文獻信息文獻標題：AndroidSecurityIssuesandSolutions(Android安全問題和解決方案)文獻作者：KarthickSowndarajan，SumitraBinu文獻出處：《InternationalConferenceonInnovativeMechanismsforIndustryApplications(ICIMIA)》2017:686-689.字數統計：英文2199單詞，12157字符；中文3837漢字夕卜文文獻AndroidSecurityIssuesandSolutionsAbstractAndroidoperatingsystemusesthepermission-basedmodelwhichallowsAndroidapplicationstoaccessuserinformation,systeminformation,deviceinformationandexternalresourcesofSmartphone.ThedeveloperneedstodeclarethepermissionsfortheAndroidapplication.TheuserneedstoacceptthesepermissionsforsuccessfulinstallationofanAndroidapplication.Thesepermissionsaredeclarations.Atthetimeofinstallation,ifthepermissionsareallowedbytheuser,theappcanaccessresourcesandinformationanytime.Itneednotre-requestforpermissionsagain.AndroidOSissusceptibletovarioussecurityattacksduetoitsweaknessinsecurity.ThispapertellsaboutthemisuseofapppermissionsusingSharedUserID,howtwo-factorauthenticationsfailduetoinappropriateandimproperusageofapppermissionsusingspyware,datatheftinAndroidapplications,securitybreachesorattacksinAndroidandanalysisofAndroid,iOSandWindowsoperatingsystemregardingitssecurity.Keywords—Android;Permissions;SharedUserID;Security;DataTheft;Spyware;iOS;Windows.INTRODUCTIONAversatileworkingframework(OS)isprogrammingthatpermitscellphones,tabletPCs,anddifferentgadgetstorunapplicationsandprojects.Thereareseveraltypesofmobileoperatingsystemavailableinthemarket.ThecommonlyusedmobileoperatingsystemsareAndroid,iOS,WindowsandBlackBerryOS.TheAndroidworkingframeworkisanopensourceandsourcecodedischargebyGoogleunderApachepermitlicense,basedonLinux-Kerneldesignedforsmartphonesandtablets.Androidisoneofthemostpopularoperatingsystemsforsmartphones.Atthelastquarterof2016,thetotalnumberofapplicationsavailableinGoogleplaystorewas2.6Million,andatotalnumberofAndroidoperatingsystem-basedsmartphonessoldwas2.1Billion.ThemarketshareofAndroidinthefirstquarterof2016was84.1%whereasiOS,Windows,BlackBerry,andothershold14.8%,0.7%,0.2%and0.2%respectively.Therefore,itisclearthatAndroidhasthewidestmarketwhencomparedtoothersmobileoperatingsystems.iOS(iPhoneOS)developedbyAppleInc.andusedonlybyAppledevicessuchasiPhone,iPad,andiPodtouch.ItisthesecondmostpopularoperatingsystemnexttoAndroid.InAndroid,otherthangoogleplaystore,itispossibletoinstalltheapplicationsfromunknownsources.But,iniOS,theappscanbeonlyinstalledfromAppStore.ItisoneofthemajorsecuritybreachesinAndroid.DuetovarioussecuritybreachesinAndroid,attackersalreadyregardsmartphoneasthetargettostealpersonalinformationusingvariousmalware.In2013,MohdShahdiAhmadetal.indicatedtheanalysisofAndroidandiOSregardingsecurityanddeclarediOSmoresecurethanAndroid.In2014,A.Kauretal.indicatedthatitispossibletorevokegrantedpermissionsfromandroidapplication.TherestofthepaperorganizesasSectionIIdescribesvarioussecurityattacksonAndroidsuchaspermissionescalationattack,confuseddeputyattack,directcollisionattack,indirectcollisionattackandTOCTOU(TimeOfCheckandTimeofUse)attack.SectionIIIdescribesdifferenttypesofAndroidapppermissions,over-claimingofapppermissions,misuseofapppermissionsusingSharedUserIDandfailureoftwo-factorauthenticationinAndroid-basedsmartphonesduetospyware.SectionIVpresentsthecomparisonofsecuritybetweenAndroidandiOS.SectionVpresentstheproposedmethodtoavoidmisuseofapppermissionsandtheconclusionofthepaper.SECURITYATTACKSINANDROIDPermissionEscalationAttackItallowsamaliciousapplicationtocollaboratewithotherapplicationssoastoaccesscriticalresourceswithoutrequestingforcorrespondingpermissionsexplicitly.CollisionAttackAndroidsupportsshareduserID.Itisatechniquewhereintwoormoreapplicationsharethesameuseridsothattheycanaccessthepermissionswhicharegrantedtoeachother.Forexample,IfapplicationAhaspermissionstoREAD_CONTACTS,READ_PHONE_STATUSandBhaspermissionstoREAD_MESSAGES,LOCATION_ACCESS,ifboththeapplicationsusethesameuseridSHAREDUSERID,thenitispossibleforapplicationAtousethepermissionsgrantedtoitselfandthepermissionsgrantedtoB.Similarly,itispossibleforapplicationBtousethepermissionsgrantedtoitselfandthepermissionsgrantedtoA.EveryAndroidapplicationhasuniqueIDthatisitspackagename.AndroidsupportssharedUserID.ItisanattributeinAndroidManifest.xmlfile.Ifthisattributeassignedwiththesamevalueintwoormoreapplicationsandifthesamecertificatesignstheseapplications.Theycanaccesspermissionsgrantedtoeachother.Collisionattackhasbeenclassifiedasdirectcollisionattackandindirectcollisionattack.Adirectcollisionattackiswhereinapplicationcommunicatesdirectly.InIndirectcollisionattackapplicationcommunicatesviathirdpartyapplicationorcomponent.TimeofCheckandTimeofUseAttackThemainreasonforTOCTOUAttackisnamingcollision.Nonamingruleorconstraintisappliedtoanewpermissiondeclaration.Moreover,permissionsinAndroidarerepresentedasstrings,andanytwopermissionswiththesamenamestringaretreatedasequivalenteveniftheybelongtoseparateapplications.SpywareSpywareisatypeofmalware.Itisanapkfilewhichisdownloadedautomaticallywhentheuservisitsmaliciouswebsiteandappsinstalledfromunknownsources.InAndroid,otherthangoogleplaystore,itispossibletoinstalltheapplicationsfromunknownsources.SpywareisoneofthemainreasonsformajorsecuritythreatsinAndroidoperatingsystem.UNDERSTANDINGPERMISSIONSTheAndroidoperatingsystemusesthepermission-basedmodeltoaccessvariousresourcesandinformation.Thesepermissionsarenotrequests;theyaredeclarations.ThesepermissionsaredeclaredinAndroidManifest.xmlfile.Oncethepermissionsaregranted,thepermissionsremainstaticforAndroidversionslessthan6.But,inAndroidversions,7.0andhighertheapppermissionsareclassifiedintonormalpermissionsanddangerouspermissions.NormalPermissionsNormalpermissionsdon'tspecificallyhazardtheclient'sprivacy.NormalpermissionsneednotbedeclaredintheAndroidManifest.xmlfile.Thesepermissionsaregrantedautomatically.Example:KILL_BACKGROUND_PROCESSESSET_WALLPAPERUNINSTALL_SHORTCUTWRITE_SYNC_SETTINGSDangerousPermissionsDangerousPermissionscanaccesscriticalresourcesofthemobile.Dangerouspermissionscangivetheappaccesstotheuser'sconfidentialdata.Ifapplistsanormalpermissioninitsmanifest,thesystemgrantsthepermissionautomatically.Ifapplistadangerouspermission,theuserhastoexplicitlygiveapprovalfortheappforthesuccessfulinstallationoftheapp.Example:CONTACTSREAD_CONTACTS,WRITE_CONTACTS,GET_ACCOUNTSLOCATIONACCESS_FINE_LOCATION,ACCESS_COARSE_LOCATIONSMSSEND_SMSRECEIVE_SMS,READ_SMS,RECEIVE_WAP_PUSH,RECEIVE_MMSSTORAGEREAD_EXTERNAL_STORAGE,WRITE_EXTERNAL_STORAGEAndroidMarshmallow6.0hasclassifiedthepermissionsintonormalanddangerouspermissions.Whenevertheappneedstousedangerouspermissions,itexplicitlyaskstheusertoconfirmwiththepermission.Thus,Android6.0andhigherversionsprovideexplicitpermissionnotificationtoaccesscriticalresources.But,Marshmallowisavailableonlyon1.2percentofAndroiddevices.TheAndroidoperatingsystemupdatesarenotavailableformostoftheolderdevices.Therefore,securitythreatsrelatedtoapppermissionsarestillnotsolved.CeApplicationSandboxingAndroidusesapplicationsandboxingwhichisusedtolimittheapplicationtoaccesstheresources.Ifanappneedstoaccesstheresourcesoutsideofitssandbox,itneedstorequesttheappropriatepermission.Over-claimingofapplicationpermissionsThepermissionswhichmaynotberequiredfortheapp,buttheapplicationrequestfortheparticularpermission,thisiscalledoverclaimingofpermissions.Itisthedeclarationtouseirrelevantpermissionsthatarenotatallrequiredfortheapplication.Itisthemainreasonfordatatheftinandroidapplication.Theinformationiscollectedandsenttotheconcernedpeople.Thedeveloper’softheappmakesmoneybysellingthisinformation.Severalthirdpartiesbuythisinformationforvariousreasonslikedataminingetc.,Forexample,inFlashLightAndroidapppermissionisgivenforfullinternetaccess.Itisirrelevantforflashlightapplicationtohaveinternetaccess.AshmeetKauretal.developedaframeworkwhereinitispossibletoremovetheunnecessarypermissionsfromtheapp,oncetheapphasbeensuccessfullyinstalled.MisuseofApppermissionsandfailureoftwo-factorauthenticationDuetomisuseofvariousapppermissions,itispossibleforvarioussecuritythreats.Amongvariousthreats,itispossibleforAndroidapplicationstoreadmessages,sendmessages.SMSisacommonandbasicfunctionalityintraditionalmobileandsmartphone.Allconfidentialinformationbasedontwo-factorauthenticationhasbeensentasatextmessage.Forexample,variousbanks,onlinewebsites,etc.,usetwo-factorauthentications.Themainobjectiveoftwo-factorauthenticationistoincreasethesecurityandintegrityfortheusersandtoavoidvarioussecurityattacksthatarebasedontraditionalusernameandpasswordapproach.But,eventhismethodfails,ifmalwareinstalledinasmartphoneorduetooverclaimpermissionapps.Ifthehackerhacksusernameandpasswordoftheuserusingvarioushackingtechniques,thefirstlevelofauthenticationarecompromisedandthentheOTP(OneTimePassword)isbeingsenttotheuser.IftheapplicationormalwarethatisbeinginstalledinSmartphonethenitispossiblefortheappormalwaretoreadmessagesandsendtheinformationtothehackerwithouttheknowledgeoftheuser.So,eventwo-factorauthenticationfails.