[No More News] Android Platform is Facing Privacy Leaking Issue
来源:互联网 发布:苹果笔记本玩游戏 知乎 编辑:程序博客网 时间:2024/05/19 02:31
[This piece of article is unstable]
I guess most of the Android users are interrupted by advertisements almost everyday. For me, as a two-year Android user, downloading apps from Google Play Store is my daily task. Some apps really make my life better, some of them, errrr, on the opposite, annoying me by continuously sending trash message. However, there is no best method than uninstalling these quirky apps unless Android platform empowers us more rights on granting Apps ad-hoc roles. (But definitely, it would increase the complexity of an OS) Frankly, I'm also worried about whether it is appropriate to allow some apps get acknowledged of my location. It would be risky that apps send my private data (i.e., location, call status) without any notification.
(Currently, Android platform only allows install-time permissions, which means the only opportunity to deny app's access to use's privacy is when it is installed)
In response to this issue, researchers have made some progresses. One direction is using information flow analysis to monitor the binary code of these apps and then notify mobile phone owners when it intends to send out sensitive data. The most influential work is done by TaintDroid guys. (Have a look at their website http://appanalysis.org/). In fact, I would love to have more discussion with you on this issue, so this piece of article might be updated continuously.
To begin with this issue, we have to know several possibilities that apps leak user's privacy. Specifically, on earth what kind of Android APIs are likely to "show" the way to user's backdoor. Available methods that send out user's data are listed below:
1. SMS Communication
function: endTextMessage(String destinationAddress, ... , String text, ...)
2. File Output
function: FileOutputStream(String path)
3. Network communication
function: Socket(String destiniationName, int destinationPort)
4.Intents
Android applications can send Intent objects containing data to other components. The class Context contains the methodsstartActivity,startService, andsendBroadcastwhich can be used to activate other components of the same or different apps. Each of these methods expects an Intent object as the single parameter. It can contain arbitrary data which is transmitted to the activated component.
5.Content Resolver
function: update(Uri uri, ContentValues values, ...)
insert(Uri uri, ContentValues values)
- [No More News] Android Platform is Facing Privacy Leaking Issue
- 314. No news is good news. 没有消息就是好消息
- news link issue
- P3P协议(Platform for Privacy Preferences)
- Android Studio:platform-tools is too old
- GRE-ISSUE No.170
- Android issue
- No RFC connection is defined for SAP Global Trade Services Issue
- Polar Mobile的SMART News Platform
- Issue 12(Anyone can make things bigger and more complex. What require more effort and courage is to move in the opposite directi
- Android facing front camera and facing back camera setting in HAL
- What is a News Aggregator?
- privacy
- NetBeans Weeldy News——Issue # 409 - Sep 22, 2009
- NetBeans Weekly News - Issue # 446 - Jul 20, 2010
- android studio编译提示it is possible that this issue is resolved by uninstalling an....
- unity3d 4.0 编译android apk出错 no platform found!
- synaptic No protocol specified issue
- [SQL SERVER][TSQL] 查询Partition Table 相关资讯
- MySQL中文字符解决方案[Data too long for column XX at row n]
- 关于winform界面美化。
- Ant学习例子2(用ant发布web项目,及连接数据库)
- #ifdef
- [No More News] Android Platform is Facing Privacy Leaking Issue
- SQLProgress 1.01.36正式版发布
- sql server表中timestamp类型的具体说明
- java acm 基础知识
- 用popen函数操作其它程序的输入和输出
- oracle 10g OEM常规错误解决-------Unknown host specified
- ResultSet may only be accessed in a forward direction
- sql语句-linq语言-lambda表达式对照
- org.dom4j.DocumentException: www.apple.com Nested exception: www.apple.com
