High Risk

Threat level

me.yidui

伊对

Analyzed on 2022-02-09T02:15:39.247383

49

permissions

256

activities

32

services

17

receivers

100

domains

File sums

MD5 709f29888e9b059b3194e8e7272f0f50
SHA1 e435945405947cd7f48bcac446ace692e736c4ac
SHA256 6ad16ee75d573afa7bb4c1deb37d3ccb514f3fac03dedc51b7a6e92d53bbff63
Size 57.34MB

APKiD

Information computed with APKiD.

/tmp/tmpaaa_upcr!classes.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MODEL check
  • Build.MANUFACTURER check
  • Build.PRODUCT check
  • Build.HARDWARE check
  • Build.BOARD check
  • possible Build.SERIAL check
  • Build.TAGS check
  • SIM operator check
  • network operator name check
  • device ID check
  • subscriber ID check
  • ro.product.device check
  • ro.kernel.qemu check
  • emulator file check
obfuscator
  • unreadable field names
  • unreadable method names
compiler
  • r8
/tmp/tmpaaa_upcr!classes2.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MANUFACTURER check
  • Build.BOARD check
  • possible Build.SERIAL check
  • Build.TAGS check
  • SIM operator check
  • network operator name check
  • device ID check
  • subscriber ID check
  • possible ro.secure check
  • emulator file check
compiler
  • r8 without marker (suspicious)
/tmp/tmpaaa_upcr!classes3.dex
anti_vm
  • Build.MANUFACTURER check
  • Build.HARDWARE check
  • possible Build.SERIAL check
compiler
  • r8 without marker (suspicious)
/tmp/tmpaaa_upcr!classes4.dex
anti_vm
  • Build.MANUFACTURER check
  • possible VM check
compiler
  • r8 without marker (suspicious)
/tmp/tmpaaa_upcr!classes5.dex
anti_vm
  • Build.FINGERPRINT check
  • Build.MANUFACTURER check
  • Build.BOARD check
compiler
  • r8 without marker (suspicious)
/tmp/tmpaaa_upcr!classes6.dex
compiler
  • r8 without marker (suspicious)
/tmp/tmpaaa_upcr!lib/armeabi-v7a/libnativetools.so
obfuscator
  • Obfuscator-LLVM version unknown
/tmp/tmpaaa_upcr!lib/armeabi-v7a/libncipher.so
obfuscator
  • Obfuscator-LLVM version unknown
/tmp/tmpaaa_upcr!lib/armeabi-v7a/libsafeenv.so
obfuscator
  • Obfuscator-LLVM version unknown
/tmp/tmpaaa_upcr!lib/armeabi-v7a/libsgmain.so!classes.dex
obfuscator
  • unreadable field names
  • unreadable method names
compiler
  • unknown (please file detection issue!)
/tmp/tmpaaa_upcr!lib/armeabi-v7a/libsgmiddletier.so!classes.dex
compiler
  • unknown (please file detection issue!)
/tmp/tmpaaa_upcr!lib/armeabi-v7a/libsgsecuritybody.so!classes.dex
anti_vm
  • subscriber ID check
compiler
  • unknown (please file detection issue!)
/tmp/tmpaaa_upcr!lib/armeabi-v7a/libturingmfa.so
obfuscator
  • Obfuscator-LLVM version unknown

SSdeep

Information computed with ssdeep.

APK file 1572864:cPFDJSsTBhyY5womi8AZ4T/HHscJr4rzihP6g0iPrBm:cdD4sTV6i8AZUH9JrOIig0L
Manifest 1536:6DW0+anecij15W5nT0ktEWilfK5+XVnQ0cqFGeZWhY7Jl5ZGVcgdHxV0AR6pwFG5…
classes.dex 98304:aXc3ZieZXMkkOCzdtwR95Nq+lFOMRTGZ3O7fPfja7Jck:aXfeBMrD2NqlMxlXf+…
classes2.dex 98304:jrk8F/Z4t8o0wYCl3CTKIZPrSy6WeRV3AVCr:Pk8Fet8tdCBTIkVC6
classes3.dex 49152:LJo38MzZdj6YFz8x5N4xTW/HeBvx7VdN6QUim/lwStz6nMM8JFuRC6/QWCUo4Mv…
classes4.dex 49152:rgsVXZAeMhf4jcHlrBy4822IXV3vt+4naJdMhL3:tAXy8V3jL
classes5.dex 98304:cO48QSC7koHvdStPMf+M1vVPb/kV3N6MHwnCqn7TQ:PQSC7/0M51vRb3nLn7M
classes6.dex 6144:vxS14gOA8h5oHt4dUqdfq4oSAf1jBxFcTo10cvzI6xs8NBiYi9OHDLQ1Qx9T6Jmm…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 24576:oyCGxeGPR/RlwphU7tDW7XE1PIL7f7S3T0lSqzTQghmTImPoPzjJ:/xxRoOBeHBF
classes.dex 6144:YNu08/Tubd6+nYssJxWdNtuIJvqDJT/RekrTrBRkXoNW/Mfq0HKNWepB7s5MklMa…
classes2.dex 12288:+MtDW7XEJW07JdR6c32S5u3IODttVe7mfgiMK:JtDW7XE1PIL7fF
classes3.dex 3072:LSHd1zfXs2ENpzc1rZ012/BG4fT0ljJ8rNn6f3jVU:mHLPENSdFQkT0lSrNSzVU
classes4.dex 1536:XqkX/qReilnFSWQfcB9tLBd+DQ2L0hZlblt+RZ1+cpgFqGH9:/25SWYcTt+ApUjgd
classes5.dex 6144:1TQPX7IUkPGyz/TPTSSVaGB6/ayTCmh0A0oH/BDB3TzLy+g+zIgmGFtZZHYc/KOE…
classes6.dex 768:AxFYQATEKcS84MZB/LIybkL7Z2xcgLEQdjlcEMuU3333333OWlN:aNKEKd84Waybk…

APK details

Information computed with AndroGuard and Pithus.

Package me.yidui
App name 伊对
Version name 7.4.400
Version code 804
SDK 21 - 28
UAID fc9bea023b642678acca761d82d865146620a36c
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0x504b4453: Dependency metadata
  • 0x71777777: Meituan metadata
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 ed1624efa1e49a45508cbc63bd63c1e9
SHA1 cc926d2cea1baf42a1c108a02013b14779b1e3ff
SHA256 13b8baeffd9f296c522ec5f8c064968e1c3238ed992e9af1a42efcbb2de0c63f
Issuer Common Name: yidui, Organizational Unit: me, Organization: MLKJ, Locality: Beijing, State/Province: Beijing, Country: CN
Not before 2017-09-12T06:29:50+00:00
Not after 2063-09-01T06:29:50+00:00

File Analysis

Information computed with MobSF.

Findings Files
Certificate/Key files hardcoded inside the app. assets/device_id.pem
META-INF/services/javax.ws.rs.ext.MessageBodyReader
META-INF/services/javax.ws.rs.ext.Providers
assets/ag_sdk_cbg_root.cer
Findings Files
Hardcoded Keystore found. assets/nim/rsa/r.jks
assets/nim/sm2/t.jks
assets/updatesdkcas.bks
assets/hmsincas.bks
assets/grs_sp.bks
assets/nim/sm2/r.jks
assets/nim/rsa/t.jks
assets/hmsrootcas.bks

Manifest analysis

Information computed with MobSF.

High Clear text traffic is Enabled For App[android:usesCleartextTraffic=true]
The app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.
High Activity (com.yidui.ui.message.activity.YoungUserMatchingActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.yidui.ui.message.activity.YoungUserEmptyWaitingActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.yidui.ui.live.love_video.LoveVideoActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.yidui.ui.home.MainActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.yidui.receiver.PhoneReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Activity (com.yidui.ui.login.PhoneAuthActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.yidui.ui.login.NewUIBaseInfoActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.yidui.ui.message.activity.TagsInfosActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.yidui.ui.me.UploadAvatarActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (me.yidui.wxapi.WXEntryActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.yidui.ui.member_detail.MemberDetailActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.yidui.ui.member_detail.MemberDetailActivityWapper) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.yidui.ui.member_detail.MemberNewDetailActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.yidui.receiver.AppRegister) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.tencent.mm.plugin.permission.SEND [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (com.yidui.receiver.InstallReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Service (com.yidui.base.service.YiduiService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.yidui.utils.patch.service.PatchService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.yidui.ui.matchmaker.CreateLiveActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.yidui.ui.live.video.MatchingRoomActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.yidui.receiver.NetworkChangeReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Activity (com.yidui.ui.live.video.LiveInviteDialogActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.yidui.ui.live.love_video.LoveVideoInviteDialogActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.yidui.ui.gift.V2GiftGivingDetailActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.yidui.utils.patch.receiver.PatchReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.yidui.ui.live.video.LiveSevenInviteDialogActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.alipay.sdk.app.PayResultActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (com.alipay.sdk.app.AlipayResultActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.yidui.apm.core.tools.monitor.jobs.battery.BatteryReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Service (com.yidui.base.push.push.getui.GetuiPushDaemonService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.yidui.base.push.push.vivo.VivoPushReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High TaskAffinity is set for Activity
(com.igexin.sdk.PushActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High TaskAffinity is set for Activity
(com.igexin.sdk.GActivity)
If taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
High Activity (com.igexin.sdk.GActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.meizu.cloud.pushsdk.NotificationService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.igexin.sdk.FlymePushReceiver) is not Protected.An intent-filter exists.
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Broadcast Receiver is explicitly exported.
High Service (com.xiaomi.mipush.sdk.PushMessageHandler) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (com.igexin.sdk.MiuiPushReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (com.vivo.push.sdk.service.CommandClientService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.push.permission.UPSTAGESERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.igexin.sdk.OppoPushService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.coloros.mcs.permission.SEND_MCS_MESSAGE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.igexin.sdk.OppoAppPushService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: com.heytap.mcs.permission.SEND_PUSH_MESSAGE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
Low Broadcast Receiver (com.huawei.hms.support.api.push.PushMsgReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: me.yidui.permission.PROCESS_PUSH_MSG
protectionLevel: signatureOrSystem [android:exported=true]
A Broadcast Receiver is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
Low Broadcast Receiver (com.huawei.hms.support.api.push.PushReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: me.yidui.permission.PROCESS_PUSH_MSG
protectionLevel: signatureOrSystem [android:exported=true]
A Broadcast Receiver is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
High Service (com.huawei.hms.support.api.push.service.HmsMsgService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
Low Content Provider (com.huawei.hms.support.api.push.PushProvider) is Protected by a permission, but the protection level of the permission should be checked.
Permission: me.yidui.permission.PUSH_PROVIDER
protectionLevel: signatureOrSystem [android:exported=true]
A Content Provider is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
High Service (com.netease.nimlib.job.NIMJobService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
Medium High Intent Priority (1000)[android:priority]
By setting an intent priority higher than another intent, the app effectively overrides other requests.

