0

高危漏洞

3

中危漏洞

2

低危漏洞

2

警告

文件名 test.apk
上传者 blq4411568
文件大小 27.083592414856MB
MD5 e8a71b2cc17e4a250ff4da443f9b206c
包名 com.qf.yuntsg.haidu
Main Activity com.qf.yuntsg.haidu.MainActivity
Min SDK 16
Target SDK 23

权限列表

# 名称 说明 提示
0 android.permission.ACCESS_NETWORK_STATE 允许应用程序查看所有网络的状态。 提示
1 android.permission.ACCESS_WIFI_STATE 允许应用程序查看有关WLAN状态的信息。 提示
2 android.permission.CAMERA 允许应用程序使用相机拍照,这样应用程序可随时收集进入相机镜头的图像。 提示
3 android.permission.FLASHLIGHT 允许应用程序控制闪光灯。 提示
4 android.permission.INTERNET 允许程序访问网络. 提示
5 android.permission.WRITE_EXTERNAL_STORAGE 允许应用程序写入SD卡。 提示

四大组件

组件名称

com.qf.yuntsg.haidu.MainActivity
com.google.zxing.client.android.CaptureActivity
com.google.zxing.client.android.encode.EncodeActivity
com.github.barteksc.pdfviewer.sample.MainActivity
com.myplayer.MainActivity

org.apache.cordova.camera.FileProvider
io.github.pwlin.cordova.plugins.fileopener2.FileProvider

第三方库

# 库名 介绍
0 org.apache.cordova Mobile apps with HTML, CSS & JSTarget multiple platforms with one code base
1 org.androidannotations.annotations Fast Android Development. Easy maintainance.
2 com.google.zxing Official ZXing ("Zebra Crossing") project home

静态扫描发现风险点

风险等级 风险名称

中危

该app需要移除大部分日志打印代码。
经扫描该包仍存在大量打日志代码,共发现60处打日志代码.(此处扫描的日志打印代码,是指调用android.util.Log.* 打印的.)
详情如下:

