0

高危漏洞

6

中危漏洞

6

低危漏洞

10

警告

文件名 %E5%A4%9A%E5%BC%80%E5%88%86%E8%BA%AB%20v12.5.apk
上传者 oddvaryu@gmail.com
文件大小 21.491466522217MB
MD5 ace8e2f3047a3eaacc1c83bc54ef3497
包名 com.bly.dkplat
Main Activity com.bly.dkplat.widget.splash.Splash
Min SDK 19
Target SDK 26

权限列表

# 名称 说明 提示
0 android.permission.ACCESS_COARSE_LOCATION 访问大概的位置源(例如蜂窝网络数据库)以确定手机的大概位置(如果可以)。恶意应用程序可借此确定您所处的大概位置。 注意
1 android.permission.ACCESS_FINE_LOCATION 访问精准的位置源,例如手机上的全球定位系统(如果有)。恶意应用程序可能会借此确定您所处的位置,并可能消耗额外的电池电量。 注意
2 android.permission.GET_TASKS 允许应用程序检索有关当前和最近运行的任务的信息。恶意应用程序可借此发现有关其他应用程序的保密信息。 注意
3 android.permission.READ_PHONE_STATE 允许应用程序访问设备的手机功能。有此权限的应用程序可确定此手机的号码和序列号,是否正在通话,以及对方的号码等。 注意
4 android.permission.WRITE_SETTINGS 允许应用程序修改系统设置方面的数据。恶意应用程序可借此破坏您的系统配置。 注意
5 android.permission.ACCESS_NETWORK_STATE 允许应用程序查看所有网络的状态。 提示
6 android.permission.ACCESS_WIFI_STATE 允许应用程序查看有关WLAN状态的信息。 提示
7 android.permission.CHANGE_WIFI_STATE 允许应用程序连接到WLAN接入点以及与WLAN接入点断开连接,并对配置的WLAN网络进行更改。 提示
8 android.permission.INTERNET 允许程序访问网络. 提示
9 android.permission.KILL_BACKGROUND_PROCESSES 无论内存资源是否紧张,都允许应用程序结束其他应用程序的后台进程。 提示
10 android.permission.MOUNT_UNMOUNT_FILESYSTEMS 允许应用程序装载和卸载可移动存储器的文件系统。 提示
11 android.permission.MOUNT_UNMOUNT_FILESYSTEMS 允许应用程序装载和卸载可移动存储器的文件系统。 提示
12 android.permission.VIBRATE 允许应用程序控制振动器。 提示
13 android.permission.WAKE_LOCK 允许应用程序防止手机进入休眠状态。 提示
14 android.permission.WRITE_EXTERNAL_STORAGE 允许应用程序写入SD卡。 提示

四大组件

组件名称

com.bly.dkplat.wxapi.WXPayEntryActivity
com.tencent.tauth.AuthActivity
com.tencent.connect.common.AssistActivity
com.bly.dkplat.wxapi.WXEntryActivity
com.alipay.sdk.app.H5PayActivity
com.bly.dkplat.widget.splash.Splash
com.bly.dkplat.widget.config.ConfigAcitivity
com.bly.dkplat.widget.config.HelpActivity
com.bly.dkplat.widget.config.FCodeActivity
com.bly.dkplat.widget.config.AboutUsActivity
com.bly.dkplat.widget.create.SelectAppIconActivity
com.bly.dkplat.widget.lock.PluginLockActivity
com.bly.dkplat.widget.create.CreateCustomActivity
com.bly.dkplat.widget.vip.BuyVipActivity
com.bly.dkplat.widget.create.CreatingNewActivity
com.bly.dkplat.widget.home.TuijianAvtivity
com.bly.dkplat.widget.manage.FixPluginActivity
com.bly.dkplat.widget.home.WebViewActivity
com.bly.dkplat.widget.home.TuijianWebViewActivity
com.bly.dkplat.widget.config.InvateActivity
com.bly.dkplat.widget.create.SelectCreateAppActivity
com.bly.dkplat.widget.MainActivity
com.bly.dkplat.widget.lock.PluginLockSetQuestionActivity
com.bly.dkplat.widget.lock.PluginLockConfigActivity
com.bly.dkplat.widget.developer.DeveloperActivity
com.bly.dkplat.widget.developer.FeedbackActivity
com.bly.dkplat.widget.remind.PluginRemindActivity
com.bly.dkplat.widget.manage.PluginConfigActivity
com.bly.dkplat.widget.manage.PluginSwitchCoreActivity
com.bly.dkplat.widget.developer.FeedbackListActivity
com.bly.dkplat.widget.developer.FeedbackDetailActivity
com.bly.dkplat.widget.guide.GuideActivity
com.bly.dkplat.widget.home.AppMarketCommentActivity
com.bly.dkplat.widget.manage.PluginManagerWebviewActivity
com.bly.dkplat.widget.orangenovel.activity.ReadNovelActivity
com.bly.dkplat.widget.orangenovel.activity.NovelDetailActivity
com.bly.dkplat.widget.orangenovel.activity.ONWebViewActivity
com.bly.dkplat.widget.orangenovel.activity.NovelCatalogActivity
com.bly.dkplat.widget.orangenovel.activity.BestNovelLockActivity
com.bly.dkplat.widget.orangenovel.activity.BookCityActivity
com.bly.dkplat.widget.orangenovel.activity.BookCitySelectTypeActivity
com.bly.dkplat.widget.orangenovel.activity.GenderRankingActivity
com.bly.dkplat.widget.orangenovel.activity.GenderSelectActivity
com.bly.dkplat.widget.orangenovel.activity.LocalCityHotActivity
com.bly.dkplat.widget.orangenovel.activity.NovelReadHistoryActivity
com.bly.dkplat.widget.orangenovel.activity.NovelTypeChannelActivity
com.bly.dkplat.widget.orangenovel.activity.NovelTypeSelectActivity
com.bly.dkplat.widget.orangenovel.activity.SearchActivity
com.bly.dkplat.widget.orangenovel.activity.SearchResultSpecialActivity
com.bly.dkplat.widget.orangenovel.activity.OrangeNovelActivity
com.bly.dkplat.widget.orangenovel.activity.RecommandActivity
com.bly.dkplat.widget.orangenovel.activity.OrangeNovelGiftActivity
com.bly.dkplat.widget.kefu.KefuActivity
com.bly.dkplat.widget.vip.GiftVipActivity
com.bly.dkplat.widget.orangenovel.activity.OrangeNovelMainActivity

com.bly.dkplat.service.PluginConfigService

com.bly.dkplat.receiver.PackageReceiver

com.bly.dkplat.widget.DKFileProvider

第三方库

# 库名 介绍
0 android.support.transition A backport of the new Transitions API for Android.
1 com.tencent.connect 腾讯开放平台
2 pl.droidsonroids.gif Views and Drawable for displaying animated GIFs on Android
3 okhttp3 An HTTP+SPDY client for Android and Java applications.
4 com.aspsine.swipetoloadlayout SwipeToLoadLayout provides a standard to achieve pull-to-refresh and pull-to-loadmore.
5 com.bumptech.glide An image loading and caching library for Android focused on smooth scrolling
6 com.alipay.sdk 支付宝移动支付功能
7 butterknife View "injection" library for Android.
8 com.tencent.smtt 腾讯X5浏览服务由QQ浏览器团队出品,致力于优化移动端webview体验的整套解决方案,使用QQ浏览器X5内核SDK和X5云端服务,解决移动端webview使用过程中出现的一切问题,优化用户的浏览体验,同时腾讯还将持续提供后续的更新和优化,为开发者提供最新最优秀的功能和服务。
9 com.tencent.tauth 腾讯QQ互联平台为广大开发者整理了SDK列表,辅助开发者快速接入QQ登录、分享等功能。QQ互联是腾讯旗下的开放平台,通过QQ互联,网站主和开发者可以申请接入QQ登录、用户可以使用QQ账号登录接入的站点,通过添加分享和赞组件,将站点内容分享到QQ空间和朋友网,通过获取API授权,网站主还可以将用户操作同步到QQ空间和朋友网。
10 android.support.multidex DEPRECATED

静态扫描发现风险点

风险等级 风险名称

中危

检测到当前标志被设置成true或没设置,这会导致adb调试备份允许恶意攻击者复制应用程序数据,造成数据泄露。

中危

检测到1处证书弱校验漏洞。

位置: classes.dex
com.zhy.http.okhttp.https.HttpsUtils$UnSafeTrustManager;

当移动App客户端使用https或ssl/tls进行通信时,如果不校验证书的可信性,将存在中间人攻击漏洞,可导致信息泄露,传输数据被篡改,甚至通过中间人劫持将原有信息替换成恶意链接或恶意代码程序,以达到远程控制等攻击意图。建议:
对SSL证书进行强校验,包括签名CA是否合法、证书是否是自签名、主机域名是否匹配、证书是否过期等。

参考案例:
www.wooyun.org/bugs/wooyun-2014-079358

参考资料:
http://drops.wooyun.org/tips/3296
http://wolfeye.baidu.com/blog/webview-ignore-ssl-error/
https://jaq.alibaba.com/blog.htm?id=60