Browsable activities

Information computed with MobSF.

com.yidui.ui.login.SplashActivity

Hosts: *.yidui.me s.iyidui.cn

Schemes: growing.2a4feef1a9780d51:// http:// https:// st06feac65aa7efd6a:// yidui_system_push://

com.yidui.ui.home.MainActivity

Schemes: yidui:// saca60f361:// saa835abc5://

Main Activity

Information computed with AndroGuard.

com.yidui.ui.login.SplashActivity

Activities

Information computed with AndroGuard.

com.yidui.ui.webview.view.WebContainerNobleActivityDialog
com.yidui.ui.me.NobleVipActivity
com.yidui.ui.message.activity.YoungUserMatchingActivity
com.yidui.ui.message.activity.YoungUserEmptyWaitingActivity
com.yidui.ui.message.activity.YoungUserMatchMainActivity
com.yidui.ui.guest.GuestHomeActivity
com.yidui.ui.message.activity.YoungUserSendActivity
com.yidui.ui.message.activity.YoungUserBeenMatchingActivity
com.yidui.ui.message.activity.ReplayYoungUserActivity
com.yidui.ui.live.love_video.LoveVideoActivity
com.yidui.ui.message.activity.ForbiddenWordsDialogActivity
com.yidui.ui.message.activity.FastVideoAcceptInviteDialogActivity
com.yidui.ui.message.activity.QuickMatchActivity
com.yidui.ui.me.UserTagsActivity
com.yidui.ui.me.InvisibleUserListActivity
com.yidui.ui.teen_mode.TeenModeBindPhoneActivity
com.yidui.ui.teen_mode.TeenModeDetailActivity
com.yidui.ui.teen_mode.TeenModeForgetPasswordActivity
com.yidui.ui.teen_mode.TeenModeSettingPasswordActivity
com.yidui.ui.me.SecretActivity
com.yidui.ui.login.CaptchaActivity
com.yidui.ui.live.group.InviteFriendListActivity
com.yidui.ui.logout.BindPhoneNumberActivity
com.yidui.ui.logout.PhoneAuthenticationActivity
com.yidui.ui.logout.AuditStatusActivity
com.yidui.ui.logout.AccountSafeActivity
com.yidui.ui.me.NotificationSettingActivity
com.yidui.ui.live.group.EditGroupActivity
com.yidui.ui.container.activity.StandardContainerActivity
com.yidui.ui.container.activity.AutoRotateContainerActivity
com.yidui.ui.container.activity.SingleTopContainerActivity
com.yidui.ui.container.activity.SingleTaskContainerActivity
com.yidui.ui.container.activity.SingleInstanceContainerActivity
com.yidui.ui.login.SplashActivity
com.yidui.ui.home.MainActivity
com.yidui.ui.login.NewLoginActivity
com.yidui.ui.login.PhoneAuthActivity
com.yidui.ui.login.NewUIBaseInfoActivity
com.yidui.ui.message.activity.TagsInfosActivity
com.yidui.ui.picture_viewer.SendPhotoActivity
com.yidui.ui.me.UploadAvatarActivity
me.yidui.wxapi.WXEntryActivity
com.yidui.ui.webview.DetailWebViewActivity
com.yidui.ui.pay.AutoRenewalManagerActivity
com.yidui.ui.pay.CashierWebViewActivity
com.yidui.ui.live.base.utils.QuickPayWebViewActivity
com.yidui.ui.webview.TransparentWebViewActivity
com.yidui.ui.web.activity.MiWebViewActivity
com.yidui.ui.member_detail.MemberDetailActivity
com.yidui.ui.member_detail.MemberDetailActivityWapper
com.yidui.ui.member_detail.MemberNewDetailActivity
com.yidui.ui.picture_viewer.BigPictureActivity
com.yidui.ui.me.EditInfoActivity
com.yidui.ui.me.ProductVipsActivity
com.yidui.ui.pay.PayMethodsActivity
com.yidui.ui.pay.PayResultActivity
com.yidui.ui.login.SafetyGuideActivity
com.yidui.ui.login.GuideActivity
com.yidui.ui.message.activity.ConversationActivity2
com.yidui.ui.me.SettingActivity
com.yidui.ui.pay.ProductRosesActivity
com.yidui.ui.picture_viewer.ImageViewerActivity
com.yidui.ui.live.audio.seven.SevensRoomActivity
com.yidui.ui.matchmaker.CreateLiveActivity
com.yidui.ui.live.video.MatchingRoomActivity
com.yidui.ui.wallet.BillDetailActivity
com.yidui.ui.wallet.WithdrawActivity
com.yidui.ui.authentication.BundlingActivity
com.yidui.ui.wallet.WithdrawExplainActivity
com.yidui.ui.packets.RoseConsumeActivity
com.yidui.ui.wallet.WalletAgreementActivity
com.yidui.ui.matchmaker.CupidAgreementActivity
com.yidui.ui.matchmaker.ChatVideoInviteActivity
com.yidui.ui.home.LiveLoveListActivity
com.yidui.ui.moment.CreateMomentsActivity
com.yidui.ui.login.NimKickoutActivity
com.yidui.ui.matchmaker.MatchMakerReceptionActivity
com.yidui.ui.matchmaker.MatchMakerReceptionActivity2
com.yidui.ui.live.group.CupidSmallTeamReceptionActivity
com.yidui.ui.picture_viewer.CameraActivity
com.yidui.ui.picture_viewer.ChoosePhotoActivity
com.yidui.ui.packets.RosePacketDetailActivity
com.yidui.ui.message.FollowListActivity
com.yidui.ui.message.SayHiCardListActivity
com.yidui.ui.message.activity.FriendsActivity
com.yidui.ui.me.BlackListActivity
com.yidui.ui.moment.MemberMomentActivity
com.yidui.ui.moment.MomentDetailActivity
com.yidui.ui.live.video.EditTextActivity
com.yidui.ui.moment.CommentDetailActivity
com.yidui.ui.moment.LikedMeActivity
com.yidui.ui.moment.CommentReplyActivity
com.yidui.ui.message.activity.VisitorRecordActivity
com.yidui.ui.home.BlindDateMomentActivity
com.yidui.ui.message.activity.BlindDateRecordActivity
com.yidui.ui.live.video.ExpressionFavorDialogActivity
com.yidui.ui.pay.PayRoseProductActivity
com.yidui.core.authentication.ui.RealNameAuthActivity
com.yidui.ui.message.activity.RecommendActivity
com.yidui.ui.live.video.TopNotificationActivity
com.yidui.ui.matchmaker.LiveCommentDialogActivity
com.yidui.ui.matchmaker.LivePresenterCommentDialogActivity
com.yidui.ui.moment.MomentRecommendUserActivity
com.yidui.ui.wallet.MyApprenticeActivity
com.yidui.ui.moment.FastMomentDialogActivity
com.yidui.ui.me.UploadAvatarActivity2
com.yidui.ui.live.group.GroupDetailActivity
com.yidui.ui.live.group.LiveGroupActivity
com.yidui.ui.live.group.CreateGroupActivity
com.yidui.ui.live.group.NotEnoughConditionActivity
com.yalantis.ucrop.UCropActivity
com.yidui.ui.message.activity.NearbyActivity
com.yidui.ui.wallet.PupilAssessActivity
com.yidui.ui.wallet.CupidExamCenterActivity
com.cmic.sso.sdk.activity.OAuthActivity
com.cmic.sso.sdk.activity.LoginAuthActivity
com.yidui.ui.live.group.LiveGroupMembersActivity
com.yidui.ui.report_center.ReportCenterActivity
com.yidui.ui.wallet.EverydayDetailsActivity
com.yidui.ui.wallet.PlayDetailsActivity
com.yidui.ui.wallet.MyWalletActivity
com.yidui.ui.live.video.LiveInviteDialogActivity
com.yidui.ui.live.love_video.LoveVideoInviteDialogActivity
com.yidui.ui.live.video.LiveInviteForLikeActivity
com.yidui.ui.moment.MomentSlideActivity
com.yidui.ui.moment.VideoFullScreenActivity
com.yidui.ui.matchmaker.CupidSearchActivity
com.yidui.ui.moment.CommentFirstActivity
com.yidui.ui.webview.view.WebContainerActivityDialog
com.yidui.ui.meishe.BeautyPhotographyActivity
com.yidui.ui.meishe.PhotographyEditActivity
com.yidui.ui.me.BasicInfoActivity
com.yidui.ui.me.BaseInfoActivity
com.yidui.ui.me.tags.EditInterestTagsActivity
com.yidui.ui.meishe.AlbumActivity
com.yidui.ui.me.EditSingleInfoActivity
com.yidui.ui.live.base.utils.ProductGuidActivity
com.yidui.ui.live.video.QuickMatchVideoActivity
com.yidui.ui.gift.V2GiftGivingDetailActivity
com.yidui.ui.moment.MomentThemeActivity
com.yidui.ui.me.AuthCenterActivity
com.yidui.ui.message.activity.ChatMatchActivity
com.yidui.ui.home.view.QuickFollowDialog
com.yidui.ui.pay.FirstPayActivity
com.yidui.ui.moment.MomentFriendActivity
com.yidui.ui.live.video.LiveSevenInviteDialogActivity
com.yidui.ui.me.MsgBubbleShopActivity
com.yidui.ui.me.VipManagerCenterActivity
com.yidui.ui.login.devicesdk.DeviceTraceActivity
com.yidui.ui.me.QualificationsActivity
com.yidui.ui.live.video.LiveInviteForMaiActivity
com.yidui.ui.me.NobleVipExplainActivity
com.yidui.ui.me.NobleVipUseRecordActivity
com.alipay.sdk.app.H5PayActivity
com.alipay.sdk.app.H5AuthActivity
com.alipay.sdk.app.PayResultActivity
com.alipay.sdk.app.AlipayResultActivity
com.yidui.feature.auth.ui.AuthEntryPointActivity
com.yidui.business.moment.publish.ui.camera.AlbumActivity
com.yidui.business.moment.publish.ui.camera.BeautyPhotographyActivity
com.yidui.business.moment.publish.ui.camera.PhotographyEditActivity
com.yidui.business.moment.publish.ui.publish.PublishMomentActivity
com.yidui.business.moment.ui.activity.MomentPreviewActivity
com.yidui.business.moment.ui.activity.VideoFullScreenActivity
com.yidui.business.moment.ui.activity.MomentFriendActivity
com.yidui.business.moment.ui.activity.MomentDetailActivity
com.yidui.business.moment.ui.activity.CommentFirstActivity
com.yidui.business.moment.ui.activity.CommentDetailActivity
com.yidui.business.moment.ui.activity.MemberMomentActivity
com.yidui.business.moment.ui.activity.MomentTopicsActivity
com.yidui.business.moment.ui.activity.MomentInputTextActivity
com.yidui.feature.home.guest.GuestHomeActivity
com.luck.picture.lib.PictureSelectorActivity
com.luck.picture.lib.PicturePreviewActivity
com.luck.picture.lib.PictureVideoPlayActivity
com.luck.picture.lib.PictureExternalPreviewActivity
com.luck.picture.lib.PicturePlayAudioActivity
com.luck.picture.lib.ucrop.PictureMultiCuttingActivity
com.yidui.core.permission.ui.PermissionActivity
com.yidui.core.uikit.container.activity.StandardContainerActivity
com.yidui.core.uikit.container.activity.AutoRotateContainerActivity
com.yidui.core.uikit.container.activity.SingleTopContainerActivity
com.yidui.core.uikit.container.activity.SingleTaskContainerActivity
com.yidui.core.uikit.container.activity.SingleInstanceContainerActivity
com.yidui.core.uikit.container.activity.TranslucentContainerActivity
com.webank.facelight.ui.FaceVerifyActivity
com.webank.facelight.ui.FaceGuideActivity
com.webank.facelight.ui.FaceProtocalActivity
com.alibaba.security.realidentity.activity.RPWebViewActivity
com.alibaba.security.realidentity.activity.RPTakePhotoActivity
com.alibaba.security.biometrics.activity.ALBiometricsActivity
com.alibaba.security.biometrics.activity.ALModelLoadingActivity
com.alibaba.wireless.security.open.middletier.fc.ui.ContainerActivity
com.faceunity.FURenderToNV21ImageExampleActivity
com.faceunity.fulivedemo.FUBeautyActivity
com.yalantis.ucrop.PictureMultiCuttingActivity
com.yanzhenjie.permission.PermissionActivity
com.sensorsdata.sf.ui.view.DialogActivity
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_00
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_01
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_02
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_03
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_04
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_05
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_06
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_07
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_08
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_09
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_00_T
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_01_T
com.tencent.tinker.loader.hotplug.ActivityStubs$STDStub_02_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_00
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_01
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_02
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_03
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_04
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_05
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_06
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_07
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_08
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_09
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_00_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_01_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTStub_02_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_00
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_01
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_02
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_03
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_04
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_05
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_06
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_07
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_08
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_09
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_00_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_01_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SGTKStub_02_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_00
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_01
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_02
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_03
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_04
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_05
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_06
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_07
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_08
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_09
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_00_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_01_T
com.tencent.tinker.loader.hotplug.ActivityStubs$SIStub_02_T
com.igexin.sdk.PushActivity
com.igexin.sdk.GActivity
com.huawei.updatesdk.service.otaupdate.AppUpdateActivity
com.huawei.updatesdk.support.pm.PackageInstallerActivity
com.huawei.hms.activity.BridgeActivity
com.huawei.hms.activity.EnableServiceActivity

