Research On Android Smartphones' Data Security

Nowadays,smartphones have become an essential part of people's life.While the smartphones' powerful functions bring the unprecedented convenience to people's life,they also provide chances to the attackers to steal the users' sensitive data.Based on the smartphones' unique features,attackers can utilize different methods to access the users'personal data on their smartphones.As a result,the data security on smart-phones has already become a key research field of network security.As one of the most popular smartphone operating systems,Android provides the mobile applications with different methods to store their data.However,it is unknown that when the mobile applications' developers use these methods to store their data,whether they fully think about the security problems of the saved data.Smartphones have been equipped with a variety of sensors.These sensors not only bring convenience to the mobile applica-tions to access the users' context information,but also can be employed by attackers to obtain the users' sensitive information.Besides the data storage and acquisition,mobile applications usually have to communicate with the remote server.While the smartphones offer the mobile applications different kinds of communication methods(Wi-Fi wireless network,4G wireless network),some potential security issues still exist in the communication process.This paper mainly studies the data security of Android smartphones from three aspects-data storage,data acquisition and data transmission.In this paper,the main contributions are as follows:1.In terms of data storage,a deep investigation on the data security problem about Android shared storage is conducted.Android utilizes the read/write per-missions to control applications to access the shared storage.However,once an application is granted the read/write permissions,it can visit any files on the shared storage regardless of whether it is the file owner or not.Therefore,when a mobile application save the data on the shared storage,it will encounter a series of security problems.This paper systematically studies a simple but overlooked threat related to the shared storage—the lack of input validation(e.g.,integrity verifications)when the applications consume files on the shared storage.This paper analyzes a large number of applications from the Internet,and finds that a lot of sensitive data is stored on the shared storage and the vast majority of analyzed applications con-sume these files on the shared storage without any input validation.Based on this phenomenon,attackers can design and implement a series of attacks against some special kinds of files.2.In terms of data acquisition,a series of secure keyboard strategies are proposed to defend against the motion-sensor-based keystroke inference attack.When users operate the smartphones,they often have to conduct some input operations through the virtual keyboard.However,these operations usually cause the smart-phone status variances,which can be captured by motion sensors.Attackers can infer the users' input through the obtained motion sensor readings.In terms of key-board,this paper designs and realizes a kind of practical and convenient defense which is based on the randomized vibration noise and the dynamically modified keyboard layout.The evaluation results show that the proposed strategies can sig-nificantly reduce the keystroke inference accuracy while keeping the users' normal input speed.3.In terms of data transmission,this paper proposes a method to associate users with their mobile devices based on the Wi-Fi wireless network signal and vi-sual signal.The openness of Wi-Fi wireless network makes it easy for attackers to capture the network packets so as to obtain the users' sensitive information.How-ever,in the real world,the packets captured by the attackers are usually based on the devices(e.g.,based on the devices' MAC addresses).Therefore,the obtained users' information is also based on the devices,rather than based on the real users appearing in the scene.This paper finds that it can be available to associate the captured packets with the real users with the aid of wireless network signal and vi-sual signal.In this way,the attackers can obtain much information about the users'personal characteristics,such as gender,age,appearance and wearing,so that they can find out more valuable targets.Users' movements can make both the wireless network signal and visual signal vary.Based on the similar changes of both signals,this paper proposes a method to associate the users with their mobile devices,EV-Linker.This paper conducts a series of signal process operartions on both of the signals,and proposes a series of new signal matching algorithms to remove other factors' influences during matching.EV-Linker also can be applied to deal with the motionless persons.The evaluation results fully prove that,whether the users are moving or not,the proposed method EV-Linker is very effective.