| With the development of science and technology, has been widely popular for mobile terminals, mobile terminals mobile phone operating system, Android operating system because of its advantages of open source, free, customized by mobile terminals used by the manufacturer. Android operating system widely used, also obtained the rapid development of mobile intelligent terminal market. When users use the Android operating system, through a simple learning can be easily mastered through the Android operating system, users can access the mobile Internet, quick access to real-time news, etc, will be able to use services provided by the large number of Internet companies.These days, many Internet companies not only provide basic services, but want to be able to share data with other developers, to provide users with a better user experience.Therefore, many Internet firms in the Android operating system platform to provide a third-party login services so that users using other applications do not need to register for a new account, and using third party land would be granted landing authorization mechanism for quick access, which greatly improves the user experience when using the new application.However, many vendors are providing third-party login services there could be security risks, once its been exploited by malicious applications will pose a great threat to consumers ’ privacy. For such problems, the paper companies such as Tencent, SINA decompile third-party login services provided by analysis, breaking its landing certification process, found that there were loopholes and completed on holes used and getting user permissions, Tencent, SINA also confirmed the existence of vulnerabilities. After further research on vulnerabilities, respectively against a third party login services SSO, Web login form and implement the solution, effectiveness, performance, and compatibility of the solutions were evaluated in three aspects, provide solution can solve the above the conclusion of attack. |
PDF Full Text Request