Abacwaningi baseHelmholtz Centre for Information Security (CISPA), The Ohio State University kanye New York University ucwaningo lokusebenza okufihliwe ezinhlelweni zokusebenza zeplathifomu ye-Android. Ukuhlaziywa kwezicelo zeselula eziyizinkulungwane eziyi-100 ezivela kukhathalogi ye-Google Play, izinkulungwane ezingama-20 ezivela kwenye ikhathalogi (i-Baidu) kanye nezicelo eziyizinkulungwane ezingama-30 ezifakwe kuqala kuma-smartphone ahlukahlukene, akhethwe ku-firmware eyi-1000 yakwa-SamMobile, ukuthi izinhlelo ezingu-12706 (8.5%) ziqukethe ukusebenza okufihliwe kumsebenzisi, kodwa kwenziwe kusebenze kusetshenziswa ukulandelana okukhethekile, okungahlukaniswa njengokungemuva kwendlu.
Ngokucacile, izinhlelo zokusebenza eziyi-7584 zazihlanganisa okhiye bokufinyelela abayimfihlo abashumekiwe, abangu-501 bahlanganisa amaphasiwedi ayinhloko ashumekiwe, futhi angu-6013 afaka imiyalo efihliwe. Izinhlelo zokusebenza eziyinkinga zitholakala kuyo yonke imithombo yesofthiwe ehloliwe - ngokwemibandela yamaphesenti, okungemuva kutholwe ku-6.86% (6860) wezinhlelo ezifundiwe ezivela ku-Google Play, ngo-5.32% (1064) kusuka kwenye ikhathalogi futhi ngo-15.96% (4788) ohlwini lwezinhlelo zokusebenza ezifakwe ngaphambilini. Izicabha ezikhonjiwe zivumela noma ubani owazi okhiye, amaphasiwedi wokwenza kusebenze nokulandelana kwemiyalo ukuze athole ukufinyelela kuhlelo lokusebenza nayo yonke idatha ehlotshaniswa nalo.
Isibonelo, uhlelo lokusebenza lokusakaza kwezemidlalo olufakwe izigidi ezi-5 lutholwe lunokhiye owakhelwe ngaphakathi wokungena kusixhumi esibonakalayo somqondisi, okuvumela abasebenzisi ukuthi bashintshe izilungiselelo zohlelo lokusebenza futhi bafinyelele ukusebenza okwengeziwe. Kuhlelo lokusebenza lokukhiya isikrini olunokufakwa okuyizigidi ezingu-5, kutholwe ukhiye wokufinyelela okuvumela ukuthi usethe kabusha iphasiwedi elisethwa umsebenzisi ukuze ikhiye idivayisi. Uhlelo lomhumushi, olunokufakwa kwesigidi esingu-1, luhlanganisa ukhiye okuvumela ukuthi uthenge ngaphakathi nohlelo futhi uthuthukise uhlelo lube yinguqulo ye-pro ngaphandle kokukhokha.
Kuhlelo lokulawula kude kwedivayisi elahlekile, enokufakwa kwezigidi ezingu-10, kuhlonzwe igama-mfihlo eliyinhloko elenza kube nokwenzeka ukususa ukukhiya okusethwe umsebenzisi uma kwenzeka kulahleka idivayisi. Iphasiwedi eyinhloko itholwe ohlelweni lwe-notebook olukuvumela ukuthi uvule amanothi ayimfihlo. Ezinhlelweni eziningi, izindlela zokulungisa iphutha nazo zahlonzwa ezinikeze ukufinyelela kumakhono asezingeni eliphansi, isibonelo, kuhlelo lokusebenza lokuthenga, iseva elibamba yaqaliswa lapho kufakwa inhlanganisela ethile, futhi ohlelweni lokuqeqesha kwakunamandla okudlula ukuhlolwa. .
Ngokungeziwe kuma-backdoors, izicelo ezingu-4028 (2.7%) zitholwe zinezinhlu ezivinjelwe ezisetshenziselwa ukuhlola ulwazi olutholwe kumsebenzisi. Uhlu oluvinjelwe olusetshenzisiwe luqukethe amasethi wamagama anqatshelwe, okuhlanganisa amagama amaqembu ezombusazwe nosopolitiki, nemishwana evamile esetshenziselwa ukusabisa nokucwasa izingxenye ezithile zabantu. Uhlu oluvinjelwe lukhonjwe ku-1.98% wezinhlelo ezifundiwe ezivela ku-Google Play, ngo-4.46% kusuka kwenye ikhathalogi futhi ngo-3.87% ohlwini lwezinhlelo zokusebenza ezifakwe ngaphambilini.
Ukuze kwenziwe ukuhlaziya, kwasetshenziswa ikhithi yamathuluzi ye-InputScope eyakhiwe abacwaningi, ikhodi ezokhishwa maduze nje. ku-GitHub (abacwaningi bake bashicilela i-analyzer emile , ethola ngokuzenzakalelayo ukuvuza kolwazi ezinhlelweni zokusebenza).
Source: opennet.ru