中危

该app需要移除大部分日志打印代码。
经扫描该包仍存在大量打日志代码,共发现312处打日志代码.(此处扫描的日志打印代码,是指调用android.util.Log.* 打印的.)
详情如下:

位置: classes.dex
com.tencent.a.a.a.a.h;->b(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
c.e.a.a.ja;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.utils.TbsLogClient;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getAppVersionName(Landroid/content/Context; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.widget.slidingmenu.lib.m;->run()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXTextObject;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.d.a.l;->a(Ljava/io/InputStream; Landroid/graphics/BitmapFactory$Options; Lcom/bumptech/glide/load/d/a/j; Lcom/bumptech/glide/load/b; Z I I Z Lcom/bumptech/glide/load/d/a/l$a;)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.b.l;->a(Ljava/lang/String; J Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->registerApp(Ljava/lang/String; J)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.d.a.l;->a(Lcom/bumptech/glide/load/ImageHeaderParser$ImageType; Ljava/io/InputStream; Lcom/bumptech/glide/load/d/a/l$a; Lcom/bumptech/glide/load/b/a/e; Lcom/bumptech/glide/load/d/a/j; I I I I I Landroid/graphics/BitmapFactory$Options;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXMusicObject;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.youth.banner.b;->onClick(Landroid/view/View;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.a;->detach()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.DexClassLoaderProvider$2;->run()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.b.b.e;->a(Lcom/bumptech/glide/load/g; Lcom/bumptech/glide/load/b/b/a$b;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.youth.banner.Banner;->setImageList(Ljava/util/List;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelbiz.JumpToBizWebview$Req;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10$ActivityLifecycleCb$2;->run()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->checkSumConsistent([B [B)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.DexClassLoaderProvider;->(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/ClassLoader; Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.QbSdk;->startMiniQBToLoadUrl(Landroid/content/Context; Ljava/lang/String; Ljava/util/HashMap; Landroid/webkit/ValueCallback;)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->sw(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getLastAppkey(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.SendAuth$Req;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXMediaMessage$Builder;->pathNewToOld(Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.MLog;->print(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelbiz.JumpToBizTempSession$Req;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.d$a;->c([B)Lcom/tencent/mm/opensdk/diffdev/a/d$a;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getGPU(Ljavax/microedition/khronos/opengles/GL10;)[Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.TbsReaderView;->preOpen(Ljava/lang/String; Z)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.d.a;->a(Ljava/io/File; I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
c.e.a.a.ja;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.f.i;->a(Lcom/bumptech/glide/load/b/H; Ljava/lang/Object; Lcom/bumptech/glide/load/a;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getChannel(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.libwebp;->decodeInto([B [I [I)[I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->sendReq(Lcom/tencent/mm/opensdk/modelbase/BaseReq;)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.aspsine.swipetoloadlayout.SwipeToLoadLayout;->setRefreshHeaderView(Landroid/view/View;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.utils.p;->a(Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getCPU()Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.idtracking.ImprintHandler$a;->b(Lcom/umeng/commonsdk/statistics/proto/d;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.b.c$a;->a(I Ljava/lang/String;)Ljava/lang/Object;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->initMta(Landroid/content/Context; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->setChannel(Landroid/content/Context; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.b.a.k;->d(I I Landroid/graphics/Bitmap$Config;)Landroid/graphics/Bitmap;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.utils.A;->onError(Lcom/tencent/tauth/UiError;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->sendPayReq(Landroid/content/Context; Landroid/os/Bundle;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMLog;->jsonArry(Lorg/json/JSONArray;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.d.a.r;->b()Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.zhy.http.okhttp.utils.L;->e(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.libwebp;->decodeBase([B [I [I)[I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->(Landroid/content/Context; Ljava/lang/String; Z)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.utils.B;->a(Landroid/app/Activity; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Lcom/tencent/tauth/IUiListener;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.widget.config.HelpActivity$a;->setAndroidIsGoDetail()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.ReaderWizard;->checkPlugin(Ljava/lang/Object; Landroid/content/Context; Ljava/lang/String; Z)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXEmojiObject;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->openWXApp()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.d$a;->a(Ljava/lang/String; [B)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.a.a.a.a.b;->a(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.widget.b.e.o;->a(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.widget.slidingmenu.lib.CustomViewBehind;->a(Landroid/view/View; I I)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->setAppkey(Landroid/content/Context; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.a.a.a.a.b;->b()Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.TbsMediaFactory;->a()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.e;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.a.a.a;->a(Landroid/content/Context; Lcom/tencent/mm/opensdk/a/a/a$a;)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.aspsine.swipetoloadlayout.SwipeToLoadLayout$STATUS;->printStatus(I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.common.r;->f(Landroid/content/Context;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
butterknife.ButterKnife;->unbind(Ljava/lang/Object;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->sd(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.h.a.d$b;->acquire()Ljava/lang/Object;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.d.a.w;->b(Lcom/bumptech/glide/load/b/a/e; Landroid/graphics/Bitmap; I I)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.f;->doInBackground([Ljava/lang/Object;)Ljava/lang/Object;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.widget.manage.PluginManagerWebviewActivity$a;->log(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.c.p;->b(Lcom/bumptech/glide/f/c;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getOperator(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.utils.r;->a(Ljava/lang/Object; Ljava/lang/String; [Ljava/lang/Class; [Ljava/lang/Object;)Ljava/lang/Object;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
g.a.a;->a(Ljava/lang/String; Z Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->se(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->registerApp(Ljava/lang/String; J)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.f;->doInBackground([Ljava/lang/Object;)Ljava/lang/Object;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
android.arch.lifecycle.h;->d()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.e;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.a.a.a.a.d;->b()Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.common.StatLogger;->verbose(Ljava/lang/Object;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
butterknife.ButterKnife;->bind(Ljava/lang/Object; Ljava/lang/Object; Lbutterknife/ButterKnife$Finder;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->MD5(Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getLocale(Landroid/content/Context;)Ljava/util/Locale;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.QbSdk;->initForinitAndNotLoadSo(Landroid/content/Context;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->sendPayReq(Landroid/content/Context; Landroid/os/Bundle;)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.d.a.c;->a(Lcom/bumptech/glide/load/b/H; Ljava/io/File; Lcom/bumptech/glide/load/j;)Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getUTDID(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXFileObject;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.utils.d;->a(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getAppkey(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.d;->doInBackground([Ljava/lang/Object;)Ljava/lang/Object;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.DexClassLoaderProvider$1;->run()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.utils.LogFileUtils;->encrypt(Ljava/lang/String; Ljava/lang/String;)[B==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->sendResp(Lcom/tencent/mm/opensdk/modelbase/BaseResp;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.W;->log(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.libwebp;->loadWepLibraryIfNeed(Landroid/content/Context;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.d.e.a;->a(Lcom/bumptech/glide/b/c; I I)I==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.d.a.n;->b(Lcom/bumptech/glide/load/b/a/e; Landroid/graphics/drawable/Drawable; I I)Landroid/graphics/Bitmap;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.b.b.j;->(Lcom/bumptech/glide/load/b/b/j$a;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getSubOSVersion(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.b.a.k;->trimMemory(I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.aspsine.swipetoloadlayout.SwipeToLoadLayout;->updateScroll(F)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
c.e.a.a.ja;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.TbsShareManager;->g(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXAppExtendObject;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->v(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.utils.A;->onComplete(Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.DiffDevOAuthFactory;->getDiffDevOAuth(I)Lcom/tencent/mm/opensdk/diffdev/IDiffDevOAuth;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXMediaMessage$Builder;->pathOldToNew(Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getAppVersinoCode(Landroid/content/Context; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.a.a.a.a.e;->a(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.TbsReaderView;->downloadPlugin(Ljava/lang/String;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.DiffDevOAuthFactory;->getDiffDevOAuth(I)Lcom/tencent/mm/opensdk/diffdev/IDiffDevOAuth;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.UMConfigure;->init(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String; I Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->i(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->getWXAppSupportAPI()I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplComm;->validateAppSignatureForPackage(Landroid/content/Context; Ljava/lang/String; Z)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.c.g;->a(Landroid/content/Context; Lcom/bumptech/glide/c/c$a;)Lcom/bumptech/glide/c/c;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.c;->a(Landroid/content/Context; Lcom/bumptech/glide/d;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->w(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.f.a.i$a;->a(I I I)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.b;->onAuthGotQrcode(Ljava/lang/String; [B)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMLog;->jsonObject(Lorg/json/JSONObject;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.zhy.http.okhttp.log.LoggerInterceptor;->logForResponse(Lokhttp3/Response;)Lokhttp3/Response;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.aspsine.swipetoloadlayout.SwipeToLoadLayout;->setLoadMoreFooterView(Landroid/view/View;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.d.a.i;->a(Lcom/bumptech/glide/load/d/a/i$c; [B I)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.libwebp;->decodeBase_16bit([B Landroid/graphics/Bitmap$Config;)[I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
c.e.a.a.ja;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.d.a.l;->a(I I Ljava/lang/String; Landroid/graphics/BitmapFactory$Options; Landroid/graphics/Bitmap; I I J)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
c.e.a.a.ja;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.a.a.a.a.e;->b()Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.f$a;->d([B)Lcom/tencent/mm/opensdk/diffdev/a/f$a;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getAppVersionCode(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.GetMessageFromWX$Resp;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelbiz.AddCardToWXCardPackage$Resp;->toBundle(Landroid/os/Bundle;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
b.a.a.d;->a(Lb/a/a/b; Ljava/io/File; Ljava/lang/String; Lb/a/a/a;)Lb/a/a/a/a;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.I;->log(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.ReaderWizard;->destroy(Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.utils.K;->a(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.E;->log(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.youth.banner.Banner;->a(Ljava/lang/Class;)Lcom/youth/banner/Banner;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getAppName(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.d.e;->a()Ljava/util/List;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.utils.t;->a(Ljava/io/File;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.c.n;->handleMessage(Landroid/os/Message;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.b.a;->a(Landroid/os/Bundle; Ljava/lang/String;)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.f;->doInBackground([Ljava/lang/Object;)Ljava/lang/Object;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
