0

高危漏洞

5

中危漏洞

3

低危漏洞

8

警告

文件名 com.yoho_6.9.11_493.apk
上传者 isk
文件大小 69.952870368958MB
MD5 e19835ca5355a0f8e3107dbdb7cbdfd5
包名 com.yoho
Main Activity com.yoho.yohobuy.start.ui.StartActivity
Min SDK 16
Target SDK 26

权限列表

# 名称 说明 提示
0 android.permission.CALL_PHONE 允许应用程序在您不介入的情况下拨打电话。恶意应用程序可借此在您的话费单上产生意外通话费。请注意,此权限不允许应用程序拨打紧急呼救电话。 警告
1 android.permission.ACCESS_COARSE_LOCATION 访问大概的位置源(例如蜂窝网络数据库)以确定手机的大概位置(如果可以)。恶意应用程序可借此确定您所处的大概位置。 注意
2 android.permission.ACCESS_FINE_LOCATION 访问精准的位置源,例如手机上的全球定位系统(如果有)。恶意应用程序可能会借此确定您所处的位置,并可能消耗额外的电池电量。 注意
3 android.permission.GET_TASKS 允许应用程序检索有关当前和最近运行的任务的信息。恶意应用程序可借此发现有关其他应用程序的保密信息。 注意
4 android.permission.READ_PHONE_STATE 允许应用程序访问设备的手机功能。有此权限的应用程序可确定此手机的号码和序列号,是否正在通话,以及对方的号码等。 注意
5 android.permission.RECEIVE_BOOT_COMPLETED 允许应用程序在系统完成启动后即自行启动。这样会延长手机的启动时间,而且如果应用程序一直运行,会降低手机的整体速度。 注意
6 android.permission.RECORD_AUDIO 允许应用程序访问录音路径。 注意
7 android.permission.SYSTEM_ALERT_WINDOW 允许应用程序显示系统警报窗口。恶意应用程序可借此掌控整个手机屏幕。 注意
8 android.permission.WRITE_SETTINGS 允许应用程序修改系统设置方面的数据。恶意应用程序可借此破坏您的系统配置。 注意
9 android.permission.ACCESS_NETWORK_STATE 允许应用程序查看所有网络的状态。 提示
10 android.permission.ACCESS_WIFI_STATE 允许应用程序查看有关WLAN状态的信息。 提示
11 android.permission.CAMERA 允许应用程序使用相机拍照,这样应用程序可随时收集进入相机镜头的图像。 提示
12 android.permission.CHANGE_NETWORK_STATE 允许应用程序更改网络连接的状态。 提示
13 android.permission.CHANGE_WIFI_STATE 允许应用程序连接到WLAN接入点以及与WLAN接入点断开连接,并对配置的WLAN网络进行更改。 提示
14 android.permission.DISABLE_KEYGUARD 允许应用程序停用键锁和任何关联的密码安全设置。例如,在手机上接听电话时停用键锁,在通话结束后重新启用键锁。 提示
15 android.permission.FLASHLIGHT 允许应用程序控制闪光灯。 提示
16 android.permission.INTERNET 允许程序访问网络. 提示
17 android.permission.KILL_BACKGROUND_PROCESSES 无论内存资源是否紧张,都允许应用程序结束其他应用程序的后台进程。 提示
18 android.permission.MODIFY_AUDIO_SETTINGS 允许应用程序修改整个系统的音频设置,如音量和路由。 提示
19 android.permission.MOUNT_UNMOUNT_FILESYSTEMS 允许应用程序装载和卸载可移动存储器的文件系统。 提示
20 android.permission.READ_LOGS 允许应用程序从系统的各日志文件中读取信息。这样应用程序可以发现您的手机使用情况,但这些信息不应包含任何个人信息或保密信息。 提示
21 android.permission.VIBRATE 允许应用程序控制振动器。 提示
22 android.permission.WAKE_LOCK 允许应用程序防止手机进入休眠状态。 提示
23 android.permission.WRITE_EXTERNAL_STORAGE 允许应用程序写入SD卡。 提示

