摘要
在移动互联网时代,安卓移动应用软件已经渗透到人们生产生活的方方面面,安卓代码签名的安全问题一直是黑灰产关注的重点。通过分析不同版本的安卓代码签名机制以及代码签名在证书算法、证书使用、软件权责、软件保护、证书更新等方面存在的风险挑战,从行业标准、企业内部、政策监管、产业链责任和义务等方面向产业相关方提出对策建议,为行业相关技术研究、标准制定和政策发布提供参考。
In the era of mobile Internet,Android mobile application software has penetrated into every aspect of people’s production and life,and the security issue of Android code signature is always a focus of attention for BlackGrey.By analyzing the Android code signing mechanism of different versions and the risk and challenge of code signing in terms of certificate algorithm, certificate usage, software rightsand responsibilities, software protection, certificate update, etc., this paper puts forward countermeasuresand suggestions to industry stakeholders from industry standards, internal enterprises, policy supervision,industry chain responsibilities and obligations, which provides a reference for the industry to carry outrelevant technical research, standard formulation and policy issuance.
作者
宋恺
邓佑军
王浩仟
张静怡
汪海
SONG Kai;DENG Youjun;WANG Haoqian;ZHANG Jingyi;WANG Hai(China Academy of Information and Communications Technology,Beijing 100191,China;Key Laboratory of Mobile Application Innovation and Governance Technology,Ministry of Industry and Information Technology,Beijing 100191,China)
出处
《信息安全与通信保密》
2023年第9期36-44,共9页
Information Security and Communications Privacy
基金
工业和信息化部财政项目“面向移动互联网应用程序的检测及认证公共服务平台”(No.20230087)。
关键词
安卓应用软件
代码签名
数字证书
第三方认证
Android application software
code signing
digital certificate
third-party certification