b.a.a.a.a;->doInBackground([Ljava/lang/Object;)Ljava/lang/Object;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.b;->onAuthFinish(Lcom/tencent/mm/opensdk/diffdev/OAuthErrCode; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.e;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.d$a;->a(Ljava/lang/String; [B)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.zzhoujay.markdown.style.EmailSpan;->onClick(Landroid/view/View;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.utils.d;->a(Ljava/lang/String; Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.utils.i;->a(Landroid/content/Context; Ljava/lang/String; Landroid/net/Uri;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.e;->b(Ljava/lang/String; I)[B==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.MMSharedPreferences$REditor;->commit()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.f.a.i$a$a;->onPreDraw()Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.x;->a(Landroid/content/Context; Lcom/tencent/smtt/sdk/CookieManager$a; Ljava/lang/String; Z Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXWebpageObject;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.d$a;->c([B)Lcom/tencent/mm/opensdk/diffdev/a/d$a;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10$ActivityLifecycleCb;->onActivityPaused(Landroid/app/Activity;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelbiz.ChooseCardFromWXCardPackage$Resp;->fromBundle(Landroid/os/Bundle;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.e;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.SendMessageToWX$Req;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->unregisterApp()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.d;->onPostExecute(Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.a.a;->a(Landroid/content/Context; Lcom/tencent/mm/opensdk/a/a$a;)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getMac(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.widget.home.TuijianAvtivity$b;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.b.a.j;->a(I)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->setLastAppkey(Landroid/content/Context; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->encryptBySHA1(Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXMediaMessage;->setThumbImage(Landroid/graphics/Bitmap;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.TbsVideo;->openVideo(Landroid/content/Context; Ljava/lang/String; Landroid/os/Bundle;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.X5JsCore;->a(Ljava/lang/String; [Ljava/lang/Class; [Ljava/lang/Object;)Ljava/lang/Object;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelpay.PayReq;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.d.a.i;->b(Lcom/bumptech/glide/load/d/a/i$c;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.widget.orangenovel.fragment.TypeSelectFragment;->b()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getImsi(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.MMSharedPreferences;->getValue(Ljava/lang/String;)Ljava/lang/Object;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.b.a.k;->d()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->sendReq(Lcom/tencent/mm/opensdk/modelbase/BaseReq;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.ReaderWizard;->openFile(Ljava/lang/Object; Landroid/content/Context; Landroid/os/Bundle; Landroid/widget/FrameLayout;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.b.e;->a()Landroid/graphics/Bitmap;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.a.a.a.a.d;->a(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.widget.b.a.g;->d()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXVideoObject;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getNetworkOperatorName(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.X5JsCore;->a(Landroid/content/Context; Landroid/os/Looper;)Lcom/tencent/smtt/export/external/jscore/interfaces/IX5JsVirtualMachine;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getNetworkAccessMode(Landroid/content/Context;)[Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
b.a.a.d;->a(Lorg/json/JSONObject; Lb/a/a/a;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.d.a.l;->a(Lcom/bumptech/glide/load/ImageHeaderParser$ImageType; Ljava/io/InputStream; Lcom/bumptech/glide/load/d/a/l$a; Lcom/bumptech/glide/load/b/a/e; Lcom/bumptech/glide/load/d/a/j; I I I I I Landroid/graphics/BitmapFactory$Options;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXImageObject;->(Landroid/graphics/Bitmap;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.MLog;->print(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.X5JsCore;->(Landroid/content/Context;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.ReaderWizard;->onSizeChanged(Ljava/lang/Object; I I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.control.HackyViewPager;->onInterceptTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.aspsine.swipetoloadlayout.SwipeToLoadLayout;->onInterceptTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.zhy.http.okhttp.log.LoggerInterceptor;->logForRequest(Lokhttp3/Request;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.widget.manage.PluginManagerWebviewActivity$a;->setAndroidIsGoDetail()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.e;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.MMSharedPreferences;->getAll()Ljava/util/Map;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.ReaderWizard;->initTbsReader(Ljava/lang/Object; Landroid/content/Context;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.SendAuth$Resp;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.LaunchFromWX$Req;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.f$a;->d([B)Lcom/tencent/mm/opensdk/diffdev/a/f$a;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXImageObject;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->sv(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.ReaderWizard;->doCommand(Ljava/lang/Object; Ljava/lang/Integer; Ljava/lang/Object; Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.widget.vip.GiftVipActivity$b;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10$ActivityLifecycleCb;->onActivityResumed(Landroid/app/Activity;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXAPIFactory;->createWXAPI(Landroid/content/Context; Ljava/lang/String; Z)Lcom/tencent/mm/opensdk/openapi/IWXAPI;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
d.b.a.l;->a(Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.libwebp;->loadWepLibraryIfNeed(Landroid/content/Context; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.a;->stopAuth()Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.MLog;->print(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.b;->a(Landroid/content/Context; Lorg/json/JSONObject; Lorg/json/JSONObject;)Lorg/json/JSONObject;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.b.a.j;->a(Lcom/bumptech/glide/load/b/a/j$a; Ljava/lang/Class;)Ljava/lang/Object;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.widget.common.b;->onViewPositionChanged(Landroid/view/View; I I I I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.a;->auth(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Lcom/tencent/mm/opensdk/diffdev/OAuthListener;)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.DexClassLoaderProvider$2;->run()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.aspsine.swipetoloadlayout.SwipeToLoadLayout;->autoScrollFinished()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.b;->onQrcodeScanned()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.widget.common.b;->onViewCaptured(Landroid/view/View; I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.d;->q()Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelbiz.JumpToBizProfile$Req;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getFileMD5(Ljava/io/File;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getDisplayResolution(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getDeviceType(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.d.a.w;->c(Lcom/bumptech/glide/load/b/a/e; Landroid/graphics/Bitmap; I I)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.utils.A;->onCancel()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXMediaMessage$Builder;->fromBundle(Landroid/os/Bundle;)Lcom/tencent/mm/opensdk/modelmsg/WXMediaMessage;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.youth.banner.Banner;->f()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.common.StatLogger;->info(Ljava/lang/Object;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.b.a.k;->d(I I Landroid/graphics/Bitmap$Config;)Landroid/graphics/Bitmap;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.a;->auth(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Lcom/tencent/mm/opensdk/diffdev/OAuthListener;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.b.a.k;->a()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.MLog;->print(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.c;->i()Lcom/bumptech/glide/a;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.common.StatLogger;->debug(Ljava/lang/Object;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXDesignerSharedObject;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.b;->a(Landroid/content/Context;)J==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.b.a.k;->a(J)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.utils.plugin.n;->a(Z)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.a;->stopAuth()Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplComm;->validateAppSignature(Landroid/content/Context; [Landroid/content/pm/Signature; Z)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
b.a.a.a.a;->a(Ljava/io/InputStream; Lorg/json/JSONObject;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.b.a;->b(Landroid/os/Bundle; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.a.a.a;->a(Landroid/content/Context; Lcom/tencent/mm/opensdk/a/a/a$a;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.TbsReaderView;->a()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.libwebp;->incDecode([B [I [I)[I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.b.u;->a(Ljava/lang/String; J Lcom/bumptech/glide/load/g;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->registerApp(Ljava/lang/String; J)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.d$a;->a(Ljava/lang/String; [B)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->si(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.D;->log(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.utils.LogFileUtils;->encryptKey(Ljava/lang/String; Ljava/lang/String;)[B==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXMediaMessage;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.widget.create.SelectCreateAppActivity;->c()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.TbsReaderView;->openFile(Landroid/os/Bundle;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.a.a.a.a.h;->a(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.a.k;->a(Lcom/bumptech/glide/h; Lcom/bumptech/glide/load/a/d$a;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.d;->onPostExecute(Ljava/lang/Object;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.statistics.common.MLog;->print(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/Throwable;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMLog;->jsonArry(Ljava/lang/String; Lorg/json/JSONArray;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.a.k;->a(Ljava/net/HttpURLConnection;)Ljava/io/InputStream;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.b.a.k;->a(Landroid/graphics/Bitmap;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.common.StatLogger;->error(Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXEmojiPageSharedObject;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.d.e.a;->a(Ljava/nio/ByteBuffer; I I Lcom/bumptech/glide/b/d; Lcom/bumptech/glide/load/j;)Lcom/bumptech/glide/load/d/e/e;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
butterknife.ButterKnife;->findViewBinderForClass(Ljava/lang/Class;)Lbutterknife/ButterKnife$ViewBinder;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.d.a.i;->a(Lcom/bumptech/glide/load/d/a/i$c; Lcom/bumptech/glide/load/b/a/b;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->unregisterApp()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.export.external.DexLoader;->createDexClassLoader(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/ClassLoader; Landroid/content/Context;)Ldalvik/system/DexClassLoader;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.diffdev.a.d;->doInBackground([Ljava/lang/Object;)Ljava/lang/Object;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.utils.j;->b(Ljava/io/File;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.f.i;->a(Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.b.b.e;->a(Lcom/bumptech/glide/load/g;)Ljava/io/File;==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMRTLog;->d(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.utils.p;->a(Ljava/lang/Object; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelbiz.AddCardToWXCardPackage$Req;->toBundle(Landroid/os/Bundle;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.common.r;->b(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.UMConfigure;->init(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String; I Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.d.a.i;->a(Lcom/bumptech/glide/load/d/a/i$b;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getRegisteredOperator(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10$ActivityLifecycleCb$1;->run()V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.d.e;->a()Ljava/util/List;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getSubOSName(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.common.r;->a(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.b.L;->b(Ljava/lang/Object;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.load.b.a.k;->a(J)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->detach()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.modelmsg.WXEmojiSharedObject;->checkArgs()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.d.c;->run()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.utils.UMUtils;->getAppVersionName(Landroid/content/Context;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.a.a;->a(Landroid/content/Context; Lcom/tencent/mm/opensdk/a/a$a;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->handleIntent(Landroid/content/Intent; Lcom/tencent/mm/opensdk/openapi/IWXAPIEventHandler;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.bumptech.glide.c.e;->onReceive(Landroid/content/Context; Landroid/content/Intent;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.mm.opensdk.openapi.WXApiImplV10;->handleIntent(Landroid/content/Intent; Lcom/tencent/mm/opensdk/openapi/IWXAPIEventHandler;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.debug.UMLog;->jsonObject(Ljava/lang/String; Lorg/json/JSONObject;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.smtt.sdk.ReaderWizard;->userStatistics(Ljava/lang/Object; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.common.StatLogger;->warn(Ljava/lang/Object;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.utils.p;->a(Ljava/lang/Object; Ljava/lang/Object;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.umeng.commonsdk.UMConfigure;->setLogEnabled(Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.wxop.stat.common.r;->f(Landroid/content/Context;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.bly.dkplat.widget.slidingmenu.lib.SlidingMenu;->fitSystemWindows(Landroid/graphics/Rect;)Z==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
b.a.a.e;->a(Ljava/util/Map;)Lorg/json/JSONObject;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