Receivers

Information computed with AndroGuard.

com.yidui.receiver.PhoneReceiver
com.yidui.receiver.ScreenBroadcastReceiver
com.netease.nimlib.service.ResponseReceiver
com.yidui.receiver.AppRegister
com.yidui.receiver.InstallReceiver
com.yidui.receiver.NetworkChangeReceiver
com.yidui.utils.patch.receiver.PatchReceiver
com.yidui.receiver.PushCancelReceiver
com.yidui.apm.core.tools.monitor.jobs.battery.BatteryReceiver
com.yidui.base.push.push.vivo.VivoPushReceiver
com.igexin.sdk.PushReceiver
com.igexin.sdk.FlymePushReceiver
com.igexin.sdk.MiuiPushReceiver
com.igexin.sdk.VivoPushMessageReceiver
com.huawei.hms.support.api.push.PushMsgReceiver
com.huawei.hms.support.api.push.PushReceiver
com.netease.nimlib.service.NimReceiver

Services

Information computed with AndroGuard.

com.netease.nimlib.service.ResponseService
com.yidui.base.service.YiduiService
com.yidui.utils.patch.service.PatchService
com.yidui.base.service.PushNotifyService
org.acra.sender.SenderService
com.baidu.location.f
com.yidui.base.location.service.LocationDaemonService
com.yidui.base.push.push.getui.YiduiGTService
com.yidui.base.push.push.getui.GetuiPushDaemonService
com.yidui.base.push.push.huawei.YiduiHWService
com.huawei.agconnect.core.ServiceDiscovery
com.yidui.security.service.PtService
androidx.room.MultiInstanceInvalidationService
com.liulishuo.filedownloader.services.FileDownloadService$SharedMainProcessService
com.liulishuo.filedownloader.services.FileDownloadService$SeparateProcessService
com.tencent.tinker.lib.service.TinkerPatchForeService
com.tencent.tinker.lib.service.TinkerPatchService
com.tencent.tinker.lib.service.TinkerPatchService$InnerService
com.tencent.tinker.lib.service.DefaultTinkerResultService
com.igexin.sdk.HmsPushMessageService
com.igexin.sdk.PushService
com.getui.gtc.GtcService
com.meizu.cloud.pushsdk.NotificationService
com.xiaomi.mipush.sdk.PushMessageHandler
com.xiaomi.mipush.sdk.MessageHandleService
com.vivo.push.sdk.service.CommandClientService
com.igexin.sdk.OppoPushService
com.igexin.sdk.OppoAppPushService
com.huawei.hms.support.api.push.service.HmsMsgService
com.netease.nimlib.service.NimService
com.netease.nimlib.service.NimService$Aux
com.netease.nimlib.job.NIMJobService

NIAP analysis

Information computed with MobSF.

FCS_RBG_EXT.1.1 The application invoke platform-provided DRBG functionality for its cryptographic operations.
Random Bit Generation Services
FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application implement asymmetric key generation.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['location', 'network connectivity', 'bluetooth', 'camera', 'microphone'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application implement functionality to encrypt sensitive data in non-volatile memory.
Encryption Of Sensitive Application Data
FMT_MEC_EXT.1.1 The application invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.
Supported Configuration Mechanism
FTP_DIT_EXT.1.1 The application does encrypt some transmitted data with HTTPS/TLS/SSH between itself and another trusted IT product.
Protection of Data in Transit
FCS_RBG_EXT.2.1
FCS_RBG_EXT.2.2
The application perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using Hash_DRBG. The deterministic RBG is seeded by an entropy source that accumulates entropy from a platform-based DRBG and a software-based noise source, with a minimum of 256 bits of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.
Random Bit Generation from Application
FCS_CKM.1.1(1) The application generate asymmetric cryptographic keys not in accordance with FCS_CKM.1.1(1) using key generation algorithm RSA schemes and cryptographic key sizes of 1024-bit or lower.
Cryptographic Asymmetric Key Generation
FCS_CKM.1.1(3)
FCS_CKM.1.2(3)
A password/passphrase shall perform [Password-based Key Derivation Functions] in accordance with a specified cryptographic algorithm..
Password Conditioning
FCS_COP.1.1(1) The application perform encryption/decryption not in accordance with FCS_COP.1.1(1), AES-ECB mode is being used.
Cryptographic Operation - Encryption/Decryption
FCS_COP.1.1(2) The application perform cryptographic hashing services not in accordance with FCS_COP.1.1(2) and uses the cryptographic algorithm RC2/RC4/MD4/MD5.
Cryptographic Operation - Hashing
FCS_COP.1.1(3) The application perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm RSA schemes using cryptographic key sizes of 2048-bit or greater.
Cryptographic Operation - Signing
FCS_HTTPS_EXT.1.1 The application implement the HTTPS protocol that complies with RFC 2818.
HTTPS Protocol
FCS_HTTPS_EXT.1.2 The application implement HTTPS using TLS.
HTTPS Protocol
FCS_HTTPS_EXT.1.3 The application notify the user and not establish the connection or request application authorization to establish the connection if the peer certificate is deemed invalid.
HTTPS Protocol
FIA_X509_EXT.1.1 The application invoked platform-provided functionality to validate certificates in accordance with the following rules: ['RFC 5280 certificate validation and certificate path validation', 'The application validate the revocation status of the certificate using the Online Certificate Status Protocol (OCSP) as specified in RFC 2560 or a Certificate Revocation List (CRL) as specified in RFC 5759 or an OCSP TLS Status Request Extension (i.e., OCSP stapling) as specified in RFC 6066', 'The certificate path must terminate with a trusted CA certificate'].
X.509 Certificate Validation
FIA_X509_EXT.2.1 The application use X.509v3 certificates as defined by RFC 5280 to support authentication for HTTPS , TLS.
X.509 Certificate Authentication
FIA_X509_EXT.2.2 When the application cannot establish a connection to determine the validity of a certificate, the application allow the administrator to choose whether to accept the certificate in these cases or accept the certificate ,or not accept the certificate.
X.509 Certificate Authentication
FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager.
Integrity for Installation and Update
FCS_CKM.1.1(2) The application shall generate symmetric cryptographic keys using a Random Bit Generator as specified in FCS_RBG_EXT.1 and specified cryptographic key sizes 128 bit or 256 bit.
Cryptographic Symmetric Key Generation

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 com/huawei/hms/push/k.java
f/i0/v/f1/g.java
com/faceunity/fulivedemo/utils/FPSUtil.java
com/huawei/hms/opendevice/k.java
f/h/a/a.java
com/tencent/mm/opensdk/modelmsg/GetMessageFromWX.java
f/f/a/m/o/j.java
com/aliyun/sls/android/sdk/utils/Base64Kit.java
com/tencent/mm/opensdk/modelbiz/JumpToBizTempSession.java
com/sensorsdata/analytics/android/sdk/visual/ViewTreeStatusObservable.java
f/i0/u/k/u/a.java
com/huawei/hms/utils/SHA256.java
cn/jiguang/verifysdk/j/l.java
com/yalantis/ucrop/task/BitmapLoadThread.java
com/cdv/io/NvCamera.java
com/meicam/effect/sdk/NvsEffectSdkContext.java
com/sensorsdata/analytics/android/sdk/data/persistent/PersistentIdentity.java
com/faceunity/fulivedemo/FUBeautyActivity.java
com/tencent/tinker/lib/tinker/TinkerInstaller.java
com/huawei/hms/update/note/AppSpoofResolution.java
com/huawei/hms/availableupdate/y.java
com/shuyu/gsyvideoplayer/utils/EventLogger.java
com/meicam/sdk/NvsCheckExpirationOnline.java
com/sensorsdata/analytics/android/sdk/visual/snap/SoftWareCanvas.java
f/i0/b/a/c/b/a.java
com/tencent/mm/opensdk/modelmsg/WXGameVideoFileObject.java
f/i0/f/b/m.java
f/f/a/m/q/s.java
com/yidui/ui/login/PhoneAuthActivity.java
com/meishe/photoalbum/NvPhotoAlbumHelper.java
f/i0/d/s/a.java
com/sensorsdata/sf/core/PlanManager.java
com/tencent/mm/opensdk/modelmsg/WXMiniProgramObject.java
com/tencent/tinker/loader/hotplug/interceptor/Interceptor.java
com/tencent/tinker/lib/library/TinkerLoadLibrary.java
com/huawei/hms/activity/internal/ForegroundInnerHeader.java
com/sensorsdata/sf/ui/widget/RoundedBitmapDrawableFactory.java
com/huawei/hms/push/task/SendUpStreamTask.java
com/tencent/tinker/lib/util/TinkerServiceInternals.java
com/sensorsdata/analytics/android/sdk/remote/SensorsDataRemoteManager.java
com/netease/nimlib/c/f/a.java
com/faceunity/gles/EglCore.java
com/huawei/hms/base/ui/a.java
com/sensorsdata/analytics/android/sdk/visual/WebNodesManager.java
com/tencent/tinker/lib/patch/DexDiffPatchInternal.java
com/tencent/bugly/webank/crashreport/BuglyLog.java
f/i0/d/g/a.java
io/agora/rtc/internal/RtcEngineImpl.java
com/tencent/mm/opensdk/modelmsg/LaunchFromWX.java
com/huawei/hms/push/HmsMessageService.java
com/yidui/ui/web/activity/MiWebViewActivity.java
com/xiaomi/mipush/sdk/w.java
com/sensorsdata/analytics/android/sdk/deeplink/ChannelDeepLink.java
com/tencent/tinker/loader/hotplug/interceptor/TinkerHackInstrumentation.java
com/zego/ve/MediaCodecVideoEncoder.java
com/huawei/hms/api/HuaweiApiClient.java
com/huawei/hms/opendevice/g.java
com/tencent/tinker/lib/service/DefaultTinkerResultService.java
com/tencent/bugly/b.java
com/alibaba/security/biometrics/build/ar.java
com/huawei/hms/activity/BridgeActivity.java
com/sensorsdata/analytics/android/sdk/encrypt/SensorsDataEncrypt.java
com/tencent/bugly/Bugly.java
f/q/a/g/c/c.java
f/i0/v/f1/k.java
com/yalantis/ucrop/task/BitmapLoadTask.java
com/faceunity/utils/MiscUtil2.java
f/a/a/w/c.java
com/faceunity/utils/CameraUtils.java
com/yidui/ui/message/adapter/FriendsBaseAdapter.java
com/tencent/mm/opensdk/modelbiz/WXPayInsurance.java
com/cdv/utils/NvAndroidBitmap.java
com/sensorsdata/analytics/android/sdk/deeplink/DeepLinkManager.java
f/i0/u/a0/a/b.java
com/cdv/utils/NvAndroidHandler.java
com/huawei/hms/availableupdate/r.java
f/f/a/m/p/z.java
com/huawei/hms/availableupdate/q.java
com/huawei/hms/stats/a.java
com/netease/nimlib/sdk/NIMSDK.java
f/f/a/l/d.java
com/cdv/io/NvAndroidAudioRecorder.java
cn/jiguang/bd/a.java
com/igexin/push/core/m.java
com/getui/gtc/base/util/ScheduleQueue.java
com/huawei/hms/opendevice/d.java
f/f/a/l/e.java
com/huawei/hms/support/api/push/PushReceiver.java
com/bumptech/glide/manager/SupportRequestManagerFragment.java
com/huawei/hms/api/IPCTransport.java
com/huawei/hms/utils/UIUtil.java
com/iceteck/silicompressorr/videocompression/MediaController.java
f/f0/b/d/l.java
com/huawei/hms/push/g.java
com/huawei/hms/push/o.java
com/sensorsdata/sf/core/http/HttpRequestHelper.java
com/huawei/hms/support/api/client/ResolvingResultCallbacks.java
com/huawei/hms/utils/IOUtils.java
com/sensorsdata/analytics/android/sdk/util/SensorsDataUtils.java
com/sensorsdata/sf/core/utils/SFLog.java
com/huawei/hms/opendevice/r.java
com/sensorsdata/analytics/android/sdk/SensorsDataAPI.java
com/tencent/mm/opensdk/channel/MMessageActV2.java
f/f/a/r/b.java
com/cdv/io/NvAndroidVideoFileReader.java
com/tencent/mm/opensdk/channel/a/a.java
com/huawei/hms/adapter/AvailableAdapter.java
f/q/d/a/a/c/b.java
com/faceunity/FURenderer.java
f/f/a/n/f.java
f/a0/a/b.java
com/huawei/hms/utils/FileUtil.java
com/tencent/mm/opensdk/modelbiz/ChooseCardFromWXCardPackage.java
com/huawei/hms/support/api/push/PushMsgReceiver.java
com/sensorsdata/analytics/android/sdk/advert/utils/OaidHelper.java
com/zego/ve/AudioDevice.java
f/i0/v/q0.java
com/faceunity/encoder/MediaAudioEncoder.java
com/xiaomi/push/hi.java
com/huawei/hms/support/hianalytics/HiAnalyticsUtil.java
com/tencent/mm/opensdk/modelbiz/WXLaunchMiniProgram.java
com/sensorsdata/analytics/android/sdk/autotrack/FragmentViewScreenCallbacks.java
com/tencent/tinker/loader/TinkerResourcePatcher.java
com/aliyun/sls/android/sdk/SLSLog.java
com/tencent/mm/opensdk/modelmsg/WXVideoFileObject.java
f/f/a/m/p/h.java
com/sensorsdata/sf/ui/utils/ImageLoader.java
com/bumptech/glide/request/target/ViewTarget.java
com/sensorsdata/analytics/android/sdk/util/SADataHelper.java
io/agora/rtc/mediaio/AgoraBufferedCamera2.java
com/huawei/hms/aaid/utils/PushPreferences.java
f/i0/u/b0/b/b.java
com/tencent/tinker/lib/patch/UpgradePatch.java
com/alibaba/sdk/android/oss/common/auth/OSSFederationToken.java
com/tencent/tinker/lib/patch/ResDiffPatchInternal.java
com/tencent/mm/opensdk/modelmsg/WXDesignerSharedObject.java
com/igexin/sdk/PushManager.java
com/tencent/mm/opensdk/openapi/BaseWXApiImplV10.java
com/faceunity/fulivedemo/renderer/VideoRenderer.java
com/tencent/mm/opensdk/modelmsg/WXAppExtendObject.java
com/huawei/hms/support/hianalytics/HiAnalyticsUtils.java
com/tencent/mm/opensdk/modelmsg/WXEmojiObject.java
com/huawei/hms/push/h.java
com/alibaba/security/realidentity/build/cc.java
com/igexin/push/f/c.java
com/alibaba/security/realidentity/build/hg.java
cn/jiguang/verifysdk/j/m.java
com/huawei/hms/common/internal/DialogRedirect.java
q/c/b/e.java
com/tencent/mm/opensdk/modelmsg/WXTextObject.java
com/huawei/hms/common/internal/ConnectionErrorMessages.java
com/zego/ve/AudioEventMonitor.java
io/agora/rtc/mediaio/VideoFrameConsumerImpl.java
com/sensorsdata/analytics/android/sdk/util/NetworkUtils.java
com/huawei/hms/push/utils/JsonUtil.java
com/huawei/hms/availableupdate/k.java
io/agora/rtc/video/VideoCaptureCamera.java
f/f/a/m/q/t.java
com/sensorsdata/analytics/android/sdk/encrypt/EncryptUtils.java
com/tencent/tinker/lib/util/UpgradePatchRetry.java
f/f/a/q/j.java
f/i0/s/a/e/d.java
com/cdv/io/NvAndroidVideoFileReaderSW.java
com/huawei/hms/support/api/push/PushProvider.java
com/tencent/tinker/lib/patch/BsDiffPatchInternal.java
io/agora/rtc/gdp/EglCore.java
com/huawei/hms/push/j.java
com/huawei/hms/utils/ReadApkFileUtil.java
com/tencent/tinker/loader/TinkerArkHotLoader.java
f/f/a/n/k.java
com/huawei/hms/opendevice/u.java
com/faceunity/encoder/MediaVideoEncoder.java
com/huawei/hms/push/l.java
com/tencent/bugly/webank/proguard/x.java
com/huawei/hms/opendevice/l.java
im/zego/zegoexpress/internal/ZegoExpressEngineInternalImpl.java
f/q/a/h/c/a.java
com/huawei/hms/update/manager/UpdateManager.java
com/huawei/hms/aaid/init/AutoInitHelper.java
com/sensorsdata/analytics/android/sdk/visual/AbstractViewCrawler.java
com/tencent/mm/opensdk/modelmsg/WXEmojiSharedObject.java
com/cdv/io/NvMediaEncodecCallback.java
im/zego/zegoexpress/utils/ZegoLibraryLoadUtil.java
cn/jiguang/bh/p.java
com/huawei/hms/common/internal/BaseHmsClient.java
com/tencent/tinker/loader/shareutil/ShareIntentUtil.java
com/huawei/hms/availableupdate/z.java
com/sensorsdata/analytics/android/sdk/data/adapter/DataOperation.java
com/huawei/hms/push/c.java
com/faceunity/gles/GlUtil.java
com/huawei/hms/push/s.java
com/cdv/text/NvAndroidFont.java
f/q/d/a/a/c/c.java
com/tencent/bugly/webank/Bugly.java
com/tencent/mm/opensdk/modelmsg/SendMessageToWX.java
f/o/a/a/k1/q.java
com/huawei/updatesdk/a/a/a.java
f/f/a/s/k/a.java
com/yidui/business/gift/common/widget/GiftRecyclerViewPager.java
f/f/a/m/r/d/c.java
com/cdv/io/NvAndroidAudioFileReader.java
com/tencent/tinker/loader/shareutil/SharePatchFileUtil.java
io/agora/rtc/video/VideoCaptureFactory.java
com/aliyun/sls/android/sdk/core/auth/FederationToken.java
com/sensorsdata/analytics/android/sdk/AppWebViewInterface.java
net/security/device/api/LogUtil.java
com/huawei/hms/push/utils/DateUtil.java
com/lorentzos/flingswipe/FlingCardListener.java
io/agora/rtc/gl/GlShader.java
f/n/b/a/a/c/d.java
com/huawei/hms/opendevice/p.java
f/f0/c/b/b.java
com/huawei/hms/opendevice/s.java
com/huawei/hms/common/internal/ResponseWrap.java
com/huawei/hms/support/api/opendevice/HuaweiOpendeviceApiImpl.java
com/igexin/assist/control/huawei/ManufacturePushManager.java
f/f/a/m/r/h/c.java
com/sensorsdata/analytics/android/sdk/AbstractSensorsDataAPI.java
com/tencent/mm/opensdk/modelmsg/WXWebpageObject.java
f/q/b/a/e/d/b.java
com/yidui/ui/pay/widget/FirstPayNewPeopleCardView.java
com/sensorsdata/analytics/android/sdk/visual/VisualDebugHelper.java
com/xiaomi/push/dj.java
com/tencent/tinker/lib/reporter/DefaultPatchReporter.java
com/faceunity/gles/core/GlUtil.java
com/tencent/mm/opensdk/diffdev/a/d.java
com/alibaba/wireless/security/framework/utils/C0018.java
com/sensorsdata/analytics/android/sdk/data/adapter/EventDataOperation.java
com/huawei/hms/push/q.java
com/yidui/security/utils/Logger.java
com/yidui/ui/logout/BindPhoneNumberActivity.java
f/f/a/m/q/c.java
com/sensorsdata/analytics/android/sdk/visual/WebViewVisualInterface.java
com/tencent/tinker/lib/service/AbstractResultService.java
com/cmic/sso/sdk/auth/c.java
com/tencent/tinker/loader/SystemClassLoaderAdder.java
com/tencent/bugly/webank/b.java
com/faceunity/encoder/VideoEncoderCore.java
f/b/b/a/d/a.java
com/huawei/updatesdk/service/otaupdate/g.java
com/getui/gtc/base/log/b/a.java
cn/jiguang/verifysdk/h/a/a.java
f/f/a/m/r/d/b0.java
io/agora/rtc/utils/YuvUtils.java
com/tencent/mm/opensdk/modelbiz/AddCardToWXCardPackage.java
com/tencent/mm/opensdk/modelbiz/JumpToBizWebview.java
cn/jiguang/ba/a.java
io/agora/rtc/mediaio/BaseVideoRenderer.java
f/f/a/m/o/b.java
com/bumptech/glide/request/target/CustomViewTarget.java
com/igexin/b/a/c/a/d.java
com/huawei/hms/availableupdate/p.java
com/sensorsdata/analytics/android/sdk/AppStateManager.java
com/tencent/mm/opensdk/modelmsg/WXFileObject.java
f/f/a/m/r/a.java
f/f0/b/b/a.java
com/sensorsdata/analytics/android/sdk/visual/property/VisualPropertiesCache.java
com/tencent/mm/opensdk/modelmsg/WXDynamicVideoMiniProgramObject.java
f/q/a/g/c/j.java
com/xiaomi/push/ac.java
com/netease/nimlib/q/a/a.java
com/heytap/mcssdk/f/c.java
com/xiaomi/push/bj.java
com/yalantis/ucrop/util/ImageHeaderParser.java
com/tencent/mm/opensdk/utils/Log.java
com/huawei/hms/support/api/client/ResultCallbacks.java
f/f/a/m/r/d/d0.java
com/huawei/hms/support/log/HMSDebugger.java
com/huawei/hms/opendevice/n.java
