Android mobile phone defender steals user privacy Secrets (i)

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

The design concept of the Android component provides a certain degree of convenience for developers to decouple. The dependencies of individual applications and even between applications are small. Only one intent can start another application activity, an unknown application service, or use to register a broadcast receiver, accept the broadcast at a specific time, or query the ContentProvider of other programs to get the data you want. (such as SMS). The design is so convenient that developers don't even need to know if they are in a process. The communication of the computer domain can be understood as the sharing of the hardware, such as the popular WebService can use the network to share the code and the data, it uses the media network card and so on. Communication between processes is the process of sharing memory. Each process allocates a section of memory that can only be accessed by the current application itself. Interprocess communication requires opening up a space that can be accessed. Android encapsulates the anonymous shared Memory,binder layer with binder and is encapsulated by the AIDL protocol, intent on Aidl. Through this layer of encapsulation, the communication between processes is also simple to a common point, and so convenient across the process access, security and how to ensure?

A brief introduction to Android's security mechanism. The Android security mechanism is divided into three tiers:

The most basic layer of ① is that Android divides data into system and data areas, where system is read-only and data is used to hold its own, which guarantees that data will not be arbitrarily rewritten.

② the second tier is used to make the data between applications independent of each other, each application will have a user ID and a group ID, with the same user ID and from the same author to access their data. The author (and the package's signature) identifies himself by apk signature, and the signature and UID form a double guarantee.

③ The third layer is the user can access the authority mechanism. As shown in the following illustration, when a user installs an application, a permission reminder will be received as follows. Tell the user to install these software in use to use the tags out of those permissions. Commonly used such as access to the network, write SD card, read contacts, cell phone calls and so on.

For users, the problem is in the third tier, because the authority mechanism is a double-edged sword. For the simplest example, a successful product will provide a regular upgrade, and the upgrade will require networking, so a program that does not use the Internet even when using the process will ask the user for network permissions. Users will have to accept these features, so the permissions are released. And a general rule is that the more features you use, the more permissions you need to release. A typical example is security software. You want it to protect you to absolutely believe it, you give it permission, you do not care what it will do, as long as it does not harm you, and no one tells you what it will do, it may do some commercial nature of "peeping."

The next chapter details how security products are commonly used to steal privacy methods and code implementations.

Article first published in the Interactive SEO blog, the only link address: http://www.hudongseo.com/code/141.html, copyright issues, reproduced please specify.