中危

检测到11个WebView远程执行漏洞。

位置: classes.dex
com.tencent.smtt.sdk.WebView;->addJavascriptInterface(Ljava.lang.Object; Ljava.lang.String;)V
com.bly.dkplat.widget.config.HelpActivity;->b()V
com.bly.dkplat.widget.config.InvateActivity;->b()V
com.bly.dkplat.widget.home.TuijianWebViewActivity;->b()V
com.bly.dkplat.widget.home.WebViewActivity;->b()V
com.bly.dkplat.widget.orangenovel.activity.ONWebViewActivity;->b()V
com.tencent.smtt.sdk.JsContext;->addJavascriptInterface(Ljava.lang.Object; Ljava.lang.String;)V
com.tencent.smtt.sdk.WebView;->addJavascriptInterface(Ljava.lang.Object; Ljava.lang.String;)V
com.bly.dkplat.widget.manage.PluginManagerWebviewActivity;->b()V
com.tencent.smtt.sdk.JsVirtualMachine$a;->addJavascriptInterface(Ljava.lang.Object; Ljava.lang.String;)V
com.tencent.smtt.sdk.X5JsCore;->addJavascriptInterface(Ljava.lang.Object; Ljava.lang.String;)V

Android API < 17之前版本存在远程代码执行安全漏洞,该漏洞源于程序没有正确限制使用addJavaScriptInterface方法,攻击者可以通过Java反射利用该漏洞执行任意Java对象的方法,导致远程代码执行安全漏洞。
(1)API等于高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252
http://drops.wooyun.org/papers/548

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis
https://developer.android.com/reference/android/webkit/WebView.html

