Android 程式權限分析

Abstract

由於智慧型手機的普及，使得手機與生活中的關係越來越密切，許多人會使用手機上網、瀏覽電子郵件、購買商品等等關係到個人隱私資料的活動，將帳號密碼、信用卡號碼等個人資訊也儲存在手機上。Android是一個開放原始碼的作業系統，因為它開放的特性，許多手機商都採用這個系統，也因此Android作業系統的普及性逐年增高。Android的用戶可以輕鬆地從內建程式Google Play下載到各式各樣的app來使用，但是Google Play在app的安全檢查機制並沒有相當完善，所以使用者很容易就會暴露在資訊安全的危機當中。如果使用者沒有細心注意app的所有內容，很可能就會被存取到個人隱私資料，洩漏給惡意的第三方。我們實作出一個系統，從蒐集的資料建立資料庫，並且提供一個可以方便使用的app來幫助使用者檢測app所用到的手機資源，提供給使用者建議，幫助使用者判斷app的安全性。

Since mobile phone plays an important role in life, more and more people surf the web pages, read e-mail, and shop on the internet by mobile phone. Users also store their personal information like address, account password, and credit card number in the phone. Android is an open source mobile operating system and many mobile phone manufacturers use it. Android users can easily download applications by a build-in software—Google Play. But Google Play has no the strict examination mechanism for the applications. For this reason, hackers can spread malicious applications to steal the personal information stored in the mobile phone. The users may download the malicious application and leak out the personal information unconsciously. We collect the applications, build a system to make database and write a examine program. The users can use the program based on the database to examine the application and get a clear and useful risk report to help them decide whether or not to install it.