Uhlelo olungayilungele ikhompyutha

Inqubomgomo yethu yohlelo olungayilungele ikhompuyutha ilula, i-ecosystem ye-Android okufaka phakathi i-Google Play Isitolo, namadivayisi omsebenzisi kufanele kungabi nokuziphatha okunonya (isb. uhlelo olungayilungele ikhompuyutha). Ngalesi simiso esiyinhloko silwela ukuhlinzeka nge-ecosystem ye-Android ephephile kubasebenzisi bethu kanye namadivayisi wabo we-Android.

Uhlelo olungayilungele ikhompuyutha yinoma iyiphi ikhodi engase ifake umsebenzisi, idatha yomsebenzisi, noma idivayisi engozini. Uhlelo olungayilungele ikhompyutha lufaka phakathi, kodwa alipheleli nje konambambili be-Potentially Harmful Applications (PHAs), noma ukuguqulwa kohlaka, okuqukethe izigaba ezifana nama-trojan, ubugebengu bokweba imininingwane ebucayi, nezinhlelo zokusebenza zenhloli, futhi siyaqhubeka nokubuyekeza nokwengeza izigaba ezintsha.

Nakuba lunohlobo namakhono angafani, uhlelo olungayilungele ikhompyutha ngokuvamile lunomgomo owodwa kulena : .

  • Ukufaka engcupheni ubuqotho bedivayisi yomsebenzisi.
  • Ukuthola ukulawula idivayisi yomsebenzisi.
  • Ukunika amandla imisebenzi elawulwa kude ukuze umhlaseli akwazi ukufinyelela, ukusebenzisa, noma ukuchaya idivayisi ehlaselwe.
  • Ukudlulisa idatha yomuntu siqu noma ukuqinisekisa kwedivayisi ngaphandle kokuveza ulwazi okwanele nemvume.
  • Ukusabalalisa ugaxekile noma imiyalo kusuka kudivayisi ehlaselwe ukuze ihlasele amanye amadivayisi noma amanethiwekhi.
  • Ukukhwabanisa umsebenzisi.

Ukuguqulwa kwe-app, konambambili, noma kohlaka kungase kube ingozi, futhi kungase kubangele ukuziphatha okunonya, ngisho noma kade kungahloselwe ukuthi kube ingozi. Lokhu kungenxa yokuthi ukuguqulwa kwezinhlelo zokusebenza, onambambili, noma uhlaka kungase kusebenze ngokwehlukile kuya ngezinhlobo zokuguquka. Ngakho-ke, lokho okuyingozi kwenye idivayisi ye-Android kungase kungabi ingozi neze kwenye idivayisi ye-Android. Ngokwesibonelo, idivayisi esebenzisa inguqulo yakamuva ye-Android ayithonywa izinhlelo zokusebenza eziyingozi ezisebenzisa ama-API ahoxisiwe ukwenza ukuziphatha okunonya kodwa idivayisi esasebenzisa inguqulo yangaphambilini ye-Android ingase ibe sengozini. Ukuguqulwa kwezinhlelo zokusebenza, onambambili, uhlaka kumakwa njengohlelo olungayilungele ikhompuyutha noma i-PHA uma ngokucacile kuyingozi kwamanye noma kuwo wonke amadivayisi nabasebenzisi.

Izigaba zohlelo olungayilungele ikhompyutha, ngenzansi, zibonisa inkolelo yethu eyisisekelo yokuthi abasebenzisi kufanele baqonde indlela idivayisi yabo esetshenziswa ngayo ngokuphelele nokukhuthaza i-ecosystem evikelekile enika amandla ukuqamba kabusha okunamandla kanye nolwazi olunzulu ngomsebenzisi olwethenjwayo.

Vakashela Google Play Protect ngolwazi olungeziwe.

GOQA KONKE NWEBA KONKE

 

Iminyango engemuva

Ikhodi evumela ukusetshenziswa kwemisebenzi engafuneki, engase ibe ingozi, yesilawuli kude kudivayisi.