位置: classes.dex
com.google.zxing.client.android.result.CalendarResultHandler;->addCalendarEvent(Ljava/lang/String; Ljava/util/Date; Z Ljava/util/Date; Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.CaptureActivityHandler;->handleMessage(Landroid/os/Message;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.InactivityTimer;->onPause()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
org.androidannotations.api.BackgroundExecutor;->cancelAll(Ljava/lang/String; Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.DecodeHintManager;->parseDecodeHints(Landroid/net/Uri;)Ljava/util/Map;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.wifi.WifiConfigManager;->updateNetwork(Landroid/net/wifi/WifiManager; Landroid/net/wifi/WifiConfiguration;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.DecodeHintManager;->parseDecodeHints(Landroid/content/Intent;)Ljava/util/Map;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationUtils;->indexOfClosestZoom(Landroid/hardware/Camera$Parameters; D)Ljava/lang/Integer;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationUtils;->indexOfClosestZoom(Landroid/hardware/Camera$Parameters; D)Ljava/lang/Integer;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
org.androidannotations.api.ViewServer;->stop()Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.CaptureActivity;->initCamera(Landroid/view/SurfaceHolder;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.AutoFocusManager;->(Landroid/content/Context; Landroid/hardware/Camera;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraManager;->getFramingRect()Landroid/graphics/Rect;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraManager;->openDriver(Landroid/view/SurfaceHolder;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.HttpHelper;->safelyOpenConnection(Ljava/net/URL;)Ljava/net/HttpURLConnection;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationUtils;->findSettableValue(Ljava/lang/String; Ljava/util/Collection; [Ljava/lang/String;)Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.shockwave.pdfium.PdfiumCore;->()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.history.HistoryManager;->saveHistory(Ljava/lang/String;)Landroid/net/Uri;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.shockwave.pdfium.PdfiumCore;->renderPage(Lcom/shockwave/pdfium/PdfDocument; Landroid/view/Surface; I I I I I Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationUtils;->setBestExposure(Landroid/hardware/Camera$Parameters; Z)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.encode.QRCodeEncoder;->encodeFromStreamExtra(Landroid/content/Intent;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationUtils;->setFocus(Landroid/hardware/Camera$Parameters; Z Z Z)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationUtils;->setTorch(Landroid/hardware/Camera$Parameters; Z)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.history.HistoryManager;->trimHistory()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.PreviewCallback;->onPreviewFrame([B Landroid/hardware/Camera;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.DecodeHintManager;->parseDecodeHints(Landroid/content/Intent;)Ljava/util/Map;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationUtils;->findBestPreviewSizeValue(Landroid/hardware/Camera$Parameters; Landroid/graphics/Point;)Landroid/graphics/Point;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationUtils;->setFocusArea(Landroid/hardware/Camera$Parameters;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.DecodeHintManager;->parseDecodeHints(Landroid/net/Uri;)Ljava/util/Map;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.result.ResultHandler;->openURL(Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.wifi.WifiConfigManager;->updateNetwork(Landroid/net/wifi/WifiManager; Landroid/net/wifi/WifiConfiguration;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.encode.EncodeActivity;->share()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationManager;->setDesiredCameraParameters(Lcom/google/zxing/client/android/camera/open/OpenCamera; Z)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraManager;->openDriver(Landroid/view/SurfaceHolder;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.CaptureActivityHandler;->handleMessage(Landroid/os/Message;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.open.OpenCameraInterface;->open(I)Lcom/google/zxing/client/android/camera/open/OpenCamera;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.result.ResultHandler;->rawLaunchIntent(Landroid/content/Intent;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationManager;->initFromCameraParameters(Lcom/google/zxing/client/android/camera/open/OpenCamera;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.history.HistoryActivity;->onOptionsItemSelected(Landroid/view/MenuItem;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.result.WifiResultHandler;->handleButtonPress(I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationUtils;->setBestPreviewFPS(Landroid/hardware/Camera$Parameters; I I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.wifi.WifiConfigManager;->doInBackground([Lcom/google/zxing/client/result/WifiParsedResult;)Ljava/lang/Object;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.InactivityTimer;->onResume()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.DecodeHandler;->decode([B I I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.shockwave.pdfium.PdfiumCore;->renderPageBitmap(Lcom/shockwave/pdfium/PdfDocument; Landroid/graphics/Bitmap; I I I I I Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationUtils;->setInvertColor(Landroid/hardware/Camera$Parameters;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationManager;->setDesiredCameraParameters(Lcom/google/zxing/client/android/camera/open/OpenCamera; Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.encode.EncodeActivity;->onResume()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationUtils;->setZoom(Landroid/hardware/Camera$Parameters; D)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationUtils;->setBarcodeSceneMode(Landroid/hardware/Camera$Parameters;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.DecodeThread;->(Lcom/google/zxing/client/android/CaptureActivity; Ljava/util/Collection; Ljava/util/Map; Ljava/lang/String; Lcom/google/zxing/ResultPointCallback;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationUtils;->setMetering(Landroid/hardware/Camera$Parameters;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.InactivityTimer$InactivityAsyncTask;->doInBackground([Ljava/lang/Object;)Ljava/lang/Object;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.wifi.WifiConfigManager;->doInBackground([Lcom/google/zxing/client/result/WifiParsedResult;)Ljava/lang/Object;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraManager;->setManualFramingRect(I I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationUtils;->findBestPreviewSizeValue(Landroid/hardware/Camera$Parameters; Landroid/graphics/Point;)Landroid/graphics/Point;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.open.OpenCameraInterface;->open(I)Lcom/google/zxing/client/android/camera/open/OpenCamera;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.camera.CameraConfigurationUtils;->setVideoStabilization(Landroid/hardware/Camera$Parameters;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
org.androidannotations.api.ViewServer$ViewServerWorker;->run()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.google.zxing.client.android.CaptureActivity;->surfaceCreated(Landroid/view/SurfaceHolder;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