四大组件

组件名称

com.yoho.yohobuy.start.ui.StartActivity
com.yoho.yohobuy.main.ui.NewTabMainContainerActivity
com.yoho.yohobuy.category.ui.CategoryDetailListActivity
com.yoho.yohobuy.main.ui.CategoryContainerActivity
com.yoho.yohobuy.main.ui.ScrollMainActivity
com.yoho.yohobuy.brand.ui.BrandDetailListActivity
com.yoho.yohobuy.loginandregister.ui.TipsInviteDialogActivity
com.yoho.yohobuy.brandstore.ui.AllGoodsListActivity
com.yoho.yohobuy.order.ui.InstalmentListActivity
com.yoho.yohobuy.order.ui.InstalmentMyCardActivity
com.yoho.react.ui.RNSeckillActivity
com.yoho.react.ui.RNNewArrivalActivity
com.yoho.yohobuy.newexclusive.ui.NewExclusiveActivity
com.yoho.yohobuy.base.AwakeActivity
com.yoho.yohobuy.home.ui.BLKSearchActivity
com.yoho.yohobuy.product.ui.ProductDetailActivity
com.yoho.yohobuy.productkt.ui.NormalProductDetailActivityKt
com.yoho.yohobuy.zerohelp.ZeroHelpProductDetailActivity
com.yoho.yohobuy.product.ui.ProdcutVideoActivity
com.yoho.yohobuy.product.ui.SimilarProductActivity
com.yoho.yohobuy.product.ui.PromotionListActivity
com.yoho.yohobuy.product.ui.SeckillProductDetailActivity
com.yoho.yohobuy.product.ui.LimitProductDetailActivity
com.yoho.yohobuy.product.ui.PackPromotionNewActivity
com.yoho.globalshop.globalproduct.ui.GlobalProductDetailActivity
com.yoho.globalshop.order.ui.GlobalAddressEditActivity
com.yoho.globalshop.order.ui.GlobalAddressSelectActivity
com.yoho.globalshop.order.ui.GlobalTakeOrderActivity
com.yoho.yohobuy.product.ui.ProductShowPicActivity
com.yoho.yohobuy.product.ui.ProductShowZoomPicActivity
com.yoho.yohobuy.product.ui.EvaluationsActivity
com.yoho.yohobuy.product.ui.ConsultActivity
com.yoho.yohobuy.product.ui.CommonQuestionActivity
com.yoho.yohobuy.product.ui.WriteConsultActivity
com.yoho.yohobuy.product.ui.EvaluationShowListActivity
com.yoho.yohobuy.product.ui.EvaluationShowPicActivity
com.yoho.yohobuy.start.ui.HomeActivity
com.yoho.yohobuy.start.ui.GuideActivity
com.yoho.yohobuy.sort.ui.SelectConditionActivity
com.yoho.yohobuy.search.ui.SelectSortActivity
com.yoho.yohobuy.sort.ui.BrandListForScreenActivity
com.yoho.yohobuy.shoppingcart.ui.ShoppingcartActivity
com.yoho.yohobuy.shoppingcart.ui.ShoppingcartPromotionActivity
com.yoho.yohobuy.order.ui.TakeOrderActivity
com.yoho.yohobuy.order.ui.InstalmentGoodsTakeOrderActivity
com.yoho.yohobuy.order.ui.SeckillGoodsTakeOrderActivity
com.yoho.yohobuy.order.ui.OrderDoneActivity
com.yoho.yohobuy.addressmanager.AddressManagerActivity
com.yoho.yohobuy.addressmanager.AddressSelectManagerActivity
com.yoho.yohobuy.home.ui.RedPackageRainActivity
com.yoho.yohobuy.mine.ui.MineRedPackageActivity
com.yoho.yohobuy.mine.ui.MineRedPackageListActivity
com.yoho.yohobuy.mine.ui.UrlActivity
com.yoho.yohobuy.mine.ui.RedenvelopesDetailsActivity
com.yoho.yohobuy.mine.ui.PromoCodeActivity
com.yoho.yohobuy.mine.ui.TotalYohoCoinActivity
com.yoho.yohobuy.addressmanager.AddressEditActivity
com.yoho.yohobuy.addressmanager.OrderAddressModifyActivity
com.yoho.yohobuy.addressmanager.AreaSelectActivity
com.yoho.yohobuy.order.ui.ProductReturnExpressInformationActivity
com.yoho.yohobuy.order.ui.ExpressListActivity
com.yoho.react.ui.RNMessageActivity
com.yoho.react.ui.RNMessageListActivity
com.yoho.react.ui.RNVipPrivilegeActivity
com.yoho.react.ui.RNStudentCertificateActivity
com.yoho.react.ui.RNUserLogoutActivity
com.yoho.react.ui.RNMineAllianceActivity
com.yoho.react.ui.RNGroupPurchaseActivity
com.yoho.react.ui.RNGoodsRecommondListActivity
com.yoho.react.ui.RNGoodsRecommondDetailActivity
com.yoho.react.ui.RNProductListActivity
com.yoho.react.ui.RNSettingActivity
com.yoho.react.ui.RNAboutUsActivity
com.yoho.react.ui.RNRecommondActivity
com.yoho.react.ui.RNMemberShipLevelActivity
com.yoho.react.ui.RNMineInfoActivity
com.yoho.react.ui.RNProductListSubFilterActivity
com.yoho.react.ui.RNStrollContentActivity
com.yoho.yohobuy.loginandregister.ui.LoginAndRegisterActivity
com.yoho.yohobuy.loginandregister.ui.EnterPasswordActivity
com.yoho.yohobuy.loginandregister.ui.LoginDialogActivity
com.yoho.yohobuy.loginandregister.ui.LoginCheckActivity
com.yoho.yohobuy.loginandregister.ui.LoginPcActivity
com.yoho.yohobuy.loginandregister.ui.InternationLoginActivity
com.yoho.yohobuy.loginandregister.ui.CountriesAndAreasActivity
com.yoho.yohobuy.loginandregister.ui.CheckPhoneNumActivity
com.yoho.yohobuy.loginandregister.ui.AssociatePhoneEnterPsdActivity
com.yoho.yohobuy.loginandregister.ui.AssociatePhoneActivity
com.yoho.yohobuy.loginandregister.ui.QuickLoginByPhoneNumActivity
com.yoho.yohobuy.loginandregister.ui.RegisterSuccessActivity
com.yoho.yohobuy.loginandregister.ui.AssociatePhoneNumSuccess
com.yoho.yohobuy.mine.ui.YohoCoinActivity
com.yoho.yohobuy.mine.ui.SubmitOpinionActivity
com.yoho.yohobuy.forgetpassword.ui.GetPsdFromEmailActivity
com.yoho.yohobuy.forgetpassword.ui.GetPsdFromPhoneActivity
com.yoho.yohobuy.forgetpassword.ui.SetNewPasswordActivity
com.yoho.yohobuy.forgetpassword.ui.UpdatePwdActivitiy
com.yoho.yohobuy.forgetpassword.ui.UpdatePwdSuccessActivitiy
com.yoho.yohobuy.forgetpassword.ui.VerificationCodeActivity
com.yoho.yohobuy.forgetpassword.ui.SendedEmailActivity
com.yoho.yohobuy.fav.ui.ProductFavActivity
com.yoho.yohobuy.fav.ui.BrowseHistoryActivity
com.yoho.yohobuy.SignIn.SignInActivity
com.yoho.yohobuy.fav.ui.BrandFavActivity
com.yoho.yohobuy.mine.ui.LogisticsInfoActivity
com.yoho.yohobuy.mine.ui.MineInfoActivity
com.yoho.yohobuy.mine.ui.MineQRCodeActivity
com.yoho.yohobuy.mine.ui.SettingActivity
com.yoho.yohobuy.mine.ui.RecommendAppActivity
com.yoho.yohobuy.mine.ui.MineHelpActivity
com.yoho.yohobuy.mine.ui.HelpInfoActivity
com.yoho.yohobuy.mine.ui.AboutActivity
com.yoho.yohobuy.mine.ui.ExpressBlackList
com.yoho.yohobuy.mine.ui.CloseAccountActivity
com.yoho.yohobuy.sale.ui.HotSaleActivity
com.yoho.yohobuy.cutdown.ui.UFOCutDownProductDetailAc
com.yoho.yohobuy.cutdown.ui.CutDownProductDetailActivity
com.yoho.yohobuy.cutdown.ui.CutDownHelpListActivity
com.yoho.yohobuy.groupbuy.ui.CollageProductDetailActivity
com.yoho.yohobuy.groupbuy.ui.CollageTakeOrderActivity
com.yoho.yohobuy.groupbuy.ui.CollageOrderListActivity
com.yoho.yohobuy.mine.ui.OrderDetailActivity
com.yoho.yohobuy.mine.ui.ReturnChangeActivity
com.yoho.yohobuy.mine.ui.EvaluationActivity
com.yoho.yohobuy.search.ui.SearchActivity
com.yoho.yohobuy.search.ui.SearchResultActivity
com.yoho.yohobuy.search.ui.SearchResultOriginActivity
com.yoho.yohobuy.newproduct.ui.NewProductActivity
com.yoho.yohobuy.sale.ui.SaleActivity
com.yoho.yohobuy.sale.ui.NewSaleActivity
com.yoho.yohobuy.sale.ui.ShortInSizeActivity
com.yoho.yohobuy.star.ui.StarBrandActivity
com.yoho.react.ui.RNPlustarDetailActivity
com.yoho.react.ui.RNInstallmentActivity
com.yoho.react.ui.RNGuangListActivity
com.yoho.yohobuy.sale.ui.VipDetailListActivity
com.yoho.yohobuy.sale.ui.VipOnlyDetailListActivity
com.yoho.yohobuy.sale.ui.DiscountActivity
com.yoho.yohobuy.sale.ui.SpecialSubjectDetailListActivity
com.yoho.yohobuy.coupon.ui.CouponManagerActivity
com.yoho.yohobuy.coupon.ui.CouponApplyActivity
com.yoho.yohobuy.loginandregister.ui.LoginWebviewActivity