^COMPARISONOFANDROIDANDIOSAeApplicationDownloadsTheAndroidapplicationscanbedownloadedfromgoogleplaystoreandunknownsources.Androidusescrowdsourcingwhichisbasedonusercommentsandratingoftheapp.Ifenoughuserscomplainabouttheapp,thenitwillberemovedanddeactivatedremotely.TheiOSapplicationscanbedownloadedonlyfromiOSAppStore.ItisnotpossibletodownloadandinstalliOSapplicationsotherthanAppStore.AlltheapplicationsavailableiniOShavebeenproperlycheckedforvarioussecurityissuesinthesourcecodeandafterverifyingitthenitisavailableintheAppStore.B.SigningTechnologySelfSigningisusedinAndroid.TheAndroiddischargeframeworkrequiresthatallapplicationsintroducedonclientgadgetsarecarefullymarkedwithdeclarationswhoseprivatekeysareheldbythedesigneroftheapplications.TheendorsementspermittheAndroidframeworktorecognizethecreatorofanapplicationandsetuptrustconnectionsamongstdesignersandtheirapplications.Theendorsementsarenotusedtocontrolwhichapplicationstheclientcanandcan'tintroduce.CodesigningusediniOS.Itappassuresusersthatitisfromaknownsourceandtheapphasn’tbeenmodifiedsinceitwaslastsigned.Beforepublishinganapp,theapphastobesubmittedtoAppleInc.forapproval.Applesignstheappaftercheckingthecodeforanymaliciouscode.Ifanappissignedthen,anychangestotheappcanbeeasilytracked.InterprocessCommunicationAndroidsupportsinterprocesscommunicationamongitsapplications.AppleiOSdoesnotsupportinter-processcommunicationamongitsapplications.OpenSourceandClosedSourceAndroidisopensource.Inthisguideline,opensourceprogrammingimpliesthesourcecodeismadeaccessibleonanallinclusivelevel.Thethoughtistoopenuptheproducttothegeneralpopulation,makingamasscoordinatedeffortthatoutcomesintheproductbeingcontinuallyupgraded,settled,enhanced,anddeveloped.Apple’siOSisclosedsource.Withclosedsourcesoftware,thesourcecodeisfirmlywatched,regularlyinlightofthefactthatit'sviewedasaprizedformulathatmakesshortageandkeepstheassociationaggressive.Suchprojectsaccompanylimitationsagainstchangingtheproductorutilizingitincoursesintendedbythefirstmakers.MemoryRandomizationItisatechniquewhereintheinformationabouttheapplicationisstoredonthediskintherandomaddresswhichhasbeengenerated.Thisreducesthesecuritythreatssincemaliciouscodeandattackerneedstofindtheexactlocationwheretheinformationisbeingstored.ThistechniqueisusedbybothiOSandAndroidOS.StorageDataofapplicationisstoredeitherininternalstorageorexternalstorage.ForAndroid,theinformationcanbestoredinbothbuiltinstorageandexternalstorage.But,iOSdoesnotsupportexternalstorage.Ithasonlyinternalstoragetoreducevarioussecuritythreatsandfasterprocessing.V.PROPOSEDMETHODAndroidshareduserIDisoneofthemajorreasonsformisusingapppermissions.DuetoshareduserIDpermissionsgrantedtooneappcanaccesspermissionsgrantedbyanotherappifandonlyifbothhastheshareduserIDvaluesetsameandsignedbythesamecertificate.Theusersarenotawareofwhichapplicationsaremisusingthepermissions.Intheproposedmethod,anAndroidsecuritytoolisdeveloped.Thisprocedureincludessixsteps:?ListalltheapplicationsbasedonitsappIDthatisitspackagename.?ListalltheapplicationsforwhichsharedUserIDisset.?ComparealltheapplicationswitheverysharedUserIDsetapp.?Listthefinalizedapps.?ProvidesexplicitnotificationtotheuserwhenthesharedUserIDapptriestoaccessthepermissionswithotherapps.?DisplaytheresourcesusedbyshareduserIDappsbythesecuritytoolapp.VI.CONCLUSIONAndroidismostwidelyusedmobileoperatingsystem.ImprovisingthesecurityofanAndroidOSisveryimportanttosafeguardtheuser'sprivacyandconfidentialinformation.Inthisstudy,itwasshownhowtoavoidmisusingapppermissions.