中危

检测到134条敏感明文信息,建议移除。

位置: classes.dex
'10.0.0.172' used in: Lcom/tencent/wxop/stat/common/l;->a(Landroid/content/Context;)Lorg/apache/http/HttpHost;
'10.0.0.172' used in: Lcom/umeng/commonsdk/stateless/e;->(Landroid/content/Context;)V
'10.0.0.172' used in: Lc/e/a/a/A;->(Landroid/content/Context;)V
'10.0.0.172' used in: Lcom/umeng/commonsdk/statistics/internal/c;->(Landroid/content/Context;)V
'10.0.0.200' used in: Lcom/tencent/wxop/stat/common/l;->a(Landroid/content/Context;)Lorg/apache/http/HttpHost;
'data:image' used in: Lcom/bumptech/glide/load/c/g;->a(Ljava/lang/Object;)Z
'data:image' used in: Lcom/bumptech/glide/load/c/h;->decode(Ljava/lang/String;)Ljava/io/InputStream;
'file:///android_asset/err.html' used in: Lcom/bly/dkplat/widget/manage/PluginManagerWebviewActivity$c;->onReceivedError(Lcom/tencent/smtt/sdk/WebView; I Ljava/lang/String; Ljava/lang/String;)V
'file:///android_asset/err.html' used in: Lcom/bly/dkplat/widget/manage/PluginManagerWebviewActivity$c;->onReceivedError(Lcom/tencent/smtt/sdk/WebView; Lcom/tencent/smtt/export/external/interfaces/WebResourceRequest; Lcom/tencent/smtt/export/external/interfaces/WebResourceError;)V
'http://a.app.qq.com/o/simple.jsp?pkgname=com.bly.dkplat' used in: Lcom/bly/dkplat/utils/B;->a(Landroid/app/Activity; Lcom/tencent/tauth/IUiListener;)V
'http://a.app.qq.com/o/simple.jsp?pkgname=com.bly.dkplat' used in: Lcom/bly/dkplat/utils/B;->a(Landroid/app/Activity; I)V
'http://a.app.qq.com/o/simple.jsp?pkgname=com.bly.dkplat' used in: Lcom/bly/dkplat/utils/B;->b(Landroid/app/Activity; Lcom/tencent/tauth/IUiListener;)V
'http://api.cellocation.com:81/' used in: Lcom/bly/dkplat/a/a;->()V
'http://appsupport.qq.com/cgi-bin/qzapps/mapp_addapp.cgi' used in: Lcom/tencent/connect/auth/AuthAgent$b;->(Lcom/tencent/connect/auth/AuthAgent; Lcom/tencent/tauth/IUiListener;)V
'http://appsupport.qq.com/cgi-bin/qzapps/mapp_addapp.cgi' used in: Lcom/tencent/connect/auth/AuthAgent$b;->a()V
'http://cgi.connect.qq.com/qqconnectopen/openapi/policy_conf' used in: Lcom/tencent/open/utils/f$1;->run()V
'http://chaos.91ishare.cn/update/settings.json' used in: Lcom/bly/dkplat/config/a;->()V
'http://debugtbs.qq.com' used in: Lcom/tencent/smtt/sdk/WebView;->showDebugView(Ljava/lang/String;)Z
'http://debugx5.qq.com' used in: Lcom/tencent/smtt/sdk/WebView;->showDebugView(Ljava/lang/String;)Z
'http://dkplat.cn-gd.ufileos.com/logo_full.png' used in: Lcom/bly/dkplat/config/a;->()V
'http://dkplat.cn-gd.ufileos.com/res_201' used in: Lcom/bly/dkplat/utils/plugin/o;->()V
'http://fcode.cn-gd.ufileos.com/' used in: Lcom/bly/dkplat/utils/K;->a()Ljava/lang/String;
'http://fusion.qq.com/cgi-bin/qzapps/unified_jump?appid=%1$s&from=%2$s&isOpenAppID=1' used in: Lcom/tencent/connect/share/QQShare;->shareToQQ(Landroid/app/Activity; Landroid/os/Bundle; Lcom/tencent/tauth/IUiListener;)V
'http://fusion.qq.com/cgi-bin/qzapps/unified_jump?appid=%1$s&from=%2$s&isOpenAppID=1' used in: Lcom/tencent/connect/share/QzoneShare;->shareToQzone(Landroid/app/Activity; Landroid/os/Bundle; Lcom/tencent/tauth/IUiListener;)V
'http://h5.m.taobao.com/trade/paySuccess.html?bizOrderId=$OrderId$&' used in: Lc/a/g/c/a;->()V
'http://h5.m.taobao.com/trade/paySuccess.html?bizOrderId=$OrderId$&' used in: Lc/a/g/c/b;->run()V
'http://h5.m.taobao.com/trade/paySuccess.html?bizOrderId=$OrderId$&' used in: Lc/a/g/c/a;->b()Lc/a/g/c/a;
'http://jznovel.91ishare.cn/share_logo.png' used in: Lcom/bly/dkplat/widget/b/e/x;->a(Landroid/app/Activity; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Z Lcom/tencent/tauth/IUiListener;)Z
'http://log.umsns.com/share/api/' used in: Lc/e/a/b/r;->a(Landroid/content/Context; Ljava/lang/String; [Lc/e/a/b/d;)[Ljava/lang/String;
'http://m.alipay.com/?action=h5quit' used in: Lc/a/g/j/k;->a(Landroid/webkit/WebView; Ljava/lang/String; Landroid/app/Activity;)Z
'http://mcgw.alipay.com/sdklog.do' used in: Lc/a/g/f/a/c;->a(Landroid/content/Context; Ljava/lang/String;)Lc/a/g/f/b;
'http://mdc.html5.qq.com/mh?channel_id=50079&u=' used in: Lcom/tencent/smtt/sdk/a/d;->a(Landroid/content/Context;)Lcom/tencent/smtt/sdk/a/d$a;
'http://mobilegw-1-64.test.alipay.net/mgw.htm' used in: Lc/a/c/b/a;->c()Ljava/lang/String;
'http://mobilegw-1-64.test.alipay.net/mgw.htm' used in: Lc/a/c/b/a;->c()Ljava/lang/String;
'http://mobilegw.aaa.alipay.net/mgw.htm' used in: Lc/a/c/b/a;->c()Ljava/lang/String;
'http://mobilegw.aaa.alipay.net/mgw.htm' used in: Lc/a/c/b/a;->c()Ljava/lang/String;
'http://mobilegw.stable.alipay.net/mgw.htm' used in: Lc/a/c/b/a;->c()Ljava/lang/String;
'http://mobilegw.stable.alipay.net/mgw.htm' used in: Lc/a/c/b/a;->c()Ljava/lang/String;
'http://mqqad.html5.qq.com/adjs' used in: Lcom/tencent/smtt/utils/v;->(Landroid/content/Context;)V
'http://open.weixin.qq.com/connect/sdk/qrconnect?appid=%s&noncestr=%s×tamp=%s&scope=%s&signature=%s' used in: Lcom/tencent/mm/opensdk/diffdev/a/d;->()V
'http://openmobile.qq.com/oauth2.0/m_jump_by_version?' used in: Lcom/tencent/connect/common/BaseApi;->a(Ljava/lang/String;)Ljava/lang/String;
'http://orange.91ishare.cn/ApiServer?fn=fontSkin' used in: Lcom/bly/dkplat/widget/b/b/r;->h()V
'http://orange.91ishare.cn/ApiServer?fn=it' used in: Lcom/bly/dkplat/widget/orangenovel/activity/OrangeNovelMainActivity;->c()V
'http://orange.91ishare.cn/BookCity?fn=bookCity' used in: Lcom/bly/dkplat/widget/orangenovel/activity/BookCityActivity;->b()V
'http://orange.91ishare.cn/BookCity?fn=cityTop' used in: Lcom/bly/dkplat/widget/orangenovel/activity/LocalCityHotActivity;->b()V
'http://orange.91ishare.cn/BookCity?fn=guessLike' used in: Lcom/bly/dkplat/widget/orangenovel/activity/BookCityActivity;->c()V
'http://orange.91ishare.cn/BookCity?fn=newNovel' used in: Lcom/bly/dkplat/widget/orangenovel/activity/BookCityActivity;->e()V
'http://orange.91ishare.cn/BookCity?fn=recNovel' used in: Lcom/bly/dkplat/widget/orangenovel/activity/BookCityActivity;->d()V
'http://orange.91ishare.cn/BookCity?fn=sexTop' used in: Lcom/bly/dkplat/widget/orangenovel/fragment/GenderRankingFragment;->b(I)V
'http://orange.91ishare.cn/BookCity?fn=styleData' used in: Lcom/bly/dkplat/widget/orangenovel/activity/NovelTypeChannelActivity;->b()V
'http://orange.91ishare.cn/BookCity?fn=typeData' used in: Lcom/bly/dkplat/widget/orangenovel/activity/NovelTypeChannelActivity;->a(I)V
'http://orange.91ishare.cn/BookCity?fn=vipClickNum' used in: Lcom/bly/dkplat/widget/b/c/n;->b(Lcom/bly/dkplat/widget/orangenovel/db/entity/Novel;)V
'http://orange.91ishare.cn/BookCity?fn=vipNovelData' used in: Lcom/bly/dkplat/widget/orangenovel/activity/BestNovelLockActivity;->b()V
'http://orange.91ishare.cn/Recommand?fn=gettype' used in: Lcom/bly/dkplat/widget/orangenovel/activity/BookCitySelectTypeActivity;->b()V
'http://orange.91ishare.cn/Recommand?fn=gettype' used in: Lcom/bly/dkplat/widget/orangenovel/activity/NovelTypeSelectActivity;->c()V
'http://orange.91ishare.cn/Recommand?fn=leadTag' used in: Lcom/bly/dkplat/widget/orangenovel/activity/SearchResultSpecialActivity;->a(I)V
'http://orange.91ishare.cn/Recommand?fn=plotTag' used in: Lcom/bly/dkplat/widget/orangenovel/activity/SearchResultSpecialActivity;->b(I)V
'http://orange.91ishare.cn/Recommand?fn=recommand' used in: Lcom/bly/dkplat/widget/orangenovel/activity/RecommandActivity;->b()V
'http://orange.91ishare.cn/Recommand?fn=recommand' used in: Lcom/bly/dkplat/widget/orangenovel/activity/OrangeNovelMainActivity;->b()V
'http://orange.91ishare.cn/Recommand?fn=search' used in: Lcom/bly/dkplat/widget/orangenovel/activity/SearchActivity;->a(Z I)V
'http://orange.91ishare.cn/Recommand?fn=sexTop' used in: Lcom/bly/dkplat/widget/orangenovel/activity/SearchResultSpecialActivity;->a(I I)V
'http://orange.91ishare.cn/Recommand?fn=styleTag' used in: Lcom/bly/dkplat/widget/orangenovel/activity/SearchResultSpecialActivity;->c(I)V
'http://orange.91ishare.cn/Recommand?fn=typeTop' used in: Lcom/bly/dkplat/widget/orangenovel/activity/SearchResultSpecialActivity;->d(I)V
'http://orange.91ishare.cn/Recommand?fn=updateReadStyle' used in: Lcom/bly/dkplat/widget/orangenovel/activity/NovelTypeSelectActivity;->d()V
'http://orange.91ishare.cn/Recommand?fn=updateReadStyle' used in: Lcom/bly/dkplat/widget/orangenovel/activity/OrangeNovelMainActivity;->a(I)V
'http://orange.91ishare.cn/View?fn=addShelf' used in: Lcom/bly/dkplat/widget/b/c/a;->a(Lcom/bly/dkplat/widget/orangenovel/db/entity/Novel;)V
'http://orange.91ishare.cn/View?fn=delShelf' used in: Lcom/bly/dkplat/widget/b/c/a;->b(Lcom/bly/dkplat/widget/orangenovel/db/entity/Novel;)V
'http://orange.91ishare.cn/View?fn=getChapter' used in: Lcom/bly/dkplat/widget/b/b/o;->a(J Lcom/bly/dkplat/widget/b/b/o$a;)V
'http://orange.91ishare.cn/View?fn=getChapter' used in: Lcom/bly/dkplat/widget/b/b/o;->a(Lcom/bly/dkplat/widget/orangenovel/db/entity/Catalog;)V
'http://orange.91ishare.cn/View?fn=getChapter' used in: Lcom/bly/dkplat/widget/b/b/o;->a(Lcom/bly/dkplat/widget/orangenovel/db/entity/Catalog; Z)V
'http://orange.91ishare.cn/View?fn=getRoot' used in: Lcom/bly/dkplat/widget/orangenovel/activity/NovelDetailActivity;->b()V
'http://orange.91ishare.cn/View?fn=getRoot' used in: Lcom/bly/dkplat/widget/orangenovel/activity/NovelCatalogActivity;->b()V
'http://orange.91ishare.cn/View?fn=getRoot' used in: Lcom/bly/dkplat/widget/orangenovel/activity/ReadNovelActivity;->e()V
'http://orange.91ishare.cn/View?fn=reportBook' used in: Lcom/bly/dkplat/widget/orangenovel/activity/ReadNovelActivity;->c(I)V
'http://orange.91ishare.cn/View?fn=view' used in: Lcom/bly/dkplat/widget/orangenovel/activity/NovelDetailActivity;->c()V
'http://orange.91ishare.cn/m.html' used in: Lcom/bly/dkplat/widget/orangenovel/activity/OrangeNovelActivity;->onClick(Landroid/view/View;)V
'http://orange.91ishare.cn/m.html' used in: Lcom/bly/dkplat/widget/b/b/a;->()V
'http://orange.91ishare.cn/m.html' used in: Lcom/bly/dkplat/widget/orangenovel/activity/OrangeNovelGiftActivity;->b()V
