一种基于智能卡的Android权限管理方法研究

A Study on the Smartcard based Android Application Permission Management

Android系统的应用权限管理由安装时声明和确定,存在无法动态管理和验证的问题,将导致安全风险。文章提出一种基于智能卡验证的动态应用程序权限管理方法,增加了应用安装时权限的细粒度控制,对安装包的签名认证采用基于智能卡数字证书的方式,适合对Android的权限有严格要求的应用场合,能增强Android系统的应用权限管理的安全性。

The application permission in the android system is declared and determined during its installation. The permission of application can＇t be changed after it is installed, it will lead to a security risk. A method for the application dynamic permission management based on smartcard is proposed in this paper. It can achieve fine- grained permission management for the application. The signature verification for the application is based on the smartcard digital certification. This application permission management method can enhance the security of the android system.