什么是Android中可能出现的安全问题 [英] What are possible security issues in Android

问题描述

有关如何理解强有力的数据应该是一个Android设备我想了解哪些攻击是可能的担保。我开始写下我的知识和希望，我得到修正，在那里我错了，或者我失去了一些东西。我先假设谷歌不作恶，所以会忽略来自谷歌自己的攻击。<​​/ P>

每个应用程序进行签名，并在他自己的用户ID运行，因此一个应用程序可以只读取属于他的数据，除了应用程序创建一个公共的存储。此外应用程序，它是标志使用相同的密钥可以共享数据。 如果应用程序想获得像读或写日历或联系人的特殊权限的用户必须接受它。

所以默认情况下它是一个安全的设计。不幸的是每一个系统可具有安全性问题，从而使系统损坏。在桌面，系统经常更新是常见的做法。在Android这取决于供应商，是除Nexus的大多是坏的。因此它可能是有安全漏洞打开很长的时期。

那么，如何能在Android手机被攻击？

1. 谷歌可以删除和静默安装的应用程序（的链接）。如果有人黑客这个机制，攻击者可以在设备上安装任意应用程序。不能确定，如果这个程序会自动有它想要拥有的一切权利。这不会发生到现在，但它是可能的。您只能通过定期检查所有已安装的应用程序，并有权利保护您的手机。这种机制可以被黑客滥用。

2. 恶意应用程序可以做很多恶事，但如果你不给每一个应用程序的应用程序想要的权利，并认为一点点，就可以保护您的手机。

3. 在浏览器或系统中的某些安全漏洞允许一个应用程序来获得root访问。在这种情况下，应用程序可以做的一切，它希望。我不知道这对任何保护措施。据我所知，Android有这样的安全漏洞，所以这是最危险的问题。

因此​​，在总结数据的唯一安全的保护似乎是加密。根据您的数据安全性如何必须与默认密钥或个人密钥（即密码）。

解决方案

前一段时间我发现这些PDF的，也许他们可以帮助：的幻灯片的，纸（超过2岁以下）。

For understanding how strong data should be secured on an Android device I want to understand which attacks are possible. I started to write down my knowledge and hope that I get corrections, where I'm wrong or where I'm missing something. I first assume that Google don't be evil, so will ignores attacks from google themselves.

Each application is signed and runs under his own user-id, so an app can only reads data which belongs to him, except the app creates a public storage. Furthermore app which are sign with the same key can share data. If an application want to get special rights like reading or writing to calendar or contacts the user must accept it.

So by default it's a secure design. Unfortunately every system can have security issues, so that the system become corrupted. On Desktop-Systems regular updates are common practice. On the android it depends on the vendor and is except the Nexus mostly bad. So it could be that there are security holes open for a long period.

So how could an android phone be attacked?

1. Google can delete and install apps silently (Link). If someone hacks this mechanism, an attacker can install arbitrary apps on a device. Unsure if this app has automatically all rights it wants to have. This doesn't happens till now, but it's possible. You can only protect your phone by checking regularly all installed apps and there rights. This mechanism can be misused by a hacker.

2. Malicious applications can do a lot evil things, but if you don't give every app the rights the apps wanted and think a little bit, you can protect your phone.

3. Some security holes in the browser or the system allows an app to get root-access. In this case the app can do everything it wanted. I don't know any protection against this. As far as I know android has such security holes, so this is the most dangerous issue.

So in summary the only secure protection of data seems to be encryption. Depending on how secure your data must be with a default key or an individual key (in other words a password).

解决方案

Some time ago I've found these PDF's, maybe they can help: slides, paper (more than 2 years old).

这篇关于什么是Android中可能出现的安全问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！