com.yoho.yohobuy.qrcode.ui.BarCodeResultActivity
com.yoho.yohobuy.qrcode.ui.ScanHistoryActivity
com.yoho.yohobuy.stroll.ui.StrollContentActivity
com.yoho.yohobuy.stroll.ui.StrollCollectActivity
com.yoho.yohobuy.stroll.ui.StrollCommentActivity
com.yoho.yohobuy.stroll.ui.StrollSaveActivity
com.yoho.yohobuy.stroll.ui.StrollLabelActivity
com.yoho.yohobuy.order.ui.InstalmentWebActivity
com.yoho.yohobuy.order.ui.InstalmentBindCardResultActivity
com.yoho.yohobuy.order.ui.OnlinePaymentActivity
com.yoho.yohobuy.mine.ui.ModifyNickNameActivity
com.yoho.yohobuy.mine.ui.ModifySignatureActivity
com.yoho.yohobuy.mine.ui.ModifyBoundPhoneActivity
com.yoho.yohobuy.mine.ui.RemoveThirdBoundActivity
com.yoho.yohobuy.mine.ui.MemberShipLevelActivity
com.yoho.yohobuy.mine.ui.NewMemberShipLevelActivity
com.yoho.yohobuy.mine.ui.VipDetailActivity
com.yoho.yohobuy.mine.ui.ServiceAndFeedbackHomeActivity
com.yoho.yohobuy.mine.ui.HomeSearchActivity
com.yoho.yohobuy.mine.ui.ReceiveBirthdayCouponsActivity
com.yoho.yohobuy.mine.ui.FeedBackActivity
com.yoho.yohobuy.mine.ui.H5ContactActivity
com.yoho.yohobuy.shareorder.ui.ShareOrderEvaluateListActivity
com.yoho.yohobuy.shareorder.ui.ShareOrderEvaluateListNewActivity
com.yoho.yohobuy.order.ui.ApplyReturnsActivity
com.yoho.yohobuy.order.ui.ReturnsStatusActivity
com.yoho.yohobuy.order.ui.PaymentDoneActivity
com.yoho.yohobuy.restrictedchannel.ui.RestrictedChannelMainActivity
com.yoho.yohobuy.restrictedchannel.ui.QueueActivity
com.yoho.yohobuy.restrictedchannel.ui.MineRestrictionCodeActivity
com.yoho.yohobuy.restrictedchannel.ui.MyRemindActivity
com.yoho.yohobuy.outlet.ui.OutLetHomeActivity
com.yoho.react.ui.RNOutletActivity
com.yoho.yohobuy.outlet.ui.OutletDetailActivity
com.yoho.yohobuy.promotion.ui.PromotionActivity
com.yoho.yohobuy.mine.ui.MemberBillActivity
com.yoho.yohobuy.brandstore.ui.BrandStoreHomeActivity
com.yoho.react.ui.RNBrandStoreHomeActivity
com.yoho.react.ui.RNRedPersonBrandActivity
com.yoho.yohobuy.brandstore.ui.BrandStoreSearchActivity
com.yoho.yohobuy.brandstore.ui.BrandStoreCategoryActivity
com.yoho.yohobuy.brandstore.ui.BrandStoreIntroActivity
com.yoho.yohobuy.brandstore.ui.BrandStoreBaseModelActivity
com.yoho.yohobuy.brandstore.ui.RedPersonBrandStoreActivity
com.yoho.yohobuy.order.ui.InvoiceActivity
com.yoho.yohobuy.order.ui.NewInvoiceActivity
com.yoho.yohobuy.utils.vpadpay.VpadPayActivity
cmb.pb.ui.PBKeyboardActivity
com.yoho.yohobuy.order.ui.DeliveryInformationActivity
com.yoho.yohobuy.vip.ui.VipHomeActivity
com.yoho.yohobuy.vip.ui.VipLevelTipsActivity
com.yoho.yohobuy.start.ui.H5HomeActivity
com.tencent.tauth.TAuthView
com.yoho.yohobuy.shareorder.ui.PublishActivity
com.yoho.yohobuy.shareorder.ui.PublishSucActivity
com.yoho.yohobuy.shareorder.ui.ShareOrderActivity
com.yoho.yohobuy.shareorder.ui.FirstShareOrderActivity
com.yoho.yohobuy.shareorder.ui.MyShareOrderActivity
com.yoho.yohobuy.shareorder.ui.ThoughtActivity
com.yoho.yohobuy.shareorder.ui.CropperActivity
com.yoho.yohobuy.shareorder.ui.HeightAndWeightSettingActivity
com.yoho.yohobuy.product.ui.OfflineStoreListActivity
com.yoho.yohobuy.product.ui.OfflineStoreNewListActivity
com.tencent.connect.common.AssistActivity
com.tencent.tauth.AuthActivity
com.sina.weibo.sdk.component.WeiboSdkBrowser
com.tencent.bugly.beta.ui.BetaActivity
com.yoho.wxapi.WXPayEntryActivity
com.yoho.wxapi.WXEntryActivity
com.yoho.wxapi.WXMarketPayEntryActivity
com.yoho.react.ui.RNHaggleProductListActivity
com.igexin.sdk.PushActivity
com.igexin.sdk.GActivity
com.yoho.yohobuy.order.ui.VirtualGoodsTakeOrderActivity
com.yoho.yohobuy.order.ui.VirtualGoodsOrderDoneActivity
com.yoho.yohood.ui.LookQuickmarkActivity
com.yoho.yohobuy.product.ui.PickerImgActivity
com.yoho.yohobuy.product.ui.FullScreenShowImgActivity
com.yoho.globalshop.category.ui.GlobalGoodsListActivity
com.yoho.globalshop.order.ui.GlobalOrderListActivity
com.yoho.globalshop.order.ui.GlobalOrderDetailActivity
com.yoho.globalshop.order.ui.GlobalExpressInfoActivity
com.yoho.globalshop.order.ui.GlobalOnlinePaymentActivity
com.yoho.globalshop.order.ui.GlobalAddressManagerActivity
com.yoho.globalshop.category.ui.GlobalSortAndGoodsListActivity
com.yoho.globalshop.home.ui.GlobalCategoryContainerActivity
com.yoho.globalshop.Fav.ui.GlobalProductFavActivity
com.yoho.globalshop.order.ui.GlobalPaymentDoneActivity
com.yoho.yohobuy.qrcode.ui.ScanCodeActivity
com.yoho.yohobuy.qrcode.zxing.android.CaptureActivity
com.yoho.yohobuy.utils.sinawb.SinaActivity
com.yoho.yohobuy.home.ui.SecLvChanActivity
com.yoho.yohobuy.home.ui.NewSecLvChanActivity
com.yoho.yohobuy.home.ui.GuestGuideActivity
com.yoho.yohobuy.home.ui.CheckNoticeDialogActivity
com.yoho.yohobuy.home.ui.InviteNewDialogActivity
com.yoho.yohobuy.mine.ui.InviteConsumerActivity
com.yoho.yohobuy.home.ui.NewUserPromptActivity
com.unionpay.uppay.PayActivity
com.unionpay.UPPayWapActivity
com.yoho.yohobuy.mine.ui.DeveloperOptionActivity
com.yoho.yohobuy.restrictedchannel.ui.WinningListActivity
com.yoho.yohobuy.utils.qqapi.CallbackActivity
com.yoho.yohobuy.mine.ui.BindAccountActivity
com.yoho.yohobuy.mine.ui.AccountSafetyAcitivity
com.yoho.yohobuy.mine.ui.DeveloperSettingActivity
com.yoho.yohobuy.mine.ui.QuestionContentsActivity
com.yoho.yohobuy.main.ui.RNCommunityActivity
com.yoho.react.ui.RNCouponsActivity
com.yoho.react.ui.RNRecorderActivity
com.yoho.react.ui.RNRecorderNewActivity
com.yoho.react.ui.RNCouponNewActivity
com.facebook.react.devsupport.DevSettingsActivity
com.yoho.yohobuy.photosearch.ui.PhotoSearchResultActivity
com.yoho.yohobuy.photosearch.ui.PhotoNewResultActivity
com.yoho.yohobuy.shop.ui.ShopActivityActivity
com.yoho.yohobuy.shop.ui.BrandStoreActivity
com.yoho.yohobuy.shop.ui.SingleNewProductActivity
com.yoho.yohobuy.blk.ui.BLKContainerActivity
com.yoho.yohobuy.coupon.ui.CouponProductActivity
com.yoho.react.ui.RNAssetsActivity
com.yoho.react.ui.RNAssociatorGiftActivity
com.yoho.yohobuy.filter.ui.SubFilterActivity
com.yoho.yohobuy.filter.ui.IndexSubFilterActivity
com.yoho.yohobuy.filter.ui.ExpandSubFilterActivity
com.yoho.yohobuy.mine.ui.LDNetDiagnoActivity
com.yoho.yohobuy.family.ui.YohoStatusBarWebActivity
com.yoho.yohobuy.giftcard.GiftCardStatusActivity
com.yoho.yohobuy.giftcard.BindPhoneActivity
com.yoho.yohobuy.giftcard.GiftActivateActivity
com.yoho.yohobuy.giftcard.ConsumeRecordActivity
com.yoho.yohobuy.giftcard.GiftCardUseActivity
com.yoho.yohobuy.giftcard.VerfiyEmailActivity
com.yoho.yohobuy.giftcard.GiftActivateStatusActivity
com.yoho.yohobuy.loginandregister.ui.NewCountriesAndAreasActivity
com.yoho.yohobuy.mine.ui.SelfServiceOrderActivity
com.yoho.yohobuy.mine.ui.LookupInvoiceDetailActivity
com.yoho.yohobuy.mine.ui.MineOrderListActivity
com.yoho.yohobuy.shoppingcart.ui.AddOnGoodsActivity
com.yoho.yohobuy.mine.ui.OrderSearchActivity
com.yoho.yohobuy.mine.ui.OrderSearchResultActivity
com.yoho.yohobuy.home.ui.GuideNewUserRegisterActivity
com.yoho.yohobuy.shoppingcart_new.ui.NewShoppingCartActivity
com.yoho.yohobuy.shoppingcart_new.ui.ShoppingCartCouponActivity
com.yoho.yohobuy.product.ui.SizeAssistantActivity
com.yoho.yohobuy.createpromotion.ui.CreatePromotionActivity