com/yidui/ui/home/adapter/HomePageListAdapter.java
com/igexin/assist/action/MessageManger.java
com/huawei/hms/common/internal/ResponseHeader.java
com/yidui/ui/logout/PhoneAuthenticationActivity.java
f/f/a/m/p/c0/a.java
com/tencent/mmkv/MMKV.java
com/huawei/hms/api/b.java
f/i0/g/b/g/c/e.java
com/huawei/hms/core/aidl/e.java
com/sensorsdata/analytics/android/sdk/remote/BaseSensorsDataSDKRemoteManager.java
com/tencent/mm/opensdk/diffdev/a/b.java
com/tencent/mm/opensdk/modelpay/PayReq.java
com/tencent/tinker/loader/TinkerDexOptimizer.java
com/sensorsdata/analytics/android/sdk/util/DeviceUtils.java
com/tencent/mm/opensdk/modelmsg/WXMusicObject.java
com/huawei/hms/api/BindingFailedResolution.java
com/tencent/tinker/lib/reporter/DefaultLoadReporter.java
com/netease/nimlib/sdk/NIMChatRoomSDK.java
com/tencent/mm/opensdk/openapi/WXApiImplComm.java
io/agora/rtc/mediaio/AgoraTextureView.java
com/huawei/hms/api/HuaweiApiClientImpl.java
com/tencent/bugly/proguard/x.java
com/sensorsdata/analytics/android/sdk/aop/push/PushProcess.java
com/huawei/hms/api/IPCCallback.java
com/alibaba/sdk/android/oss/common/utils/HttpdnsMini.java
f/o/a/c/p/a.java
com/huawei/hms/push/e.java
com/sensorsdata/analytics/android/sdk/data/adapter/EncryptDataOperation.java
io/agora/rtc/mediaio/AgoraTextureCamera.java
com/yidui/ab/ABTestRes.java
com/webank/facelight/ui/fragment/b.java
com/yidui/ui/login/view/PhoneCodeView.java
com/huawei/secure/android/common/webview/SafeWebView.java
com/sensorsdata/sf/core/SensorsFocusAPI.java
f/i0/v/g1/d.java
com/cdv/utils/NvAndroidDisplayListener.java
com/sensorsdata/analytics/android/sdk/visual/view/PairingCodeEditDialog.java
f/f/a/m/r/d/s.java
com/tencent/mm/opensdk/diffdev/a/e.java
com/huawei/hms/hatool/z.java
com/xiaomi/push/service/aq.java
com/cdv/io/NvSyncEvent.java
com/huawei/hms/support/common/ActivityMgr.java
com/huawei/hms/support/api/PendingResultImpl.java
com/meicam/sdk/NvsMultiThumbnailSequenceView.java
f/l/a/f.java
f/f/a/m/p/i.java
com/faceunity/fulivedemo/renderer/PhotoRenderer.java
com/huawei/hms/aaid/HmsInstanceId.java
com/tencent/bugly/webank/crashreport/CrashReport.java
com/luck/picture/lib/permissions/RxPermissionsFragment.java
com/baidu/b/g.java
com/tencent/mm/opensdk/modelmsg/WXImageObject.java
com/sensorsdata/analytics/android/sdk/visual/snap/Pathfinder.java
f/q/d/a/a/b/f/a.java
com/tencent/mm/opensdk/openapi/WXAPIFactory.java
com/huawei/hms/availableupdate/a.java
com/huawei/hms/push/RemoteMessage.java
com/shuyu/gsyvideoplayer/utils/Debuger.java
f/q/d/a/a/a/d/b.java
com/igexin/sdk/HmsPushMessageService.java
com/huawei/hms/push/task/BaseVoidTask.java
com/sensorsdata/analytics/android/sdk/SensorsDataAutoTrackHelper.java
com/meicam/sdk/NvsUtils.java
com/unicom/xiaowo/account/shield/e/e.java
com/huawei/hms/opendevice/i.java
com/sensorsdata/analytics/android/sdk/dialog/SensorsDataDialogUtils.java
com/sensorsdata/analytics/android/sdk/data/SensorsDataDBHelper.java
com/yidui/view/common/YDRtmpView$play$2.java
com/huawei/hms/common/util/Base64Utils.java
com/baidu/lbsapi/auth/a.java
com/cdv/utils/NvAndroidPlatformImage.java
com/netease/nimlib/push/net/httpdns/d/a.java
com/huawei/hms/push/task/ProfileTask.java
f/f/a/m/o/l.java
com/huawei/hms/common/internal/HuaweiApiManager.java
f/i0/u/q/i/d.java
com/sensorsdata/sf/ui/view/DynamicViewJsonBuilder.java
com/tencent/mm/opensdk/modelbiz/WXInvoiceAuthInsert.java
f/i0/v/c1/a.java
com/tencent/mm/opensdk/modelbiz/SubscribeMiniProgramMsg.java
com/huawei/hms/push/i.java
com/alibaba/security/realidentity/business/upload/UploadResultParams.java
com/netease/nimlib/c.java
f/q/d/a/a/a/d/f.java
com/huawei/hms/push/ups/UPSService.java
com/netease/nimlib/net/trace/a/b.java
com/tencent/tinker/loader/AppInfoChangedBlocker.java
com/sensorsdata/analytics/android/sdk/aop/push/PushAutoTrackHelper.java
com/igexin/base/api/Logger.java
f/f/a/m/p/b0/i.java
com/tencent/mm/opensdk/diffdev/a/a.java
com/huawei/hms/utils/Util.java
com/huawei/hmf/tasks/a/g.java
com/faceunity/utils/BitmapUtil.java
com/huawei/hms/opendevice/m.java
f/i0/u/k/t/b.java
com/sensorsdata/analytics/android/sdk/util/ThreadUtils.java
f/q/a/h/c/b.java
com/faceunity/encoder/MediaAudioFileEncoder.java
com/huawei/hms/aaid/HmsInstanceIdEx.java
com/sensorsdata/sf/ui/view/LinearLayoutDynamic.java
com/cdv/text/NvAndroidTextLayout.java
f/f0/e/a/b.java
f/f/a/m/r/d/o.java
com/sensorsdata/analytics/android/sdk/visual/property/VisualPropertiesManager.java
f/f/a/o/e.java
com/sensorsdata/sf/ui/view/ImageViewDynamic.java
f/f/a/m/r/d/l.java
com/meicam/sdk/NvsStatisticsSender.java
com/tencent/mm/opensdk/diffdev/DiffDevOAuthFactory.java
com/bumptech/glide/manager/RequestManagerFragment.java
com/yidui/ui/live/group/view/LiveGroupMicView.java
f/f/a/m/r/h/a.java
com/sensorsdata/analytics/android/sdk/util/AopUtil.java
com/huawei/hms/opendevice/e.java
cn/jiguang/bd/b.java
com/huawei/hms/common/HuaweiApi.java
com/xiaomi/channel/commonutils/logger/b.java
f/f/a/m/p/a0/k.java
com/tencent/tinker/lib/tinker/TinkerLoadResult.java
com/tencent/tinker/loader/TinkerDexLoader.java
io/agora/rtc/video/ViEAndroidGLES20.java
com/huawei/hms/framework/common/Logger.java
com/zego/ve/AudioDeviceHelper.java
com/yidui/core/uikit/view/recycleview/adapter/UiKitRecyclerViewAdapter.java
f/i0/v/t0.java
f/f/a/n/e.java
com/huawei/hms/availableupdate/e.java
com/yalantis/ucrop/view/TransformImageView.java
com/baidu/b/c.java
com/sensorsdata/sf/core/http/internal/HttpRequest.java
com/sensorsdata/analytics/android/sdk/visual/view/PairingCodeRequestHelper.java
f/f0/a/e/c.java
com/tencent/tinker/lib/util/TinkerLog.java
com/netease/nimlib/m/a/i.java
com/netease/nimlib/k/a/a.java
com/tencent/mm/opensdk/modelbiz/WXOpenBusinessView.java
com/igexin/sdk/GTIntentService.java
com/tencent/tinker/lib/service/TinkerPatchService.java
com/faceunity/FUExampleActivity.java
com/tencent/bugly/crashreport/BuglyLog.java
com/sensorsdata/analytics/android/sdk/AnalyticsMessages.java
f/f0/d/e/a.java
com/sensorsdata/sf/core/entity/GlobalData.java
com/xiaomi/push/gp.java
com/zego/ve/KaraokeHelper.java
com/aliyun/sls/android/sdk/core/RequestTask.java
com/huawei/hms/device/a.java
com/tencent/tinker/loader/shareutil/ShareTinkerInternals.java
com/tencent/tinker/lib/tinker/Tinker.java
f/f/a/m/q/f.java
f/i0/e/a/e/a/g/b.java
com/tencent/turingfd/sdk/mfa/Auriga.java
f/f/a/m/r/d/d.java
com/huawei/hms/ui/AbstractDialog.java
f/f0/a/e/b.java
com/tencent/tinker/lib/patch/BasePatchInternal.java
com/tencent/tinker/loader/shareutil/ShareSecurityCheck.java
com/huawei/hms/common/internal/TaskApiCall.java
com/luck/picture/lib/tools/PictureFileUtils.java
com/huawei/hms/push/HmsMessaging.java
com/cdv/utils/NvAndroidThumbnail.java
com/huawei/hms/support/api/ErrorResultImpl.java
com/faceunity/encoder/AudioEncoderCore.java
f/f0/d/e/b.java
com/cdv/io/NvAndroidVirtualCameraSurfaceTexture.java
f/o/a/c/a/h.java
com/tencent/tinker/loader/TinkerLoader.java
com/sensorsdata/sf/ui/utils/PreviewUtil.java
com/yidui/ui/picture_viewer/ImageViewerActivity.java
com/tencent/mm/opensdk/modelbiz/JumpToBizProfile.java
com/faceunity/encoder/TextureMovieEncoder.java
com/huawei/hms/utils/HMSBIInitializer.java
com/yidui/ui/message/fragment/FriendsConversationFragment.java
com/huawei/hms/common/internal/RequestHeader.java
com/huawei/hms/android/SystemUtils.java
f/q/a/g/c/b.java
com/huawei/hms/opendevice/OpenDeviceTaskApiCall.java
com/zego/ve/VCam.java
com/faceunity/encoder/MediaEncoder.java
com/alipay/android/phone/mrpc/core/b.java
com/netease/share/media/a.java
com/sensorsdata/analytics/android/sdk/network/RealRequest.java
f/i0/u/m/y/g.java
com/huawei/hms/support/api/core/ConnectService.java
com/tencent/mm/opensdk/diffdev/a/f.java
com/sensorsdata/sf/core/http/internal/HttpCall.java
com/zego/zegoavkit2/receiver/Background.java
com/huawei/hms/activity/ForegroundBusDelegate.java
com/netease/nimlib/k/b/a/a.java
com/tencent/mm/opensdk/utils/a.java
com/tencent/tinker/loader/shareutil/ShareTinkerLog.java
f/o/a/c/s/a.java
com/sensorsdata/sf/core/GlobalDataLoadThread.java
com/alibaba/sdk/android/oss/common/OSSLog.java
com/meizu/cloud/pushsdk/b/b.java
com/sensorsdata/analytics/android/sdk/visual/ViewSnapshot.java
com/tencent/tinker/loader/hotplug/ComponentHotplug.java
com/tencent/tinker/loader/hotplug/IncrementComponentManager.java
com/sensorsdata/analytics/android/sdk/data/persistent/PersistentSuperProperties.java
com/heytap/openid/sdk/m_a.java
com/xiaomi/push/service/cd.java
com/meishe/photoalbum/NvUtil.java
com/yalantis/ucrop/util/BitmapLoadUtils.java
com/sensorsdata/analytics/android/sdk/PropertyBuilder.java
com/huawei/hms/utils/HMSPackageManager.java
com/huawei/hms/utils/JsonUtil.java
f/q/d/a/a/c/a.java
q/d/a/c/a.java
com/tencent/tinker/loader/hotplug/handler/PMSInterceptHandler.java
f/i0/g/i/p/b.java
f/f/a/m/o/p/c.java
com/tencent/mm/opensdk/utils/c.java
com/huawei/hms/opendevice/c.java
f/f/a/b.java
f/f/a/n/m.java
com/yidui/ui/me/SettingActivity.java
com/tencent/tinker/loader/TinkerResourceLoader.java
com/sensorsdata/analytics/android/sdk/remote/SensorsDataRemoteManagerDebug.java
f/f/a/m/p/c0/b.java
com/faceunity/fulivedemo/FUBaseActivity.java
com/tencent/tinker/loader/shareutil/ShareFileLockHelper.java
io/agora/rtc/gdp/GlUtil.java
com/vivo/push/util/g.java
com/yidui/ui/base/view/TextureVideoView.java
com/ogaclejapan/smarttablayout/SmartTabStrip.java
com/zego/ve/FileMediaDataSource.java
f/i0/d/n/a.java
com/huawei/hms/utils/PackageManagerHelper.java
f/f/a/m/p/a0/j.java
com/huawei/hms/common/data/DataHolder.java
com/tencent/bugly/crashreport/CrashReport.java
f/f/a/m/r/h/i.java
f/q/a/g/c/i.java
com/zego/ve/MediaCodecVideoDecoder.java
com/sensorsdata/analytics/android/sdk/autotrack/ActivityLifecycleCallbacks.java
com/huawei/hms/adapter/BinderAdapter.java
com/yidui/base/service/PushNotifyService.java
f/q/a/g/c/f.java
com/alibaba/sdk/android/oss/common/OSSLogToFileUtils.java
com/faceunity/fulivedemo/renderer/CameraRenderer.java
com/cdv/utils/NvAndroidUtils.java
com/huawei/hms/push/HmsProfile.java
f/q/d/a/a/b/f/f.java
com/faceunity/utils/FileUtils.java
com/xiaomi/push/fz.java
com/getui/gtc/base/log/b/b.java
com/cdv/text/NvAndroidGlyphMaskGenerator.java
com/sensorsdata/analytics/android/sdk/util/SASpUtils.java
com/faceunity/utils/MiscUtil.java
f/f/a/m/r/d/n.java
f/f/a/m/q/d.java
f/i0/v/l0.java
com/luck/picture/lib/widget/longimage/SubsamplingScaleImageView.java
com/baidu/location/indoor/mapversion/IndoorJni.java
com/huawei/hms/adapter/ui/BaseResolutionAdapter.java
com/huawei/hms/push/p.java
io/agora/rtc/internal/DeviceUtils.java
com/tencent/tinker/lib/tinker/TinkerApplicationHelper.java
com/sensorsdata/analytics/android/sdk/visual/snap/ResourceReader.java
com/huawei/hms/api/HuaweiMobileServicesUtil.java
com/huawei/hms/aaid/utils/BaseUtils.java
com/huawei/hms/common/api/AvailabilityException.java
com/yidui/ui/webview/DetailWebViewActivity$setWebViewCallback$1.java
com/huawei/hms/api/ResolutionDelegate.java
com/meizu/cloud/pushsdk/b/e.java
com/huawei/hms/push/d.java
com/huawei/hms/common/util/AGCUtils.java
com/faceunity/FUBaseUIActivity.java
com/sensorsdata/analytics/android/sdk/util/SASchemeHelper.java
f/q/d/a/a/c/d.java
com/huawei/hms/opendevice/o.java
