中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 期刊论文
Title:
移动社交应用的用户隐私泄漏问题研究
Alternative Title: Research on user privacy leakage in mobile social messaging applications
Author: 程瑶 ; 应凌云 ; 焦四辈 ; 苏璞睿 ; 冯登国
Corresponding Author: Cheng, Y.(chengyao@tca.iscas.ac.cn)
Keyword: 智能移动终端 ; 社交通信类应用 ; 隐私泄露 ; 移动社交网络 ; 隐私保护 ; 智能手机 ; smart mobile devices ; social messaging application ; privacy leakage ; mobile social networks ; privacy protection ; smartphone
Source: 计算机学报
Issued Date: 2014
Volume: 37, Issue:1, Pages:87-100
Indexed Type: EI ; CSCD
Department: 中国科学院软件研究所可信计算与信息保障实验室 北京 100190
Abstract: 智能移动终端以其强大的处理能力和丰富的功能应用迅速得到普及,成为人们日常生活中存储和处理个人信息必不可少的工具.在众多的移动应用中,社交通信类应用致力于为人们提供便捷的日常通信服务,这类应用相比移动通信运营商提供的传统短消息服务更加经济实用,同时提供多媒体通信方式进一步增强用户的社交体验,从而迅速地被广泛接受.为了进一步巩固自身的用户群体,增加用户黏度,这类应用在其内部增添了一种称为“通讯录匹配”的功能.该功能能够向用户推荐其手机通讯录中已经注册过该应用的线下联系人为好友,从而帮助用户快速地将线下社交圈移植到应用线上.然而,用户在获得便利的同时也面临着潜在的隐私泄露风险.文中首次提出了一种独立于各移动智能平台的、能有效利用移动社交通信类应用的通讯录匹配功能实现大规模收集用户私人数据的方法,该方法能够收集到存储于目标应用服务器的用户个人资料,包括手机号码和虚拟应用账户资料以及两者之间的映射关系;其次,为了获取规模更大,内容更全面、更真实的用户资料,文本提出了基于多款社交通信类应用的跨应用整合分析方法以及针对不同应用来源的用户资料数据一致性与真实性分析;最后,在信息获取和分析方法的指导下,文中建立了利用上述漏洞的原型系统,进行了大规模数据实验,最终验证了上述方法的有效性和良好的可扩展性.
English Abstract: Due to their powerful processing capability and diverse equipped applications, smart mobile devices have become the rage to store and manage personal information in people's daily work and lives. This dominant prevalence to a large extent benefits from those various kinds of applications running on the mobile platform. Among them, a staple category of applications have devoted themselves to provide daily social communication service for regular users, which called social messaging applications. It offers users wonderful user experience and various ways of communication via multi-media, such as text, audios, pictures and videos. Comparing to the SMS and MMS, social messaging applications are more widely accepted for their fantastic social experience and economical manner. In order to aggregate user basis and increase their stickiness, social messaging applications incorporate a new functionality component called Address Book Matching which recommends registered user accounts from the address book in one's phone and facilitates the transplantation of users' social circle from offline to online. However, this novel feature brings not only convenience but also potential privacy leakage issues. This paper proposes a novel platform-independent method to collect users' personal information in large scale, including their phone numbers and the corresponding application accounts, by means of abusing Address Book Matching. Besides, based on the user information we obtained, two approaches of further analysis are presented, i. e. single application analysis and cross application integration. In order to pursue more authentic user information, we propose the conformity and authentic analysis of user personal information gathered from different social messaging applications. Finally, on the basis of our collection and analysis approaches, we also build up a prototype system to leverage above mentioned vulnerability. The experiment results demonstrate the effectiveness of our method of taking advantage of Address Book Matching to collect user personal information from social messaging applications in large scale.
Language: 中文
Citation statistics:
Content Type: 期刊论文
URI: http://ir.iscas.ac.cn/handle/311060/16777
Appears in Collections:软件所图书馆_期刊论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
程瑶,应凌云,焦四辈,等. 移动社交应用的用户隐私泄漏问题研究[J]. 计算机学报,2014-01-01,37(1):87-100.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[程瑶]'s Articles
[应凌云]'s Articles
[焦四辈]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[程瑶]‘s Articles
[应凌云]‘s Articles
[焦四辈]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace