$LanguageAndInputSettingsActivity
com.android.settings.Settings$AvailableVirtualKeyboardActivity
com.android.settings.Settings$ManageAssistActivity
com.android.settings.Settings$KeyboardLayoutPickerActivity
com.android.settings.Settings$PhysicalKeyboardActivity
com.android.settings.Settings$SpellCheckersSettingsActivity
com.android.settings.inputmethod.InputMethodAndSubtypeEnablerActivity
com.android.settings.Settings$UserDictionarySettingsActivity
com.android.settings.inputmethod.UserDictionaryAddWordActivity
com.android.settings.Settings$ZenModeSettingsActivity
com.android.settings.Settings$ZenModeVisualInterruptionSettingsActivity
com.android.settings.Settings$ZenModePrioritySettingsActivity
com.android.settings.Settings$WallpaperSettingsActivity
com.android.settings.wallpaper.WallpaperSuggestionActivity
com.android.settings.support.NewDeviceIntroSuggestionActivity
com.android.settings.Settings$ZenModeScheduleRuleSettingsActivity
com.android.settings.Settings$ZenModeEventRuleSettingsActivity
com.android.settings.Settings$ZenModeExternalRuleSettingsActivity
com.android.settings.Settings$DisplaySettingsActivity
com.android.settings.Settings$NightDisplaySettingsActivity
com.android.settings.Settings$NightDisplaySuggestionActivity
com.android.settings.Settings$DeviceInfoSettingsActivity
com.android.settings.SettingsLicenseActivity
com.android.settings.Settings$ManageApplicationsActivity
com.android.settings.Settings$ManageDomainUrlsActivity
com.android.settings.Settings$ExtinguishSuspendExplanationActivity
com.android.settings.Settings$VivoGameDTSExplanationActivity
com.android.settings.Settings$ElectronicSportModeActivity
com.android.settings.Settings$GameModeAssistantActivity
com.android.settings.Settings$MemorySettingsActivity
com.android.settings.Settings$AppMemoryUsageActivity
com.android.settings.Settings$AllApplicationsActivity
com.android.settings.Settings$HighPowerApplicationsActivity
com.android.settings.datausage.AppDataUsageActivity
com.android.settings.fuelgauge.RequestIgnoreBatteryOptimizations
com.android.settings.applications.InstalledAppDetailsTop
com.android.settings.Settings$RunningServicesActivity
com.android.settings.Settings$StorageUseActivity
com.android.settings.Settings$NotificationStationActivity
com.android.settings.notification.ZenModeVoiceActivity
com.android.settings.Settings$BackgroundCheckSummaryActivity
com.android.settings.Settings$LocationSettingsActivity
com.android.settings.Settings$SecurityAndPrivacySettingsActivity
com.android.settings.Settings$SecuritySettingsActivity
com.android.settings.MonitoringCertInfoActivity
com.android.settings.Settings$TrustedCredentialsSettingsActivity
com.android.settings.Settings$PrivacySettingsActivity
com.vivo.settings.SetFullBackupPassword
com.android.settings.CredentialStorage
com.android.settings.Settings$DeviceAdminSettingsActivity
com.android.settings.DeviceAdminAdd
com.vivo.settings.game.GameNetworkSpeedSettingsActivity
com.vivo.settings.game.GameNetworkOptimizationActivity
com.android.settings.Settings$UsageAccessSettingsActivity
com.android.settings.Settings$IccLockSettingsActivity
com.android.settings.IccLockSettings
com.vivo.settings.BBKIccLockSettingsTabActivity
com.android.settings.Settings$AccessibilitySettingsActivity
com.android.settings.accessibility.AccessibilitySettingsForSetupWizardActivity
com.android.settings.Settings$AccessibilityDaltonizerSettingsActivity
com.android.settings.Settings$CaptioningSettingsActivity
com.android.settings.Settings$TextToSpeechSettingsActivity
com.android.settings.Settings$EnterprisePrivacySettingsActivity
com.android.settings.password.ConfirmDeviceCredentialActivity
com.android.settings.password.ConfirmDeviceCredentialActivity$InternalActivity
com.android.settings.SetupRedactionInterstitial
com.android.settings.notification.RedactionInterstitial
com.android.settings.notification.RedactionSettingsStandalone
com.android.settings.password.ConfirmLockPattern
com.android.settings.password.ConfirmLockPassword
com.android.settings.fingerprint.FingerprintSettings
com.android.settings.fingerprint.FingerprintEnrollFindSensor
com.android.settings.fingerprint.FingerprintEnrollEnrolling
com.android.settings.fingerprint.FingerprintEnrollFinish
com.android.settings.fingerprint.FingerprintEnrollIntroduction
com.android.settings.fingerprint.SetupFingerprintEnrollFindSensor
com.android.settings.fingerprint.SetupFingerprintEnrollEnrolling
com.android.settings.fingerprint.SetupFingerprintEnrollFinish
