Mobile Ecosystem
1 Maginot Line: Assessing a New Cross-app Threat to PII-as-Factor Authentication in Chinese Mobile Apps
关于绕过应用程序的PII-as-Factor Authentication (PaFA),PII是Personally identifiable information。
目前还没看懂这句话到底表现了什么a new threat of PaFA: the simultaneous usages and business-related interactions among apps make the authentication strength of a target app weaker than designed.
哦哦看懂了
通过搜集其他app界面的个人信息PII+攻击者获得受害者的SMS OPT(物理方式从手机上取下来) —-> 登录目标app
2 Leaking the Privacy of Groups and More: Understanding Privacy Risks of Cross-App Content Sharing in Mobile Ecosystem
Cracs:Cross-app content sharing的隐私风险
从三个方面:sharing behavior tracking (SBT), sharing data interception/拦截 (SDI), and sharer data exposure (SDE).
咋感觉这个问题好久之前就已经有了?看了一下作者说的是第一个讨论该问题隐私性的,就是通过分享内容的URL来识别用户的某些信息。这个新加了一个通过分享内容来得到人物关系链。