WIKI

13.8 获取Android ID敏感信息代码检测

(1)描述

检查app是否有执行获取Android ID敏感信息的代码

(2)检测方法

检测类型:静态分析

Example Java code:

  android.provider.Settings.Secure.getString(getContentResolver(),  android.provider.Settings.Secure.ANDROID_ID);

  

Example Bytecode code:

  Lcom/bug/sensitive/func/MainActivity;->getContentResolver()Landroid/content/ContentResolver;

  move-result-object v0

  const-string v1, "android_id"

  invoke-static {v0, v1}, Landroid/provider/Settings$Secure;->getString(Landroid/content/ContentResolver;Ljava/lang/String;)Ljava/lang/String;

 

(3)风险等级

提示