有恶意的, 还有偷偷摸摸的: 您真的知道应用程序 · 2019. 12. 9. · Google...

6
有合法的, 有恶意的, 还有偷偷摸摸的: 您真的知道应用程序 在做什么吗? 应用程序有趣、高效、免费,但同时背后的隐形费 用和恶意行为也可能在伤害我们。从现在起,化被 动为主动,采用全新主动方式全面保护移动设备。

Transcript of 有恶意的, 还有偷偷摸摸的: 您真的知道应用程序 · 2019. 12. 9. · Google...

Page 1: 有恶意的, 还有偷偷摸摸的: 您真的知道应用程序 · 2019. 12. 9. · Google Play 商店下载应用程序、准备接 受冗长的应用程序权限列表前认真阅读

有合法的, 有恶意的, 还有偷偷摸摸的: 您真的知道应用程序在做什么吗?应用程序有趣、高效、免费,但同时背后的隐形费用和恶意行为也可能在伤害我们。从现在起,化被动为主动,采用全新主动方式全面保护移动设备。

https://www.facebook.com/sharer/sharer.php?u=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://twitter.com/home?status=Do%20you%20know%20what%20your%20apps%20are%20really%20doing?%20Check%20out%20%23Norton%20%23Mobile%20Insights%20research%20http://t.co/jrgi4axafP
https://plus.google.com/share?url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
mailto:?subject=Good%2C%20Bad%2C%20and%20Sneaky%3A%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing%3F&body=Tips%20to%20stay%20safe%20in%20today%27s%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.%20Learn%20more%3A%20http%3A//now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://www.linkedin.com/shareArticle?mini=true&url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf&title=Good,%20Bad,%20and%20Sneaky:%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing?&summary=Tips%20to%20stay%20safe%20in%20today's%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.&source=Norton%20By%20Symantec
https://www.facebook.com/sharer/sharer.php?u=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://twitter.com/home?status=Do%20you%20know%20what%20your%20apps%20are%20really%20doing?%20Check%20out%20%23Norton%20%23Mobile%20Insights%20research%20http://t.co/jrgi4axafP
https://www.linkedin.com/shareArticle?mini=true&url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf&title=Good,%20Bad,%20and%20Sneaky:%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing?&summary=Tips%20to%20stay%20safe%20in%20today's%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.&source=Norton%20By%20Symantec
https://plus.google.com/share?url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
mailto:?subject=Good%2C%20Bad%2C%20and%20Sneaky%3A%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing%3F&body=Tips%20to%20stay%20safe%20in%20today%27s%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.%20Learn%20more%3A%20http%3A//now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
Page 2: 有恶意的, 还有偷偷摸摸的: 您真的知道应用程序 · 2019. 12. 9. · Google Play 商店下载应用程序、准备接 受冗长的应用程序权限列表前认真阅读

有合法的,有恶意的,还有偷偷摸摸的:您真的知道应用程序在做什么吗?

目录

简介 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

恶意应用程序,万变不离其宗 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

灰色软件可能也不安全 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

https://www.facebook.com/sharer/sharer.php?u=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://twitter.com/home?status=Do%20you%20know%20what%20your%20apps%20are%20really%20doing?%20Check%20out%20%23Norton%20%23Mobile%20Insights%20research%20http://t.co/jrgi4axafP
https://plus.google.com/share?url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
mailto:?subject=Good%2C%20Bad%2C%20and%20Sneaky%3A%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing%3F&body=Tips%20to%20stay%20safe%20in%20today%27s%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.%20Learn%20more%3A%20http%3A//now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://www.linkedin.com/shareArticle?mini=true&url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf&title=Good,%20Bad,%20and%20Sneaky:%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing?&summary=Tips%20to%20stay%20safe%20in%20today's%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.&source=Norton%20By%20Symantec
https://www.facebook.com/sharer/sharer.php?u=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://twitter.com/home?status=Do%20you%20know%20what%20your%20apps%20are%20really%20doing?%20Check%20out%20%23Norton%20%23Mobile%20Insights%20research%20http://t.co/jrgi4axafP
https://www.linkedin.com/shareArticle?mini=true&url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf&title=Good,%20Bad,%20and%20Sneaky:%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing?&summary=Tips%20to%20stay%20safe%20in%20today's%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.&source=Norton%20By%20Symantec
https://plus.google.com/share?url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
mailto:?subject=Good%2C%20Bad%2C%20and%20Sneaky%3A%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing%3F&body=Tips%20to%20stay%20safe%20in%20today%27s%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.%20Learn%20more%3A%20http%3A//now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
Page 3: 有恶意的, 还有偷偷摸摸的: 您真的知道应用程序 · 2019. 12. 9. · Google Play 商店下载应用程序、准备接 受冗长的应用程序权限列表前认真阅读

