安卓系統(tǒng)安全問(wèn)題外文翻譯文獻(xiàn)_第1頁(yè)
安卓系統(tǒng)安全問(wèn)題外文翻譯文獻(xiàn)_第2頁(yè)
安卓系統(tǒng)安全問(wèn)題外文翻譯文獻(xiàn)_第3頁(yè)
安卓系統(tǒng)安全問(wèn)題外文翻譯文獻(xiàn)_第4頁(yè)
安卓系統(tǒng)安全問(wèn)題外文翻譯文獻(xiàn)_第5頁(yè)
已閱讀5頁(yè),還剩9頁(yè)未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說(shuō)明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

文獻(xiàn)信息文獻(xiàn)標(biāo)題:AndroidSecurityIssuesandSolutions(Android安全問(wèn)題和解決方案)文獻(xiàn)作者:KarthickSowndarajan,SumitraBinu文獻(xiàn)出處:《InternationalConferenceonInnovativeMechanismsforIndustryApplications(ICIMIA)》2017:686-689.字?jǐn)?shù)統(tǒng)計(jì):英文2199單詞,12157字符;中文3837漢字夕卜文文獻(xiàn)AndroidSecurityIssuesandSolutionsAbstractAndroidoperatingsystemusesthepermission-basedmodelwhichallowsAndroidapplicationstoaccessuserinformation,systeminformation,deviceinformationandexternalresourcesofSmartphone.ThedeveloperneedstodeclarethepermissionsfortheAndroidapplication.TheuserneedstoacceptthesepermissionsforsuccessfulinstallationofanAndroidapplication.Thesepermissionsaredeclarations.Atthetimeofinstallation,ifthepermissionsareallowedbytheuser,theappcanaccessresourcesandinformationanytime.Itneednotre-requestforpermissionsagain.AndroidOSissusceptibletovarioussecurityattacksduetoitsweaknessinsecurity.ThispapertellsaboutthemisuseofapppermissionsusingSharedUserID,howtwo-factorauthenticationsfailduetoinappropriateandimproperusageofapppermissionsusingspyware,datatheftinAndroidapplications,securitybreachesorattacksinAndroidandanalysisofAndroid,iOSandWindowsoperatingsystemregardingitssecurity.Keywords—Android;Permissions;SharedUserID;Security;DataTheft;Spyware;iOS;Windows.INTRODUCTIONAversatileworkingframework(OS)isprogrammingthatpermitscellphones,tabletPCs,anddifferentgadgetstorunapplicationsandprojects.Thereareseveraltypesofmobileoperatingsystemavailableinthemarket.ThecommonlyusedmobileoperatingsystemsareAndroid,iOS,WindowsandBlackBerryOS.TheAndroidworkingframeworkisanopensourceandsourcecodedischargebyGoogleunderApachepermitlicense,basedonLinux-Kerneldesignedforsmartphonesandtablets.Androidisoneofthemostpopularoperatingsystemsforsmartphones.Atthelastquarterof2016,thetotalnumberofapplicationsavailableinGoogleplaystorewas2.6Million,andatotalnumberofAndroidoperatingsystem-basedsmartphonessoldwas2.1Billion.ThemarketshareofAndroidinthefirstquarterof2016was84.1%whereasiOS,Windows,BlackBerry,andothershold14.8%,0.7%,0.2%and0.2%respectively.Therefore,itisclearthatAndroidhasthewidestmarketwhencomparedtoothersmobileoperatingsystems.iOS(iPhoneOS)developedbyAppleInc.andusedonlybyAppledevicessuchasiPhone,iPad,andiPodtouch.ItisthesecondmostpopularoperatingsystemnexttoAndroid.InAndroid,otherthangoogleplaystore,itispossibletoinstalltheapplicationsfromunknownsources.But,iniOS,theappscanbeonlyinstalledfromAppStore.ItisoneofthemajorsecuritybreachesinAndroid.DuetovarioussecuritybreachesinAndroid,attackersalreadyregardsmartphoneasthetargettostealpersonalinformationusingvariousmalware.In2013,MohdShahdiAhmadetal.indicatedtheanalysisofAndroidandiOSregardingsecurityanddeclarediOSmoresecurethanAndroid.In2014,A.Kauretal.indicatedthatitispossibletorevokegrantedpermissionsfromandroidapplication.TherestofthepaperorganizesasSectionIIdescribesvarioussecurityattacksonAndroidsuchaspermissionescalationattack,confuseddeputyattack,directcollisionattack,indirectcollisionattackandTOCTOU(TimeOfCheckandTimeofUse)attack.SectionIIIdescribesdifferenttypesofAndroidapppermissions,over-claimingofapppermissions,misuseofapppermissionsusingSharedUserIDandfailureoftwo-factorauthenticationinAndroid-basedsmartphonesduetospyware.SectionIVpresentsthecomparisonofsecuritybetweenAndroidandiOS.SectionVpresentstheproposedmethodtoavoidmisuseofapppermissionsandtheconclusionofthepaper.SECURITYATTACKSINANDROIDPermissionEscalationAttackItallowsamaliciousapplicationtocollaboratewithotherapplicationssoastoaccesscriticalresourceswithoutrequestingforcorrespondingpermissionsexplicitly.CollisionAttackAndroidsupportsshareduserID.Itisatechniquewhereintwoormoreapplicationsharethesameuseridsothattheycanaccessthepermissionswhicharegrantedtoeachother.Forexample,IfapplicationAhaspermissionstoREAD_CONTACTS,READ_PHONE_STATUSandBhaspermissionstoREAD_MESSAGES,LOCATION_ACCESS,ifboththeapplicationsusethesameuseridSHAREDUSERID,thenitispossibleforapplicationAtousethepermissionsgrantedtoitselfandthepermissionsgrantedtoB.Similarly,itispossibleforapplicationBtousethepermissionsgrantedtoitselfandthepermissionsgrantedtoA.EveryAndroidapplicationhasuniqueIDthatisitspackagename.AndroidsupportssharedUserID.ItisanattributeinAndroidManifest.xmlfile.Ifthisattributeassignedwiththesamevalueintwoormoreapplicationsandifthesamecertificatesignstheseapplications.Theycanaccesspermissionsgrantedtoeachother.Collisionattackhasbeenclassifiedasdirectcollisionattackandindirectcollisionattack.Adirectcollisionattackiswhereinapplicationcommunicatesdirectly.InIndirectcollisionattackapplicationcommunicatesviathirdpartyapplicationorcomponent.TimeofCheckandTimeofUseAttackThemainreasonforTOCTOUAttackisnamingcollision.Nonamingruleorconstraintisappliedtoanewpermissiondeclaration.Moreover,permissionsinAndroidarerepresentedasstrings,andanytwopermissionswiththesamenamestringaretreatedasequivalenteveniftheybelongtoseparateapplications.SpywareSpywareisatypeofmalware.Itisanapkfilewhichisdownloadedautomaticallywhentheuservisitsmaliciouswebsiteandappsinstalledfromunknownsources.InAndroid,otherthangoogleplaystore,itispossibletoinstalltheapplicationsfromunknownsources.SpywareisoneofthemainreasonsformajorsecuritythreatsinAndroidoperatingsystem.UNDERSTANDINGPERMISSIONSTheAndroidoperatingsystemusesthepermission-basedmodeltoaccessvariousresourcesandinformation.Thesepermissionsarenotrequests;theyaredeclarations.ThesepermissionsaredeclaredinAndroidManifest.xmlfile.Oncethepermissionsaregranted,thepermissionsremainstaticforAndroidversionslessthan6.But,inAndroidversions,7.0andhighertheapppermissionsareclassifiedintonormalpermissionsanddangerouspermissions.NormalPermissionsNormalpermissionsdon'tspecificallyhazardtheclient'sprivacy.NormalpermissionsneednotbedeclaredintheAndroidManifest.xmlfile.Thesepermissionsaregrantedautomatically.Example:KILL_BACKGROUND_PROCESSESSET_WALLPAPERUNINSTALL_SHORTCUTWRITE_SYNC_SETTINGSDangerousPermissionsDangerousPermissionscanaccesscriticalresourcesofthemobile.Dangerouspermissionscangivetheappaccesstotheuser'sconfidentialdata.Ifapplistsanormalpermissioninitsmanifest,thesystemgrantsthepermissionautomatically.Ifapplistadangerouspermission,theuserhastoexplicitlygiveapprovalfortheappforthesuccessfulinstallationoftheapp.Example:CONTACTSREAD_CONTACTS,WRITE_CONTACTS,GET_ACCOUNTSLOCATIONACCESS_FINE_LOCATION,ACCESS_COARSE_LOCATIONSMSSEND_SMSRECEIVE_SMS,READ_SMS,RECEIVE_WAP_PUSH,RECEIVE_MMSSTORAGEREAD_EXTERNAL_STORAGE,WRITE_EXTERNAL_STORAGEAndroidMarshmallow6.0hasclassifiedthepermissionsintonormalanddangerouspermissions.Whenevertheappneedstousedangerouspermissions,itexplicitlyaskstheusertoconfirmwiththepermission.Thus,Android6.0andhigherversionsprovideexplicitpermissionnotificationtoaccesscriticalresources.But,Marshmallowisavailableonlyon1.2percentofAndroiddevices.TheAndroidoperatingsystemupdatesarenotavailableformostoftheolderdevices.Therefore,securitythreatsrelatedtoapppermissionsarestillnotsolved.CeApplicationSandboxingAndroidusesapplicationsandboxingwhichisusedtolimittheapplicationtoaccesstheresources.Ifanappneedstoaccesstheresourcesoutsideofitssandbox,itneedstorequesttheappropriatepermission.Over-claimingofapplicationpermissionsThepermissionswhichmaynotberequiredfortheapp,buttheapplicationrequestfortheparticularpermission,thisiscalledoverclaimingofpermissions.Itisthedeclarationtouseirrelevantpermissionsthatarenotatallrequiredfortheapplication.Itisthemainreasonfordatatheftinandroidapplication.Theinformationiscollectedandsenttotheconcernedpeople.Thedeveloper’softheappmakesmoneybysellingthisinformation.Severalthirdpartiesbuythisinformationforvariousreasonslikedataminingetc.,Forexample,inFlashLightAndroidapppermissionisgivenforfullinternetaccess.Itisirrelevantforflashlightapplicationtohaveinternetaccess.AshmeetKauretal.developedaframeworkwhereinitispossibletoremovetheunnecessarypermissionsfromtheapp,oncetheapphasbeensuccessfullyinstalled.MisuseofApppermissionsandfailureoftwo-factorauthenticationDuetomisuseofvariousapppermissions,itispossibleforvarioussecuritythreats.Amongvariousthreats,itispossibleforAndroidapplicationstoreadmessages,sendmessages.SMSisacommonandbasicfunctionalityintraditionalmobileandsmartphone.Allconfidentialinformationbasedontwo-factorauthenticationhasbeensentasatextmessage.Forexample,variousbanks,onlinewebsites,etc.,usetwo-factorauthentications.Themainobjectiveoftwo-factorauthenticationistoincreasethesecurityandintegrityfortheusersandtoavoidvarioussecurityattacksthatarebasedontraditionalusernameandpasswordapproach.But,eventhismethodfails,ifmalwareinstalledinasmartphoneorduetooverclaimpermissionapps.Ifthehackerhacksusernameandpasswordoftheuserusingvarioushackingtechniques,thefirstlevelofauthenticationarecompromisedandthentheOTP(OneTimePassword)isbeingsenttotheuser.IftheapplicationormalwarethatisbeinginstalledinSmartphonethenitispossiblefortheappormalwaretoreadmessagesandsendtheinformationtothehackerwithouttheknowledgeoftheuser.So,eventwo-factorauthenticationfails.^COMPARISONOFANDROIDANDIOSAeApplicationDownloadsTheAndroidapplicationscanbedownloadedfromgoogleplaystoreandunknownsources.Androidusescrowdsourcingwhichisbasedonusercommentsandratingoftheapp.Ifenoughuserscomplainabouttheapp,thenitwillberemovedanddeactivatedremotely.TheiOSapplicationscanbedownloadedonlyfromiOSAppStore.ItisnotpossibletodownloadandinstalliOSapplicationsotherthanAppStore.AlltheapplicationsavailableiniOShavebeenproperlycheckedforvarioussecurityissuesinthesourcecodeandafterverifyingitthenitisavailableintheAppStore.B.SigningTechnologySelfSigningisusedinAndroid.TheAndroiddischargeframeworkrequiresthatallapplicationsintroducedonclientgadgetsarecarefullymarkedwithdeclarationswhoseprivatekeysareheldbythedesigneroftheapplications.TheendorsementspermittheAndroidframeworktorecognizethecreatorofanapplicationandsetuptrustconnectionsamongstdesignersandtheirapplications.Theendorsementsarenotusedtocontrolwhichapplicationstheclientcanandcan'tintroduce.CodesigningusediniOS.Itappassuresusersthatitisfromaknownsourceandtheapphasn’tbeenmodifiedsinceitwaslastsigned.Beforepublishinganapp,theapphastobesubmittedtoAppleInc.forapproval.Applesignstheappaftercheckingthecodeforanymaliciouscode.Ifanappissignedthen,anychangestotheappcanbeeasilytracked.InterprocessCommunicationAndroidsupportsinterprocesscommunicationamongitsapplications.AppleiOSdoesnotsupportinter-processcommunicationamongitsapplications.OpenSourceandClosedSourceAndroidisopensource.Inthisguideline,opensourceprogrammingimpliesthesourcecodeismadeaccessibleonanallinclusivelevel.Thethoughtistoopenuptheproducttothegeneralpopulation,makingamasscoordinatedeffortthatoutcomesintheproductbeingcontinuallyupgraded,settled,enhanced,anddeveloped.Apple’siOSisclosedsource.Withclosedsourcesoftware,thesourcecodeisfirmlywatched,regularlyinlightofthefactthatit'sviewedasaprizedformulathatmakesshortageandkeepstheassociationaggressive.Suchprojectsaccompanylimitationsagainstchangingtheproductorutilizingitincoursesintendedbythefirstmakers.MemoryRandomizationItisatechniquewhereintheinformationabouttheapplicationisstoredonthediskintherandomaddresswhichhasbeengenerated.Thisreducesthesecuritythreatssincemaliciouscodeandattackerneedstofindtheexactlocationwheretheinformationisbeingstored.ThistechniqueisusedbybothiOSandAndroidOS.StorageDataofapplicationisstoredeitherininternalstorageorexternalstorage.ForAndroid,theinformationcanbestoredinbothbuiltinstorageandexternalstorage.But,iOSdoesnotsupportexternalstorage.Ithasonlyinternalstoragetoreducevarioussecuritythreatsandfasterprocessing.V.PROPOSEDMETHODAndroidshareduserIDisoneofthemajorreasonsformisusingapppermissions.DuetoshareduserIDpermissionsgrantedtooneappcanaccesspermissionsgrantedbyanotherappifandonlyifbothhastheshareduserIDvaluesetsameandsignedbythesamecertificate.Theusersarenotawareofwhichapplicationsaremisusingthepermissions.Intheproposedmethod,anAndroidsecuritytoolisdeveloped.Thisprocedureincludessixsteps:?ListalltheapplicationsbasedonitsappIDthatisitspackagename.?ListalltheapplicationsforwhichsharedUserIDisset.?ComparealltheapplicationswitheverysharedUserIDsetapp.?Listthefinalizedapps.?ProvidesexplicitnotificationtotheuserwhenthesharedUserIDapptriestoaccessthepermissionswithotherapps.?DisplaytheresourcesusedbyshareduserIDappsbythesecuritytoolapp.VI.CONCLUSIONAndroidismostwidelyusedmobileoperatingsystem.ImprovisingthesecurityofanAndroidOSisveryimportanttosafeguardtheuser'sprivacyandconfidentialinformation.Inthisstudy,itwasshownhowtoavoidmisusingapppermissions.中文譯文Android安全問(wèn)題和解決方案摘要Android操作系統(tǒng)采用基于權(quán)限的模式,允許Android應(yīng)用程序訪問(wèn)智能手機(jī)的用戶信息、系統(tǒng)信息、設(shè)備信息和外部資源。開(kāi)發(fā)人員需要聲明Android應(yīng)用程序的權(quán)限。用戶需要接受這些權(quán)限才能成功安裝Android應(yīng)用程序。這些權(quán)限是聲明。在安裝時(shí),如果用戶允許權(quán)限,則應(yīng)用程序可以隨時(shí)訪問(wèn)資源和信息。它不需要再次請(qǐng)求權(quán)限。由于Android操作系統(tǒng)在安全性方面的弱點(diǎn),它很容易受到各種安全攻擊。本文介紹了使用共享用戶ID濫用應(yīng)用程序權(quán)限、由于間諜軟件對(duì)應(yīng)用程序權(quán)限的不當(dāng)和不正確使用而導(dǎo)致的雙因素身份驗(yàn)證失敗、Android應(yīng)用程序中的數(shù)據(jù)被盜、Android中的安全漏洞或攻擊,以及Android、iOS和Windows操作系統(tǒng)的安全性分析。關(guān)鍵詞一Android;權(quán)限;共享用戶ID;安全性;數(shù)據(jù)竊?。婚g諜軟件;iOS;Windows。簡(jiǎn)介通用的運(yùn)行框架(OS)是一種允許手機(jī)、平板電腦和不同的設(shè)備運(yùn)行應(yīng)用程序和項(xiàng)目的編程。市場(chǎng)上有幾種類型的移動(dòng)操作系統(tǒng)。常用的移動(dòng)操作系統(tǒng)是Android、iOS、Windows和BlackBerryOSoAndroid運(yùn)行框架是Google在Apache許可下發(fā)布的開(kāi)放源代碼和源代碼,基于Linux內(nèi)核,專為智能手機(jī)和平板電腦而設(shè)計(jì)的。Android是最流行的智能手機(jī)操作系統(tǒng)之一。截至2016年第四季度,GooglePlayStore中可用的應(yīng)用程序總數(shù)為260萬(wàn),而基于Android操作系統(tǒng)的智能手機(jī)銷售總量為21億。2016年第一季度,Android的市場(chǎng)份額為84.1%,而iOS、Windows、BlackBerry和其他操作系統(tǒng)分別占14.8%、0.7%、0.2%和0.2%。因此,與其他移動(dòng)操作系統(tǒng)相比,Android顯然擁有最廣泛的市場(chǎng)。iOS(iPhoneOS)由蘋果公司開(kāi)發(fā),僅供iPhone、iPad和iPodtouch等蘋果設(shè)備使用。它是僅次于Android的第二大流行操作系統(tǒng)。在Android中,除了GooglePlayStore之外,還可以從未知來(lái)源安裝應(yīng)用程序。但是,在 iOS中,應(yīng)用程序只能從AppStore安裝。這是Android的主要安全漏洞之一。由于Android的各種安全漏洞,攻擊者已經(jīng)將智能手機(jī)作為利用各種惡意軟件竊取個(gè)人信息的目標(biāo)。2013年,MohdShahdiAhmad等人指出了Android和iOS在安全方面的分析,并宣布iOS比Android更安全。2014年,A.Kaur等人表明可以撤銷Android應(yīng)用程序授予的權(quán)限。本文的其余部分組織為,第2節(jié)描述了Android上的各種安全攻擊,如權(quán)限提升攻擊、混淆代理人攻擊、直接共謀攻擊、間接共謀攻擊和TOCTOU(檢查時(shí)間和使用時(shí)間)攻擊。