| With the rapid development of Android smartphones, more and more people havebecome accustomed to store a mass of user information on Android smartphones. Thisinformation includes personal privacy such as contacts, call records, messages andcommercial information which are used to improve the efficiency of study and work. But atthe same time, Android smartphones are becoming the goal of criminals, they insertmalicious softwares into the mobile devices and steal the user’s privacy data for commercialprofit, this behavior badly damages the interests of user, and these privacy data are veryimportant to phone user who dose not want these information to be stolen and used illegally.So it is very necessary to research and improve the Android smartphones security andprevent the malicious softwares from stealing the phone privacy data.Firstly, access controlling mechanism and potential safety hazard is particularlyanalyzed based on introduction of android security system. Secondly, a malicious musicplayer is developed to verify and point out the security risk of android system. Personalinformation was very likely to be illegally stolen and used if phone is not protected bysecurity software. Aiming at security problem of android phone, personal information isprotected from both sides in this paper. On one hand, from the perspective of accesscontrolling, shortages of two types of access controlling software which is divided intoaccess controlling to uninstalled application and access controlling to installed application isanalyzed, then this article combines them and introduces the kirin strategy, through whichthe system can improve the accuracy of access controlling and reduce the burden of user,improving the user’s experience. On the other hand, form the perspective of data encryption,insecurity factors which are brought by plain text storing is analyzed. Existing dataencryption technology is not completely suitable for Android phones because of theparticularity of phone such as limited resource. In this paper, for the sake of data protectionand reduction of resources consumption, a new system whose data encryption method isdetermined by specific circumstance is designed in this thesis.In this thesis, from the data protection perspective of Android smartphone, a newsecurity system includes functions of access controlling and data encryption is designed.Access controlling module divides into access controlling before software setup and accesscontrolling of running time. In this way, the right of access applied for by application can be well controlled. Data encryption module divides into submodule of information collection,information processing, policy decision, strategy executing, strategy development,performance evaluation. Specifically, it includes collecting terminal resource usage and fileinformation, professing the collected data by the normalized and quantitative process,classifying the processed data, providing recommended encryption scheme like AES orXTEA, and improving the strategy basing on user feedback. At last, this thesis makes somesimple tests indicating that the designed system can control the applied permissions andencrypt the important privacy data well. |
PDF Full Text Request