首页    期刊浏览 2024年12月03日 星期二
登录注册

文章基本信息

  • 标题:Implementation of Privacy-Enhanced SMS Provider on the Android Platform
  • 本地全文:下载
  • 作者:Min-woo Park ; Jung ho Eom ; Tai-Myoung Chung
  • 期刊名称:International Journal of Security and Its Applications
  • 印刷版ISSN:1738-9976
  • 出版年度:2015
  • 卷号:9
  • 期号:5
  • 页码:113-122
  • DOI:10.14257/ijsia.2015.9.5.12
  • 出版社:SERSC
  • 摘要:The Android platform stores basic telephony data such as contacts, call logs, schedules, and SMS messages. These basic telephony data are managed by ContentProvider, which is one of the core components of Android applications along with Activities, Services, and BroadcastReceivers. If an Android application requires basic telephony data, it requests queries such as query, insert, update, and delete operations to ContentProvider. In the Android platform, every operation for which there is a possibility of misuse is protected by permissions. Generally, every application with proper permissions can request a protected operation from the Android platform. Database operations which access a database through ContentProvider are also protected by READ and WRITE permissions. However, this security policy has a critical flaw: it is impossible to differentiate the permissions of individual contacts in the Android Platform. If one application has READ permission for contacts, it can read every contact stored on an Android device. When the entities are not equal value, this flaw becomes a critical flaw. In the particular case of SMS, the problem is more serious because SMS messages can include financial information, authentication tokens, or privacy information. To address this security problem, we have designed and implemented a privacy-enhanced SMS provider. In this paper, we show how to hide sensitive SMS data from untrusted applications.
  • 关键词:Android Security; Android Access Control; Content Provider Security
国家哲学社会科学文献中心版权所有