3 有合法的,有恶意的,还有偷偷摸摸的:您真的知道应用程序在做什么吗?

应用程序让我们更加自由。借助应用程序,我们可以在移动设备上处理以往通过 PC 处理的事情,但方法却截然不同,因为我们已经进入物联网时代。例如,您可能使用应用程序来控制客厅的室温,在回家前把所有的灯都打开,或者是防止入侵者闯入您的家。

应用程序成就了我们的梦想。如果把手机比作汽车,那么应用程序就是方向盘、油门或者是转向灯。同时,它们也是打开所有信息之门的钥匙,无论是设备中的所有信息,还是云中存储的所有信息。

网络犯罪分子已然察觉。您的个人信息很值钱,黑客们也为此不断地使用屡试不爽的策略(例如假冒应用程序和勒索软件)来攻击移动设备。但垂涎您个人信息的何止黑客?视钱如命的应用程序开发人员也正紧盯着您的个人信息。他们并不一定奔着非法目的而来,可能只是尝试在您的通知栏中嵌入目标广告而已。但是他们所用的方法却可能存在一些风险。

既然那么多人都想获得您的个人信息,那么了解所安装的应用程序在做什么,并采取措施保护移动设备的安全就显得尤为重要了。

简单地定位并锁定丢失或遭窃的手机并不足以化解当今的移动风险。不可否认,这些被动的防御措施的确是重要的保护屏障。但主动的安全防护措施才是当前态势下的新法则。这意味着,防护不但要盯紧盗取钱财和个人数据的恶意应用程序,还要报告所下载应用程序的潜在风险以及免费应用程序的真正代价,让您作出明智的决定。

现在的移动防护迫切需要一种全新的、预防性的方法,如此,您才能在这以应用程序为中心的世界里安心探索和体验应用程序带来的诸多优势。

1 “2014 年全球智能手机的使用量增幅达 25%”,eMarketer(2014 年 6 月 11 日),www.emarketer.com/Article/Worldwide-Smartphone-Usage-Grow-25-2014/1010920。

2 “移动革命六年,应用为王”,Flurry(2014 年 4 月 1 日),www.flurry.com/bid/109749/Apps-Solidify-Leadership-Six-Years-into-the-Mobile-Revolution#.VH5uBmctDIU。

3 Our Mobile Planet,www.think.withgoogle.com/mobileplanet/en/。

如今智能移动设备铺天盖地。全球的智能手机用户约为 18 亿人,占地球总人口的四分之一。1

随着移动设备用户的增加,应用程序用户群也在不断扩大。现在,全球智能手机用户将 86% 的时间花在应用程序上,而用在 Web 上的时间却只有 14%。2 全世界的手机平均每台安装了 26 个 应用程序,在前十个手机使用大国中,平均每台手机上安装的应用程序数超过了 35 个。3

