本文關(guān)鍵詞：移動社交應(yīng)用的用戶隱私泄漏問題研究，由筆耕文化傳播整理發(fā)布。

移動社交應(yīng)用的用戶隱私泄漏問題研究

Research on User Privacy Leakage in Mobile Social Messaging Applications

[1] [2] [3] [4] [5]

CHENG Yao,YING Ling-Yun,JIAO Si-Bei,SU Pu-Rui,FENG Deng-Guo（ 1.Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 1

中國科學(xué)院軟件研究所可信計算與信息保障實驗室,北京100190

文章摘要：智能移動終端以其強大的處理能力和豐富的功能應(yīng)用迅速得到普及,成為人們?nèi)粘Ｉ钪写鎯吞幚韨�人信息必不可少的工具.在眾多的移動應(yīng)用中,社交通信類應(yīng)用致力于為人們提供便捷的日常通信服務(wù),這類應(yīng)用相比移動通信運營商提供的傳統(tǒng)短消息服務(wù)更加經(jīng)濟實用,同時提供多媒體通信方式進一步增強用戶的社交體驗,從而迅速地被廣泛接受.為了進一步鞏固自身的用戶群體,增加用戶黏度,這類應(yīng)用在其內(nèi)部增添了一種稱為“通訊錄匹配”的功能.該功能能夠向用戶推薦其手機通訊錄中已經(jīng)注冊過該應(yīng)用的線下聯(lián)系人為好友,從而幫助用戶快速地將線下社交圈移植到應(yīng)用線上.然而,用戶在獲得便利的同時也面臨著潛在的隱私泄露風(fēng)險.文中首次提出了一種獨立于各移動智能平臺的、能有效利用移動社交通信類應(yīng)用的通訊錄匹配功能實現(xiàn)大規(guī)模收集用戶私人數(shù)據(jù)的方法,該方法能夠收集到存儲于目標應(yīng)用服務(wù)器的用戶個人資料,包括手機號碼和虛擬應(yīng)用賬戶資料以及兩者之間的映射關(guān)系;其次,為了獲取規(guī)模更大,內(nèi)容更全面、更真實的用戶資料,文本提出了基于多款社交通信類應(yīng)用的跨應(yīng)用整合分析方法以及針對不同應(yīng)用來源的用戶資料數(shù)據(jù)一致性與真實性分析;最后,在信息獲取和分析方法的指導(dǎo)下,文中建立了利用上述漏洞的原型系統(tǒng),進行了大規(guī)模數(shù)據(jù)實驗,最終驗證了上述方法的有效性和良好的可擴展性.

Abstr：Due to their powerful processing capability and diverse equipped applications,smart mobile devices have become the rage to store and manage personal information in people＇s daily work and lives.This dominant prevalence to a large extent benefits from those various kinds of applications running on the mobile platform.Among them,a staple category of applications have devoted themselves to provide daily social communication service for regular users,which called social messaging applications.It offers users wonderful user experience and various ways of communication via multi-media,such as text,audios,pictures and videos.Comparing to the SMS and MMS,social messaging applications are more widely accepted for their fantastic social experience and economical manner.In order to aggregate user basis and increase their stickiness,social messaging applications incorporate a new functionality component called Address Book Matching which recommends registered user accounts from the address book in one＇s phone and facilitates the transplantation of users＇ social circle from offline to online.However,this novel feature brings not only convenience but also potential privacy leakage issues.This paper proposes a novel platform-independent method to collect users＇ personal information in large scale,including their phone numbers and the corresponding application accounts,by means of abusing Address Book Matching.Besides,based on the user information we obtained,two approaches of further analysis are presented,i.e.single application analysis and cross application integration.In order to pursue more authentic user information,we propose the conformity and authentic analysis of user personal information gathered from different social messaging applications.Finally,

文章關(guān)鍵詞：

Keyword：:smart mobile devices social messaging application privacy leakage mobile social networks privacy protection smartphone

課題項目：國家“九七三”重點基礎(chǔ)研究發(fā)展規(guī)劃項目基金（2012CB315804）、國家自然科學(xué)基金（61073179）、國家自然科學(xué)基金--重大研究計劃（91118006）及北京市自然科學(xué)基金（4122086）資助.

  本文關(guān)鍵詞：移動社交應(yīng)用的用戶隱私泄漏問題研究，，由筆耕文化傳播整理發(fā)布。