com/sensorsdata/analytics/android/sdk/SALog.java
f/f0/b/c/j/a.java
com/tencent/tinker/loader/TinkerUncaughtHandler.java
com/tencent/tinker/loader/hotplug/handler/MHMessageHandler.java
com/huawei/hms/push/r.java
com/meicam/sdk/NvsStreamingContext.java
com/huawei/hms/common/internal/HmsClient.java
com/faceunity/fulivedemo/utils/CameraUtils.java
com/yidui/ui/live/video/PrivateVideoMatchingRoomFragment.java
com/tencent/mm/opensdk/modelmsg/WXEmojiPageSharedObject.java
com/huawei/hms/support/api/push/service/HmsMsgService.java
com/yidui/ui/gift/widget/recyclerPager/RecyclerViewPager.java
com/sensorsdata/analytics/android/sdk/encrypt/SAECEncrypt.java
com/faceunity/gles/core/EglCore.java
com/huawei/hms/adapter/ui/UpdateAdapter.java
f/i0/v/f1/j.java
com/huawei/hms/availableupdate/c.java
com/alibaba/sdk/android/oss/network/OSSRequestTask.java
com/tencent/mm/opensdk/modelmsg/SendAuth.java
com/huawei/hms/adapter/BaseAdapter.java
com/huawei/hms/availableupdate/h0.java
com/huawei/hms/opendevice/h.java
com/vivo/push/util/n.java
f/q/d/a/a/d/b.java
com/tencent/mm/opensdk/modelbiz/SubscribeMessage.java
com/tencent/tinker/loader/shareutil/SharePatchInfo.java
com/cmic/sso/sdk/h/f.java
com/baidu/location/LocationClient.java
com/huawei/hms/push/utils/PluginUtil.java
com/sensorsdata/analytics/android/sdk/dialog/SchemeActivity.java
com/tencent/youtu/liveness/YTFaceTracker.java
com/tencent/mm/opensdk/modelmsg/WXMediaMessage.java
com/tencent/mm/opensdk/modelbiz/WXNontaxPay.java
f/f/a/m/p/b0/e.java
com/zego/ve/HwAudioKit.java
com/igexin/b/a/c/a/c.java
com/yidui/ui/live/video/adapter/TopicAdapter.java
com/huawei/hms/stats/c.java
com/contrarywind/view/WheelView.java
com/opensource/svgaplayer/utils/log/DefaultLogCat.java
f/f/a/m/p/k.java
com/yidui/ui/live/base/view/adapter/LiveDynamicMsgAdapter.java
f/f0/b/e/a.java
com/tencent/mm/opensdk/modelmsg/WXVideoObject.java
com/huawei/hms/android/HwBuildEx.java
io/agora/rtc/mediaio/SurfaceTextureHelper.java
com/faceunity/utils/FPSUtil.java
com/sensorsdata/analytics/android/sdk/visual/property/VisualConfigRequestHelper.java
com/tencent/mm/opensdk/openapi/MMSharedPreferences.java
f/b/b/b/a/d/a.java
com/sensorsdata/analytics/android/sdk/visual/snap/Caller.java
com/tencent/tinker/entry/DefaultApplicationLike.java
com/sensorsdata/analytics/android/sdk/visual/VisualizedAutoTrackService.java
com/faceunity/fulivedemo/utils/NotchInScreenUtil.java
f/f/a/m/o/p/e.java
com/huawei/hms/availableupdate/g0.java
com/tencent/mm/opensdk/modelmsg/WXEnterpriseCardObject.java
Medium
CVSS:7.4
Files may contain hardcoded sensitive information like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 com/netease/nimlib/sdk/chatroom/model/ChatRoomQueueChangeAttachment.java
com/xiaomi/clientreport/data/Config.java
com/netease/nimlib/ipc/cp/b/c.java
com/yidui/ui/login/bean/KickoutEvent.java
com/yidui/ui/live/audio/view/adapter/ChooseSweetheartAdapter.java
com/netease/nimlib/net/trace/a.java
f/f/a/m/i.java
com/yidui/business/moment/view/MultiSampleVideoView.java
cn/jpush/android/service/WakedResultReceiver.java
com/alibaba/security/biometrics/service/model/params/ALBiometricsParams.java
com/yidui/core/router/inject/AndroidInjector.java
com/yidui/ui/live/base/model/EnterRoomTimes.java
com/yidui/ui/base/view/MultiSampleVideoView.java
f/f/a/m/p/d.java
com/meizu/cloud/pushsdk/handler/a/c/e.java
com/yidui/apm/core/tools/base/utils/DeviceUtils.java
f/i0/i/a/a.java
f/i0/u/q/m/l.java
com/yidui/ui/live/video/adapter/VideoInviteRecommendsAdapter.java
f/f/a/m/p/p.java
com/xiaomi/mipush/sdk/Constants.java
n/a/a/a/f/e/e.java
com/yidui/business/moment/publish/ui/publish/PublishMomentActivity.java
com/igexin/assist/control/oppo/ManufacturePushManager.java
com/yidui/ui/message/activity/RecommendActivity.java
cn/jiguang/verifysdk/c/c.java
com/igexin/assist/sdk/AssistPushConsts.java
com/yidui/ui/moment/CreateMomentsActivity.java
com/vivo/push/model/a.java
com/sensorsdata/analytics/android/sdk/util/SASchemeHelper.java
com/alibaba/security/realidentity/build/ho.java
cn/jiguang/bj/c.java
com/yidui/apm/core/tools/dispatcher/collector/ICollector.java
com/meizu/cloud/pushsdk/constants/PushConstants.java
f/i0/g/f/a.java
com/huawei/hms/framework/common/hianalytics/HianalyticsBaseData.java
com/yidui/ui/gift/widget/SuperGiftView.java
com/yidui/sdk/videoplayer/controller/ListVideoController.java
com/alibaba/security/biometrics/service/model/params/ALBiometricsKeys.java
f/f/a/m/p/x.java
com/netease/nimlib/c/c.java
com/alibaba/wireless/security/open/securesignature/SecureSignatureDefine.java
com/xiaomi/mipush/sdk/am.java
com/yidui/security/api/SecurityService.java
com/yidui/ui/live/group/view/LiveGroupKTVView.java
com/tencent/mm/opensdk/constants/ConstantsAPI.java
cn/jiguang/e/a.java
com/yidui/ui/live/audio/seven/SevenBlindDateInviteDialog.java
com/getui/gtc/dim/DimRequest.java
f/i0/u/f/d/b.java
com/meizu/cloud/pushsdk/notification/model/a.java
com/yidui/ui/live/video/adapter/VideoInvitesDialogAdapter.java
com/netease/nimlib/ipc/cp/c/a.java
com/alibaba/wireless/security/open/securitybodysdk/ISecurityBodyPageTrack.java
com/yidui/model/net/ClientInfo.java
com/netease/nimlib/ipc/NIMContentProvider.java
com/netease/nimlib/q/t.java
cn/jiguang/aw/a.java
com/huawei/hms/push/constant/RemoteMessageConst.java
f/i0/v/h0.java
com/tencent/mmkv/MMKVContentProvider.java
com/sensorsdata/analytics/android/sdk/util/SADataHelper.java
com/sensorsdata/analytics/android/sdk/encrypt/SensorsDataEncrypt.java
f/i0/g/i/n/d/b.java
f/i0/u/q/i/f.java
com/sensorsdata/analytics/android/sdk/AbstractSensorsDataAPI.java
com/netease/nimlib/g/b/c.java
f/i0/u/r/b0/c.java
f/i0/e/b/f/c.java
f/q/a/g/c/i.java
com/yidui/ui/live/video/ktv/view/KTVLyricView.java
f/i0/s/a/c/b.java
f/i0/g/g/a.java
com/netease/nimlib/push/net/lbs/e.java
com/huawei/hms/support/hianalytics/HiAnalyticsConstant.java
f/i0/u/c/d/c.java
f/i0/u/w/b/a.java
High
CVSS:5.5
App can read/write to External Storage. Any App can read data written to External Storage.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 f/i0/v/g1/d.java
com/alibaba/security/realidentity/build/db.java
com/luck/picture/lib/ucrop/UCropUtil.java
f/h/a/a.java
f/i0/v/e0.java
f/i0/u/m/y/g.java
com/baidu/b/g.java
com/yidui/business/moment/publish/ui/camera/AlbumActivity.java
f/i0/u/y/c.java
f/i0/g/e/k/g/a.java
f/b/b/a/f/g.java
com/yidui/ui/meishe/AlbumActivity.java
com/tencent/bugly/webank/crashreport/common/info/b.java
f/h0/a/j/s.java
f/i0/f/b/m.java
com/yidui/ui/moment/CreateMomentsActivity.java
com/meizu/cloud/pushsdk/b/b.java
com/alibaba/security/realidentity/build/an.java
com/getui/gtc/base/GtcProvider.java
f/i0/d/q/a.java
f/i0/d/r/c.java
f/i0/d/p/c.java
com/alibaba/security/realidentity/build/a.java
com/yalantis/ucrop/util/FileUtils.java
com/faceunity/utils/Constant.java
f/i0/v/p0.java
com/xiaomi/push/ai.java
com/igexin/push/core/e.java
f/i0/v/g0.java
f/i0/u/h/u/c.java
cn/jiguang/e/a.java
com/xiaomi/push/dd.java
f/h/a/d/e.java
com/meizu/cloud/pushsdk/notification/a/d.java
com/xiaomi/clientreport/processor/a.java
com/shuyu/gsyvideoplayer/utils/FileUtils.java
f/l/a/s.java
f/f0/c/b/b.java
com/shuyu/gsyvideoplayer/utils/StorageUtils.java
com/meizu/cloud/pushsdk/b/g.java
com/alibaba/sdk/android/oss/common/OSSLogToFileUtils.java
com/tencent/mm/opensdk/diffdev/a/d.java
com/xiaomi/push/ds.java
com/faceunity/utils/MiscUtil2.java
cn/jiguang/f/e.java
com/tencent/bugly/crashreport/common/info/b.java
com/faceunity/utils/FileUtils.java
com/alibaba/security/realidentity/build/cd.java
com/xiaomi/push/df.java
cn/jiguang/bd/b.java
f/i0/u/a0/a/b.java
com/obsez/android/lib/filechooser/ChooserDialog.java
com/faceunity/utils/MiscUtil.java
com/yidui/ui/live/base/BaseRoomActivity.java
com/getui/gtc/base/log/b/a.java
f/s/a/o0/f.java
com/yidui/ui/live/group/EditGroupActivity.java
com/yidui/business/moment/publish/ui/publish/PublishMomentActivity.java
f/i0/e/b/h/f/a/d/b.java
com/tencent/turingfd/sdk/mfa/Cpublic.java
com/huawei/hms/availableupdate/e.java
com/yidui/ui/picture_viewer/CameraActivity.java
f/i0/d/r/f.java
com/alipay/security/mobile/module/deviceinfo/b.java
f/i0/g/k/h/a.java
cn/jiguang/k/b.java
com/igexin/push/f/j.java
com/xiaomi/push/ac.java
com/netease/nimlib/q/a/a.java
f/b/b/a/f/i.java
com/xiaomi/push/du.java
com/meizu/cloud/pushsdk/util/MzSystemUtils.java
com/alipay/security/mobile/module/b/c.java
com/meizu/cloud/pushsdk/handler/a/b/a.java
com/alibaba/sdk/android/oss/internal/ExtensionRequestOperation.java
com/xiaomi/push/bs.java
cn/jiguang/f/a.java
com/meizu/cloud/pushsdk/handler/a/b/b.java
com/baidu/location/c/g.java
f/i0/u/m/w/d.java
im/zego/zegoexpress/utils/ZegoLogUtil.java
com/alipay/apmobilesecuritysdk/a/a.java
com/xiaomi/clientreport/processor/b.java
com/netease/nimlib/k/a.java
f/h0/a/j/r.java
f/i0/d/b/b.java
com/zego/zegoavkit2/utils/ZegoLogUtil.java
com/xiaomi/push/de.java
com/luck/picture/lib/tools/PictureFileUtils.java
com/alibaba/security/realidentity/build/bv.java
f/f0/d/d.java
f/i0/u/b0/b/b.java
com/baidu/location/h/n.java
com/yidui/ui/picture_viewer/ChoosePhotoActivity.java
f/i0/v/k0.java
io/agora/rtc/internal/CommonUtility.java
com/unicom/xiaowo/account/shield/e/a.java
com/webank/facelight/ui/fragment/b.java
com/yidui/ui/picture_viewer/SendPhotoActivity.java
Medium
CVSS:4.3
IP Address disclosure
MASVS: MSTG-CODE-2
CWE-200 Information Exposure
Files:
 com/igexin/push/config/a.java
com/getui/gtc/dim/d/b.java
com/huawei/hms/hatool/z.java
com/getui/gtc/BuildConfig.java
f/h0/a/j/o.java
com/huawei/hms/framework/network/frameworkcompat/BuildConfig.java
com/huawei/hms/support/api/PendingResultImpl.java
com/igexin/push/core/d.java
com/alibaba/sdk/android/oss/internal/InternalRequestOperation.java
com/igexin/push/core/stub/PushCore.java
com/tencent/tinker/loader/shareutil/ShareTinkerInternals.java
com/tencent/tinker/lib/tinker/Tinker.java
com/huawei/hms/base/device/BuildConfig.java
com/igexin/push/a.java
com/huawei/hms/support/hianalytics/HiAnalyticsUtil.java
com/huawei/hms/hatool/v.java
com/xiaomi/push/bi.java
com/igexin/push/core/b/a.java
com/igexin/push/core/d/a.java
com/vivo/push/PushClient.java
com/getui/gtc/base/http/crypt/PtRASCryptoInterceptor.java
f/q/d/a/a/b/f/a.java
f/f0/a/e/b.java
com/huawei/hms/framework/common/PackageManagerCompat.java
com/igexin/push/f/h.java
com/alipay/android/phone/mrpc/core/q.java
com/netease/nimlib/push/net/httpdns/a/b.java
com/alibaba/security/realidentity/build/ct.java
com/huawei/hms/framework/network/grs/d/a.java
com/huawei/hms/hatool/e1.java
com/xiaomi/push/ag.java
f/l/a/g.java
f/b0/a/e/i.java
com/huawei/hms/framework/network/grs/c/b/a.java
com/igexin/sdk/PushManager.java
com/huawei/hms/support/hianalytics/a.java
com/tencent/tinker/loader/BuildConfig.java
com/baidu/lbsapi/auth/g.java
com/igexin/sdk/PushBuildConfig.java
com/shuyu/gsyvideoplayer/video/base/GSYVideoView.java
com/tencent/tinker/loader/shareutil/ShareConstants.java
com/huawei/hms/api/HuaweiApiClientImpl.java
cn/jiguang/l/b.java
com/huawei/hms/framework/common/BuildConfig.java
com/alibaba/security/realidentity/build/dd.java
com/alibaba/sdk/android/oss/common/utils/HttpdnsMini.java
net/security/device/api/DeviceInfo.java
com/huawei/hms/common/PackageConstants.java