https://www.facebook.com/sharer/sharer.php?u=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://twitter.com/home?status=Do%20you%20know%20what%20your%20apps%20are%20really%20doing?%20Check%20out%20%23Norton%20%23Mobile%20Insights%20research%20http://t.co/jrgi4axafP
https://plus.google.com/share?url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
mailto:?subject=Good%2C%20Bad%2C%20and%20Sneaky%3A%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing%3F&body=Tips%20to%20stay%20safe%20in%20today%27s%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.%20Learn%20more%3A%20http%3A//now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://www.linkedin.com/shareArticle?mini=true&url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf&title=Good,%20Bad,%20and%20Sneaky:%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing?&summary=Tips%20to%20stay%20safe%20in%20today's%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.&source=Norton%20By%20Symantec
https://www.facebook.com/sharer/sharer.php?u=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://twitter.com/home?status=Do%20you%20know%20what%20your%20apps%20are%20really%20doing?%20Check%20out%20%23Norton%20%23Mobile%20Insights%20research%20http://t.co/jrgi4axafP
https://www.linkedin.com/shareArticle?mini=true&url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf&title=Good,%20Bad,%20and%20Sneaky:%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing?&summary=Tips%20to%20stay%20safe%20in%20today's%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.&source=Norton%20By%20Symantec
https://plus.google.com/share?url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
mailto:?subject=Good%2C%20Bad%2C%20and%20Sneaky%3A%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing%3F&body=Tips%20to%20stay%20safe%20in%20today%27s%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.%20Learn%20more%3A%20http%3A//now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
http://www.emarketer.com/Article/Worldwide-Smartphone-Usage-Grow-25-2014/1010920
http://www.emarketer.com/Article/Worldwide-Smartphone-Usage-Grow-25-2014/1010920
http://www.flurry.com/bid/109749/Apps-Solidify-Leadership-Six-Years-into-the-Mobile-Revolution#.VH5u
http://www.flurry.com/bid/109749/Apps-Solidify-Leadership-Six-Years-into-the-Mobile-Revolution#.VH5u
http://think.withgoogle.com/mobileplanet/en/
Page 4: 有恶意的, 还有偷偷摸摸的: 您真的知道应用程序 · 2019. 12. 9. · Google Play 商店下载应用程序、准备接 受冗长的应用程序权限列表前认真阅读

4 有合法的,有恶意的,还有偷偷摸摸的:您真的知道应用程序在做什么吗?

大多数用户会像 10 年或 15 年前看待桌面应用程序软件一样,认为移动应用程序也是那般的纯真无邪。安装移动应用程序时,很少或几乎不考虑它们可能会带来哪些风险。另外,安装的应用程序数量也比以往多,因为现在只要简单地点击一下就可以下载。

应用程序,尤其是“免费”的应用程序总爱吹嘘它们所带来的优势,但却不会告诉您背后真正的“代价”。这个“代价”可能是潜在威胁或是其他潜在风险。为免用户不慎下载恶意应用程序,Apple 对其 iOS 操作系统应用了沙盒机制,同时严把 iTunes® 应用程序商店的准入门槛。但 Android™ 操作系统的本质是开放的,所以比较容易被利用,进而造成威胁和潜在风险。

4 2014 年《互联网安全威胁报告》,赛门铁克,www.symantec.com/security_response/publications/threatreport.jsp。

5 “Gartner 预测 2015 年超过 75% 的移动应用程序不会通过基本的安全性测试”,Gartner(2014 年 9 月 14 日),www.gartner.com/newsroom/id/2846017。