com.android.settings.fingerprint.SetupFingerprintEnrollIntroduction
com.android.settings.fingerprint.FingerprintSuggestionActivity
com.android.settings.password.ConfirmLockPattern$InternalActivity
com.android.settings.password.ConfirmLockPassword$InternalActivity
com.android.settings.password.SetupChooseLockGeneric
com.android.settings.password.ChooseLockGeneric
com.android.settings.password.SetNewPasswordActivity
com.vivo.settings.password.ConfirmVivoPin
com.vivo.settings.password.ConfirmVivoPin$InternalActivity
com.android.settings.Settings$DesktopUsageRightActivity
com.android.settings.Settings$RecommendedInterestActivity
com.vivo.settings.password.VivoTempSecurity
com.android.settings.Settings$ScreenLockSuggestionActivity
com.android.settings.Settings$FingerprintEnrollSuggestionActivity
com.android.settings.password.ChooseLockGeneric$InternalActivity
com.android.settings.password.SetupChooseLockPattern
com.android.settings.password.ChooseLockPattern
com.android.settings.password.SetupChooseLockPassword
com.android.settings.password.ChooseLockPassword
com.android.settings.SetupEncryptionInterstitial
com.android.settings.EncryptionInterstitial
com.android.settings.Settings$StatusActivity
com.android.settings.Settings$SimStatusActivity
com.android.settings.Settings$ImeiInformationActivity
com.android.settings.Settings$StorageSettingsActivity
com.android.settings.Settings$PrivateVolumeSettingsActivity
com.android.settings.Settings$PublicVolumeSettingsActivity
com.android.settings.Settings$PrivateVolumeForgetActivity
com.android.settings.deviceinfo.StorageWizardInit
com.android.settings.deviceinfo.StorageWizardFormatConfirm
com.android.settings.deviceinfo.StorageWizardFormatProgress
com.android.settings.deviceinfo.StorageWizardMigrate
com.android.settings.deviceinfo.StorageWizardMigrateConfirm
com.android.settings.deviceinfo.StorageWizardMigrateProgress
com.android.settings.deviceinfo.StorageWizardReady
com.android.settings.deviceinfo.StorageWizardMoveConfirm
com.android.settings.deviceinfo.StorageWizardMoveProgress
com.android.settings.ApnEditor
com.android.settings.Settings$DevelopmentSettingsActivity
com.android.settings.development.DevelopmentSettingsDisabledActivity
com.android.settings.Settings$PrintSettingsActivity
com.android.settings.Settings$PrintJobSettingsActivity
com.android.settings.development.AppPicker
com.android.settings.Settings$WebViewAppPickerActivity
com.android.settings.Settings$UsbSettingsActivity
com.android.settings.wifi.WifiScanModeActivity
com.android.settings.deviceinfo.UsbModeChooserActivity
com.android.settings.RemoteBugreportActivity
com.android.settings.ActivityPicker
com.android.settings.Settings$AndroidBeamSettingsActivity
com.android.settings.Settings$WifiDisplaySettingsActivity
com.android.settings.Display
com.android.settings.RadioInfo
com.android.settings.BandMode
com.android.settings.Settings$TestingSettingsActivity
com.android.settings.AppWidgetPickActivity
com.android.settings.AllowBindAppWidgetActivity
com.android.settings.UsageStatsActivity
com.android.settings.Settings$PowerUsageSummaryActivity
com.android.settings.Settings$BatterySaverSettingsActivity
com.android.settings.fuelgauge.BatterySaverModeVoiceActivity
com.android.settings.Settings$AccountSyncSettingsActivity
com.android.settings.Settings$ManagedProfileSettingsActivity
com.android.settings.accounts.AddAccountSettings
com.android.settings.Settings$ChooseAccountActivity
com.android.settings.CryptKeeper
com.android.settings.FallbackHome
com.android.settings.CryptKeeper$FadeToBlack
com.android.settings.CryptKeeperConfirm$Blank
com.android.settings.Settings$CryptKeeperSettingsActivity
com.android.settings.Settings$DataPlanUsageSummaryActivity
com.android.settings.Settings$DataUsageSummaryActivity
com.android.settings.Settings$MobileDataUsageListActivity
com.android.settings.Settings$DreamSettingsActivity
com.android.settings.Settings$UserSettingsActivity
com.android.settings.Settings$PaymentSettingsActivity
com.android.settings.nfc.PaymentDefaultDialog
com.android.settings.nfc.HowItWorks
com.android.settings.SmsDefaultDialog
com.android.settings.Settings$SpecialAccessSettingsActivity
com.android.settings.Settings$NotificationAccessSettingsActivity
com.android.settings.Settings$VrListenersSettingsActivity
com.android.settings.Settings$PictureInPictureSettingsActivity
com.android.settings.Settings$AppPictureInPictureSettingsActivity
com.android.settings.Settings$ZenAccessSettingsActivity