com.yoho.yohobuy.restrictedchannel.ui.MyQueueNumberActivity
com.yoho.yohobuy.groupbuy.ui.CollageNewHomeActivity
com.yoho.react.ui.ufo.RNMarketActivity
com.yoho.react.ui.ufo.MarketSchemeActivity
com.yoho.react.ui.ufo.RNMarketProductDetailActivity
com.yoho.react.ui.ufo.ReadNfcActivity
com.yoho.react.ui.ufo.RNMarketProductPublishActivity
com.yoho.react.ui.ufo.RNMarketProductPublishImageActivity
com.yoho.react.ui.ufo.RNMarketIDCardCaptureActivity
com.yoho.yohobuy.home.ui.BLKWebHomeActivity
com.yoho.react.ui.RNMessageGrassActivity
com.yoho.yohobuy.grasshome.ui.GrassSearchResultActivity
com.yoho.yohobuy.grasshome.ui.GrassSearchActivity
com.yoho.yohobuy.main.ui.SecondHomeActivity
com.yoho.yohobuy.home.ui.HomeSecondChannelActivity
com.yoho.yohobuy.zerohelp.ZeroHelpMainActivity
com.yoho.yohobuy.zerohelp.ZeroHelpActivityDetailActivity
com.yoho.yohobuy.mine.ui.GuideMessageActivity
com.cmic.sso.sdk.activity.OAuthActivity
com.cmic.sso.sdk.activity.LoginAuthActivity
com.yoho.app.community.grass.ui.PublishActivity
com.yoho.app.community.grass.ui.PublishRelatedUserActivity
com.yoho.app.community.grass.ui.PublishTopicActivity
com.yoho.app.community.grass.ui.PublishSubjectActivity
com.yoho.app.community.grass.ui.PublishRelatedGoodsActivity
com.yoho.app.community.grass.ui.PublishSearchRelatedGoodsActivity
com.yoho.app.community.grass.ui.PublishVideoBrowseActivity
com.yoho.app.community.release.ReleaseActivity
com.yoho.app.community.grass.ui.PublishImgBrowseActivity
com.yongchun.library.view.ImageSelectorActivity
com.yongchun.library.view.ImagePreviewActivity
com.yongchun.library.view.ImagePreviewNoCheckActivity
com.yongchun.library.view.ImageCropActivity
com.yoho.app.community.home.ui.CommunityHomeActivity
com.yoho.app.community.forum.ui.ForumHomeActivity
com.yoho.app.community.personal.ui.PersonalCenterActivity
com.yoho.app.community.personal.ui.UserHomeActivity
com.yoho.app.community.posts.ui.PostsDetailActivity
com.yoho.app.community.home.ui.H5Activity
com.yoho.app.community.message.ui.MessageCenterActivity
com.yoho.app.community.message.ui.MessageCenterPraiseActivity
com.yoho.app.community.message.ui.MessageCenterSystemActivity
com.yoho.app.community.personal.ui.UserInfoEditActivity
com.yoho.app.community.praise.ui.CommunityPraiseAtivity
com.yoho.imagepicker.activity.ImagePickAndCropActivity
com.yoho.livevideo.ui.LiveVideoActivity
com.app.liteavsdkugc.videoeditor.activitys.VideoCoverActivity
com.app.liteavsdkugc.videoplay.VideoPreviewActivity
com.yoho.appupdate.view.YohoUpdateDialogActivity
com.yoho.im.ui.activity.OrderListActivity
com.yoho.im.ui.activity.UfoIMOrderListActivity
com.yoho.im.ui.activity.LeaveMessageActivity
com.yoho.im.ui.activity.MessageActivity
com.yoho.im.ui.activity.PickPhotoActivity
com.yoho.im.ui.activity.ImageGridActivity
com.yoho.im.ui.activity.PreviewActivity
com.yoho.im.ui.activity.PreviewTextActivity
com.yoho.im.ui.activity.PreviewGifActivity
com.yoho.im.ui.activity.UserInfoActivity
com.yoho.im.ui.activity.SearchActivity
com.yoho.im.ui.activity.WebViewFragmentActivity
com.yoho.im.ui.activity.DetailPortraitActivity
com.yoho.im.ui.activity.PreviewMessageImagesActivity
com.yoho.yhlogin.ui.LoginAndRegisterNewActivity
com.yoho.yhlogin.ui.InternationalLoginActivity
com.yoho.yhlogin.ui.NewQucikLoginByPhoneActivity
com.yoho.yhlogin.ui.FindPwdByPhoneActivity
com.yoho.yhlogin.ui.FindPwdByEmailActivity
com.yoho.yhlogin.ui.VerifyEmailActivity
com.yoho.yhlogin.ui.CounryiesAreasActivity
com.yoho.yhlogin.ui.LoginDialogActivtiy
com.yoho.yhlogin.ui.BindPhoneActivity
com.yoho.yhlogin.ui.BindResetResultActivity
com.yoho.yhlogin.ui.FindPwdSuccActivity
com.yoho.yhlogin.ui.RegisterSuccessActivity
com.yoho.yhlogin.ui.ResetPwdActivity
com.yoho.yhlogin.ui.ResetBindSuccessActivity
com.yoho.yhlogin.ui.LogWebViewActivity
com.yoho.yhlogin.ui.CountDownActivity
com.yoho.yhlogin.ui.VerifyRiskControlActivity
com.yoho.yhlogin.ui.CTALoginActivity
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_00
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_01
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_02
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_03
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_04
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_05
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_06
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_07
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_08
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_09
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_00_T
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_01_T
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_02_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_00
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_01
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_02
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_03
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_04
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_05
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_06
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_07
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_08
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_09
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_00_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_01_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_02_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_00
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_01
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_02
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_03
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_04
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_05
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_06
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_07
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_08
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_09
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_00_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_01_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_02_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_00
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_01
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_02
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_03
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_04
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_05
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_06
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_07
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_08
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_09
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_00_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_01_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_02_T
com.alipay.sdk.app.H5PayActivity
com.alipay.sdk.app.H5AuthActivity
com.alipay.sdk.app.PayResultActivity
com.alipay.sdk.app.AlipayResultActivity

cmb.pb.cmbsafe.CmbService
com.igexin.sdk.PushService
com.yoho.yohobuy.utils.tinker.SampleResultService
com.igexin.download.DownloadService
com.yoho.yohobuy.utils.push.getui.GTPushService
com.yoho.yohobuy.utils.push.getui.YohoGTIntentService
com.xiaomi.push.service.XMPushService
com.xiaomi.push.service.XMJobService
com.xiaomi.mipush.sdk.PushMessageHandler
com.xiaomi.mipush.sdk.MessageHandleService
com.yoho.yohobuy.utils.push.oppo.OPPOPushReceiver
com.yoho.yohobuy.base.util.CheckNoticeService
com.yoho.yohobuy.home.NoticeNewUserService
com.yoho.app.community.release.ReleaseProgressFloatService
com.yoho.appupdate.http.DownloadService
com.yoho.im.imservice.service.IMService
com.yoho.yohobasicbusinesslib.restart.KillSelfService
com.tencent.bugly.beta.tinker.TinkerResultService
com.tencent.tinker.lib.service.TinkerPatchService
com.tencent.tinker.lib.service.TinkerPatchService$InnerService
com.tencent.tinker.lib.service.DefaultTinkerResultService

com.yoho.AppRegister
com.yoho.yohobuy.loginandregister.ui.AuthReceiver
com.igexin.sdk.PushReceiver
com.igexin.download.DownloadReceiver
com.yoho.yohobuy.main.receiver.NetworkReceiver
com.yoho.yohobuy.utils.push.huawei.HWPushReceiver
com.huawei.hms.support.api.push.PushEventReceiver
com.xiaomi.push.service.receivers.NetworkStatusReceiver
com.xiaomi.push.service.receivers.PingReceiver
com.yoho.yohobuy.utils.push.xiaomi.XMPushReceiver