'http://orange.91ishare.cn/sharenovel.html?ni=' used in: Lcom/bly/dkplat/widget/b/e/x;->a(Landroid/app/Activity; Lcom/bly/dkplat/widget/orangenovel/db/entity/Novel; Lcom/tencent/tauth/IUiListener;)V
'http://pingma.qq.com:80/mstat/report' used in: Lcom/tencent/wxop/stat/StatConfig;->()V
'http://pms.mb.qq.com/rsp204' used in: Lcom/tencent/smtt/sdk/ag;->n()Z
'http://q.url.cn/ab6ZrL?_type=wpa&qidian=true' used in: Lcom/bly/dkplat/widget/kefu/KefuActivity;->d()V
'http://qzs.qq.com' used in: Lcom/tencent/open/SocialApiIml;->writeEncryToken(Landroid/content/Context;)V
'http://qzs.qq.com/open/mobile/invite/sdk_invite.html?' used in: Lcom/tencent/open/SocialApiIml;->invite(Landroid/app/Activity; Landroid/os/Bundle; Lcom/tencent/tauth/IUiListener;)V
'http://qzs.qq.com/open/mobile/login/qzsjump.html?' used in: Lcom/tencent/connect/auth/a;->a()Ljava/lang/String;
'http://qzs.qq.com/open/mobile/login/qzsjump.html?' used in: Lcom/tencent/connect/auth/a$a;->onReceivedError(Landroid/webkit/WebView; I Ljava/lang/String; Ljava/lang/String;)V
'http://qzs.qq.com/open/mobile/login/qzsjump.html?' used in: Lcom/tencent/connect/common/BaseApi;->a(Landroid/app/Activity; Landroid/os/Bundle; Lcom/tencent/tauth/IUiListener;)V
'http://qzs.qq.com/open/mobile/request/sdk_request.html?' used in: Lcom/tencent/open/SocialApiIml;->a(Landroid/app/Activity; Ljava/lang/String; Landroid/os/Bundle; Lcom/tencent/tauth/IUiListener;)V
'http://qzs.qq.com/open/mobile/sendstory/sdk_sendstory_v1.3.html?' used in: Lcom/tencent/open/SocialApiIml;->story(Landroid/app/Activity; Landroid/os/Bundle; Lcom/tencent/tauth/IUiListener;)V
'http://schemas.android.com/apk/res-auto' used in: Landroid/support/design/chip/ChipDrawable;->loadFromAttributes(Landroid/util/AttributeSet; I I)V
'http://schemas.android.com/apk/res/android' used in: Lc/b/b/d;->b(Ljava/io/File;)I
'http://schemas.android.com/apk/res/android' used in: Landroid/support/v4/content/res/TypedArrayUtils;->hasAttribute(Lorg/xmlpull/v1/XmlPullParser; Ljava/lang/String;)Z
'http://schemas.android.com/apk/res/android' used in: Lpl/droidsonroids/gif/GifTextureView;->a(Landroid/util/AttributeSet; I I)V
'http://schemas.android.com/apk/res/android' used in: Lpl/droidsonroids/gif/m;->a(Landroid/widget/ImageView; Landroid/util/AttributeSet; Z)I
'http://schemas.android.com/apk/res/android' used in: Lpl/droidsonroids/gif/GifTextView;->a(Landroid/util/AttributeSet; I I)V
'http://schemas.android.com/apk/res/android' used in: Landroid/support/design/chip/Chip;->validateAttributes(Landroid/util/AttributeSet;)V
'http://soft.tbs.imtt.qq.com/17421/tbs_res_imtt_tbs_DebugPlugin_DebugPlugin.tbs' used in: Lcom/tencent/smtt/utils/i;->run()V
'http://wq.91ishare.cn/IFLYServer' used in: Lcom/bly/dkplat/utils/n;->a(Ljava/lang/String; Lcom/bly/dkplat/utils/n$a;)V
'http://wup.imtt.qq.com:8080' used in: Lcom/tencent/smtt/utils/v;->(Landroid/content/Context;)V
'http://www.91ishare.cn' used in: Lcom/bly/dkplat/widget/config/AboutUsActivity;->d()V
'http://www.samsungapps.com/appquery/appDetail.as?appId=' used in: Lcom/bly/dkplat/widget/b/e/n;->b(Landroid/content/Context; Ljava/lang/String;)V
'https://appsupport.qq.com/cgi-bin/appstage/mstats_batch_report' used in: Lcom/tencent/open/b/g$5;->run()V
'https://cfg.imtt.qq.com/tbs?v=2&mk=' used in: Lcom/tencent/smtt/utils/v;->(Landroid/content/Context;)V
'https://cmnsguider.yunos.com:443/genDeviceToken' used in: Lc/e/a/a/n;->b(Ljava/lang/String;)Ljava/lang/String;
'https://cmnsguider.yunos.com:443/genDeviceToken' used in: Lcom/umeng/commonsdk/statistics/idtracking/s;->b(Ljava/lang/String;)Ljava/lang/String;
'https://developer.umeng.com/docs/66632/detail/' used in: Lcom/umeng/commonsdk/debug/UMLogUtils;->makeUrl(Ljava/lang/String;)Ljava/lang/String;
'https://graph.qq.com/oauth2.0/me' used in: Lcom/tencent/connect/UnionInfo;->getUnionId(Lcom/tencent/tauth/IUiListener;)V
'https://huatuocode.huatuo.qq.com' used in: Lcom/tencent/open/b/d;->a(I Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/Long; I I Ljava/lang/String;)V
'https://log.tbs.qq.com/ajax?c=dl&k=' used in: Lcom/tencent/smtt/utils/v;->(Landroid/content/Context;)V
'https://log.tbs.qq.com/ajax?c=pu&tk=' used in: Lcom/tencent/smtt/utils/v;->(Landroid/content/Context;)V
'https://log.tbs.qq.com/ajax?c=pu&v=2&k=' used in: Lcom/tencent/smtt/utils/v;->(Landroid/content/Context;)V
'https://log.tbs.qq.com/ajax?c=ucfu&k=' used in: Lcom/tencent/smtt/utils/v;->(Landroid/content/Context;)V
'https://log.tbs.qq.com/ajax?c=ul&v=2&k=' used in: Lcom/tencent/smtt/utils/v;->(Landroid/content/Context;)V
'https://long.open.weixin.qq.com/connect/l/qrconnect?f=json&uuid=%s' used in: Lcom/tencent/mm/opensdk/diffdev/a/f;->(Ljava/lang/String; Lcom/tencent/mm/opensdk/diffdev/OAuthListener;)V
'https://mobilegw.alipay.com/mgw.htm' used in: Lc/a/c/b/a;->c()Ljava/lang/String;
'https://mobilegw.alipaydev.com/mgw.htm' used in: Lc/a/g/j/j;->a(Landroid/content/Context;)Ljava/lang/String;
'https://openmobile.qq.com/' used in: Lcom/tencent/open/utils/HttpUtils;->request(Lcom/tencent/connect/auth/QQToken; Landroid/content/Context; Ljava/lang/String; Landroid/os/Bundle; Ljava/lang/String;)Lorg/json/JSONObject;
'https://openmobile.qq.com/oauth2.0/m_authorize?' used in: Lcom/tencent/connect/auth/AuthAgent;->a(Z Lcom/tencent/tauth/IUiListener; Z)I
'https://openmobile.qq.com/user/user_login_statis' used in: Lcom/tencent/connect/auth/AuthAgent;->a(Lcom/tencent/tauth/IUiListener;)V
'https://openmobile.qq.com/v3/user/get_info' used in: Lcom/tencent/connect/auth/AuthAgent;->b(Lcom/tencent/tauth/IUiListener;)V
'https://ouplog.umeng.com' used in: Lcom/umeng/commonsdk/stateless/a;->()V
'https://wspeed.qq.com/w.cgi' used in: Lcom/tencent/open/b/g$4;->run()V
"javascript:document.getElementsByTagName('HEAD').item(0).removeChild(document.getElementById('QQBrowserSDKNightMode'));" used in: Lcom/tencent/smtt/sdk/WebView;->switchNightMode(Z)V
"javascript:document.getElementsByTagName('HEAD').item(0).removeChild(document.getElementById('QQBrowserSDKNightMode'));" used in: Lcom/tencent/smtt/sdk/WebView;->(Landroid/content/Context; Landroid/util/AttributeSet; I Ljava/util/Map; Z)V
'javascript:history.go(-1)' used in: Lcom/bly/dkplat/widget/config/HelpActivity;->onBackPressed()V
'javascript:history.go(-1)' used in: Lcom/bly/dkplat/widget/manage/PluginManagerWebviewActivity;->onBackPressed()V
"javascript:var style = document.createElement('style');style.type='text/css';style.id='QQBrowserSDKNightMode';style.innerHTML='html,body{background:none !important;background-color: #1d1e2a !important;}html *{background-color: #1d1e2a !important; color:#888888 !important;border-color:#3e4f61 !important;text-shadow:none !important;box-shadow:none !important;}a,a *{border-color:#4c5b99 !important; color:#2d69b3 !important;text-decoration:none !important;}a:visited,a:visited *{color:#a600a6 !important;}a:active,a:active *{color:#5588AA !important;}input,select,textarea,option,button{background-image:none !important;color:#AAAAAA !important;border-color:#4c5b99 !important;}form,div,button,span{background-color:#1d1e2a !important; border-color:#4c5b99 !important;}img{opacity:0.5}';document.getElementsByTagName('HEAD').item(0).appendChild(style);" used in: Lcom/tencent/smtt/sdk/WebView;->switchNightMode(Z)V
"javascript:var style = document.createElement('style');style.type='text/css';style.id='QQBrowserSDKNightMode';style.innerHTML='html,body{background:none !important;background-color: #1d1e2a !important;}html *{background-color: #1d1e2a !important; color:#888888 !important;border-color:#3e4f61 !important;text-shadow:none !important;box-shadow:none !important;}a,a *{border-color:#4c5b99 !important; color:#2d69b3 !important;text-decoration:none !important;}a:visited,a:visited *{color:#a600a6 !important;}a:active,a:active *{color:#5588AA !important;}input,select,textarea,option,button{background-image:none !important;color:#AAAAAA !important;border-color:#4c5b99 !important;}form,div,button,span{background-color:#1d1e2a !important; border-color:#4c5b99 !important;}img{opacity:0.5}';document.getElementsByTagName('HEAD').item(0).appendChild(style);" used in: Lcom/tencent/smtt/sdk/WebView;->(Landroid/content/Context; Landroid/util/AttributeSet; I Ljava/util/Map; Z)V
"javascript:var style = document.createElement('style');style.type='text/css';style.id='QQBrowserSDKNightMode';style.innerHTML='html,body{background:none !important;background-color: #1d1e2a !important;}html *{background-color: #1d1e2a !important; color:#888888 !important;border-color:#3e4f61 !important;text-shadow:none !important;box-shadow:none !important;}a,a *{border-color:#4c5b99 !important; color:#2d69b3 !important;text-decoration:none !important;}a:visited,a:visited *{color:#a600a6 !important;}a:active,a:active *{color:#5588AA !important;}input,select,textarea,option,button{background-image:none !important;color:#AAAAAA !important;border-color:#4c5b99 !important;}form,div,button,span{background-color:#1d1e2a !important; border-color:#4c5b99 !important;}img{opacity:0.5}';document.getElementsByTagName('HEAD').item(0).appendChild(style);" used in: Lcom/tencent/smtt/sdk/WebView;->switchToNightMode()V
'javascript:window.JsBridge&&JsBridge.callback(' used in: Lcom/tencent/open/a$a;->a(Ljava/lang/Object;)V
'javascript:window.JsBridge&&JsBridge.callback(' used in: Lcom/tencent/open/a$a;->a()V
"javascript:window.dkplat.setShareDesc(document.getElementById('shareDesc').value)" used in: Lcom/bly/dkplat/widget/home/TuijianWebViewActivity$b;->onPageFinished(Landroid/webkit/WebView; Ljava/lang/String;)V
"javascript:window.dkplat.setShareTitle(document.getElementById('shareTitle').value)" used in: Lcom/bly/dkplat/widget/home/TuijianWebViewActivity$b;->onPageFinished(Landroid/webkit/WebView; Ljava/lang/String;)V
'www.qq.com' used in: Lcom/tencent/smtt/sdk/ag;->l()Z