com.android.settings.Settings$ConfigureNotificationSettingsActivity
com.android.settings.Settings$SoundSettingsActivity
com.android.settings.Settings$NotificationAppListActivity
com.android.settings.Settings$AppNotificationSettingsActivity
com.android.settings.Settings$ChannelNotificationSettingsActivity
com.android.settings.ManualDisplayActivity
com.android.settings.RegulatoryInfoDisplayActivity
com.android.settings.notification.NotificationAccessConfirmationActivity
com.android.settings.Settings$SimSettingsActivity
com.android.settings.sim.SimPreferenceDialog
com.android.settings.wifi.RequestToggleWiFiActivity
com.android.settings.wifi.WifiDialogActivity
com.android.settings.sim.SimDialogActivity
com.android.settings.Settings$WifiCallingSettingsActivity
com.android.settings.Settings$WifiCallingSuggestionActivity
com.android.settings.Settings$OverlaySettingsActivity
com.android.settings.Settings$AppDrawOverlaySettingsActivity
com.android.settings.Settings$WriteSettingsActivity
com.android.settings.Settings$AppWriteSettingsActivity
com.android.settings.Settings$ManageExternalSourcesActivity
com.android.settings.Settings$ManageAppExternalSourcesActivity
com.android.settings.ShowAdminSupportDetailsDialog
com.android.settings.Settings$AdvancedAppsActivity
com.android.settings.backup.BackupSettingsActivity
com.android.settings.Settings$AutomaticStorageManagerSettingsActivity
com.android.settings.Settings$LegacySupportActivity
com.android.settings.Settings$AppAndNotificationDashboardActivity
com.android.settings.Settings$UserAndAccountDashboardActivity
com.android.settings.Settings$SystemDashboardActivity
com.android.settings.support.SupportDashboardActivity
com.android.settings.qstile.DevelopmentTileConfigActivity
com.android.settings.HelpTrampoline
com.android.settings.Settings$DoubleTapPowerSuggestionActivity
com.android.settings.Settings$DoubleTwistSuggestionActivity
com.android.settings.Settings$AmbientDisplaySuggestionActivity
com.android.settings.Settings$AmbientDisplayPickupSuggestionActivity
com.android.settings.Settings$SwipeToNotificationSuggestionActivity
com.android.settings.applications.autofill.AutofillPickerActivity
com.android.settings.applications.autofill.AutofillPickerTrampolineActivity
com.vivo.settings.VivoSubSettings
com.vivo.settings.VivoSubSettingsForImmersiveBar
com.vivo.settings.CPURealDataActivity
com.android.settings.Settings$VivoTouchKeyActivity
com.android.settings.Settings$OneHandSettingsActivity
com.android.settings.Settings$GeneralSettingsActivity
com.android.settings.Settings$JoviKeySettingsActivity
com.android.settings.Settings$GameModeSettingsActivity
com.android.settings.Settings$GameInstalledListActivity
com.android.settings.Settings$OtgSettingsActivity
com.vivo.settings.secret.VivoSecretAndAppEncryption
com.vivo.settings.secret.ChooseSecretLockGeneric
com.vivo.settings.secret.ConfirmSecretPin
com.vivo.settings.secret.ConfirmSecretPinNoTitle
com.vivo.settings.secret.SetSecretPin
com.vivo.settings.secret.SetSecretPattern
com.vivo.settings.secret.ConfirmSecretPattern
com.vivo.settings.secret.ConfirmSecretPatternNoTitle
com.vivo.settings.secret.PasswordActivityUD
com.vivo.settings.secret.PasswordActivity
com.vivo.settings.password.ProblemTipPicker
com.vivo.settings.secret.SecretAuthentication
com.vivo.settings.VivoBottomKeyFunction
com.vivo.settings.secret.SecretPasswordBase
com.vivo.settings.password.ConfirmTipProblem
com.android.settings.Settings$FingerpintAndFaceSettingsActivity
com.vivo.settings.ZoneSettings
com.android.settings.Settings$BbkAccountSettings
com.android.settings.Settings$SuggestionSettings
com.android.settings.Settings$AirplaneModeSettings
com.vivo.settings.attribution.AttributionQueryActivity
com.android.settings.Settings$NightModeActivity
com.android.settings.MediaFormat
com.vivo.settings.notification.sound.SoundPicker
com.android.settings.Settings$VivoApplicationSettingsActivity
com.android.settings.Settings$VivoZenModeFromActivity
com.android.settings.Settings$VivoZenModeSettingsActivity
com.vivo.settings.development.AccountVerifyActivity
com.vivo.settings.BBKNfcSettingsTwo
com.vivo.settings.notification.sound.SoundPickerWithTabSelector
com.android.settings.Settings$VivoThemeSettingsActivity
com.android.settings.Settings$DataSaverSummaryActivity
com.android.settings.Settings$JoviSettingsActivity
com.android.settings.Settings$FullScreenRatioSelectActivity
com.vivo.settings.display.FullScreenDisplayActivity
com.android.settings.Settings$TelescopicCameraSoundActivity