Le misebenzi ingase ifake phakathi ukuziphatha okungase kubeke ukuguqulwa kohlelo lokusebenza, konambambili, noma kohlaka kweyodwa yalezi zigaba zohlelo olungayilungele ikhompuyutha uma kusetshenziswe ngokuzenzakalelayo. Ngokumavile, ukungena ngemuva kuyincazelo yendlela umsebenzi ongase ube yingozi ongenzeka ngayo kudivayisi futhi ngenxa yalokho, awuqondene ngokuphelele ngezigaba ezifana nokukhwabanisa kwenkokhelo noma inhloli yezentengiso. Ngenxa yalokho, isethi engaphansi yokungena ngemuva, ngaphansi kwezinye izimo, kubhekwa i-Google Play Protect njengokuba engcupheni.

 

Ukukhwabanisa Kwenkokhelo

Ikhodi ekhokhisa umsebenzisi ngokuzenzakalelayo ngendlela ekhohlisayo ngenhloso.

Inkokhiso yokukhwabanisa kweselula ihlukaniswe ngokokukhwabanisa kwe-SMS, ukukhwabanisa kwekholi, kanye nokukhwabanisa Kocingo.

Ukukhwabanisa kwe-SMS
Ikhodi ekhokhisa abasebenzisi ngokuthumela i-premium SMS ngaphandle kwemvume, noma izame ukufihla imisebenzi yayo ye-SMS ngokusitha isivumelwano sokuveza ulwazi noma imilayezo ye-SMS evela ku-opharetha weselula eyazisa umsebenzisi ngezinkokhelo noma eqinisekisa okubhaliselwe.

Enye ikhodi, nakuba iveza ulwazi lwe-SMS ngokobuchwepheshe ngokuthumela ukuziphatha, yethula ukuziphatha okwengeziwe okwamukela ukukhwabanisa kwe-SMS. Izibonelo zihlanganisa ukufihla izingxenye zesivumelwano sokuveza ulwazi ezivela kumsebenzisi, kuzenze zingafundeki, kanye nemiyalezo ye-SMS ecindezelayo ngokwemibandela evela ku-opharetha weselula etshela umsebenzisi ngezinkokhelo noma eqinisekisa okubhaliselwe.

Ikholi Yokukhwabanisa
Ikhodi ekhokhisa abasebenzisi ngokwenza amakholi ezinomboloweni ze-premium ngaphandle kwemvume yomsebenzisi.

Ucingo Lokukhwabanisa
Ikhodi elutha abasebenzisi ukuba babhalise noma bathenge okuqukethwe ngenkokhiso yeselula yefoni.

Ucingo Lokukhwabanisa lihlanganisa nanoma yiluphi uhlobo lwenkokhelo ehlukile kweye-premium SMS neyezingcingo ze-premium. Izibonelo zalokhu zihlanganisa onkokhiso eqondile yenkampani yenethiwekhi, iphoyinti lokufinyelela elingaxhunywe (WAP), kanye nokudluliselwa kwe-airtime ngeselula. Ukukhwabanisa kwe-WAP kungolunye lwezinhlobo ezivame kakhulu zokukhwabanisa Ngocingo. Ukukhwabanisa nge-WAP kungahlanisa ukulutha abasebenzisi ukuba bachofoze inkinobho yokulayishiwe buthule, okubonisa ngale kwe-WebView. Ekwenzeni isenzo, ukubhalisa okuqhubekayo kuyaqaliswa, bese i-SMS yokuqinisekisa noma i-imeyili ngokuvamile iyagcekezwa ukuvimbela abasebenzisi ukuba baqaphele ukushintshisana kwemali okwenzekayo.

 

I-Stalkerware

Ikhodi eqoqa idatha yomuntu siqu noma enozwela yomsebenzisi kudivayisi futhi idlulisele idatha kwinkampani yangaphandle (ibhizinisi noma omunye umuntu) ngezinjongo zokuqapha.

Ama-app kufanele anikeze ukuveza ulwazi okwanele okuvelele futhi athole imvume njengoba kudingwa inqubomgomo Yedatha Yomsebenzisi.

Imihlahlandlela Yokuqapha Ama-application

Ama-app aklanywe ngokukhethekile futhi akhangisiwe ukuze aqaphe omunye umuntu, ngokwesibonelo abazali ukuze baqaphe izingane zabo noma abaphathi bebhizinisi ukuze baqaphe isisebenzi ngasinye, inqobo nje uma ethobelana ngokugcwele nezimfuneko ezichazwe ngezansi okungama-app okuqapha amukelekayo kuphela. Lama-app awakwazi ukusetshenziselwa ukulandelela omunye umuntu (ngokwesibonelo, umlingane) ngisho noma azi noma evumelana nakho, kungakhathaliseki uma isaziso esiphikelelayo sibonisiwe. Lama-app kufanele asebenzise umaka wemethadatha ye-IsMonitoringTool kufayela lawo le-manifest ukuze azimise ngokufanelekile njengama-app okuqapha.