Medium
CVSS:7.4
MD5 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 com/meicam/sdk/NvsStatisticsInfo.java
com/faceunity/utils/FileUtils.java
com/netease/nimlib/q/j.java
f/f0/e/a/h.java
com/alibaba/security/realidentity/build/co.java
com/aliyun/sls/android/sdk/utils/BinaryUtil.java
com/igexin/base/util/StringUtil.java
f/i0/n/a/j/a.java
f/i0/f/b/q.java
com/tencent/bugly/crashreport/common/info/AppInfo.java
f/s/a/o0/f.java
f/l/a/p.java
cn/com/chinatelecom/account/api/e/d.java
com/meizu/cloud/pushsdk/platform/b.java
com/xiaomi/push/bo.java
f/i0/d/a/d/k.java
cn/jiguang/bb/c.java
com/sensorsdata/analytics/android/sdk/visual/ViewSnapshot.java
com/igexin/push/f/g.java
com/getui/gtc/i/a/a.java
cn/jiguang/ax/b.java
com/tencent/mm/opensdk/utils/b.java
com/unicom/xiaowo/account/shield/e/h.java
com/tencent/turingcam/Cnative.java
f/i0/b/a/c/c/b.java
com/opensource/svgaplayer/SVGACache.java
f/b/b/a/f/i.java
com/netease/nimlib/push/net/httpdns/util/b.java
cn/jiguang/verifysdk/j/d.java
cn/jiguang/f/g.java
com/meizu/cloud/pushsdk/c/g/b.java
cn/jiguang/bb/j.java
com/igexin/assist/util/a.java
com/igexin/b/b/a.java
com/yidui/security/defence/NetHelper.java
com/baidu/geofence/a/a.java
com/aliyun/sls/android/sdk/utils/Utils.java
com/vivo/push/util/u.java
com/alibaba/sdk/android/oss/common/utils/BinaryUtil.java
com/tencent/tinker/loader/shareutil/SharePatchFileUtil.java
com/xiaomi/push/bn.java
com/tencent/tinker/lib/reporter/DefaultLoadReporter.java
com/baidu/b/d/b.java
com/sensorsdata/sf/ui/utils/ImageLoader.java
cn/jiguang/verifysdk/j/q.java
com/getui/gtc/i/b/a.java
com/tencent/tinker/lib/patch/UpgradePatch.java
com/baidu/location/h/n.java
com/igexin/sdk/PushManager.java
com/cmic/sso/sdk/h/h.java
com/baidu/location/indoor/mapversion/b/a.java
f/b/b/a/f/l.java
Medium
CVSS:8.8
Insecure WebView Implementation. Execution of user controlled code in WebView is a critical Security Hole.
MASVS: MSTG-PLATFORM-7
CWE-749 Exposed Dangerous Method or Function
M1: Improper Platform Usage
Files:
 com/tencent/bugly/webank/crashreport/CrashReport.java
com/tencent/bugly/crashreport/CrashReport.java
cn/jiguang/y/a.java
com/yidui/ui/login/SafetyGuideActivity.java
com/alibaba/security/realidentity/jsbridge/core/BridgeWebView.java
com/yidui/ui/web/view/MiWebView.java
com/yidui/ui/webview/view/CustomWebView.java
com/sensorsdata/analytics/android/sdk/SensorsDataAPI.java
com/baidu/location/b/n.java
High
CVSS:7.4
The App uses the encryption mode CBC with PKCS5/PKCS7 padding. This configuration is vulnerable to padding oracle attacks.
MASVS: MSTG-CRYPTO-3
CWE-649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
M5: Insufficient Cryptography
Files:
 f/q/d/a/a/a/a/a.java
f/o/a/a/f1/s0/d.java
com/meizu/cloud/pushsdk/a/a/a.java
com/alipay/security/mobile/module/a/a/c.java
com/tencent/bugly/proguard/ai.java
com/vivo/push/util/f.java
com/vivo/push/util/a.java
f/i0/d/a/d/a.java
cn/jiguang/ay/b.java
f/i0/f/b/b.java
f/f0/c/b/c/a.java
com/cmic/sso/sdk/h/a.java
com/xiaomi/push/h.java
f/f0/a/f/c/a.java
com/tencent/bugly/proguard/ah.java
com/igexin/base/a/b.java
f/i0/v/g1/b.java
f/q/a/g/c/i.java
cn/jiguang/br/d.java
cn/jiguang/bb/i.java
cn/jiguang/verifysdk/j/b.java
f/b/b/a/f/d.java
Medium
CVSS:7.5
The App uses an insecure Random Number Generator.
MASVS: MSTG-CRYPTO-6
CWE-330 Use of Insufficiently Random Values
M5: Insufficient Cryptography
Files:
 com/igexin/push/core/l.java
com/netease/share/media/a.java
com/alibaba/security/biometrics/service/model/strategy/DefaultActionStrategy.java
com/yidui/ui/gift/widget/GiftStarView.java
com/yidui/ui/gift/widget/GuardianAngelEffectView.java
com/xiaomi/push/bo.java
com/yidui/ui/message/activity/ConversationActivity2.java
f/i0/u/i/i/o/b/j/f.java
com/netease/nimlib/push/packet/symmetry/a.java
cn/jiguang/verifysdk/c/c.java
cn/jiguang/bh/c.java
com/tencent/turingfd/sdk/mfa/Cbreak.java
k/e0/b.java
com/xiaomi/push/hl.java
f/o/a/a/j1/k0/t.java
com/yidui/ui/gift/widget/SweetheartsSuperEffectView.java
k/e0/e/a.java
io/agora/rtc/audio/MediaCodecAudioDecoder.java
com/yidui/business/gift/common/widget/GiftPeriscopeLayout.java
f/o/a/a/j1/k0/n.java
com/igexin/push/core/e/f.java
com/huawei/hms/common/internal/TransactionIdCreater.java
com/alipay/sdk/data/c.java
k/e0/a.java
cn/jiguang/bi/d.java
com/baidu/location/f/f.java
com/igexin/push/core/a/c/g.java
com/yidui/business/gift/effect/view/GiftEffectFlowerView.java
com/igexin/push/core/d.java
com/igexin/push/f/o.java
com/netease/nimlib/push/net/httpdns/a/a.java
com/netease/nimlib/push/packet/symmetry/c.java
com/igexin/b/b/a.java
com/baidu/location/b/g.java
com/alipay/sdk/tid/b.java
com/alipay/sdk/util/n.java
com/meicam/sdk/NvsTimeUtil.java
f/f0/a/f/e.java
com/xiaomi/push/ci.java
com/yidui/business/gift/effect/view/GiftEffectSweetheartsSuperView.java
cn/jiguang/bp/e.java
com/baidu/b/c/b/b.java
com/yidui/ui/gift/widget/FlowerEffectView.java
com/yidui/view/periscope/PeriscopeLayout.java
com/netease/nimlib/push/net/httpdns/util/d.java
com/netease/nimlib/push/packet/symmetry/b.java
com/yidui/ui/live/audio/seven/SevensRoomActivity.java
com/baidu/location/f/h.java
com/alibaba/security/biometrics/service/model/strategy/GroupActionStrategy.java
com/yidui/business/gift/effect/view/GiftEffectAngelView.java
com/alibaba/security/biometrics/build/ad.java
High
CVSS:7.4
Weak Encryption algorithm used
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 f/i0/v/g1/b.java
com/alipay/sdk/encrypt/b.java
com/tencent/bugly/proguard/ai.java
com/heytap/mcssdk/f/b.java
f/b/b/a/f/d.java
Medium
CVSS:5.9
App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
M7: Client Code Quality
Files:
 com/baidu/location/e/l.java
com/alibaba/sdk/android/oss/common/OSSSQLiteHelper.java
com/tencent/bugly/webank/a.java
f/o/a/a/j1/k0/i.java
com/baidu/location/e/c.java
com/xiaomi/push/providers/a.java
com/baidu/location/e/f.java
com/netease/nimlib/g/c/c.java
f/l/a/v/a.java
com/baidu/location/e/a.java
com/baidu/location/c/a.java
com/getui/gtc/base/db/AbstractTable.java
com/getui/gtc/base/db/AbstractDb.java
com/netease/nimlib/g/c/a.java
q/c/b/j/f.java
com/xiaomi/push/ev.java
com/baidu/location/b/k.java
com/yidui/ui/me/bean/Province.java
com/tencent/bugly/a.java
com/igexin/push/a/b.java
com/meizu/cloud/pushsdk/d/d/b.java
com/baidu/location/e/k.java
com/alibaba/security/realidentity/build/ce.java
f/s/a/f0/e.java
f/o/a/a/x0/c.java
com/alipay/sdk/tid/a.java
f/i0/s/a/e/b.java
com/sensorsdata/analytics/android/sdk/data/SensorsDataDBHelper.java
com/sensorsdata/analytics/android/sdk/data/OldBDatabaseHelper.java
f/o/a/a/j1/k0/n.java
com/tencent/bugly/webank/proguard/q.java
com/tencent/bugly/proguard/q.java
com/baidu/location/e/e.java
f/s/a/f0/d.java
Medium
CVSS:5.9
SHA-1 is a weak hash known to have hash collisions.
MASVS: MSTG-CRYPTO-4
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 com/alibaba/wireless/security/framework/utils/UserTrackMethodJniBridge.java
f/q/d/a/a/a/b/a.java
cn/jiguang/aj/a.java
com/baidu/b/d/c.java
com/xiaomi/push/ba.java
cn/jiguang/f/g.java
com/huawei/hms/hatool/e.java
com/baidu/lbsapi/auth/b.java
com/getui/gtc/dim/c/b.java
com/alibaba/security/realidentity/build/co.java
com/igexin/base/a/b.java
com/tencent/bugly/crashreport/common/info/AppInfo.java
f/f0/c/b/c/d.java
net/security/device/api/id/oaid/OppoImpl.java
com/igexin/push/f/e.java
com/tencent/turingfd/sdk/mfa/Ccontinue.java
com/netease/nimlib/push/packet/asymmetric/e.java
com/xiaomi/push/bo.java
com/alipay/security/mobile/module/a/a.java
com/tencent/bugly/proguard/z.java
com/alibaba/sdk/android/oss/common/utils/BinaryUtil.java
com/tencent/tinker/android/dex/Dex.java
com/tencent/bugly/webank/proguard/z.java
f/q/d/a/a/a/d/b.java
com/alipay/security/mobile/module/a/a/c.java
f/q/a/g/c/g.java
com/igexin/push/f/g.java
com/baidu/location/h/n.java
com/alipay/security/mobile/module/a/a/b.java
com/xiaomi/push/bm.java
Medium
CVSS:5.5
App creates temp file. Sensitive information should never be written into a temp file.
MASVS: MSTG-STORAGE-2
CWE-276 Incorrect Default Permissions
M2: Insecure Data Storage
Files:
 com/netease/nimlib/g/b/d.java
f/h0/a/j/m.java
High
CVSS:7.4
Insecure Implementation of SSL. Trusting all the certificates or accepting self signed certificates is a critical Security Hole. This application is vulnerable to MITM attacks
MASVS: MSTG-NETWORK-3
CWE-295 Improper Certificate Validation
M3: Insecure Communication
Files:
 com/netease/nimlib/push/net/httpdns/b/d.java
com/alipay/android/phone/mrpc/core/b.java
Low
CVSS:0
This App copies data to clipboard. Sensitive data should not be copied to clipboard as other applications can access it.
MASVS: MSTG-STORAGE-10
Files:
 com/yidui/ui/message/manager/MsgPopupMenuManager.java
com/sensorsdata/sf/ui/utils/ActionHelper.java
f/i0/f/b/e.java
Info
CVSS:0
This App may have root detection capabilities.
MASVS: MSTG-RESILIENCE-1
Files:
 com/tencent/bugly/crashreport/common/info/b.java
f/i0/n/a/j/a.java
com/tencent/bugly/webank/crashreport/common/info/b.java
com/alipay/sdk/sys/b.java
High
CVSS:5.9
The App uses ECB mode in Cryptographic encryption algorithm. ECB mode is known to be weak as it results in the same ciphertext for identical blocks of plaintext.
MASVS: MSTG-CRYPTO-2
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
M5: Insufficient Cryptography
Files:
 com/netease/nimlib/push/packet/symmetry/a.java
com/netease/nimlib/chatroom/e.java
Info
CVSS:0
This App uses SSL certificate pinning to detect or prevent MITM attacks in secure communication channel.
MASVS: MSTG-NETWORK-4
Files:
 cn/jiguang/verifysdk/j/o.java
f/q/d/a/a/b/d.java
com/unicom/xiaowo/account/shield/d/d.java
f/b0/a/i/a.java
com/cmic/sso/sdk/c.java
f/b/b/a/b/a/e0/d.java
cn/jiguang/net/SSLTrustManager.java
f/f0/b/a/g0/c.java
High
CVSS:5.4
Remote WebView debugging is enabled.
MASVS: MSTG-RESILIENCE-2
CWE-919 - Weaknesses in Mobile Applications
M1: Improper Platform Usage
Files:
 com/alibaba/security/realidentity/jsbridge/core/BridgeWebView.java
High
CVSS:0
This App may request root (Super User) privileges.
MASVS: MSTG-RESILIENCE-1
CWE-250 Execution with Unnecessary Privileges
Files:
 com/tencent/bugly/crashreport/common/info/b.java
com/tencent/bugly/webank/crashreport/common/info/b.java
Low
CVSS:0
This App uses SQL Cipher. SQLCipher provides 256-bit AES encryption to sqlite database files.
MASVS: MSTG-CRYPTO-1
Files:
 com/netease/nimlib/g/b/c.java
com/netease/nimlib/g/b/b.java
com/netease/nimlib/g/b/d.java
q/c/b/j/b.java
High
CVSS:7.4
Insecure WebView Implementation. WebView ignores SSL Certificate errors and accept any SSL Certificate. This application is vulnerable to MITM attacks
MASVS: MSTG-NETWORK-3
CWE-295 Improper Certificate Validation
M3: Insecure Communication
Files:
 cn/jiguang/y/a.java
com/alipay/sdk/app/b.java
com/webank/facelight/ui/FaceProtocalActivity.java
com/huawei/secure/android/common/webview/SafeWebView.java
Low
CVSS:0
This app listens to Clipboard changes. Some malware also listen to Clipboard changes.
MASVS: MSTG-PLATFORM-4
Files:
 com/yidui/ui/login/view/PhoneCodeView.java
Pygal China: 5400 Germany: 600 Hong Kong: 800 Korea, Republic of: 100 Netherlands: 500 Russian Federation: 200 Singapore: 200 United States: 1300