com.android.settings.TetherService
com.android.settings.SettingsDumpService
com.android.settings.qstile.DevelopmentTiles$ShowLayout
com.android.settings.qstile.DevelopmentTiles$GPUProfiling
com.android.settings.qstile.DevelopmentTiles$ForceRTL
com.android.settings.qstile.DevelopmentTiles$AnimationSpeed
com.vivo.settings.ExternalStorageFormatter
com.vivo.settings.secret.UpdateToRom30Service
com.vivo.settings.attribution.AttributionUpgradeService
com.vivo.settings.xml.SettingsItemGenerateService

com.android.settings.SettingsInitialize
com.android.settings.deviceinfo.StorageUnmountReceiver
com.android.settings.TestingSettingsBroadcastReceiver
com.vivo.settings.ClearAppIconCacheReceiver
com.vivo.settings.AccountExitReceiver
com.vivo.settings.game.AppUninstallReceiver
com.android.settings.widget.SettingsAppWidgetProvider
com.android.settings.users.ProfileUpdateReceiver
com.vivo.settings.secret.SecretPasswordCheckReceiver
com.vivo.settings.attribution.AttributionQueryBroadcastReceiver
com.vivo.settings.attribution.AttrBroadcastReceiver
com.vivo.settings.BootCombineReceiver
com.vivo.settings.receiver.AppControllerReceiver
com.vivo.settings.development.DevelopmentBroadcastReceiver
com.vivo.settings.SettingsBroadcastReceiver
com.vivo.settings.BootReceiverInPhoneProcess
com.vivo.settings.accounts.ManageAccountReceiver

