Abaphandi kwiZiko leHelmholtz loKhuseleko loLwazi (CISPA), iYunivesithi yaseOhio State kunye neYunivesithi yaseNew York uphando lwemisebenzi efihliweyo kwizicelo zeqonga le-Android. Uhlalutyo lwe-100 lamawaka lezicelo eziphathwayo ezivela kwikhathalogu yeGoogle Play, amawaka angama-20 ukusuka kwenye ikhathalogu (i-Baidu) kunye nezicelo ezingamawaka ezingama-30 ezifakwe ngaphambili kwii-smartphones ezahlukeneyo, ezikhethwe kwi-1000 firmware evela kwiSamMobile, ukuba iinkqubo eziyi-12706 (8.5%) ziqulathe ukusebenza okufihliweyo kumsebenzisi, kodwa zivulwe kusetyenziswa ulandelelwano olukhethekileyo, olunokuthi luhlelwe njenge-backdoors.
Ngokukodwa, izicelo ze-7584 zibandakanya izitshixo zokufikelela ezifihlakeleyo, i-501 ifake ii-password ezifakwe kwi-master, kunye ne-6013 iquka imiyalelo efihliweyo. Izicelo ezinengxaki zifumaneka kuyo yonke imithombo yesoftware evavanyiweyo - ngokwepesenti, i-backdoors yachongwa kwi-6.86% (6860) yeenkqubo ezifundwe kuGoogle Play, kwi-5.32% (1064) ukusuka kwikhathalogu engenye kwaye kwi-15.96% (4788) kuluhlu lwezicelo ezifakwe ngaphambili. I-backdoors echongiweyo ivumela nabani na owazi izitshixo, amagama ayimfihlo kunye nolandelelwano lomyalelo ukufumana ufikelelo kwisicelo kunye nayo yonke idatha ehambelana nayo.
Ngokomzekelo, i-app yokusasazwa kwezemidlalo kunye nokufakwa kwezigidi ezi-5 kwafunyaniswa ukuba inesitshixo esakhelwe ngaphakathi sokungena kwi-interface yolawulo, evumela abasebenzisi ukuba batshintshe izicwangciso ze-app kunye nokufikelela kwimisebenzi eyongezelelweyo. Kwi-app yokutshixa isikrini kunye nofakelo lwezigidi ezi-5, iqhosha lokufikelela lifunyenwe elikuvumela ukuba usete kwakhona igama eligqithisiweyo elisetwa ngumsebenzisi ukutshixa isixhobo. Inkqubo yomguquli, enofakelo lwesigidi esi-1, ibandakanya isitshixo esikuvumela ukuba uthenge ngaphakathi kwi-app kwaye uphucule inkqubo kwinguqulo yepro ngaphandle kokuhlawula ngokwenene.
Kwinkqubo yolawulo olukude lwesixhobo esilahlekileyo, esine-10 yezigidi zofakelo, i-password eyinkosi ichongiwe eyenza kube nokwenzeka ukususa i-lock ebekwe ngumsebenzisi kwimeko yokulahleka kwesixhobo. I-master password ifunyenwe kwinkqubo yencwadana ekuvumela ukuba uvule amanqaku ayimfihlo. Kwizicelo ezininzi, iindlela zokulungisa iimpazamo zichongiwe ukuba zibonelele ukufikelela kwizakhono eziphantsi, umzekelo, kwisicelo sokuthenga, umncedisi we-proxy waqaliswa xa kufakwe inhlanganisela ethile, kwaye kwinkqubo yoqeqesho kwakukho ukukwazi ukudlula iimvavanyo. .
Ukongeza kwi-backdoors, izicelo ezingama-4028 (2.7%) zafunyaniswa zinezintlu ezimnyama ezisetyenziselwa ukuvavanya ulwazi olufunyenwe kumsebenzisi. Uluhlu olumnyama olusetyenzisiweyo luqulethe iiseti zamagama angavumelekanga, kubandakanywa amagama amaqela ezopolitiko kunye nezopolitiko, kunye namabinzana aqhelekileyo asetyenziselwa ukoyikisa nokucalula amacandelo athile abemi. Uluhlu olumnyama lwachongwa kwi-1.98% yeenkqubo ezifundwe kwi-Google Play, kwi-4.46% ukusuka kwikhathalogu engenye kwaye kwi-3.87% kuluhlu lwezicelo ezifakwe ngaphambili.
Ukuqhuba uhlalutyo, i-toolkit ye-InputScope eyenziwe ngabaphandi isetyenzisiwe, ikhowudi eya kukhutshwa kungekudala. kwi-GitHub (abaphandi babepapashe ngaphambili umhlalutyi omileyo , efumanisa ngokuzenzekelayo ukuvuza kolwazi kwizicelo).
umthombo: opennet.ru