中危

检测到8处setSavePassword密码明文存储漏洞。

位置: classes.dex
com.tencent.open.SocialApiIml;
com.bly.dkplat.widget.config.InvateActivity;
com.tencent.smtt.sdk.WebSettings;
com.bly.dkplat.widget.home.WebViewActivity;
com.bly.dkplat.widget.home.TuijianWebViewActivity;
com.bly.dkplat.utils.h;
com.bly.dkplat.widget.orangenovel.activity.ONWebViewActivity;
com.bly.dkplat.widget.config.HelpActivity;

webview的保存密码功能默认设置为true。Webview会明文保存网站上的密码到本地私有文件”databases/webview.db”中。对于可以被root的系统环境或者配合其他漏洞(如webview的同源绕过漏洞),攻击者可以获取到用户密码。
建议:显示设置webView.getSetting().setSavePassword(false)。

参考案例:
www.wooyun.org/bugs/wooyun-2010-021420
www.wooyun.org/bugs/wooyun-2013-020246

参考资料:
http://wolfeye.baidu.com/blog/
www.claudxiao.net/2013/03/android-webview-cache/

低危

检测到2处使用了DES弱加密算法。

位置: classes.dex
'DES/CBC/PKCS5Padding' used in: Lcom/tencent/open/utils/d;->a(Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;
'DES/CBC/PKCS5Padding' used in: Lcom/tencent/open/utils/d;->b(Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;

使用弱加密算法会大大增加黑客攻击的概率,黑客可能会破解隐私数据、猜解密钥、中间人攻击等,造成隐私信息的泄漏,甚至造成财产损失。建议使用AES加密算法。

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

低危

检测到10处AES/DES弱加密风险。

位置: classes.dex
Lcom/bly/dkplat/utils/StringUtils;->str2(Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;
Lcom/bly/dkplat/utils/StringUtils;->str1(Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;
Lcom/tencent/smtt/utils/o;->c([B)[B
Lcom/tencent/smtt/utils/o;->b([B Ljava/lang/String;)[B
Lcom/tencent/smtt/utils/o;->()V
Lcom/bly/dkplat/utils/g;->a(Ljava/lang/String;)Ljava/lang/String;
Lcom/bly/dkplat/utils/g;->b(Ljava/lang/String;)Ljava/lang/String;
Lcom/tencent/smtt/utils/o;->a([B Ljava/lang/String;)[B
c.a.g.d.b;->a(I Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
Lcom/bly/dkplat/widget/b/e/g;->a(Ljava/lang/String;)Ljava/lang/String;

使用AES/DES/DESede加密算法时,如果使用ECB模式,容易受到攻击风险,造成信息泄露。建议在使用AES/DES/DESede加密算法时,应显示指定使用CBC或CFB加密模式

参考资料:
http://blog.csdn.net/u013107656/article/details/51997957
https://developer.android.com/reference/javax/crypto/Cipher.html
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

低危

非debug包,需要通过打包平台proguard脚本,移除大部分系统输出代码。
经扫描该包仍存在大量系统输出代码,共发现13处系统输出代码.(此处扫描的系统输出代码,是指调用System.out.print*输出的,本应在打包平台移除的系统输出代码.)
各个bundle系统输出代码详情如下:

位置: classes.dex
c.b.b.d;
com.bumptech.glide.a.b;
d.b.a.l;
c.b.b.g;
com.bly.dkplat.utils.n;
com.umeng.commonsdk.stateless.f;
com.bly.dkplat.utils.U;
com.bly.dkplat.utils.B;
g.a.b.a.e;
org.jsoup.examples.ListLinks;
com.umeng.commonsdk.framework.b;
org.jsoup.examples.HtmlToPlainText;

位置: mthook/hook.dex
l.ۢ۠۬;

低危

检测到1处主机名弱校验检测漏洞。

位置: classes.dex
com.zhy.http.okhttp.https.HttpsUtils$UnSafeHostnameVerifier;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z

自定义HostnameVerifier类,却不实现其verify方法验证域名直接返回true,直接接受任意域名。建议:
对SSL证书进行强校验,包括签名CA是否合法、证书是否是自签名、主机域名是否匹配、证书是否过期等。

参考资料:
http://drops.wooyun.org/tips/3296
https://www.91ri.org/12534.html

低危

检测到3处RSA算法不使用padding。

位置: classes.dex
'RSA/ECB/NoPadding' used in: Lcom/tencent/smtt/utils/p;->c()Ljava/lang/String;
'RSA/ECB/NoPadding' used in: Lcom/tencent/smtt/utils/o;->()V
'RSA/ECB/NoPadding' used in: Lcom/tencent/smtt/utils/p;->a(Ljava/lang/String;)Ljava/lang/String;

使用RSA公钥时通常会绑定一个padding,原因是为了防止一些依赖于no padding时对RSA算法的攻击。

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

低危

检测到2处地方在自定义实现的WebViewClient类在onReceivedSslError调用proceed()方法。

位置: classes.dex
com.alipay.sdk.auth.AuthActivity$b;->onReceivedSslError(Landroid.webkit.WebView; Landroid.webkit.SslErrorHandler; Landroid.net.http.SslError;)V
com.bly.dkplat.widget.home.WebViewActivity$b;->onReceivedSslError(Landroid.webkit.WebView; Landroid.webkit.SslErrorHandler; Landroid.net.http.SslError;)V

Android WebView组件加载网页发生证书认证错误时,会调用WebViewClient类的onReceivedSslError方法,如果该方法实现调用了handler.proceed()来忽略该证书错误,则会受到中间人攻击的威胁,可能导致隐私泄露。建议:
当发生证书认证错误时,采用默认的处理方法handler.cancel(),停止加载问题页面当发生证书认证错误时,采用默认的处理方法handler.cancel(),停止加载问题页面。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0109266

参考资料:
https://jaq.alibaba.com/blog.htm?id=60
http://wolfeye.baidu.com/blog/webview-ignore-ssl-error/

警告

检测到12处addFlags使用Intent.FLAG_ACTIVITY_NEW_TASK。

位置: classes.dex
com.tencent.smtt.sdk.a.d;->a
com.bly.dkplat.widget.create.CreatingNewActivity;->a
com.tencent.open.utils.k;->a
com.tencent.smtt.sdk.bg;->b
com.bly.dkplat.widget.manage.FixPluginActivity;->a
com.bly.dkplat.d.a;->a
com.tencent.smtt.sdk.bg;->onError
com.tencent.open.TDialog$FbWebViewClient;->shouldOverrideUrlLoading
com.bly.dkplat.utils.S;->b
com.tencent.mm.opensdk.a.a;->a
com.tencent.connect.auth.a$a;->shouldOverrideUrlLoading
com.tencent.smtt.sdk.v;->a

