论文部分内容阅读
安卓手机已经为用户的个人信息管理提供了一个基于认证的安全模式,该模式需要每个应用程序通过请求才能安装运行。通过研究目前主流的八种流行的安卓手机,发现大部分手机未能正确执行安全模型,一些特权可以很容易被其他未使用的应用程序获取。为了验证这些问题的存在,本文研发一种动态系统权限泄漏检测系统。实验研究结果表明:一个没有获得认证的应用程序可以获取安卓系统的权限,可以未经使用者许可的情况下,消灭用户数据、发送短信、记录用户的通话进程。
Android phones already provide users with a credential-based security model for personal information management that requires every application to run through requests. By studying the current mainstream of eight popular Android phones, found that most of the phone fails to properly implement the security model, some of the privileges can be easily obtained by other unused applications. In order to verify the existence of these problems, this paper develops a dynamic system of competence leak detection system. Experimental results show that: An unauthenticated application can obtain Android system privileges, eliminate user data, send text messages, and record the user’s call progress without the user’s permission.