android.support.v4.content.FileProvider
com.android.settings.search.SettingsSearchIndexablesProvider
com.vivo.settings.provider.SecretProvider
com.vivo.settings.provider.SecretFileProvider
com.vivo.settings.secret.SecureContentProvider
com.vivo.settings.provider.FullScreenProvider
com.vivo.settings.provider.SettingsPublicProvider
com.vivo.settings.provider.SuggestionContentProvider

第三方库

# 库名 介绍

静态扫描发现风险点

风险等级 风险名称

中危

检测到4个未移除的敏感Test或Debug组件

com.android.settings.Settings$WifiAPITestActivity
com.android.settings.wifi.WifiStatusTest
com.android.settings.Settings$TestingSettingsActivity
com.android.settings.TestingSettingsBroadcastReceiver

建议:
在正式发布app前移除敏感的Test或Debug组件

中危

这个app使用了"android.uid.system"权限,并且有master key漏洞,会导致设备有被roo的风险。

警告

检测到223个导出的组件接收其他app的消息,这些组件会被其他app引用并导致dos攻击。

activity com.android.settings.Settings
activity com.android.settings.CreateShortcut
activity com.android.settings.Settings$NetworkDashboardActivity
activity com.android.settings.Settings$ConnectedDeviceDashboardActivity
activity com.android.settings.AirplaneModeVoiceActivity
activity com.android.settings.Settings$WifiSettingsActivity
activity com.android.settings.wifi.WifiPickerActivity
activity com.android.settings.Settings$ConfigureWifiSettingsActivity
activity com.android.settings.Settings$SavedAccessPointsSettingsActivity
activity com.android.settings.Settings$WifiInfoActivity
activity com.android.settings.wifi.WifiConfigInfo
activity com.android.settings.Settings$WifiAPITestActivity
activity com.android.settings.wifi.WifiStatusTest
activity com.android.settings.Settings$ApnSettingsActivity
activity com.android.settings.Settings$AssistGestureSettingsActivity
activity com.android.settings.Settings$TetherSettingsActivity
activity com.android.settings.Settings$WifiP2pSettingsActivity
activity com.android.settings.Settings$VpnSettingsActivity
activity com.android.settings.Settings$DateTimeSettingsActivity
activity com.android.settings.Settings$LocalePickerActivity
activity com.android.settings.Settings$LanguageAndInputSettingsActivity
activity com.android.settings.Settings$AvailableVirtualKeyboardActivity
activity com.android.settings.Settings$ManageAssistActivity
activity com.android.settings.Settings$KeyboardLayoutPickerActivity
activity com.android.settings.Settings$PhysicalKeyboardActivity
activity com.android.settings.Settings$SpellCheckersSettingsActivity
activity com.android.settings.inputmethod.InputMethodAndSubtypeEnablerActivity
activity com.android.settings.Settings$UserDictionarySettingsActivity
activity com.android.settings.inputmethod.UserDictionaryAddWordActivity
activity com.android.settings.Settings$ZenModeSettingsActivity
activity com.android.settings.Settings$ZenModeVisualInterruptionSettingsActivity
activity com.android.settings.Settings$ZenModePrioritySettingsActivity
activity com.android.settings.wallpaper.WallpaperSuggestionActivity
activity com.android.settings.support.NewDeviceIntroSuggestionActivity
activity com.android.settings.Settings$ZenModeScheduleRuleSettingsActivity
activity com.android.settings.Settings$ZenModeEventRuleSettingsActivity
activity com.android.settings.Settings$ZenModeExternalRuleSettingsActivity
activity com.android.settings.Settings$DisplaySettingsActivity
activity com.android.settings.Settings$NightDisplaySettingsActivity
activity com.android.settings.Settings$NightDisplaySuggestionActivity
activity com.android.settings.Settings$DeviceInfoSettingsActivity
activity com.android.settings.SettingsLicenseActivity
activity com.android.settings.Settings$ManageApplicationsActivity
activity com.android.settings.Settings$ManageDomainUrlsActivity
activity com.android.settings.Settings$MemorySettingsActivity
activity com.android.settings.Settings$AppMemoryUsageActivity
activity com.android.settings.Settings$AllApplicationsActivity
activity com.android.settings.Settings$HighPowerApplicationsActivity