android.support.v4.content.FileProvider
com.igexin.download.DownloadProvider
com.yoho.yohobuy.shareorder.provider.FilterProvider
com.tencent.mid.api.MidProvider
com.tencent.bugly.beta.utils.BuglyFileProvider

第三方库

# 库名 介绍
0 com.tencent.bugly 腾讯Bugly,面向移动开发者提供最专业的Crash监控、崩溃分析等质量跟踪服务,为您修复用户的每一次Crash!

静态扫描发现风险点

风险等级 风险名称

中危

检测到1个未移除的敏感Test或Debug组件

com.yoho.yohobuy.giftcard.GiftActivateStatusActivity

建议:
在正式发布app前移除敏感的Test或Debug组件

中危

该app需要移除大部分日志打印代码。
经扫描该包仍存在大量打日志代码,共发现92处打日志代码.(此处扫描的日志打印代码,是指调用android.util.Log.* 打印的.)
详情如下:

位置: classes.dex
com.tencent.bugly.yaq.crashreport.CrashReport;->getUserData(Landroid/content/Context; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setSdkExtraData(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setAuditEnable(Landroid/content/Context; Z)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->postCatchedException(Ljava/lang/Throwable; Ljava/lang/Thread; Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setUserId(Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getAppVer()Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.BuglyLog;->i(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setUserId(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getAppChannel()Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.wrapper.proxyapplication.MultiDexForTinker;->getprefixname(Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->removeUserData(Landroid/content/Context; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getUserId()Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.b;->a(Landroid/content/Context; Lcom/tencent/bugly/yaq/BuglyStrategy;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->enableObtainId(Landroid/content/Context; Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->testNativeCrash(Z Z Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setIsAppForeground(Landroid/content/Context; Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getUserDatasSize(Landroid/content/Context;)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setHandleNativeCrashInJava(Z)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.proguard.x;->a(I Ljava/lang/String; [Ljava/lang/Object;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->closeNativeReport()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->closeBugly()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setCrashRegularFilter(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.BuglyLog;->w(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setUserId(Landroid/content/Context; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->startCrashReport()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getAllUserDataKeys(Landroid/content/Context;)Ljava/util/Set;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->enableObtainId(Landroid/content/Context; Z)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setUserId(Landroid/content/Context; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.BuglyLog;->d(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.proguard.x;->a(I Ljava/lang/String; [Ljava/lang/Object;)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setHandleNativeCrashInJava(Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setSessionIntervalMills(J)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->testANRCrash()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getAppChannel()Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.wrapper.proxyapplication.MultiDex$V19;->makeDexElements(Ljava/lang/Object; Ljava/util/ArrayList; Ljava/io/File; Ljava/util/ArrayList;)[Ljava/lang/Object;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.b;->a(Landroid/content/Context; Lcom/tencent/bugly/yaq/BuglyStrategy;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getUserSceneTagId(Landroid/content/Context;)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getAppVer()Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.wrapper.proxyapplication.MultiDex$V4;->install(Ljava/lang/ClassLoader; Ljava/lang/reflect/Field; Ljava/util/List; Ljava/io/File;)Ljava/util/ArrayList;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.wrapper.proxyapplication.MultiDex$V19;->install(Ljava/lang/ClassLoader; Ljava/lang/reflect/Field; Ljava/util/List; Ljava/io/File; Z Z)Ljava/util/ArrayList;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getSdkExtraData(Landroid/content/Context;)Ljava/util/Map;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getAppID()Ljava/lang/String;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.wrapper.proxyapplication.MultiDex;->getprefixname(Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->testANRCrash()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setJavascriptMonitor(Lcom/tencent/bugly/yaq/crashreport/CrashReport$WebViewInterface; Z Z)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setBuglyDbName(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.wrapper.proxyapplication.MultiDex;->installDexes(Ljava/lang/ClassLoader; Ljava/lang/String; Ljava/lang/String; Z Z)Ljava/util/ArrayList;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->putUserData(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getUserId()Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.BuglyLog;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getSdkExtraData()Ljava/util/Map;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setIsDevelopmentDevice(Landroid/content/Context; Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setAuditEnable(Landroid/content/Context; Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setUserSceneTag(Landroid/content/Context; I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getSdkExtraData()Ljava/util/Map;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->closeCrashReport()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->isLastSessionCrash()Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getUserData(Landroid/content/Context; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getUserSceneTagId(Landroid/content/Context;)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setBuglyDbName(Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setAppChannel(Landroid/content/Context; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.wrapper.proxyapplication.MultiDexForTinker$V19;->makeDexElements(Ljava/lang/Object; Ljava/util/ArrayList; Ljava/io/File; Ljava/util/ArrayList;)[Ljava/lang/Object;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->putSdkData(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->isLastSessionCrash()Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->postException(Ljava/lang/Thread; I Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/util/Map;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getAppID()Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.b;->a(Landroid/content/Context; Ljava/lang/String; Z Lcom/tencent/bugly/yaq/BuglyStrategy;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->testJavaCrash()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setServerUrl(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->testNativeCrash(Z Z Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setCrashRegularFilter(Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.wrapper.proxyapplication.Util;->Comparetxtinzip(Ljava/util/zip/ZipFile; Ljava/lang/String; Ljava/io/File;)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->postCatchedException(Ljava/lang/Throwable; Ljava/lang/Thread; Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.wrapper.proxyapplication.MultiDexForTinker;->installDexes(Ljava/lang/ClassLoader; Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.BuglyLog;->v(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setAppPackage(Landroid/content/Context; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.wrapper.proxyapplication.Util;->deleteDir(Ljava/io/File;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.proguard.x;->a(I Ljava/lang/String; [Ljava/lang/Object;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.Bugly;->init(Landroid/content/Context; Ljava/lang/String; Z Lcom/tencent/bugly/yaq/BuglyStrategy;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->closeNativeReport()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setCrashFilter(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setCrashFilter(Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->removeUserData(Landroid/content/Context; Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->testJavaCrash()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setAppVersion(Landroid/content/Context; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getAllUserDataKeys(Landroid/content/Context;)Ljava/util/Set;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setUserSceneTag(Landroid/content/Context; I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->postException(Ljava/lang/Thread; I Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/util/Map;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.proguard.x;->a(I Ljava/lang/String; [Ljava/lang/Object;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->getUserDatasSize(Landroid/content/Context;)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.b;->a(Landroid/content/Context; Ljava/lang/String; Z Lcom/tencent/bugly/yaq/BuglyStrategy;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.tencent.bugly.yaq.crashreport.CrashReport;->setJavascriptMonitor(Landroid/webkit/WebView; Z Z)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I

