Journal of Information Security Reserach ›› 2022, Vol. 8 ›› Issue (1): 71-.

Previous Articles     Next Articles

Security Risk Analysis and Countermeasures of Government APP Zhang Heng and Lu Kai

  

  • Online:2022-01-09 Published:2022-01-07

政务APP安全风险分析及应对

章恒;禄凯;   

  1. (国家信息中心  北京  100045

  • 通讯作者: 章恒 硕士研究生,高级工程师.主要研究方向为自组织网络、移动通信系统、云计算安全、数据安全、移动应用安全. zhangheng@sic.gov.cn
  • 作者简介:章恒 硕士研究生,高级工程师.主要研究方向为自组织网络、移动通信系统、云计算安全、数据安全、移动应用安全. zhangheng@sic.gov.cn 禄凯 硕士研究生,高级工程师.主要研究方向为网络安全、信息安全风险管理体系、云计算安全、数据安全、移动应用安全. lukai@sic.gov.cn

Abstract:

With the development of Internet + government service, the traditional government service model has changed. Mobile applications have penetrated into all aspects of government service, bringing efficiency and convenience, but also bringing security risks. This article analyzes the security status of government APPs from the characteristics of government APPs, mobile malicious programs, excessive use of permissions, piracy and counterfeiting,etc.; statistically analyzes the security vulnerabilities of government APPs; and focuses on the analysis of three typical risk scenarios, include sensitive information leakage, content tampering, and third-party related transaction certification. At the end of this article, suggestions for dealing with the security risks of government APP are given from the aspects of security development awareness, security testing specifications, and release channel management. This article has certain reference significance for the healthy development of government mobile applications.

Key words: Government APP, mobile application, government service, security risk, security inspection

摘要: 随着我国互联网+政务服务的发展,传统的政务服务模式发生改变,移动应用深入到政务服务的方方面面,带来高效便利的同时,也带来了安全风险.本文从政务APP的特征、移动恶意程序、权限过度使用、盗版仿冒等多个方面分析了政务APP的安全现状;统计分析了政务APP的安全漏洞;并着重分析了敏感信息泄露、内容篡改、第三方关联交易认证3个典型风险场景.本文最后从安全开发意识、安全检测规范、发布渠道管理等方面给出了应对政务APP安全风险的建议.本文对我国政务移动应用的健康发展具有一定的参考意义.

关键词: 政务APP, 移动应用, 政务服务, 安全风险, 安全检测