activity com.android.settings.datausage.AppDataUsageActivity
activity com.android.settings.fuelgauge.RequestIgnoreBatteryOptimizations
activity com.android.settings.applications.InstalledAppDetailsTop
activity com.android.settings.Settings$RunningServicesActivity
activity com.android.settings.Settings$StorageUseActivity
activity com.android.settings.Settings$NotificationStationActivity
activity com.android.settings.notification.ZenModeVoiceActivity
activity com.android.settings.Settings$BackgroundCheckSummaryActivity
activity com.android.settings.Settings$LocationSettingsActivity
activity com.android.settings.Settings$SecurityAndPrivacySettingsActivity
activity com.android.settings.Settings$SecuritySettingsActivity
activity com.android.settings.MonitoringCertInfoActivity
activity com.android.settings.Settings$TrustedCredentialsSettingsActivity
activity com.android.settings.Settings$PrivacySettingsActivity
activity com.android.settings.CredentialStorage
activity com.android.settings.Settings$DeviceAdminSettingsActivity
activity com.android.settings.DeviceAdminAdd
activity com.vivo.settings.game.GameNetworkSpeedSettingsActivity
activity com.android.settings.Settings$UsageAccessSettingsActivity
activity com.android.settings.Settings$IccLockSettingsActivity
activity com.android.settings.IccLockSettings
activity com.android.settings.Settings$AccessibilitySettingsActivity
activity com.android.settings.accessibility.AccessibilitySettingsForSetupWizardActivity
activity com.android.settings.Settings$AccessibilityDaltonizerSettingsActivity
activity com.android.settings.Settings$CaptioningSettingsActivity
activity com.android.settings.Settings$TextToSpeechSettingsActivity
activity com.android.settings.Settings$EnterprisePrivacySettingsActivity
activity com.android.settings.password.ConfirmDeviceCredentialActivity
activity com.android.settings.SetupRedactionInterstitial
activity com.android.settings.notification.RedactionSettingsStandalone
activity com.android.settings.password.SetupChooseLockGeneric
activity com.android.settings.password.ChooseLockGeneric
activity com.android.settings.password.SetNewPasswordActivity
activity com.vivo.settings.password.VivoTempSecurity
activity com.android.settings.Settings$ScreenLockSuggestionActivity
activity com.android.settings.Settings$FingerprintEnrollSuggestionActivity
activity com.android.settings.Settings$StatusActivity
activity com.android.settings.Settings$SimStatusActivity
activity com.android.settings.Settings$ImeiInformationActivity
activity com.android.settings.Settings$StorageSettingsActivity
activity com.android.settings.Settings$PublicVolumeSettingsActivity
activity com.android.settings.ApnEditor
activity com.android.settings.Settings$DevelopmentSettingsActivity
activity com.android.settings.development.DevelopmentSettingsDisabledActivity
activity com.android.settings.Settings$PrintSettingsActivity
activity com.android.settings.Settings$PrintJobSettingsActivity
activity com.android.settings.Settings$UsbSettingsActivity
activity com.android.settings.wifi.WifiScanModeActivity
activity com.android.settings.ActivityPicker
activity com.android.settings.Settings$AndroidBeamSettingsActivity
activity com.android.settings.Settings$WifiDisplaySettingsActivity
activity com.android.settings.Display
activity com.android.settings.RadioInfo
activity com.android.settings.BandMode
activity com.android.settings.Settings$TestingSettingsActivity
activity com.android.settings.AppWidgetPickActivity
activity com.android.settings.AllowBindAppWidgetActivity
activity com.android.settings.UsageStatsActivity
activity com.android.settings.Settings$PowerUsageSummaryActivity
activity com.android.settings.Settings$BatterySaverSettingsActivity
activity com.android.settings.fuelgauge.BatterySaverModeVoiceActivity
activity com.android.settings.Settings$AccountSyncSettingsActivity
