Android应用钓鱼劫持风险的检测与防范
Detection and Prevention of the Phishing Risk of Android Application
DOI: 10.12677/CSA.2015.511053, PDF, HTML, XML, 下载: 2,878  浏览: 6,343  国家自然科学基金支持
作者: 黄振鹏*, 牛少彰, 张文*:北京邮电大学,北京
关键词: Android钓鱼劫持安全Android Fishing Hijacking Security
摘要: Android是当前最流行的移动设备上的智能操作系统。随着移动设备的蓬勃发展,移动端应用在人们生活中也越来越重要。但是由于开发者考虑不足或者对移动端的安全的不够重视,许多的移动应用存在安全漏洞。利用钓鱼劫持漏洞可以在用户未察觉的情况下窃取用户的重要信息,这对用户的信息安全和财产安全造成了巨大的威胁。本文通过对Android Activity组件进行研究,设计并实现了对Android应用的钓鱼劫持漏洞检测系统。利用该系统对从MM商场下载的500个常见应用进行检测,结果表明钓鱼劫持漏洞在Android应用中广泛存在。本文最后给出了针对钓鱼劫持风险可行的防范建议。
Abstract: Android is the most popular mobile device’s intelligent operating system. With the rapid devel-opment of mobile devices, mobile applications are becoming more and more important in people’s life. However, due to the developers’ inadequate consideration or attention for mobile device se-curity, a lot of applications have the security vulnerability problems. Using fishing hijacking vul-nerabilities can steal the user’s important information in the case that users are unaware, which has caused a huge threat to the user’s privacy and property security. In this paper, through the study of activity, we design and implement a phishing detection system of Android application. Using the system to detect the 500 common applications from the MM shopping market, the results show that the phishing hijacking vulnerabilities of Android application exist widely. At last, the paper gives the feasible preventive suggestions for the risk of the fishing.
文章引用:黄振鹏, 牛少彰, 张文. Android应用钓鱼劫持风险的检测与防范[J]. 计算机科学与应用, 2015, 5(11): 421-427. http://dx.doi.org/10.12677/CSA.2015.511053

参考文献

[1] 符易阳, 周丹平. Android 安全机制分析[C]//中国计算机学会. 第26次全国计算机安全学术交流会论文集: 2011年第9期. 北京: 信息网络安全杂志社, 2011: 23-25.
[2] 董晓刚. 浅析Android系统的四大基本组件[J]. 中国电子商务, 2013(1): 39.
[3] 傅建明, 李鹏伟, 易乔, 黄诗勇. Android组件间通信的安全缺陷静态检测方法[J]. 华中科技大学学报(自然科学版), 2013, 41(z2): 259-264.
[4] 洪智勇, 张宁. 移动终端软件开发技术课程教学改革研究与实践[J]. 软件工程师, 2014, 17(6): 46-48.
[5] 李鸥. Android安全机制分析及双用户安全保护模型的设计[J]. 保密科学技术, 2014(3): 42-46.
[6] 钱宇虹. 多线程环境下如何正确使用Java集合类[J]. 软件工程师, 2012(10): 45-48.
[7] 沈才樑, 唐科萍, 俞立峰, 樊甫伟. Android权限提升漏洞攻击的检测[J]. 电信科学, 2012(5): 115-119.
[8] Shabtai, A., Fledek, Y. and Kanonov, U. (2010) Google Android: A Comprehensive Security Assessment. IEEE Security and Privacy, 8, 35-44.
http://dx.doi.org/10.1109/MSP.2010.2
[9] Shabtai, A., Ka-nonov, U. and Elovici, Y. (2009) Detection, Alert and Response to Malicious Behavior in Mobile Devices: Know-ledge-Based Approach. Proceedings of 12th International Symposium on Recent Advances in Intrusion Detection (RAID), Saint-Malo, 23-25 September 2009, 357-358.