中危

检测到1个WebView远程执行漏洞。

位置: classes.dex
com.tencent.bugly.yaq.crashreport.CrashReport$1;->addJavascriptInterface(Lcom.tencent.bugly.yaq.crashreport.crash.h5.H5JavaScriptInterface; Ljava.lang.String;)V

Android API < 17之前版本存在远程代码执行安全漏洞,该漏洞源于程序没有正确限制使用addJavaScriptInterface方法,攻击者可以通过Java反射利用该漏洞执行任意Java对象的方法,导致远程代码执行安全漏洞。
(1)API等于高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252
http://drops.wooyun.org/papers/548

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis
https://developer.android.com/reference/android/webkit/WebView.html

中危

检测到2条敏感明文信息,建议移除。

位置: classes.dex
'http://android.bugly.qq.com/rqd/async' used in: Lcom/tencent/bugly/yaq/crashreport/common/strategy/StrategyBean;->()V
'http://rqd.uu.qq.com/rqd/sync' used in: Lcom/tencent/bugly/yaq/crashreport/common/strategy/StrategyBean;->()V

中危

检测到1处setSavePassword密码明文存储漏洞。

位置: classes.dex
com.tencent.bugly.yaq.crashreport.CrashReport$1;

webview的保存密码功能默认设置为true。Webview会明文保存网站上的密码到本地私有文件”databases/webview.db”中。对于可以被root的系统环境或者配合其他漏洞(如webview的同源绕过漏洞),攻击者可以获取到用户密码。
建议:显示设置webView.getSetting().setSavePassword(false)。

参考案例:
www.wooyun.org/bugs/wooyun-2010-021420
www.wooyun.org/bugs/wooyun-2013-020246

参考资料:
http://wolfeye.baidu.com/blog/
www.claudxiao.net/2013/03/android-webview-cache/

低危

检测到1个WebView系统隐藏接口未移除。

位置: classes.dex
com.tencent.bugly.yaq.crashreport.CrashReport$1;->setJavaScriptEnabled(Z)V

android webview组件包含3个隐藏的系统接口:searchBoxJavaBridge_,accessibilityTraversal以及accessibility,恶意程序可以利用它们实现远程代码执行。
如果使用了WebView,那么使用WebView.removeJavascriptInterface(String name) API,显示的移除searchBoxJavaBridge_、accessibility、accessibilityTraversal这三个接口。

参考资料:
http://wolfeye.baidu.com/blog/android-webview/
http://blog.csdn.net/u013107656/article/details/51729398
http://wolfeye.baidu.com/blog/android-webview-cve-2014-7224/

低危

检测到2处使用了DES弱加密算法。

位置: classes.dex
'DES/CBC/PKCS5Padding' used in: Lcom/tencent/bugly/yaq/proguard/af;->a([B)[B
'DES/CBC/PKCS5Padding' used in: Lcom/tencent/bugly/yaq/proguard/af;->b([B)[B

使用弱加密算法会大大增加黑客攻击的概率,黑客可能会破解隐私数据、猜解密钥、中间人攻击等,造成隐私信息的泄漏,甚至造成财产损失。建议使用AES加密算法。

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

低危

非debug包,需要通过打包平台proguard脚本,移除大部分系统输出代码。
经扫描该包仍存在大量系统输出代码,共发现2处系统输出代码.(此处扫描的系统输出代码,是指调用System.out.print*输出的,本应在打包平台移除的系统输出代码.)
各个bundle系统输出代码详情如下:

位置: classes.dex
com.tencent.bugly.yaq.proguard.f;
com.wrapper.proxyapplication.CustomerClassLoader;

警告

检测到36个导出的组件接收其他app的消息,这些组件会被其他app引用并导致dos攻击。

activity com.yoho.yohobuy.main.ui.NewTabMainContainerActivity
activity com.yoho.yohobuy.base.AwakeActivity
activity com.yoho.yohobuy.product.ui.ProductDetailActivity
activity com.yoho.yohobuy.productkt.ui.NormalProductDetailActivityKt
activity com.yoho.yohobuy.zerohelp.ZeroHelpProductDetailActivity
activity com.yoho.yohobuy.product.ui.ProdcutVideoActivity
activity com.yoho.yohobuy.product.ui.SimilarProductActivity
activity com.yoho.yohobuy.product.ui.PromotionListActivity
activity com.yoho.yohobuy.product.ui.SeckillProductDetailActivity
activity com.yoho.yohobuy.cutdown.ui.UFOCutDownProductDetailAc
activity com.yoho.yohobuy.cutdown.ui.CutDownProductDetailActivity
activity com.yoho.yohobuy.cutdown.ui.CutDownHelpListActivity
activity com.yoho.yohobuy.groupbuy.ui.CollageProductDetailActivity
activity com.yoho.yohobuy.mine.ui.MemberShipLevelActivity
activity com.tencent.tauth.AuthActivity
activity com.yoho.wxapi.WXPayEntryActivity
activity com.yoho.wxapi.WXEntryActivity
activity com.yoho.wxapi.WXMarketPayEntryActivity
activity com.igexin.sdk.GActivity
activity com.yoho.yohobuy.utils.sinawb.SinaActivity
activity com.yoho.yohobuy.utils.qqapi.CallbackActivity
activity com.yoho.yohobuy.coupon.ui.CouponProductActivity
activity com.yoho.react.ui.ufo.MarketSchemeActivity
activity com.yoho.im.ui.activity.WebViewFragmentActivity
activity com.alipay.sdk.app.PayResultActivity
activity com.alipay.sdk.app.AlipayResultActivity
service com.igexin.sdk.PushService
service com.yoho.yohobuy.utils.push.getui.GTPushService
service com.xiaomi.mipush.sdk.PushMessageHandler
receiver com.yoho.AppRegister
receiver com.igexin.sdk.PushReceiver
receiver com.igexin.download.DownloadReceiver
receiver com.yoho.yohobuy.main.receiver.NetworkReceiver
receiver com.huawei.hms.support.api.push.PushEventReceiver
receiver com.xiaomi.push.service.receivers.NetworkStatusReceiver
receiver com.yoho.yohobuy.utils.push.xiaomi.XMPushReceiver