activity com.android.settings.accounts.AddAccountSettings
activity com.android.settings.CryptKeeper
activity com.android.settings.FallbackHome
activity com.android.settings.Settings$CryptKeeperSettingsActivity
activity com.android.settings.Settings$DataPlanUsageSummaryActivity
activity com.android.settings.Settings$DataUsageSummaryActivity
activity com.android.settings.Settings$MobileDataUsageListActivity
activity com.android.settings.Settings$DreamSettingsActivity
activity com.android.settings.Settings$UserSettingsActivity
activity com.android.settings.Settings$PaymentSettingsActivity
activity com.android.settings.nfc.PaymentDefaultDialog
activity com.android.settings.SmsDefaultDialog
activity com.android.settings.Settings$SpecialAccessSettingsActivity
activity com.android.settings.Settings$NotificationAccessSettingsActivity
activity com.android.settings.Settings$VrListenersSettingsActivity
activity com.android.settings.Settings$PictureInPictureSettingsActivity
activity com.android.settings.Settings$AppPictureInPictureSettingsActivity
activity com.android.settings.Settings$ZenAccessSettingsActivity
activity com.android.settings.Settings$ConfigureNotificationSettingsActivity
activity com.android.settings.Settings$SoundSettingsActivity
activity com.android.settings.Settings$NotificationAppListActivity
activity com.android.settings.Settings$AppNotificationSettingsActivity
activity com.android.settings.Settings$ChannelNotificationSettingsActivity
activity com.android.settings.ManualDisplayActivity
activity com.android.settings.RegulatoryInfoDisplayActivity
activity com.android.settings.Settings$SimSettingsActivity
activity com.android.settings.sim.SimDialogActivity
activity com.android.settings.Settings$WifiCallingSettingsActivity
activity com.android.settings.Settings$WifiCallingSuggestionActivity
activity com.android.settings.Settings$OverlaySettingsActivity
activity com.android.settings.Settings$AppDrawOverlaySettingsActivity
activity com.android.settings.Settings$WriteSettingsActivity
activity com.android.settings.Settings$AppWriteSettingsActivity
activity com.android.settings.Settings$ManageExternalSourcesActivity
activity com.android.settings.Settings$ManageAppExternalSourcesActivity
activity com.android.settings.ShowAdminSupportDetailsDialog
activity com.android.settings.Settings$AdvancedAppsActivity
activity com.android.settings.backup.BackupSettingsActivity
activity com.android.settings.Settings$AppAndNotificationDashboardActivity
activity com.android.settings.Settings$UserAndAccountDashboardActivity
activity com.android.settings.Settings$SystemDashboardActivity
activity com.android.settings.support.SupportDashboardActivity
activity com.android.settings.Settings$DoubleTapPowerSuggestionActivity
activity com.android.settings.Settings$DoubleTwistSuggestionActivity
activity com.android.settings.Settings$AmbientDisplaySuggestionActivity
activity com.android.settings.Settings$AmbientDisplayPickupSuggestionActivity
activity com.android.settings.Settings$SwipeToNotificationSuggestionActivity
activity com.android.settings.applications.autofill.AutofillPickerTrampolineActivity
activity com.vivo.settings.VivoSubSettings
activity com.vivo.settings.CPURealDataActivity
activity com.android.settings.Settings$VivoTouchKeyActivity
activity com.android.settings.Settings$OneHandSettingsActivity
activity com.android.settings.Settings$GeneralSettingsActivity
activity com.android.settings.Settings$JoviKeySettingsActivity
activity com.android.settings.Settings$GameModeSettingsActivity
activity com.android.settings.Settings$GameInstalledListActivity
activity com.android.settings.Settings$OtgSettingsActivity
activity com.vivo.settings.secret.ChooseSecretLockGeneric
activity com.vivo.settings.secret.PasswordActivityUD
activity com.vivo.settings.secret.PasswordActivity