恶意应用程序,万变不离其宗

赛门铁克《互联网安全威胁报告》显示,2013 年的移动恶意软件几乎大多针对 Android 操作系统而开发,其中 32% 的应用程序实为窃取用户个人信息。4

超过 75% 的移动应用程序未通过基本的安全测试,存在多种危险或恶意行为。5

赛门铁克发现,移动恶意软件案例在 2012 到 2013 年间增长了 69% 。

https://www.facebook.com/sharer/sharer.php?u=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://twitter.com/home?status=Do%20you%20know%20what%20your%20apps%20are%20really%20doing?%20Check%20out%20%23Norton%20%23Mobile%20Insights%20research%20http://t.co/jrgi4axafP
https://plus.google.com/share?url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
mailto:?subject=Good%2C%20Bad%2C%20and%20Sneaky%3A%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing%3F&body=Tips%20to%20stay%20safe%20in%20today%27s%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.%20Learn%20more%3A%20http%3A//now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://www.linkedin.com/shareArticle?mini=true&url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf&title=Good,%20Bad,%20and%20Sneaky:%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing?&summary=Tips%20to%20stay%20safe%20in%20today's%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.&source=Norton%20By%20Symantec
https://www.facebook.com/sharer/sharer.php?u=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://twitter.com/home?status=Do%20you%20know%20what%20your%20apps%20are%20really%20doing?%20Check%20out%20%23Norton%20%23Mobile%20Insights%20research%20http://t.co/jrgi4axafP
https://www.linkedin.com/shareArticle?mini=true&url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf&title=Good,%20Bad,%20and%20Sneaky:%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing?&summary=Tips%20to%20stay%20safe%20in%20today's%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.&source=Norton%20By%20Symantec
https://plus.google.com/share?url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
mailto:?subject=Good%2C%20Bad%2C%20and%20Sneaky%3A%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing%3F&body=Tips%20to%20stay%20safe%20in%20today%27s%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.%20Learn%20more%3A%20http%3A//now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
http://www.symantec.com/security_response/publications/threatreport.jsp
http://www.gartner.com/newsroom/id/2846017
Page 5: 有恶意的, 还有偷偷摸摸的: 您真的知道应用程序 · 2019. 12. 9. · Google Play 商店下载应用程序、准备接 受冗长的应用程序权限列表前认真阅读

5 有合法的,有恶意的,还有偷偷摸摸的:您真的知道应用程序在做什么吗?

黑客之所以如此看中移动应用程序,原因很简单。一方面用户群正在快速增长,另一方面,恶意应用程序安装后可获取的信息量也很庞大。而且黑客们也在一如既往地改进,道行越来越高。他们不断学习并相互分享经验,所实施的攻击也越来越复杂。网络犯罪分子将其信赖的 PC 攻击策略转战移动设备,包括网页仿冒、假冒软件以及勒索软件等。

首先来看看假冒应用程序骗局,例如,网页仿冒者会提供一个假的应用程序,并声称它可以提供一定时间的免费通话。但前提是用户必须输入登录凭据,并将

该优惠转发给 10 个好友。这类骗局的目的是扩大受害者人群、窃取凭据并收集其他个人数据。

还有一种是照搬某个真实应用程序的假冒应用程序,例如模仿以色列最大银行之一 Mizrahi Bank 的真实应用程序的假冒应用程序。黑客把假的应用程序上传到 Google Play™ 商店,引诱该银行用户进行下载。当用户打开应用程序并输入自己的登录信息后,这个假的应用程序就会捕获用户 ID。之后,它会狡猾地向用户发送错误消息,指导用户重新安装该银行的真实应用程序,当然后者会正常运

行。因此,多数用户不会察觉到自己的用户 ID 已经被不法分子窃取。

最近还出现了另外一种威胁,Android.Simplocker,它是一种通过假冒应用程序发送的勒索软件特洛伊木马。一旦在设备上安装后,它就会加密(实为锁住)文件,并出示一份来自 FBI 的虚假警报,声称在您的设备上发现了非法色情内容。要想解锁文件,就必须按照说明通过一个名为 Moneypak 的支付服务来支付 300 美元“罚金”。

恶意应用程序快速指南

在诺顿软件迄今分析的 1,500 万个应用程序中, 20% 以上为恶意应用程序。它们变化万千。

跟踪类应用程序:收集文本信息和通话记录,跟踪 GPS 坐标,记录通话内容,窃取设备上的照片和视频。《诺顿 2014 网络安全报告》显示,2013 年用户跟踪类威胁的数量从 15% 上涨到 30%。

信息窃取型应用程序:收集特定于设备和特定于用户的数据,例如设备信息、配置数据以及个人内容等。

感染型应用程序:运行传统的恶意软件功能,例如安装后门和下载程序,为黑客访问您的设备大开方便之门。

重新配置型应用程序:提高应用程序的权限或修改操作系统中的设置,为攻击者创造可乘之机。

资金窃取型应用程序:通过资费高昂的短电话号码,以短信诱骗用户上当。之后,黑客会创建恶意软件,并向从受感染设备上窃来的电话号码发送短信。而用户就要向运营商缴纳高额话费,但这笔钱实际却流进了黑客的口袋。