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

SG mclient.alipay.com 47.89.73.131
CN kycwa-test.tencentcloudapi.com 42.194.142.11
CN itsdata.map.baidu.com 112.34.111.228
CN ofloc.map.baidu.com 111.206.209.193
HK mobilegw.alipay.com 205.204.122.81
d-gt.getui.com
CN wap.cmpassport.com 120.197.235.27
CN test1-api.520yidui.com 39.96.126.77
DE fr.register.xmpush.global.xiaomi.com 3.124.55.120
HK wappaygw.alipay.com 47.235.0.3
RU nosup-hz1.127.net 79.133.177.218
schemas.android.com
CN miniprogram-kyc.tencentcloudapi.com 193.112.232.253
CN tdid.m.qq.com 203.205.235.145
CN norma-external-collect.meizu.com 113.106.27.98
US xmlpull.org 74.50.61.58
DE resolver.msg.global.xiaomi.net 3.124.50.74
CN www.sobot.com 203.107.41.32
DE resolver.msg.xiaomi.net 3.123.48.111
CN h5-test.520yidui.com 114.80.179.225
CN api-staging.520yidui.com 121.196.27.201
mobilegw-1-64.test.alipay.net
NL en.wikipedia.org 91.198.174.192
US mobilegw.alipaydev.com 198.11.186.9
US argus.agoralab.co 52.53.64.174
CN api-e189.21cn.com 222.93.106.185
DE store.hispace.hicloud.com 80.158.2.135
CN www.520yidui.com 121.196.133.231
CN cn-hangzhou.sls.aliyuncs.com 47.97.242.7
CN sdk.open.phone.igexin.com 183.131.7.98
CN rqd.uu.qq.com