activity com.vivo.settings.VivoBottomKeyFunction
activity com.android.settings.Settings$FingerpintAndFaceSettingsActivity
activity com.android.settings.Settings$SuggestionSettings
activity com.android.settings.Settings$AirplaneModeSettings
activity com.vivo.settings.attribution.AttributionQueryActivity
activity com.android.settings.Settings$NightModeActivity
activity com.android.settings.MediaFormat
activity com.vivo.settings.notification.sound.SoundPicker
activity com.android.settings.Settings$VivoApplicationSettingsActivity
activity com.android.settings.Settings$VivoZenModeFromActivity
activity com.android.settings.Settings$VivoZenModeSettingsActivity
activity com.vivo.settings.BBKNfcSettingsTwo
activity com.android.settings.Settings$VivoThemeSettingsActivity
activity com.android.settings.Settings$DataSaverSummaryActivity
activity com.android.settings.Settings$JoviSettingsActivity
activity com.vivo.settings.display.FullScreenDisplayActivity
activity com.android.settings.Settings$TelescopicCameraSoundActivity
activity-alias com.android.settings.wifi.WifiSettings
activity-alias com.android.settings.TetherSettings
activity-alias com.android.settings.LanguageSettings
activity-alias com.android.settings.UserDictionarySettings
activity-alias com.android.settings.DisplaySettings
activity-alias com.android.settings.applications.ManageApplications
activity-alias com.android.settings.ManageApplications
activity-alias com.android.settings.RunningServices
activity-alias com.android.settings.applications.StorageUse
activity-alias com.android.settings.applications.InstalledAppDetails
activity-alias com.android.settings.SecuritySettings
activity-alias com.android.settings.DeviceAdminSettings
activity-alias com.android.settings.SetProfileOwner
activity-alias com.android.settings.ConfirmDeviceCredentialActivity
activity-alias com.android.settings.deviceinfo.UsbSettings
activity-alias com.android.settings.UsbSettings
activity-alias com.android.settings.fuelgauge.PowerUsageSummary
activity-alias com.android.settings.SoundSettings
activity-alias com.android.settings.WebViewImplementation
activity-alias com.android.settings.SoundPicker
service com.vivo.settings.attribution.AttributionUpgradeService
receiver com.android.settings.SettingsInitialize
receiver com.android.settings.TestingSettingsBroadcastReceiver
receiver com.vivo.settings.ClearAppIconCacheReceiver
receiver com.vivo.settings.AccountExitReceiver
receiver com.vivo.settings.game.AppUninstallReceiver
receiver com.android.settings.users.ProfileUpdateReceiver
receiver com.vivo.settings.secret.SecretPasswordCheckReceiver
receiver com.vivo.settings.attribution.AttributionQueryBroadcastReceiver
receiver com.vivo.settings.attribution.AttrBroadcastReceiver
receiver com.vivo.settings.BootCombineReceiver
receiver com.vivo.settings.receiver.AppControllerReceiver
receiver com.vivo.settings.development.DevelopmentBroadcastReceiver
receiver com.vivo.settings.SettingsBroadcastReceiver
receiver com.vivo.settings.BootReceiverInPhoneProcess
receiver com.vivo.settings.accounts.ManageAccountReceiver

建议:
(1)最小化组件暴露。对不会参与跨应用调用的组件建议显示添加android:exported="false"属性。
(2)设置组件访问权限。对provider设置权限,同时将权限的protectionLevel设置为"signature"或"signatureOrSystem"。
(3)组件传输数据验证。对组件之间,特别是跨应用的组件之间的数据传入与返回做验证和增加异常处理,防止恶意调试数据传入,更要防止敏感数据返回。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0169746
http://www.wooyun.org/bugs/wooyun-2010-0104965

参考资料:
http://jaq.alibaba.com/blog.htm?spm=0.0.0.0.Wz4OeC&id=55
《Android安全技术解密与防范》

警告

检测到3处provider的grantUriPermissions设置为true。
android.support.v4.content.FileProvider
.search.SettingsSearchIndexablesProvider
com.vivo.settings.provider.SecretFileProvider


grant-uri-permission若设置为true,可被其它程序员通过uri访问到content provider的内容,容易造成信息泄露。

参考资料:
https://security.tencent.com/index.php/blog/msg/6


动态扫描发现风险点

风险等级 风险名称

服务端分析

风险等级 风险名称

警告

检测到?处XSS漏洞。
开发中...

警告

检测到?处XSS跨站漏洞。
开发中...

应用证书