[雙語翻譯]計算機專業(yè)安卓系統(tǒng)外文翻譯—android安全問題和解決方案（原文）

1、See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/318412307Android security issues and solutionsConference Paper · February 2017DOI: 10.1109/ICIMIA.2017.79

2、75551CITATIONS5READS1,9452 authors:Some of the authors of this publication are also working on these related projects:Research View projectIoT Research Project View projectKarthick SowndarajanChrist University, Bangalore

3、5 PUBLICATIONS 8 CITATIONS SEE PROFILESumitra BinuChrist University, Bangalore10 PUBLICATIONS 18 CITATIONS SEE PROFILEAll content following this page was uploaded by Karthick Sowndarajan on 06 August 2017.The use

4、r has requested enhancement of the downloaded file.the same user id SHAREDUSERID, then it is possible for application A to use the permissions granted to itself and the permissions granted to B. Similarly, it is possi

5、ble for application B to use the permissions granted to itself and the permissions granted to A. Every Android application has unique ID that is its package name. Android supports shared User ID. It is an attribute i

6、n AndroidManifest.xml file. If this attribute assigned with the same value in two or more applications and if the same certificate signs these applications. They can access permissions granted to each other. Collisio

7、n attack has been classified as direct collision attack and indirect collision attack. A direct collision attack is wherein application communicates directly. In Indirect collision attack application communicates via

8、 third party application or component. C. Time of Check and Time of Use Attack The main reason for TOCTOU Attack is naming collision. No naming rule or constraint is applied to a new permission declaration. Moreover, p

9、ermissions in Android are represented as strings, and any two permissions with the same name string are treated as equivalent even if they belong to separate applications. D. Spyware Spyware is a type of malwar

10、e. It is an apk file which is downloaded automatically when the user visits malicious website and apps installed from unknown sources. In Android, other than google play store, it is possible to install the applicati

11、ons from unknown sources. Spyware is one of the main reasons for major security threats in Android operating system. III. UNDERSTANDING PERMISSIONS The Android operating system uses the permission-based model to

12、 access various resources and information. These permissions are not requests; they are declarations. These permissions are declared in AndroidManifest.xml file. Once the permissions are granted, the permissions rema

13、in static for Android versions less than 6 [8][9]. But, in Android versions, 7.0 and higher the app permissions are classified into normal permissions [10] and dangerous permissions [11]. A. Normal Permissions Norma

14、l permissions don't specifically hazard the client's privacy. Normal permissions need not be declared in the AndroidManifest.xml file. These permissions are granted automatically. Example:KILL_BACKGROUND_PROCE

15、SSES SET_WALLPAPER UNINSTALL_SHORTCUT WRITE_SYNC_SETTINGS B. Dangerous Permissions Dangerous Permissions can access critical resources of the mobile. Dangerous permissions can give the app access to the user'

16、;s confidential data. If app lists a normal permission in its manifest, the system grants the permission automatically. If app list a dangerous permission, the user has to explicitly give approval for the app for the

17、 successful installation of the app. Example: CONTACTS READ_CONTACTS, WRITE_CONTACTS, GET_ACCOUNTS LOCATION ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION SMS SEND_SMS, RECEIVE_SMS, READ_SMS, RECEIVE_

18、WAP_PUSH, RECEIVE_MMS STORAGE READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE Android Marshmallow 6.0 has classified the permissions into normal and dangerous permissions. Whenever the app needs to use dange

19、rous permissions, it explicitly asks the user to confirm with the permission. Thus, Android 6.0 and higher versions provide explicit permission notification to access critical resources. But, Marshmallow is availabl

20、e only on 1.2 percent of Android devices [9]. The Android operating system updates are not available for most of the older devices. Therefore, security threats related to app permissions are still not solved. C. Appli

21、cation Sandboxing Android uses application sandboxing which is used to limit the application to access the resources. If an app needs to access the resources outside of its sandbox, it needs to request the appropriate

22、 permission. D. Over-claiming of application permissions The permissions which may not be required for the app, but the application request for the particular permission, this is called over claiming of permiss

23、ions. It is the declaration to use irrelevant permissions that are not at all required for the application. It is the main reason for data theft in android application. The information is collected and sent to the co

24、ncerned people. The developer’s of the app makes money by selling this information. Several International Conference on Innovative Mechanisms for Industry Applications(ICIMIA 2017)978-1-5090-5960-7/17/$31.00 ©2017