Journal of Information Security Reserach ›› 2022, Vol. 8 ›› Issue (1): 71-.
Previous Articles Next Articles
Online:
Published:
章恒;禄凯;
(国家信息中心 北京 100045)
通讯作者:
作者简介:
Abstract:
With the development of Internet + government service, the traditional government service model has changed. Mobile applications have penetrated into all aspects of government service, bringing efficiency and convenience, but also bringing security risks. This article analyzes the security status of government APPs from the characteristics of government APPs, mobile malicious programs, excessive use of permissions, piracy and counterfeiting,etc.; statistically analyzes the security vulnerabilities of government APPs; and focuses on the analysis of three typical risk scenarios, include sensitive information leakage, content tampering, and third-party related transaction certification. At the end of this article, suggestions for dealing with the security risks of government APP are given from the aspects of security development awareness, security testing specifications, and release channel management. This article has certain reference significance for the healthy development of government mobile applications.
Key words: Government APP, mobile application, government service, security risk, security inspection
摘要: 随着我国互联网+政务服务的发展,传统的政务服务模式发生改变,移动应用深入到政务服务的方方面面,带来高效便利的同时,也带来了安全风险.本文从政务APP的特征、移动恶意程序、权限过度使用、盗版仿冒等多个方面分析了政务APP的安全现状;统计分析了政务APP的安全漏洞;并着重分析了敏感信息泄露、内容篡改、第三方关联交易认证3个典型风险场景.本文最后从安全开发意识、安全检测规范、发布渠道管理等方面给出了应对政务APP安全风险的建议.本文对我国政务移动应用的健康发展具有一定的参考意义.
关键词: 政务APP, 移动应用, 政务服务, 安全风险, 安全检测
章恒, 禄凯, . 政务APP安全风险分析及应对[J]. 信息安全研究, 2022, 8(1): 71-.
0 / / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://www.sicris.cn/EN/
http://www.sicris.cn/EN/Y2022/V8/I1/71
[1] 中国互联网络信息中心. 中国互联网络发展状况统计报告(2020)[EB/OL]. (2020-09-29) [2021-02-02] http://cnnic.cn/gywm/xwzx/rdxw/202009/t20200929_71255.htm
[2] 人民网.中国移动互联网发展报告(2020)[EB/OL].(2020-07-15)[2021-02-02]. http://5gcenter.people.cn/n1/2020/0715/c430159-31783993.html
[3] European Union. General Data Protection Regulation (GDPR) [EB/OL]. (2018-05-25)[2021-02-02].
https://gdpr-info.eu/
[4] 全国信息安全标准化技术委员会. GB/T 35273-2020 信息安全技术 个人信息安全规范[S]. 北京:中国标准出版社,2020
[5] 国家互联网应急中心. 2019年我国互联网网络安全态势综述[EB/OL].(2020-04-20)[2021-02-02] .http://www.cac.gov.cn/2020-04/20/c_1588932297982643.htm
[6] 艾媒网. 2018中国手机APP隐私权限测评报告[EB/OL].(2018-04-28)[2021-02-02] .https://www.iimedia.cn/c400/61251.html
[7] 刘蓉,于浩佳,陈思远,等. 基于APP分层结构的Android应用漏洞分类法[J]. 信息安全研究, 2018, 4 (9): 792-798
[8] 中华人民共和国第十二届全国人民代表大会.中华人民共和国网络安全法[Z]. (2016-11-07)