Ama-app okuqapha kufanele athobelane nalezi zimfuneko:

  • Ama-app akufanele azethule njengesixazululo sokuzifihla noma esinobugebengu.
  • Ama-app akufanele azifihle noma alandele ukuziphatha noma azame ukulahlekisa abasebenzisi mayelana nomsebenzi onjalo.
  • Ama-app kufanele anikeze abasebenzisi isaziso esiphikelelayo ngazo zonke izikhathi lapho i-app isebenza kanye nesithonjana esihlukile esihlonza ngokucacile i-app.
  • Ama-app kufanele aveze ulwazi lokuqapha noma ukulandelela ukusebenza encazelweni ye-Google Play Store.
  • Ama-app nohlu lwama-app ku-Google Play akufanele anikezele ngenye indlela yokusebenzisa noma ukufinyelela umsebenzi owephula le migomo, njengokuxhuma ku-APK engahambisani esingethwe ngaphandle kwe-Google Play.
  • Ama-app kufanele athobelane nanoma yimiphi imithetho esebenzayo. Nguwe onesibopho esiphelele sokunquma ukuba semthethweni kohlelo lwakho lokusebenza endaweni yayo ekhonjiwe.
Sicela ubheke esihlokweni Sesikhungo Sosizo Sokusetshenziswa kwe-isMonitoringTool Flag ukuze uthole ulwazi olwengeziwe.

 

I-Denial of Service (DoS)

Ikhodi, okuthi ngaphandle kolwazi lomsebenzisi, isayinde usahlelo lokwenqatshwa kwesevisi (DoS) noma ingxenye yosahlelo lwe-DoS ngokumelene namanye amasistimu nezinsiza.

Isibonelo, lokhu kungenzeka ngokuthumela izicelo ze-HTTP eziningi kakhulu ukukhiqiza umthwalo omkhulu kumaseva akude.

 

Izilandi Ezinobutha

Ikhodi yona ngokwayo engasi yingozi, kodwa elanda amanye ama-PHA.

Ikhodi ingaba okulandwayo okunobutha uma:

  • Kunesizathu sokukholelwa ukuthi beyidalelwe ukusabalalisa i-PHA futhi inama-PHA alandiwe noma iqukethe ikhodi angalanda futhi afake izinhlelo zokusebenza; noma
  • Okungenani u-5% wezinhlelo zokusebenza ezilandwe yiyo zingeze-PHA enombundu wezinhlelo zokusebenza ezingu-500 ezilandiwe (Ukulandwa kwama-PHA angu-25 aboniwe).

Iziphequluli ezinkulu nokwabelana nezinhlelo zokusebenza ezabelana ngefayela azicatshangelwa njengokulandwayo okunobutha uma nje: .

  • Kungaqondisi okulandwayo ngaphandle kokuzihlanganisa nomsebenzisi, kanye
  • Nakho konke okulandwayo kwe-PHA okusungulwe abasebenzisi abanemvume.

 

Ukusongelwa Okungesikho okwe-Android

Ikhodi equkethe izinsongo ezingezona ze-Android.

Lezi zinhlelo zokusebenza ngeke zibangele ukulimala kumsebenzisi we-Android noma kudivayisi, kodwa ziqukethe izakhi ezingaba ezilimazayo kwezinye izinkundla.

 

Ubugebengu bokweba imininingwane ebucayi

Ikhodi eyenza sengathi ivela kumthombo othenjwayo, icela ukuqinisekisa kokufakazela ubuqiniso komsebenzisi noma ulwazi lokukhokha, futhi ithumela idatha kwinkampani yangaphandle. Lesi sigaba sisebenza futhi kukhodi evimbela ukudluliswa kokuqinisekisa komsebenzisi okuthuthwayo.