双重身份验证信息窃取型应用程序:半路拦截银行向您发送的包含一次性身份验证代码的短信,黑客借此访问您的银行账户。

https://www.facebook.com/sharer/sharer.php?u=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://twitter.com/home?status=Do%20you%20know%20what%20your%20apps%20are%20really%20doing?%20Check%20out%20%23Norton%20%23Mobile%20Insights%20research%20http://t.co/jrgi4axafP
https://plus.google.com/share?url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
mailto:?subject=Good%2C%20Bad%2C%20and%20Sneaky%3A%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing%3F&body=Tips%20to%20stay%20safe%20in%20today%27s%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.%20Learn%20more%3A%20http%3A//now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://www.linkedin.com/shareArticle?mini=true&url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf&title=Good,%20Bad,%20and%20Sneaky:%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing?&summary=Tips%20to%20stay%20safe%20in%20today's%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.&source=Norton%20By%20Symantec
https://www.facebook.com/sharer/sharer.php?u=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://twitter.com/home?status=Do%20you%20know%20what%20your%20apps%20are%20really%20doing?%20Check%20out%20%23Norton%20%23Mobile%20Insights%20research%20http://t.co/jrgi4axafP
https://www.linkedin.com/shareArticle?mini=true&url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf&title=Good,%20Bad,%20and%20Sneaky:%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing?&summary=Tips%20to%20stay%20safe%20in%20today's%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.&source=Norton%20By%20Symantec
https://plus.google.com/share?url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
mailto:?subject=Good%2C%20Bad%2C%20and%20Sneaky%3A%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing%3F&body=Tips%20to%20stay%20safe%20in%20today%27s%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.%20Learn%20more%3A%20http%3A//now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
Page 6: 有恶意的, 还有偷偷摸摸的: 您真的知道应用程序 · 2019. 12. 9. · Google Play 商店下载应用程序、准备接 受冗长的应用程序权限列表前认真阅读

6 有合法的,有恶意的,还有偷偷摸摸的:您真的知道应用程序在做什么吗?

合法软件和恶意软件之间的界限并不十分明确。占据中间这块模糊地带的是一类称为灰色软件的应用程序。在这片区域狩猎的大多是非恶意软件的开发人员。他们发现,诱惑用户下载存在信息或内容泄露风险的潜在危险应用程序非常简单,而其惯用的诱饵则是“免费”的应用程序。

灰色应用程序并不包含恶意代码,但可能仍会侵犯您的隐私,以各种广告和其他各类恼人的行为骚扰您。移动广告软件(或称 Madware)是一种较为常见的灰色软件,这类软件或者应用程序会在手机的通知栏显示广告,或者将拨号音替换成语音广告,更有甚者还会泄露隐私数据,例如手机号码或者是用户帐户 信息。

如果您有足够的技术知识储备,在从 Google Play 商店下载应用程序、准备接受冗长的应用程序权限列表前认真阅读权限内容,您就可以发现很多诸如此类的风险。但凡事总有例外。有些时候,即

使您仔细阅读了权限列表,可能还是不清楚应用程序的所有实际行为。

一旦安装,灰色软件可能就会跟踪您的位置或是监视您的 Web 浏览情况,并把这些信息出售给营销人员。多数情况下,应用程序都会找出合理借口来收集一些敏感数据,但通常您不会意识到这个行为,而且可能也不太希望这类应用程序分享您的某些个人信息。例如,有的应用程序会从您的设备中收集您的电话号码,并将其作为唯一 ID 不经加密直接通过网络发送。顷刻间,您的电话号码就暴露给营销人员以及无所不在的诈骗 分子。

另外,有些应用程序可能也存在隐私风险,因为它们会收集一些与其用途不相关的信息。例如,一个天气应用程序有必要访问联系人或日历信息吗?

同样常见的灰色软件还有一些应用程序,它们大量消耗设备电量,影响设备性能,或从网上下载大量数据,花光您的话费。虽然从技术上来说,这些并不是灰色软件,但却也十分恼人。它们大多在后台悄悄运行。您是否注意到设备的续航能力大不如前? 可能就是这些应用程序在作祟。您的数据流量费用高得离谱? 同样还是它们。很多这类应用程序即使不打开,也会下载很多数据。

灰色软件可能也不安全

诺顿的研究报告显示,超过

60%的 Android 应用程序含广告软件或其他灰色软件。

https://www.facebook.com/sharer/sharer.php?u=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://twitter.com/home?status=Do%20you%20know%20what%20your%20apps%20are%20really%20doing?%20Check%20out%20%23Norton%20%23Mobile%20Insights%20research%20http://t.co/jrgi4axafP
https://plus.google.com/share?url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
mailto:?subject=Good%2C%20Bad%2C%20and%20Sneaky%3A%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing%3F&body=Tips%20to%20stay%20safe%20in%20today%27s%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.%20Learn%20more%3A%20http%3A//now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://www.linkedin.com/shareArticle?mini=true&url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf&title=Good,%20Bad,%20and%20Sneaky:%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing?&summary=Tips%20to%20stay%20safe%20in%20today's%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.&source=Norton%20By%20Symantec
https://www.facebook.com/sharer/sharer.php?u=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
https://twitter.com/home?status=Do%20you%20know%20what%20your%20apps%20are%20really%20doing?%20Check%20out%20%23Norton%20%23Mobile%20Insights%20research%20http://t.co/jrgi4axafP
https://www.linkedin.com/shareArticle?mini=true&url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf&title=Good,%20Bad,%20and%20Sneaky:%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing?&summary=Tips%20to%20stay%20safe%20in%20today's%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.&source=Norton%20By%20Symantec
https://plus.google.com/share?url=http://now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf
mailto:?subject=Good%2C%20Bad%2C%20and%20Sneaky%3A%20Do%20You%20Really%20Know%20What%20Your%20Apps%20Are%20Doing%3F&body=Tips%20to%20stay%20safe%20in%20today%27s%20evolving%20smartphone%20world.%20Norton%20App%20advisor%20identifies%20bad%20habits%20and%20security%20risks%20in%20your%20mobile%20apps.%20Learn%20more%3A%20http%3A//now.symassets.com/content/dam/norton/global/pdfs/whitepapers/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf

第 5 章 Windows 应用程序开发

第 5 章 Windows 应用程序开发

第六章 应用程序结构

第六章 应用程序结构

ACR122T 应用程序编程接口 V2

ACR122T 应用程序编程接口 V2

Java 程序设计与应用开发

Java 程序设计与应用开发

第 4 章 创建应用程序框架

第 4 章 创建应用程序框架

应用程序接口 CN Erlounge III

应用程序接口 CN Erlounge III

Web 应用程序中的字符集攻击

Web 应用程序中的字符集攻击

第10章 ASP 应用程序

第10章 ASP 应用程序

第 10 章 单文档应用程序设计

第 10 章 单文档应用程序设计

多媒体 应用程序开发

多媒体 应用程序开发

第 11 章 设计数据库应用程序

第 11 章 设计数据库应用程序

第 3 章 MFC 应用程序概述

第 3 章 MFC 应用程序概述

简化复杂的Flash应用程序 谈熠

简化复杂的Flash应用程序 谈熠

利用 MFC 开发 Windows 应用程序

利用 MFC 开发 Windows 应用程序

Linux 系统应用与程序设计

Linux 系统应用与程序设计

第 20 章 开发 Web 应用程序

第 20 章 开发 Web 应用程序

设计开发实效 Web2.0 应用程序

设计开发实效 Web2.0 应用程序

第七章 简单程序设计应用

第七章 简单程序设计应用

第 6 章 数据库应用程序基础

第 6 章 数据库应用程序基础

JBoss 企业级应用程序平台 6 - Red Hat Customer Portal · JBoss 企业级应用程序平台 6.4 安装指南 适用于 Red Hat JBoss 企业版应用程序平台 6

JBoss 企业级应用程序平台 6 - Red Hat Customer Portal · JBoss 企业级应用程序平台 6.4 安装指南 适用于 Red Hat JBoss 企业版应用程序平台 6