APP创建Intent传递数据到其他Activity,如果创建的Activity不是在同一个Task中打开,就很可能被其他的Activity劫持读取到Intent内容,跨Task的Activity通过Intent传递敏感信息是不安全的。建议:
尽量避免使用包含FLAG_ACTIVITY_NEW_TASK标志的Intent来传递敏感信息。

参考资料:
http://wolfeye.baidu.com/blog/intent-data-leak

警告

检测到5个导出的组件接收其他app的消息,这些组件会被其他app引用并导致dos攻击。

activity com.bly.dkplat.wxapi.WXPayEntryActivity
activity com.tencent.tauth.AuthActivity
activity com.bly.dkplat.wxapi.WXEntryActivity
service com.bly.dkplat.service.PluginConfigService
receiver com.bly.dkplat.receiver.PackageReceiver

建议:
(1)最小化组件暴露。对不会参与跨应用调用的组件建议显示添加android:exported="false"属性。
(2)设置组件访问权限。对provider设置权限,同时将权限的protectionLevel设置为"signature"或"signatureOrSystem"。
(3)组件传输数据验证。对组件之间,特别是跨应用的组件之间的数据传入与返回做验证和增加异常处理,防止恶意调试数据传入,更要防止敏感数据返回。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0169746
http://www.wooyun.org/bugs/wooyun-2010-0104965

参考资料:
http://jaq.alibaba.com/blog.htm?spm=0.0.0.0.Wz4OeC&id=55
《Android安全技术解密与防范》

警告

检测到1个导出的隐式Service组件。
service com.bly.dkplat.service.PluginConfigService

建议:为了确保应用的安全性,启动Service时,请始终使用显式Intent,且不要为服务声明Intent过滤器。使用隐式Intent启动服务存在安全隐患,因为您无法确定哪些服务将响应Intent,且用户无法看到哪些服务已启动。从Android 5.0(API 级别 21)开始,如果使用隐式 Intent 调用 bindService(),系统会抛出异常。

参考资料:
https://developer.android.com/guide/components/intents-filters.html#Types

警告

检测1处組件設置了android.intent.category.BROWSABLE属性。
com.tencent.tauth.AuthActivity


在AndroidManifest文件中定义了android.intent.category.BROWSABLE属性的组件,可以通过浏览器唤起,这会导致远程命令执行漏洞攻击。建议:
(1)APP中任何接收外部输入数据的地方都是潜在的攻击点,过滤检查来自网页的参数。
(2)不要通过网页传输敏感信息,有的网站为了引导已经登录的用户到APP上使用,会使用脚本动态的生成URL Scheme的参数,其中包括了用户名、密码或者登录态token等敏感信息,让用户打开APP直接就登录了。恶意应用也可以注册相同的URL Sechme来截取这些敏感信息。Android系统会让用户选择使用哪个应用打开链接,但是如果用户不注意,就会使用恶意应用打开,导致敏感信息泄露或者其他风险。

參考案例:
http://www.wooyun.org/bugs/wooyun-2014-073875
http://www.wooyun.org/bugs/wooyun-2014-067798

参考资料:
http://wolfeye.baidu.com/blog/intent-scheme-url/
http://www.jssec.org/dl/android_securecoding_en.pdf
http://drops.wooyun.org/mobile/15202
http://blog.csdn.net/l173864930/article/details/36951805
http://drops.wooyun.org/papers/2893

警告

检测到11潜在的XSS漏洞。

位置: classes.dex
c.a.g.j.k;->a(Landroid.app.Activity; Ljava.lang.String; Ljava.lang.String;)Landroid.webkit.WebView;
com.alipay.sdk.auth.AuthActivity;->onCreate(Landroid.os.Bundle;)V
com.bly.dkplat.widget.config.HelpActivity;->b()V
com.bly.dkplat.widget.config.InvateActivity;->b()V
com.bly.dkplat.widget.home.TuijianWebViewActivity;->b()V
com.bly.dkplat.widget.home.WebViewActivity;->b()V
com.bly.dkplat.widget.orangenovel.activity.ONWebViewActivity;->b()V
com.tencent.connect.auth.a;->d()V
com.tencent.open.SocialApiIml;->writeEncryToken(Landroid.content.Context;)V
com.tencent.open.TDialog;->b()V
com.tencent.open.c;->c()V

允许WebView执行JavaScript(setJavaScriptEnabled),有可能导致XSS攻击。建议尽量避免使用。
(1)API等于高高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
u(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis

警告

检测到11处IvParameterSpec的使用。

位置: classes.dex
c.a.d.a.a.a.a.c;->a([B [B)[B
c.a.d.a.a.a.a.c;->b(Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
c.a.g.d.e;->a(Ljava.lang.String; [B)[B
c.a.g.d.e;->b(Ljava.lang.String; [B)[B
c.e.a.a.ea;->a([B [B)[B
c.e.a.a.ea;->b([B [B)[B
com.tencent.open.utils.d;->a(Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
com.tencent.open.utils.d;->b(Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
com.umeng.commonsdk.stateless.f;->a([B [B)[B
com.umeng.commonsdk.statistics.common.DataHelper;->decrypt([B [B)[B
com.umeng.commonsdk.statistics.common.DataHelper;->encrypt([B [B)[B

使用IVParameterSpec函数,如果使用了固定的初始化向量,那么密码文本可预测性高得多,容易受到字典攻击等。建议禁止使用常量初始化矢量构造IVParameterSpec,使用聚安全提供的安全组件。

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

警告

检测到1处调用不安全的方法:SSLCertificateSocketFactory#getInsecure。

位置: classes.dex
Lcom.tencent.open.utils.j;->


SSLCertificateSocketFactory#getInsecure方法无法执行SSL验证检查,使得网络通信遭受中间人攻击。建议:
移除SSLCertificateSocketFactory#getInsecure方法。

参考资料:
https://developer.android.com/reference/android/net/SSLCertificateSocketFactory.html
http://developer.android.com/reference/android/net/SSLCertificateSocketFactory.html#getInsecure(int, android.net.SSLSessionCache)

警告

检测到1处provider的grantUriPermissions设置为true。
com.bly.dkplat.widget.DKFileProvider


grant-uri-permission若设置为true,可被其它程序员通过uri访问到content provider的内容,容易造成信息泄露。

参考资料:
https://security.tencent.com/index.php/blog/msg/6

警告

检测到 6处url没有使用安全的https链接。

位置: classes.dex
http://m.alipay.com/
http://mcgw.alipay.com/
http://mobilegw-1-64.test.alipay.net/
http://mobilegw.aaa.alipay.net/
http://mobilegw.alipay.com/
http://mobilegw.stable.alipay.net/

参考资料:
https://jaq.alibaba.com/blog.htm?id=60
https://developer.android.com/training/articles/security-ssl.html

警告

检测到19处使用了加解密算法。密钥处理不当可能会导致信息泄露。

位置: classes.dex
b.a.a.e;->a(Ljava.lang.String; Ljava.lang.String;)[B
okio.HashingSource;->(Lokio.Source; Lokio.ByteString; Ljava.lang.String;)V
com.tencent.open.utils.d;->b(Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
com.umeng.commonsdk.statistics.common.DataHelper;->encrypt([B [B)[B
c.e.a.a.ea;->a([B [B)[B
okio.ByteString;->hmac(Ljava.lang.String; Lokio.ByteString;)Lokio.ByteString;
com.tencent.smtt.utils.LogFileUtils;->encryptKey(Ljava.lang.String; Ljava.lang.String;)[B
com.umeng.commonsdk.stateless.f;->a([B [B)[B
c.a.d.a.a.a.a.c;->a([B [B)[B
c.a.g.d.e;->b(Ljava.lang.String; [B)[B
c.a.g.d.b;->a(I Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
com.umeng.commonsdk.statistics.common.DataHelper;->decrypt([B [B)[B
okio.Buffer;->hmac(Ljava.lang.String; Lokio.ByteString;)Lokio.ByteString;
com.tencent.smtt.utils.LogFileUtils;->encrypt(Ljava.lang.String; Ljava.lang.String;)[B
c.a.g.d.e;->a(Ljava.lang.String; [B)[B
c.e.a.a.ea;->b([B [B)[B
okio.HashingSink;->(Lokio.Sink; Lokio.ByteString; Ljava.lang.String;)V
com.tencent.open.utils.d;->a(Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;
c.a.d.a.a.a.a.c;->b(Ljava.lang.String; Ljava.lang.String;)Ljava.lang.String;

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0105766
http://www.wooyun.org/bugs/wooyun-2015-0162907
http://www.wooyun.org/bugs/wooyun-2010-0187287

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html


动态扫描发现风险点

风险等级 风险名称

服务端分析

风险等级 风险名称

警告

检测到?处XSS漏洞。
开发中...

警告

检测到?处XSS跨站漏洞。
开发中...

应用证书