中文譯文Android安全問題和解決方案摘要Android操作系統采用基于權限的模式，允許Android應用程序訪問智能手機的用戶信息、系統信息、設備信息和外部資源。開發人員需要聲明Android應用程序的權限。用戶需要接受這些權限才能成功安裝Android應用程序。這些權限是聲明。在安裝時，如果用戶允許權限，則應用程序可以隨時訪問資源和信息。它不需要再次請求權限。由于Android操作系統在安全性方面的弱點，它很容易受到各種安全攻擊。本文介紹了使用共享用戶ID濫用應用程序權限、由于間諜軟件對應用程序權限的不當和不正確使用而導致的雙因素身份驗證失敗、Android應用程序中的數據被盜、Android中的安全漏洞或攻擊，以及Android、iOS和Windows操作系統的安全性分析。關鍵詞一Android；權限；共享用戶ID；安全性；數據竊取；間諜軟件；iOS；Windows。簡介通用的運行框架(OS)是一種允許手機、平板電腦和不同的設備運行應用程序和項目的編程。市場上有幾種類型的移動操作系統。常用的移動操作系統是Android、iOS、Windows和BlackBerryOSoAndroid運行框架是Google在Apache許可下發布的開放源代碼和源代碼，基于Linux內核，專為智能手機和平板電腦而設計的。Android是最流行的智能手機操作系統之一。截至2016年第四季度，GooglePlayStore中可用的應用程序總數為260萬，而基于Android操作系統的智能手機銷售總量為21億。2016年第一季度，Android的市場份額為84.1%，而iOS、Windows、BlackBerry和其他操作系統分別占14.8%、0.7%、0.2%和0.2%。因此，與其他移動操作系統相比，Android顯然擁有最廣泛的市場。iOS(iPhoneOS)由蘋果公司開發，僅供iPhone、iPad和iPodtouch等蘋果設備使用。它是僅次于Android的第二大流行操作系統。在Android中，除了GooglePlayStore之外，還可以從未知來源安裝應用程序。但是，在 iOS中，應用程序只能從AppStore安裝。這是Android的主要安全漏洞之一。由于Android的各種安全漏洞，攻擊者已經將智能手機作為利用各種惡意軟件竊取個人信息的目標。2013年，MohdShahdiAhmad等人指出了Android和iOS在安全方面的分析，并宣布iOS比Android更安全。2014年，A.Kaur等人表明可以撤銷Android應用程序授予的權限。本文的其余部分組織為，第2節描述了Android上的各種安全攻擊，如權限提升攻擊、混淆代理人攻擊、直接共謀攻擊、間接共謀攻擊和TOCTOU(檢查時間和使用時間)攻擊。第3節介紹了不同類型的Android應用程序權限、應用程序權限聲明過多、使用共享用戶ID濫用應用程序權限，以及基于Android的智能手機由于間諜軟件的雙因素身份認證失敗。第4節對Android和iOS的安全性進行了比較。第5節提出了避免應用程序權限被濫用的方法，弟6借為本文的結論。Android中的安全攻擊權限提升攻擊它允許惡意應用程序與其他應用程序協作，以便在不明確請求相應權限的情況下訪問關鍵資源。共謀攻擊Android支持共享用戶ID。這是一種技術，其中兩個或多個應用程序共享同一個用戶ID，以便它們可以訪問彼此授予的權限。例如，如果應用程序A具有READ_CONTACTS、READ_PHONE_STATUS權限和B具有READ_MESSAGES、LOCATION_ACCESS權限，如果這兩個應用程序都使用相同的用戶ID，即共享用戶ID，則應用程序A可以使用授予其自身的權限和授予B的權限。同樣，應用程序B也可以使用授予自身的權限和授予A的權限。每個Android應用程序都有唯一的ID，即它的包名。Android支持共享用戶ID。它是AndroidManifest.xml文件中的一個屬性。如果此屬性在兩個或多個應用程序中分配了相同的值，并且相同的證書對這些應用程序進行簽名。它們可以訪問彼此授予的權限。共謀攻擊被分類為直接共謀攻擊和間接共謀攻擊。直接共謀攻擊在應用程序中直接通信。在間接共謀攻擊中，應用程序通過第三方應用程序或組件進行通信。檢查時間和使用時間攻擊TOCTOU攻擊的主要原因是命名沖突。沒有將命名規則或約束應用于新的權限聲明。此外，Android中的權限表示為字符串，具有相同名稱字符串的任何兩個權限都被視為等效權限，即使它們屬于不同的應用程序。間諜軟件間諜軟件是一種惡意軟件。這是一個apk文件，當用戶訪問惡意網站和從未知來源安裝應用程序時，會自動下載該文件。在Android中，除了GooglePlayStore之外，還可以安裝來自未知來源的應用程序。間諜軟件是Android操作系統面臨重大安全威脅的主要原因之一。了解權限這些權限不是請求；它們是聲明。這些權限在AndroidManifest.xml文件中聲明。一旦授予了權限，對于Android版本小于6的版本，權限將保持靜態。但是，在Android版本中，7.0及以上的應用程序權限分為正常權限和危險權限。正常權限正常權限不會特別危害客戶的隱私。正常權限不需要在AndroidManifest.xml文件中聲明。這些權限是自動授予的。例如：KILL_BACKGROUND_PROCESSESSET_WALLPAPERUNINSTALL_SHORTCUTWRITE_SYNC_SETTINGSB危險權限危險權限可以訪問移動設備的關鍵資源。危險權限允許應用程序訪問用戶的機密數據。如果應用程序在其清單中列出了正常權限，系統將自動授予該權限。如果應用程序列出了危險權限，則用戶必須明確批準該應用程序才能成功安裝。例如：聯系方式READ_CONTACTS，WRITE_CONTACTS，GET_ACCOUNTS位置ACCESS_FINE_LOCATION，ACCESS_COARSE_LOCATION短訊服務SEND_SMS，RECEIVE_SMS，READ_SMS，RECEIVE_WAP_PUSH，RECEIVE_MMS存儲READ_EXTERNAL_STORAGE，WRITE_EXTERNAL_STORAGEAndroid6.0Marshmallow已將權限分為正常和危險權限。每當應用程序需要使用危險權限時，它都會明確要求用戶對使用該權限進行確認。因此，Android6.0及更高版本為訪問關鍵資源提供了明確的權限通知。但是，Marshmlow只在1.2%的Android設備上可用。Android操作系統更新不適用于大多數較舊的設備。因此，與應用程序權限相關的安全威脅仍未解決。C.應用程序沙盒Android使用應用程序沙盒來限制應用程序訪問資源。如果應用程序需要訪問其沙箱外的資源，則需要請求相應的權限。應用程序權限的過度聲明權限可能不是應用程序所需要的，但應用程序還是請求特定的權限，這是對權限的過度聲明。它是使用與應用程序完全不需要的無關權限的聲