| With the development of emerging technologies such as 5G,big data and Artificial Intelligence(AI),mobile intelligent terminals,especially those based on Android platform,have become the main tools for people to obtain and store information.While bringing many conveniences to people,Android mobile intelligent terminal increasingly involve sensitive information like personal privacy,business secrets or even state secrets,which leads to an increasing number of information security incidents such as the dissemination of unsafe content and privacy leakage.Because of this,the user,the industry and even the country pay more and more attention to how to improve the content security and personal privacy security of Android mobile intelligent terminals.The study found that Bluetooth,Wi Fi,Applications(Apps)and other interfaces bring a lot of high security risks to Android mobile intelligent terminals.Hackers can exploit these interfaces to invade the terminals,spread unsafe contents or steal user privacy,remotely.Among these interfaces,App is favored by unhealthy content spreaders for its portability,usability,rapid spread and wide coverage.This makes users,especially kids,vulnerable to bad contents when using Android Apps,endangering their physical and mental health.In addition,plenty of Android Apps exist privacy violations like illegally gathering or using personal data,which seriously infringe on users’ privacy rights and interests.Thus,it is of great significance to improve the content security and personal privacy security of Android mobile intelligent terminals by analyzing and studying the vulnerabilities of the terminals as well as the possible information security problems brought by these interfaces.The main work of this paper are summarized as follows:1.In view of the security threats in Android mobile intelligent terminals,this paper studies the vulnerability of the terminals and its evaluation methods in detail.First of all,this paper detailedly analyze the possible attack methods and information security threats brought to users caused by the attack surfaces exposed in the terminals.Then,aiming at three different attack surfaces of the terminals,a complete remote payload injection method,a novel navigation spoofing method and a remote vehicle control method are designed respectively.Next,through separate experiments on Android smartphones and vehicle intelligent terminals,it is verified that Wi Fi is vulnerable to remote malicious information delivery,App is vulnerable to remote navigation spoofing and privacy leakage and Telematics Service Provider(TSP)is vulnerable to be used to destroy the security system of the vehicle for remote privacy leakage and vehicle control.These results also show that Android mobile intelligent terminals have many vulnerabilities that can be exploited by hackers to spread unhealthy contents,steal personal privacy,etc.Finally,the targeted measures are present to improve the information security of the terminals.2.In view of the information content security problem in Android mobile intelligent terminals,this paper designs a novel automatic content inspection and forensics system to protect children from unhealthy contents when using Android Apps.It is different from the existing researches,which focus on the design of application content maturity rating policy,study of parental control software,detection of unhealthy advertisements or detection of unhealthy videos contained in a particular kids App.The designed system is specifically for inspecting unhealthy videos,advertisements,audio and other contents in all children Android Apps.The system can detect whether an App contains unhealthy contents,and extract these contents for users to understand why the App is judged as unhealthy.Exploit some Android Apps that obviously contain unhealthy contents to evaluate the system.The results show that its precision can reach 85.7%.Besides,use this system to inspect children Android Apps collected from Samsung,and the results prove that there are a large number of children Android Apps containing unhealthy contents,and existing application maturity rating policies are unreliable.3.Aiming at the privacy information leakage or stealing problem in Android mobile intelligent terminals,this paper designs an automatic detection tool named PVDetector to explore the situation that Apps contain four privacy violations in different Android application stores.These four violations include lacking privacy policy,collecting privacy before statement,lacking account cancellation service and stubborn permission request.Firstly,by analyzing the dynamic and static behaviors of some Android Apps,respectively extract the threat forms that can identify the above four privacy violations,and design the corresponding form matching methods.Then,exploit some problematic Apps to fine-tune these forms as well as methods,and use them to develop the PVDetector.Finally,utilize PVDetector to detect 16,162 Android Apps collected from 6 popular application stores including Xiaomi,Baidu,360,Tencent,Snap Pea and Google Play,as well as 3 special categories including smart home,smart vehicle and smart wear.The results display 9violations,such as a large number of malicious Apps containing privacy violations in these stores and categories.The results of a random inspection of 385 Apps show that Pvdetector’s detection accuracy can reach 93%. |