建议:
(1)最小化组件暴露。对不会参与跨应用调用的组件建议显示添加android:exported="false"属性。
(2)设置组件访问权限。对provider设置权限,同时将权限的protectionLevel设置为"signature"或"signatureOrSystem"。
(3)组件传输数据验证。对组件之间,特别是跨应用的组件之间的数据传入与返回做验证和增加异常处理,防止恶意调试数据传入,更要防止敏感数据返回。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0169746
http://www.wooyun.org/bugs/wooyun-2010-0104965

参考资料:
http://jaq.alibaba.com/blog.htm?spm=0.0.0.0.Wz4OeC&id=55
《Android安全技术解密与防范》

警告

检测到1个导出的隐式Service组件。
service com.igexin.sdk.PushService

建议:为了确保应用的安全性,启动Service时,请始终使用显式Intent,且不要为服务声明Intent过滤器。使用隐式Intent启动服务存在安全隐患,因为您无法确定哪些服务将响应Intent,且用户无法看到哪些服务已启动。从Android 5.0(API 级别 21)开始,如果使用隐式 Intent 调用 bindService(),系统会抛出异常。

参考资料:
https://developer.android.com/guide/components/intents-filters.html#Types

警告

检测7处組件設置了android.intent.category.BROWSABLE属性。
com.yoho.yohobuy.start.ui.StartActivity
com.yoho.yohobuy.main.ui.NewTabMainContainerActivity
com.yoho.yohobuy.base.AwakeActivity
com.tencent.tauth.TAuthView
com.tencent.tauth.AuthActivity
com.yoho.yohobuy.utils.qqapi.CallbackActivity
com.yoho.react.ui.ufo.MarketSchemeActivity


在AndroidManifest文件中定义了android.intent.category.BROWSABLE属性的组件,可以通过浏览器唤起,这会导致远程命令执行漏洞攻击。建议:
(1)APP中任何接收外部输入数据的地方都是潜在的攻击点,过滤检查来自网页的参数。
(2)不要通过网页传输敏感信息,有的网站为了引导已经登录的用户到APP上使用,会使用脚本动态的生成URL Scheme的参数,其中包括了用户名、密码或者登录态token等敏感信息,让用户打开APP直接就登录了。恶意应用也可以注册相同的URL Sechme来截取这些敏感信息。Android系统会让用户选择使用哪个应用打开链接,但是如果用户不注意,就会使用恶意应用打开,导致敏感信息泄露或者其他风险。

參考案例:
http://www.wooyun.org/bugs/wooyun-2014-073875
http://www.wooyun.org/bugs/wooyun-2014-067798

参考资料:
http://wolfeye.baidu.com/blog/intent-scheme-url/
http://www.jssec.org/dl/android_securecoding_en.pdf
http://drops.wooyun.org/mobile/15202
http://blog.csdn.net/l173864930/article/details/36951805
http://drops.wooyun.org/papers/2893

警告

检测到1潜在的XSS漏洞。

位置: classes.dex
com.tencent.bugly.yaq.crashreport.CrashReport$1;->setJavaScriptEnabled(Z)V

允许WebView执行JavaScript(setJavaScriptEnabled),有可能导致XSS攻击。建议尽量避免使用。
(1)API等于高高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
u(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis

警告

检测到5处IvParameterSpec的使用。

位置: classes.dex
com.tencent.bugly.yaq.proguard.ae;->a([B)[B
com.tencent.bugly.yaq.proguard.ae;->b([B)[B
com.tencent.bugly.yaq.proguard.af;->a([B)[B
com.tencent.bugly.yaq.proguard.af;->b([B)[B
com.tencent.bugly.yaq.proguard.z;->a(I [B [B)[B

使用IVParameterSpec函数,如果使用了固定的初始化向量,那么密码文本可预测性高得多,容易受到字典攻击等。建议禁止使用常量初始化矢量构造IVParameterSpec,使用聚安全提供的安全组件。

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html
http://wolfeye.baidu.com/blog/weak-encryption/
http://www.freebuf.com/articles/terminal/99868.html

警告

检测到2处provider的grantUriPermissions设置为true。
android.support.v4.content.FileProvider
com.tencent.bugly.beta.utils.BuglyFileProvider


grant-uri-permission若设置为true,可被其它程序员通过uri访问到content provider的内容,容易造成信息泄露。

参考资料:
https://security.tencent.com/index.php/blog/msg/6

警告

这个app应该声明permission的"android:protectionLevel"属性值为"signature"或者"signatureOrSystem",保证其他app无法注册或者从这个app接收消息。有安全隐患的permission如下:
getui.permission.GetuiService.com.yoho normal

警告

检测到3处使用了加解密算法。密钥处理不当可能会导致信息泄露。

位置: classes.dex
com.tencent.bugly.yaq.proguard.z;->a(I [B [B)[B
com.tencent.bugly.yaq.proguard.ae;->b([B)[B
com.tencent.bugly.yaq.proguard.ae;->a([B)[B

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0105766
http://www.wooyun.org/bugs/wooyun-2015-0162907
http://www.wooyun.org/bugs/wooyun-2010-0187287

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html


动态扫描发现风险点

风险等级 风险名称

服务端分析

风险等级 风险名称

警告

检测到?处XSS漏洞。
开发中...

警告

检测到?处XSS跨站漏洞。
开发中...

应用证书