| In recent years, Android smart phones gradually integrate into people’s lives. Like traditional mobile phones, people can make long-distance communication (sending text messages, call etc.) through Android smart phones. At the same time, Android smart phones provide more functions. They can make people entertain (playing games, listening to music, watching videos, etc.) and shop online and so on. Android smart phones bring convenience to people, but may have some security issues. Among which Android user privacy security is an increasingly important issue. There is some user privacy stored in Android mobile phones, such as text messages sended or received by users, telephone numbers and emails, payment password and data collected via sensor. If users’ information is stolen, it will bring some serious economic or spiritual losses to users.As a mobile and open platform, Android system provides some security mechanisms to protect user’s privacy, such as sandbox mechanism, file access control mechanism, permission mechanism and digital signature. When an application is installed in Android smart phones by user, System gives it a UID according to developer’s signature. This application enclosed in his environment has a private directory and can’t access equipment resources and other applications’ data. Some resources of system and applications can be accessed by application that has applied for appropriate permissions. In addition, data can be shared through ContentProvider interface or Intent object. Although Android system has security mechanisms to protect user privacy, it has a security risk of privacy leakage. Malicious applications use security vulnerabilities or functions of Android system to secretly steal user privacy. For example, applications secretly send location information through the network to the server without the knowledge of users or applications steal contacts through Content Provider interface.This paper summarizes privacy and the ways of privacy leakage from four perspectives that include privacy leakage in an application, privacy leakage between applications, privacy leakage in network transmission, and prvacy leakage resulting from sensors’ data. Relative to privacy leakage between applications, privacy leakage in an application is that an application steals privacy. Privacy leakage between applications is that an application gets another application’s data. Then this paper designs and implements6kinds of applications that steal user’s privacy. Accessing to the privacy in Intent object, accessing to ContentProvider and getting contacts through AIDL belong to privacy leakage between applications. ad libs stealing privacy, monitoring calls and intercepting messages belong to privacy leakage in an application. Finally, Based on protection of private data by user, this paper designs an application isolation system. Android users can flexibly add color to application with this system, and applications with different color tags belong to different groups. Accoriding to certain rules system decides whether to allow applications in different groups to communicate, which prevents privacy leakage caused by the communication between components in different applications. |
PDF Full Text Request