Amathagethi avamile wobugebengu bokweba imininingwane ebucayi afaka phakathi ukuqinisekisa, izinombolo zekhadi lesikweletu, ukuqinisekisa kwe-akhawunti eku-inthanethi yamanethiwekhi wokuxhumana nomphakathi namageyimu.

 

Ukuhlukunyezwa kwelungelo eliphakanyisiwe

Ikhodi efaka engcupheni ubuqotho besistimu ngokunqamula i-sandbox yohlelo lokusebenza, ukuthola amalungelo aphakeme, ukushintsha noma ukukhubaza ukufinyelela kwimisebenzi ehambisana nokuvikeleka okuwumongo.

Izibonelo zifaka phakathi:

  • Uhlelo lokusebenza olwephula imodeli yezimvume ze-Android, noma oluntshontsha ukuqinisekisa (njengamathokheni we-OAuth) kusuka kwezinye izinhlelo zokusebenza.
  • Izinhlelo zokusebenza ezihlukumeza izici ukuzigwema ukuthi zingakhishwa noma zimiswe.
  • Uhlelo lokusebenza olukhubaza i-SELinux.

Izinhlelo zokusebenza ezisheshisa ilungelo lokulokha amadivayisi ngaphandle kwemvume yomsebenzisi zihlukaniswa njengezinhlelo zokusebenza zokulokha.

 

I-Ransomware

Ikhodi ethatha ukulawula okuyingxenye noma okuphelele kwedivayisi noma idatha kudivayisi futhi efuna ukuthi umsebenzisi enze inkokhelo noma enze isenzo sokukhipha ukulawula.

Enye i-ransomware ibethela idatha kudivayisi futhi ifuna inkokhelo yokususa ukubethela idatha futhi/noma ukubamba izici zomphathi wedivayisi ukuze ingasuswa yinoma yimuphi umsebenzisi. Izibonelo zifaka phakathi:

  • Ukuvalela ngaphandle umsebenzisi kwedivayisi yakhe nokufuna imali yokubuyisela ukulawula komsebenzisi.
  • Ukubethela idatha kudivayisi nokufuna inkokhelo ebukeka sengathi iyiqiniso yokususa ukubethela idatha.
  • Ukubamba izici zomphathi wenqubomgomo yedivayisi nokuvimbela ukususwa ngumsebenzisi.

Ikhodi esatshalaliswe ngedivayisi injongo yayo eyinhloko ingukuphathwa kwedivayisi okusekelwe ingase ikhishwe kwisigaba se-ransomware ngaphandle uma ihlangabezana nezimfuneko zokukhiya okuvikelekile nokuphathwa, kanye nezimfuneko zokuveza ulwazi lomsebenzisi olwanele nezemvume.

 

Ukurutha

Ikhodi erutha idivayisi.

Kunomehluko phakathi kwekhodi yokurutha engenalo unya kanye nenonya. Ngokwesibonelo, izinhlelo zokusebenza ezirutha ngokungenalo unya zivumela umsebenzisi ukuba azi kusengaphambili ukuthi uzorutha idivayisi futhi angasayindi ezinye izenzo ezingaba yingozi ezisebenza kwezinye izigaba ze-PHA.

Izinhlelo okusebenza ezirutha ngonya azimazisi umsebenzisi ukuthi zizorutha idivayisi, noma zitshela umsebenzisi ngokurutha kusengaphambili kodwa futhi zisayinde ezinye izenzo ezisebenza kwezinye izigaba ze-PHA.

 

Ugaxekile

Ikhodi ethumela imilayezo engacelwanga kwabathintwayo bomsebenzisi noma esebenzisa idivayisi njengesidlulisi sogaxekile we-imeyili.

 

Inhloli

I-spyware iyi-aplikheshini eyingozi, ikhodi noma ukusebenza kohlelo okuqoqa, kuhoxise noma kwabelane ngemininingwane yomsebenzisi noma yedivayisi engahambisani nokusebenza okufanele kwenqubomgomo.

Ikhodi eyingozi noma isenzo esingabhekwa njengokobunhloli kumsebenzisi noma okuhoxisa imininingwane ngaphandle kwesaziso esifanele noma imvume nakho kubhekwa njengobunhloli.

