No software system is absolutely secure. In general, risks in the Android system can be summarized into five categories. We recommend that you take precautions against each risk.
The first risk is misuse of application permissions. There are the following preventive policies and suggestions for such risks.
- Application Authentication
Authentication is an effective way to prevent malicious programs. Ideally, an application must undergo a complete test and code review before authentication to confirm its permission usage rationality, which naturally plays a powerful role in preventing malware. However, authentication costs are high, the procedures are complex, and it is not widely used.
- Select application permission
If you can confirm that an application only uses the required minimum permissions during the installation phase, that is, the minimum permission principle is followed, the possibility of malicious software attacks will be greatly reduced! This may be an option for experienced users, but for general users, I am afraid no one knows how to verify that the permissions required by the application are reasonable, in most cases, users directly grant the required permissions. Therefore, developers must strictly follow the minimum permission principle when applying for or setting permissions.
- Automatic Static Analysis and code verification
Design a tool for Automatic Analysis of application features, analyze the functions of the application and the differences between different applications to determine its legitimacy.
The second type of risk is the vulnerability that attacks Linux kernel and system library functions. At present, to address this risk, we adopt a more rigorous access control mechanism. Chapter 6th introduces se Android, which limits the user permissions of the operating system. It is a practical and effective choice. The most dangerous attack is to use system vulnerabilities to obtain root user or Super User Permissions and then control the entire system. Se Android improves security by controlling root user or Super User Permissions. Even if attackers obtain root user permissions, the potential range of harm is not extended infinitely. However, some system commands may not be completely disabled due to the need for normal use. If attackers obtain the right to use such commands, se android has very limited functions.
The third risk is to undermine the availability, privacy, and integrity of private data. You can take the following measures for prevention.
Use the logon user password to unlock certain features of mobile devices to prevent security threats. This is a common and effective method, especially for protecting private data information. However, when a device is lost, if a password is not used to unlock the device, the protection function exists. If the device is lost only after the device is unlocked, the password protection is completely invalid.
The firewall ensures that user private information is not exposed through network connections. In general, the stateless or stateful analysis of the content transmitted over the network connection can detect whether private information is being leaked, so the transmission line can be cut off. Because the firewall works in the operating system kernel, it cannot be directly attacked by external attacks. At the same time, the firewall can work with the access control mechanism provided by se android to provide higher-level protection. However, malware does not only expose private information through network interfaces. For example, the firewall does not work if you send messages or MMS messages.
Data Encryption is the best way to protect private data. Because only the information owner has a key, even if the device is stolen, the security of the privacy information is still guaranteed.
- Context-sensitive access control (CAAC, Context Aware Access Control)
CAAC can determine access permissions based on the internal and peripheral environments used by the device, such as the location where the device is used, the mobile network on which it is logged in, and whether it is connected to wi-fi. However, this method is ineffective if the attack happens in an accessible environment.
From the security perspective, the remote management capability must be strictly restricted. However, combined with the firewall and CAAC mechanisms, remote management can actually improve security. For example, after a device is lost, you can enable the remote management mechanism to protect data security. Even in daily use, remote management may discover worms that plague mobile networks and restrict Worm activities by enabling firewall and other mechanisms. However, all remote management needs to be involved in the process of being attacked or before being attacked, and requires device resources and remote management human resources, expensive.
The fourth type of risk is to exhaust system resources. The following preventive measures can be taken.
The system resource management security solution can further reduce the hazards of depletion of system resources. The Mechanism is to fairly allocate the system resources required by each application. Of course, you can allocate resources based on application importance and resource requirements. For example, the phone application is very important, so more CPU time is needed. If the CPU time, storage space limit, network and disk Input and Output Throttling is enabled, DoS attacks can be avoided. However, efficient implementation of such mechanisms is still very difficult, so there are few applications.
- Intrusion detection/Protection System
Host-Based Intrusion Detection Systems detect various malware that consume battery, memory, and CPU time based on Abnormal resource usage. However, advanced malware is often disguised as normal software and is not easy to detect.
The fifth risk is intrusion into a dedicated network connection. We recommend that you use the following defense policies.
- Virtual Private Network (VPN)
The Virtual Private Network uses mature information Authentication codes and encryption to protect communication security and prevent network attacks.
A centralized remote management center can enhance security protection capabilities, but human factors in the remote management center may become an alternative security risk.
- Context-sensitive access control (CAAC)
In an intranet or virtual private network environment, combined with the CAAC mechanism, data security can be better protected. For example, when the Internet environment is detected, the data transmission encryption mechanism is enabled in a timely manner.
All of the above are macro-level preventive strategies. In terms of implementation details, it is important for developers to have basic security awareness and fully realize that security is also an important part of the software development cycle, writing secure code is a professional skill that developers must possess. Although it is impossible to ensure the security of the code 100%, users should try their best to reassure the Android system and applications.
Specifically, both System Engineers and application engineers are committed to implementing functions on the Android platform, A deeper understanding of how the compiled application securely interacts with the Android system or other applications, and how to securely store data to SQLite; how to protect the security of user data, especially sensitive data, and avoid malicious software attacks; how to deal with limited memory and battery power; how to fully understand the permission mechanism, this helps you understand the permissions required by the application. All of these are essential parts of the development process.
Wu Qian, master of computer science from New York City University, has nearly 20 years of experience in system software development and project management, he has in-depth research and practices in information security, embedded system design, mobile communication software development, Linux/UNIX operating systems, and has rich experience.
Zhao Chenxi, master of electronics from the University of West England, has nearly 10 years of software system development experience and is proficient in Linux/UNIX operating systems and Android embedded system design, he presided over the design and development of a number of wireless mobile communication security devices and owns a number of national invention patents and utility model patents.
Guo Ying, master of computer science from Jinan University, 5 years of communication software development experience, proficient in software design for Linux and Android systems, and undertakes the design and development of multiple wireless mobile communication security devices, it owns a national invention patent and multiple utility model patents.
This article is excerpted from "analysis and application practices of Android security mechanisms. Wu Qian, Zhao chenyi, Guo Ying, published by The Machinery Industry Press.