• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International Conference on Cloud Computing and Security >Detect Storage Vulnerability of User-Input Privacy in Android Applications with Static and Dynamic Analysis
【24h】

Detect Storage Vulnerability of User-Input Privacy in Android Applications with Static and Dynamic Analysis

机译:通过静态和动态分析检测Android应用程序中用户输入隐私的存储漏洞

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

In recent years Android has become the most popular operating system in mobile phone, and a variety of apps bring people great convenience in our daily life and work. Due to the resource constraints in mobile phone and user experience considerations, a large number of private data are stored in the phone itself. Privacy Leaks will bring huge losses to us. EditText, which is designed for Android developers to input the sensitive data (e.g. username, password, search keywords etc.) to the apps, carries much User-Input Privacy (UIP) data. So, whether these UIP data is stored in the phone safely becomes the key to protect the privacy. In this paper, we do the research about the UIP data in EditText widget, and detect whether the data entered by the user is safely stored through static taint analysis and dynamic Smali Instrumentation. Experiments show that some of the apps store the UIP data in EditText at an unsafe location or store them in a weak way, which will bring the risk of privacy leakage.
机译:近年来,Android已成为手机中最受欢迎的操作系统,各种各样的应用程序为人们的日常生活和工作带来了极大的便利。由于移动电话中的资源限制和用户体验的考虑,大量私人数据存储在电话本身中。隐私泄漏将给我们带来巨大的损失。 EditText是专为Android开发人员向应用程序输入敏感数据(例如用户名,密码,搜索关键字等)而设计的,它包含大量用户输入隐私(UIP)数据。因此,这些UIP数据是否安全存储在电话中成为保护隐私的关键。在本文中,我们对EditText小部件中的UIP数据进行了研究,并通过静态污点分析和动态Smali Instrumentation检测用户输入的数据是否安全存储。实验表明,某些应用将UIP数据存储在EditText中的不安全位置或以较弱的方式存储,这会带来隐私泄露的风险。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号