中危

检测到28条敏感明文信息,建议移除。

位置: classes.dex
'data:*' used in: Lorg/apache/cordova/whitelist/WhitelistPlugin$CustomConfigXmlParser;->handleStartTag(Lorg/xmlpull/v1/XmlPullParser;)V
'data:*' used in: Lorg/apache/cordova/whitelist/WhitelistPlugin;->(Lorg/apache/cordova/Whitelist; Lorg/apache/cordova/Whitelist; Lorg/apache/cordova/Whitelist;)V
'file:///*' used in: Lorg/apache/cordova/whitelist/WhitelistPlugin;->(Lorg/apache/cordova/Whitelist; Lorg/apache/cordova/Whitelist; Lorg/apache/cordova/Whitelist;)V
'file:///android_asset/' used in: Lorg/apache/cordova/camera/FileHelper;->getInputStreamFromUriString(Ljava/lang/String; Lorg/apache/cordova/CordovaInterface;)Ljava/io/InputStream;
'file:///android_asset/' used in: Lorg/apache/cordova/file/AssetFilesystem;->(Landroid/content/res/AssetManager; Lorg/apache/cordova/CordovaResourceApi;)V
'file:///android_asset/' used in: Lorg/apache/cordova/file/FileUtils;->requestAllPaths()Lorg/json/JSONObject;
'file:///android_asset/html-' used in: Lcom/google/zxing/client/android/HelpActivity;->()V
'file:///android_asset/www/' used in: Lorg/apache/cordova/ConfigXmlParser;->setStartUrl(Ljava/lang/String;)V
'file:///android_asset/www/index.html' used in: Lorg/apache/cordova/ConfigXmlParser;->()V
'file:///android_asset/www/index.html' used in: Lorg/apache/cordova/Config;->getStartUrl()Ljava/lang/String;
'http://*/*' used in: Lorg/apache/cordova/whitelist/WhitelistPlugin$CustomConfigXmlParser;->handleStartTag(Lorg/xmlpull/v1/XmlPullParser;)V
'http://books.google.' used in: Lcom/google/zxing/client/android/book/BrowseBookListener;->onItemClick(Landroid/widget/AdapterView; Landroid/view/View; I J)V
'http://books.google.' used in: Lcom/google/zxing/client/android/LocaleManager;->isBookSearchUrl(Ljava/lang/String;)Z
'http://books.google.' used in: Lcom/google/zxing/client/android/result/ResultHandler;->openBookSearch(Ljava/lang/String;)V
'http://google.com/books' used in: Lcom/google/zxing/client/android/LocaleManager;->isBookSearchUrl(Ljava/lang/String;)Z
'http://maps.google.' used in: Lcom/google/zxing/client/android/result/ResultHandler;->getDirections(D D)V
'http://py.yuntsg.com:7151/wfpdf/1512913305003.pdf' used in: Lcom/github/barteksc/pdfviewer/sample/PDFViewActivity;->afterViews()V
'http://schemas.android.com/apk/res/android' used in: Landroid/support/graphics/drawable/TypedArrayUtils;->hasAttribute(Lorg/xmlpull/v1/XmlPullParser; Ljava/lang/String;)Z
'http://www.google' used in: Lcom/google/zxing/client/android/CaptureActivity;->onResume()V
'http://www.google.' used in: Lcom/google/zxing/client/android/result/ResultHandler;->openProductSearch(Ljava/lang/String;)V
'http://www.google.' used in: Lcom/google/zxing/client/android/result/supplement/BookResultInfoRetriever;->retrieveSupplementalInfo()V
'http://www.google.com/books?id=' used in: Lcom/google/zxing/client/android/book/SearchBookContentsActivity$NetworkTask;->doInBackground([Ljava/lang/String;)Lorg/json/JSONObject;
'http://www.google.com/books?vid=isbn' used in: Lcom/google/zxing/client/android/book/SearchBookContentsActivity$NetworkTask;->doInBackground([Ljava/lang/String;)Lorg/json/JSONObject;
'http://zxing.appspot.com/scan' used in: Lcom/google/zxing/client/android/CaptureActivity;->()V
'https://*/*' used in: Lorg/apache/cordova/whitelist/WhitelistPlugin$CustomConfigXmlParser;->handleStartTag(Lorg/xmlpull/v1/XmlPullParser;)V
'https://ssl.gstatic.com/accessibility/javascript/android/' used in: Lorg/apache/cordova/PluginManager;->shouldAllowRequest(Ljava/lang/String;)Z
'https://www.google.' used in: Lcom/google/zxing/client/android/result/supplement/ProductResultInfoRetriever;->retrieveSupplementalInfo()V
'https://www.googleapis.com/books/v1/volumes?q=isbn:' used in: Lcom/google/zxing/client/android/result/supplement/BookResultInfoRetriever;->retrieveSupplementalInfo()V

