Ndị nyocha na Helmholtz Center for Information Security (CISPA), Mahadum Ohio State na Mahadum New York nyocha nke ọrụ zoro ezo na ngwa maka ikpo okwu gam akporo. Nyocha nke 100 puku ngwa mkpanaaka sitere na katalọgụ Google Play, puku 20 sitere na katalọgụ ọzọ (Baidu) na ngwa puku iri atọ etinyegoro na ekwentị dị iche iche, ahọpụtara na firmware 30 sitere na SamMobile, na mmemme 12706 (8.5%) nwere ọrụ ezoro ezo n'aka onye ọrụ, mana etinyere ya site na iji usoro pụrụ iche, nke enwere ike kewaa dị ka azụ azụ.
Kpọmkwem, ngwa 7584 gụnyere igodo ohere nzuzo agbakwunyere, 501 gụnyere okwuntughe nna ukwu agbakwunyere, yana 6013 gụnyere iwu zoro ezo. A na-ahụ ngwa nwere nsogbu na isi mmalite sọftụwia niile enyochara - na usoro pasenti, achọpụtara azụ azụ na 6.86% (6860) nke mmemme amụrụ sitere na Google Play, na 5.32% (1064) site na katalọgụ ọzọ yana na 15.96% (4788) site na listi ngwa etinyegoro. Ụzọ azụ azụpụtara na-enye onye ọ bụla maara igodo, okwuntughe ọrụ na usoro iwu ịnweta ngwa na data niile metụtara ya.
Dịka ọmụmaatụ, achọpụtara ngwa nkwanye egwuregwu nwere ihe nrụnye nde ise nwere igodo arụnyere iji banye n'ime interface nchịkwa, na-enye ndị ọrụ ohere ịgbanwe ntọala ngwa wee nweta ọrụ ndị ọzọ. N'ime ngwa mkpọchi ihuenyo nwere nrụnye nde 5, a chọtara igodo nnweta nke na-enye gị ohere ịtọgharịa paswọọdụ onye ọrụ setịpụrụ iji kpọchie ngwaọrụ ahụ. Mmemme ntụgharị, nke nwere nrụnye nde 5, gụnyere igodo na-enye gị ohere ịzụrụ ihe n'ime ngwa ma kwalite mmemme ahụ na ụdị pro na-akwụghị ụgwọ n'ezie.
Na mmemme maka njikwa anya nke ngwaọrụ furu efu, nke nwere nrụnye nde 10, a chọpụtala paswọọdụ nna ukwu nke na-eme ka o kwe omume iwepụ mkpọchi nke onye ọrụ setịpụrụ ma ọ bụrụ na ọ ga-efunahụ ngwaọrụ ahụ. Achọtara paswọọdụ nna ukwu na mmemme akwụkwọ ndetu na-enye gị ohere imeghe ndetu nzuzo. N'ọtụtụ ngwa, a chọpụtakwara ụdị nkwụsị nke na-enye ohere ịnweta ikike dị ala, dịka ọmụmaatụ, na ngwa ịzụ ahịa, a na-emepụta ihe nkesa proxy mgbe etinyere otu ngwakọta, na n'ime usoro ọzụzụ ahụ enwere ike ịgafe ule. .
Na mgbakwunye na azụ azụ, 4028 (2.7%) ngwa achọpụtara nwere ndetu ojii ejiri mee nyocha ozi enwetara n'aka onye ọrụ. Ndekọ ojii ndị e ji mee ihe nwere ụdị okwu amachibidoro, gụnyere aha ndị otu ndọrọ ndọrọ ọchịchị na ndị ndọrọ ndọrọ ọchịchị, na nkebiokwu a na-ejikarị emenye egwu na ịkpa ókè megide akụkụ ụfọdụ nke ndị mmadụ. Achọpụtara ndị Blacklists na 1.98% nke mmemme amụrụ sitere na Google Play, na 4.46% sitere na katalọgụ ọzọ yana na 3.87% site na ndepụta ngwa etinyegoro mbụ.
Iji mee nyocha ahụ, a na-eji ngwa InputScope nke ndị nyocha mepụtara, koodu nke a ga-ewepụta n'oge na-adịghị anya. na GitHub (ndị nyocha ebipụtalarị ihe nyocha static , nke na-achọpụta na akpaghị aka na-agbapụta ozi na ngwa).
isi: opennet.ru