android如何避免钓鱼页面,Android应用钓鱼劫持风险的检测与防范

Android应用钓鱼劫持风险的检测与防范

Detection and Prevention of the Phishing Risk of Android Application

DOI: 10.12677/CSA.2015.511053,

PDF, 下载:

2,316  浏览:

5,367

国家自然科学基金支持

作者:

黄振鹏*, 牛少彰, 张文*：北京邮电大学，北京

摘要:Android是当前最流行的移动设备上的智能操作系统。随着移动设备的蓬勃发展，移动端应用在人们生活中也越来越重要。但是由于开发者考虑不足或者对移动端的安全的不够重视，许多的移动应用存在安全漏洞。利用钓鱼劫持漏洞可以在用户未察觉的情况下窃取用户的重要信息，这对用户的信息安全和财产安全造成了巨大的威胁。本文通过对Android Activity组件进行研究，设计并实现了对Android应用的钓鱼劫持漏洞检测系统。利用该系统对从MM商场下载的500个常见应用进行检测，结果表明钓鱼劫持漏洞在Android应用中广泛存在。本文最后给出了针对钓鱼劫持风险可行的防范建议。

Abstract:

Android is the most popular mobile device’s intelligent operating system. With the rapid devel-opment of mobile devices, mobile applications are becoming more and more important in people’s life. However, due to the developers’ inadequate consideration or attention for mobile device se-curity, a lot of applications have the security vulnerability problems. Using fishing hijacking vul-nerabilities can steal the user’s important information in the case that users are unaware, which has caused a huge threat to the user’s privacy and property security. In this paper, through the study of activity, we design and implement a phishing detection system of Android application. Using the system to detect the 500 common applications from the MM shopping market, the results show that the phishing hijacking vulnerabilities of Android application exist widely. At last, the paper gives the feasible preventive suggestions for the risk of the fishing.

文章引用:

黄振鹏, 牛少彰, 张文. Android应用钓鱼劫持风险的检测与防范[J]. 计算机科学与应用, 2015, 5(11): 421-427. http://dx.doi.org/10.12677/CSA.2015.511053