中危

检测到1处setSavePassword密码明文存储漏洞。

位置: classes.dex
com.initialxy.cordova.themeablebrowser.ThemeableBrowser$6;

webview的保存密码功能默认设置为true。Webview会明文保存网站上的密码到本地私有文件”databases/webview.db”中。对于可以被root的系统环境或者配合其他漏洞(如webview的同源绕过漏洞),攻击者可以获取到用户密码。
建议:显示设置webView.getSetting().setSavePassword(false)。

参考案例:
www.wooyun.org/bugs/wooyun-2010-021420
www.wooyun.org/bugs/wooyun-2013-020246

参考资料:
http://wolfeye.baidu.com/blog/
www.claudxiao.net/2013/03/android-webview-cache/

低危

检测到1个WebView系统隐藏接口未移除。

位置: classes.dex
com.initialxy.cordova.themeablebrowser.ThemeableBrowser$6;->run()V

android webview组件包含3个隐藏的系统接口:searchBoxJavaBridge_,accessibilityTraversal以及accessibility,恶意程序可以利用它们实现远程代码执行。
如果使用了WebView,那么使用WebView.removeJavascriptInterface(String name) API,显示的移除searchBoxJavaBridge_、accessibility、accessibilityTraversal这三个接口。

参考资料:
http://wolfeye.baidu.com/blog/android-webview/
http://blog.csdn.net/u013107656/article/details/51729398
http://wolfeye.baidu.com/blog/android-webview-cve-2014-7224/

低危

非debug包,需要通过打包平台proguard脚本,移除大部分系统输出代码。
经扫描该包仍存在大量系统输出代码,共发现3处系统输出代码.(此处扫描的系统输出代码,是指调用System.out.print*输出的,本应在打包平台移除的系统输出代码.)
各个bundle系统输出代码详情如下:

位置: classes.dex
com.github.barteksc.pdfviewer.sample.PDFViewActivity;
com.google.zxing.client.android.DecodeHandler;
com.github.barteksc.pdfviewer.sample.PDFViewActivity$MyTask;

警告

检测到1处addFlags使用Intent.FLAG_ACTIVITY_NEW_TASK。

位置: classes.dex
com.google.zxing.client.android.CaptureActivityHandler;->handleMessage

APP创建Intent传递数据到其他Activity,如果创建的Activity不是在同一个Task中打开,就很可能被其他的Activity劫持读取到Intent内容,跨Task的Activity通过Intent传递敏感信息是不安全的。建议:
尽量避免使用包含FLAG_ACTIVITY_NEW_TASK标志的Intent来传递敏感信息。

参考资料:
http://wolfeye.baidu.com/blog/intent-data-leak

警告

检测到2处provider的grantUriPermissions设置为true。
org.apache.cordova.camera.FileProvider
io.github.pwlin.cordova.plugins.fileopener2.FileProvider


grant-uri-permission若设置为true,可被其它程序员通过uri访问到content provider的内容,容易造成信息泄露。

参考资料:
https://security.tencent.com/index.php/blog/msg/6


动态扫描发现风险点

风险等级 风险名称

服务端分析

风险等级 风险名称

警告

检测到?处XSS漏洞。
开发中...

警告

检测到?处XSS跨站漏洞。
开发中...

应用证书