Ngokwesibonelo, ukwephula imithetho ye-spyware ihlanganisa, kodwa ayipheleli kulokhu:

  • Ukurekhoda okulalelwayo noma ukurekhoda izingcingo okwenziwe efonini
  • Ukweba imininingwane ye-app
  • I-app enekhodi eyingozi yenhlangano eseceleni (ngokwesibonelo, i-SDK) edlulisa imininingwane yedivayisi ngendlela engalindelekile kumsebenzisi kanye/noma ngaphandle kokwaziswa ngendlela efanele umsebenzisi noma ngaphandle kwemvume yakhe.

Onke ama-app kumelwe athobele zonke Izinqubomgomo Zezinhlelo Zonjiniyela be-Google Play, okubandakanya umsebenzisi kanye nezinqubomgomo zemininingwane yedivayisi Njengamasofthiwe Angadingeki Eselula, Imininingwane Yomsebenzisi, Izimvume kanye nama-API afinyelela Kulwazi Olubucayi, kanye Nezimfuneko ze-SDK.

 

I-Trojan

Ikhodi evela njengeyona ingozi, njengegeyimu ethi iyigeyimu nje, kodwa eyenza izenzo ezingathandeki ngokumelene nomsebenzisi.

Ngokuvamile lokhu kuhlukaniswa kusetshenziswa ngokuhlangene nezinye izigaba ze-PHA. I-trojan inengxenye engeyona ingozi kanye nengxenye eyingozi efihlekile. Ngokwesibonelo, igeyimu ethumela imilayezo ye-SMS ye-premium kusuka kudivayisi yomsebenzisi ngemuva futhi ngaphandle kolwazi lomsebenzisi.

 

Inothi kuzinhlelo zokusebenza ezingavamile

Izinhlelo zokusebenza ezintsha nezingavamile zingase zibhekwe njengezingavamile uma i-Google Play Protect ingenalo ulwazi olwanele lokuzibheka njengeziphephile. Lokhu akusho ukuthi uhlelo lokusebenza luyingozi, kodwa ngaphandle kwesibuyekezo esengeziwe akukwazi ukubhekwa njengokuphephile.

 

Inothi esigabeni sokungena ngemuva

Ukuhlukaniswa kwesigaba senhloli kokungena ngemva kuncike kwindlela ikhodi esabela ngayo. Isimo esidingekile sanoma iyiphi ikhodi yokuhlukanisa njengokungena ngemuva wukuthi sinika amandla ukuziphatha okungase kubeke ikhodi kwenye yezinye izigaba zenhloli uma isetshenziswe ngokuzenzekelayo. Ngokwesibonelo, uma uhlelo lokusebenza livumela ukulayishwa kwekhodi eshintshayo kanye nekhodi elayishwe ngokuzishintshayo kuthola imilayezo yombhalo, kuzobhekwa njengenhloli yokungena ngemuva.

Nokho, uma uhlelo lokusebenza livumela ukusetshenziswa kwekhodi engafanele futhi singenaso isizathu sokukhokhelwa ukuthi lokhu kusetshenziswa kwekhodi kwengeziwe ukwenza isenzo esinonya lolo hlelo lokusebenza lizophathwa njengokuba sengcupheni, esikhundleni senhloli yokungena ngemuva, futhi unjiniyela uzocelwa ukuthi alupeshe.

 

I-Maskware

I-app esebenzisa izindlela ezihlukahlukene zokugwema ukuze inikeze umsebenzisi umsebenzi ohlukile, noma owumgunyathi, we-application. La ma-app azifihla njengama-app noma amageyimu asemthethweni ukuze abonakale engenacala ezitolo zama-app futhi asebenzise amasu afana ne-obfuscation, ukulayisha amakhodi ashukumisayo, noma ukuvala ukuveza okuqukethwe okunonya.

I-Maskware ifana nezinye izigaba ze-PHA, ikakhulukazi i-Trojan, umehluko omkhulu kuba amasu asetshenziselwa ukufihla umsebenzi ononya.

Ingabe lokhu kube usizo?

Singayithuthukisa kanjani?

Udinga usizo olungaphezulu?

Zama lezi zinyathelo ezilandelayo:

Xhumana nathi Sitshele okuningi futhi sizokusiza ukuthi ufike lapho
true
Sesha
Sula usesho
Vala usesho
Imenyu eyinhloko
17614876910902530201
true
Sesha isikhungo sosizo
true
true
true
true
true
92637
false
false