安卓云备份模块的代码安全问题分析  被引量:1

Code security of mobile backup modules on the Android platform

在线阅读下载全文

作  者:梁蛟[1] 刘武[1] 韩伟力[1] 王晓阳[1] 甘似禹 沈烁[3] LIANG Jiao LIU Wu HAN Wei-li WANG Xiao-yang GAN Si-yu SHEN Shuo(Shanghai Key Laboratory of Data Science, Fudan University, Shanghai 201203, China Shanghai Information Investment Inc, Shanghai 200120, China Computer Network Information Center, Chinese Academy of Sciences, Beijing 100190, China)

机构地区:[1]上海市数据科学重点实验室(复旦大学),上海201203 [2]上海市信息投资股份有限公司,上海200120 [3]中国科学院计算机网络信息中心,北京100190

出  处:《网络与信息安全学报》2017年第1期68-78,共11页Chinese Journal of Network and Information Security

基  金:上海市科技创新行动计划基金资助项目(No.16DZ1100200;No.15511101500)~~

摘  要:随着移动端云备份服务的日益普及,为保障用户隐私数据不被泄露,研究第三方应用调用云备份软件开发工具包(SDK,software development kit)的安全问题变得尤为重要。通过对目前国内外安卓应用市场中调用云备份服务的普遍性进行调研,总结出4个当前主流的安卓云备份SDK。分析其SDK实现代码和官方文档,对比使用情况、协议和接口功能,总结和发现了第三方应用错误调用SDK以及云备份SDK自身存在的代码安全问题,同时向第三方开发者提供了相应的解决方案。Since more and more third-party Android applications integrate backup services, the security issues of mobile backup modules are critical. By studying how widely these backup services were being used in the Android applications, the differences of code security about four mainstream Android backup SDK were investigated. After analyzing and comparing the usages, protocols and API functions of these SDK. Based on the above findings and three reported security issues of mobile backup services, the countermeasures for third-party application developers were suggested to securely call the SDK of mobile backup services.

关 键 词:移动云存储 代码安全 备份服务 软件开发工具包 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象