第3節(jié)介紹了不同類型的Android應(yīng)用程序權(quán)限、應(yīng)用程序權(quán)限聲明過(guò)多、使用共享用戶ID濫用應(yīng)用程序權(quán)限,以及基于Android的智能手機(jī)由于間諜軟件的雙因素身份認(rèn)證失敗。第4節(jié)對(duì)Android和iOS的安全性進(jìn)行了比較。第5節(jié)提出了避免應(yīng)用程序權(quán)限被濫用的方法,弟6借為本文的結(jié)論。Android中的安全攻擊權(quán)限提升攻擊它允許惡意應(yīng)用程序與其他應(yīng)用程序協(xié)作,以便在不明確請(qǐng)求相應(yīng)權(quán)限的情況下訪問(wèn)關(guān)鍵資源。共謀攻擊Android支持共享用戶ID。這是一種技術(shù),其中兩個(gè)或多個(gè)應(yīng)用程序共享同一個(gè)用戶ID,以便它們可以訪問(wèn)彼此授予的權(quán)限。例如,如果應(yīng)用程序A具有READ_CONTACTS、READ_PHONE_STATUS權(quán)限和B具有READ_MESSAGES、LOCATION_ACCESS權(quán)限,如果這兩個(gè)應(yīng)用程序都使用相同的用戶ID,即共享用戶ID,則應(yīng)用程序A可以使用授予其自身的權(quán)限和授予B的權(quán)限。同樣,應(yīng)用程序B也可以使用授予自身的權(quán)限和授予A的權(quán)限。每個(gè)Android應(yīng)用程序都有唯一的ID,即它的包名。Android支持共享用戶ID。它是AndroidManifest.xml文件中的一個(gè)屬性。如果此屬性在兩個(gè)或多個(gè)應(yīng)用程序中分配了相同的值,并且相同的證書(shū)對(duì)這些應(yīng)用程序進(jìn)行簽名。它們可以訪問(wèn)彼此授予的權(quán)限。共謀攻擊被分類為直接共謀攻擊和間接共謀攻擊。直接共謀攻擊在應(yīng)用程序中直接通信。在間接共謀攻擊中,應(yīng)用程序通過(guò)第三方應(yīng)用程序或組件進(jìn)行通信。檢查時(shí)間和使用時(shí)間攻擊TOCTOU攻擊的主要原因是命名沖突。沒(méi)有將命名規(guī)則或約束應(yīng)用于新的權(quán)限聲明。此外,Android中的權(quán)限表示為字符串,具有相同名稱字符串的任何兩個(gè)權(quán)限都被視為等效權(quán)限,即使它們屬于不同的應(yīng)用程序。間諜軟件間諜軟件是一種惡意軟件。這是一個(gè)apk文件,當(dāng)用戶訪問(wèn)惡意網(wǎng)站和從未知來(lái)源安裝應(yīng)用程序時(shí),會(huì)自動(dòng)下載該文件。在Android中,除了GooglePlayStore之外,還可以安裝來(lái)自未知來(lái)源的應(yīng)用程序。間諜軟件是Android操作系統(tǒng)面臨重大安全威脅的主要原因之一。了解權(quán)限這些權(quán)限不是請(qǐng)求;它們是聲明。這些權(quán)限在AndroidManifest.xml文件中聲明。一旦授予了權(quán)限,對(duì)于Android版本小于6的版本,權(quán)限將保持靜態(tài)。但是,在Android版本中,7.0及以上的應(yīng)用程序權(quán)限分為正常權(quán)限和危險(xiǎn)權(quán)限。正常權(quán)限正常權(quán)限不會(huì)特別危害客戶的隱私。正常權(quán)限不需要在AndroidManifest.xml文件中聲明。這些權(quán)限是自動(dòng)授予的。例如:KILL_BACKGROUND_PROCESSESSET_WALLPAPERUNINSTALL_SHORTCUTWRITE_SYNC_SETTINGSB危險(xiǎn)權(quán)限危險(xiǎn)權(quán)限可以訪問(wèn)移動(dòng)設(shè)備的關(guān)鍵資源。危險(xiǎn)權(quán)限允許應(yīng)用程序訪問(wèn)用戶的機(jī)密數(shù)據(jù)。如果應(yīng)用程序在其清單中列出了正常權(quán)限,系統(tǒng)將自動(dòng)授予該權(quán)限。如果應(yīng)用程序列出了危險(xiǎn)權(quán)限,則用戶必須明確批準(zhǔn)該應(yīng)用程序才能成功安裝。例如:聯(lián)系方式READ_CONTACTS,WRITE_CONTACTS,GET_ACCOUNTS位置ACCESS_FINE_LOCATION,ACCESS_COARSE_LOCATION短訊服務(wù)SEND_SMS,RECEIVE_SMS,READ_SMS,RECEIVE_WAP_PUSH,RECEIVE_MMS存儲(chǔ)READ_EXTERNAL_STORAGE,WRITE_EXTERNAL_STORAGEAndroid6.0Marshmallow已將權(quán)限分為正常和危險(xiǎn)權(quán)限。每當(dāng)應(yīng)用程序需要使用危險(xiǎn)權(quán)限時(shí),它都會(huì)明確要求用戶對(duì)使用該權(quán)限進(jìn)行確認(rèn)。因此,Android6.0及更高版本為訪問(wèn)關(guān)鍵資源提供了明確的權(quán)限通知。但是,Marshmlow只在1.2%的Android設(shè)備上可用。Android操作系統(tǒng)更新不適用于大多數(shù)較舊的設(shè)備。因此,與應(yīng)用程序權(quán)限相關(guān)的安全威脅仍未解決。C.應(yīng)用程序沙盒Android使用應(yīng)用程序沙盒來(lái)限制應(yīng)用程序訪問(wèn)資源。如果應(yīng)用程序需要訪問(wèn)其沙箱外的資源,則需要請(qǐng)求相應(yīng)的權(quán)限。應(yīng)用程序權(quán)限的過(guò)度聲明權(quán)限可能不是應(yīng)用程序所需要的,但應(yīng)用程序還是請(qǐng)求特定的權(quán)限,這是對(duì)權(quán)限的過(guò)度聲明。它是使用與應(yīng)用程序完全不需要的無(wú)關(guān)權(quán)限的聲

溫馨提示

  • 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

最新文檔

評(píng)論

0/150

提交評(píng)論