Security Analysis and Enhancement of Third-Party Android Push Service

Lu Yemian; Li Yifu; Ying Lingyun; Gu Yacong; Su Purui; Feng Dengguo

doi:10.7544/issn1000-1239.2016.20150528

Journal of Computer Research and Development > 2016 > 53(11): 2431-2445. > DOI: 10.7544/issn1000-1239.2016.20150528 CSTR: 32373.14.issn1000-1239.2016.20150528

Lu Yemian, Li Yifu, Ying Lingyun, Gu Yacong, Su Purui, Feng Dengguo. Security Analysis and Enhancement of Third-Party Android Push Service[J]. Journal of Computer Research and Development, 2016, 53(11): 2431-2445. DOI: 10.7544/issn1000-1239.2016.20150528

Citation:

PDF (2832 KB)

Security Analysis and Enhancement of Third-Party Android Push Service

¹(Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190)
²(National Computer Emergency Response Team and Coordination Center of China, Beijing 100029)
³(School of Computer and Control Engineering, University of Chinese Academy of Sciences, Beijing 101408)

More Information

Published Date: October 31, 2016

Graphical Abstract

Abstract

Abstract

Push service is becoming a basic service for smartphone applications. Many companies, including official and third parties, have released their push services. In order to reduce resource cost, some third-party push services share push channels among applications running on the same device and using the same push service, which means that the background push component of one application acts as the push data distribution center for other applications. Due to the lack of considering security attributes such as confidentiality and integrity, the distribution part faces a variety of attacks. In this work we analyze the security issues in the data distribution part of third-party push services on Android. We design a corresponding attack model and implement attacks including eavesdropping, data tampering, forgery and replay attacks. During our experiments, it shows that most of the third-party Android push services using shared channels are subject to these attacks. It may cause some security hazards such as user privacy leakage and phishing attack. To mitigate the above threats, we propose SecPush which is a security enhancement scheme for Android push service. SecPush secures data distribution by introducing encryption and HMAC algorithm. Experimental results show that SecPush can effectively protect push data against eavesdropping, data tampering, forgery and replay attacks.
- Android,
- push service,
- data distribution,
- shared channel,
- security analysis,
- security enhancement

FullText(HTML)

References (0)

[1]	Zhang Chunyun, Zhao Hongyan, Deng Jiqin, Cui Chaoran, Dong Xiaolin, Chen Zhumin. Category Adversarial Joint Learning Method for Cross-Prompt Automated Essay Scoring[J]. Journal of Computer Research and Development, 2025, 62(5): 1190-1204. DOI: 10.7544/issn1000-1239.202440266
[2]	Lu Feng, Li Wei, Gu Lin, Liu Shuai, Wang Runheng, Ren Yufei, Dai Xiaohai, Liao Xiaofei, Jin Hai. Selection of Reputable Medical Participants Based on an Iterative Collaborative Learning Framework[J]. Journal of Computer Research and Development, 2024, 61(9): 2347-2363. DOI: 10.7544/issn1000-1239.202330270
[3]	Lu Yuxuan, Kong Lanju, Zhang Baochen, Min Xinping. MC-RHotStuff: Multi-Chain Oriented HotStuff Consensus Mechanism Based on Reputation[J]. Journal of Computer Research and Development, 2024, 61(6): 1559-1572. DOI: 10.7544/issn1000-1239.202330195
[4]	Zheng Susu, Fu Xiaodong, Yue Kun, Liu Li, Liu Lijun, Feng Yong. Online Service Reputation Measurement Method Based on Kendall tau Distance[J]. Journal of Computer Research and Development, 2019, 56(4): 884-894. DOI: 10.7544/issn1000-1239.2019.20180034
[5]	Ma Haiyan, Liang Yongquan, Ji Shujuan, Li Da. A Trust-Distrust Based Reputation Attacks Defending Strategy and Its Stability Analysis[J]. Journal of Computer Research and Development, 2018, 55(12): 2685-2702. DOI: 10.7544/issn1000-1239.2018.20170587
[6]	Zhang Yuanpeng, Deng Zhaohong, Chung Fu-lai, Hang Wenlong, Wang Shitong. Fast Self-Adaptive Clustering Algorithm Based on Exemplar Score Strategy[J]. Journal of Computer Research and Development, 2018, 55(1): 163-178. DOI: 10.7544/issn1000-1239.2018.20160937
[7]	Lin Hui, Ma Jianfeng, Xu Li. A Secure Routing Protocol for MWNs Based on Cross-Layer Dynamic Reputation Mechanism[J]. Journal of Computer Research and Development, 2014, 51(7): 1486-1496.
[8]	Ma Shouming, Wang Ruchuan, Ye Ning. Secure Data Aggregation Algorithm Based on Reputations Set Pair Analysis in Wireless Sensor Networks[J]. Journal of Computer Research and Development, 2011, 48(9): 1652-1658.
[9]	Zhao Xiang, Huang Houkuan, Dong Xingye, and He Lijian. A Trust and Reputation System Model for Open Multi-Agent System[J]. Journal of Computer Research and Development, 2009, 46(9): 1480-1487.
[10]	He Lijian, Huang Houkuan, Zhang Wei. A Survey of Trust and Reputation Systems in Multi Agent Systems[J]. Journal of Computer Research and Development, 2008, 45(7).