CN109145645B - Method for protecting short message verification code in android mobile phone - Google Patents
Method for protecting short message verification code in android mobile phone Download PDFInfo
- Publication number
- CN109145645B CN109145645B CN201810996054.6A CN201810996054A CN109145645B CN 109145645 B CN109145645 B CN 109145645B CN 201810996054 A CN201810996054 A CN 201810996054A CN 109145645 B CN109145645 B CN 109145645B
- Authority
- CN
- China
- Prior art keywords
- short message
- array
- executing
- data
- verification code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
- H04W4/14—Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
Abstract
The invention discloses a method for protecting short message verification codes in an android mobile phone, which can protect the short message verification code data from being stolen by establishing logic, short message broadcast sending logic, short message database insertion logic and short message database query logic for a short message database. The invention identifies and protects the verification code information from the source of short message acquisition, and effectively ensures that the third-party application cannot acquire the short message verification code data. And the invention only modifies part of the logic code of the framework layer, thus ensuring the stability of the system. Moreover, the invention causes very little performance loss.
Description
Technical Field
The invention relates to the field of mobile data security, in particular to a method for protecting a short message verification code in an android mobile phone.
Background
Nowadays, smart phones are more and more widely used, and each smart phone can represent the identity of one person. Many authorization actions are performed by short message authentication codes, for example, authorization of network payment, authorization of user login, authorization of user information modification, and the like. Especially, the network payment forms effective two-factor protection through the account password of the network bank and the short message verification code. However, the short message verification code can still be stolen by an attacker. An attacker usually obtains a bank account and a password of a user by forging a phishing page forming a bank login interface, and then steals verification code information through short message broadcasting or database monitoring, so that double-factor protection is broken, assets of the user are stolen, and great economic loss is caused to the user.
The android mobile phone allows all applications applying for short message broadcasting permission and registering short message broadcasting to acquire short message contents through short message broadcasting, and also allows all applications applying for short message database access permission to monitor and query the short message database so as to acquire the short message contents. The method and the device facilitate other benign third-party applications and also greatly facilitate malicious applications to steal the content of the short message. The mainstream short message protection means is to protect the short message by intercepting a key API, and to prevent the short message from being sent out by detecting whether some keywords exist in the sent data. However, the mainstream malicious applications now simply encrypt the stolen data, thereby bypassing the means of keyword detection. There are also a series of privacy protection means implemented by the taint tracking technology, and the biggest problem of this method is that the modification amount to the system is large, and the compatibility problem is easily caused, causing performance loss and instability. Therefore, the existing methods cannot well prevent the mobile phone short message verification code from being stolen.
Disclosure of Invention
The invention aims to provide a method for protecting a short message verification code in an android mobile phone aiming at the problems in the prior art. The method protects the short message verification code from the source of the short message by modifying the android short message broadcasting logic and the short message database creation and access related operation, thereby effectively protecting the safety of personal sensitive information in a user smart phone system and having good applicability and expansibility.
The invention is realized by the following technical scheme:
a method for protecting a short message authentication code in an android mobile phone is characterized in that,
s1 short message database creating process
1.1. Modifying SQL sentences of a short message database created by the android, so that the created new sms table has a Kind field, the type of the Kind field is INTEGER, when the Kind value is 0, the short message data is common short message data, and when the Kind value is 1, the short message is a verification code short message;
s2 short message database insertion process
2.1. Modifying an insert method of the SmsProvider object, judging whether the name of a short message data table to be inserted is sms, if so, executing 2.2, otherwise, jumping to 2.8;
2.2. judging whether the key value pair of the short message data to be inserted contains body and address fields, if so, executing 2.3, otherwise, jumping to 2.8;
2.3. obtaining values of body and address fields in the initial values key value pair, namely short message content and a short message source address;
2.4. judging whether the source address of the short message is in a common NumberList, if so, executing 2.5, otherwise, jumping to 2.8;
2.5. judging whether the short message content field contains 4-8 continuous digits or digits plus English, if so, executing 2.6, otherwise, jumping to 2.8;
2.6. judging whether the short message content field contains a key word of 'verification' or 'password', if so, indicating that the short message content field is short message verification code data, executing 2.7, otherwise, jumping to 2.8;
2.7. storing key value pairs with kind ═ 1 in the initial values key value pairs;
2.8. generating a corresponding SQL insert statement according to the initialValues key value peer-to-peer parameter;
2.9. executing SQL sentences and inserting the short message data into a short message database;
s3, short message broadcast sending process
3.1. Modifying an onReceive () method in the SmsBroadcastReceiver object, acquiring a short message pdu array from the Intent object, and traversing all short message pdu data;
3.2. converting the short message pdu into a SmsMessage object by a createFromPdu () method of SmsMessage;
3.3. acquiring a source address and short message content of a current short message;
3.4. judging whether the source address of the short message is in a common NumberList, if so, executing 3.5, otherwise, jumping to 3.8;
3.5. judging whether the short message content field contains 4-8 continuous digits or digits plus English, if so, executing 3.6, otherwise, jumping to 3.8;
3.6. judging whether the short message content field contains a key word of 'verification' or 'password', if so, indicating that the short message content field is short message verification code data, executing 3.7, otherwise, jumping to 3.8;
3.7. recording the pdu, representing the short message authentication code data contained in the pdu;
3.8. whether all the short message pdus are traversed or not, if so, executing 3.9, otherwise, jumping to 3.2;
3.9. if the number of the recorded short message verification codes is equal to the size of the pdu array, all the short messages in the broadcast are verification code short messages, and the broadcast is not sent continuously;
s4 short message database query process
4.1. Modifying a query method of a short message database provided by the SmsProvider object, judging whether the application calling the method is a default short message application, if not, executing 4.2, otherwise, skipping to 4.10;
4.2. judging whether the parameter selection of the query method is empty, if so, executing 4.3, otherwise, jumping to 4.5;
4.3. assigning the selection parameter to "kid? ";
4.4. assigning the parameter selectionArgs of the query method to a character string array only containing one character string of '0', and then executing 4.10;
4.5. add string "and did? ";
4.6. acquiring the array size of a selectorArgs array, and creating a new character string array with the size of size + 1;
4.7. copying all array elements of the selectionArgs array into the new array;
4.8. and assigns "0" to the last array element of the new array;
4.9. assigning the new array to selectionArgs;
4.10. and continuing to execute the query method to generate a corresponding SQL statement.
Preferably, before step 1, a short message verification code sending address list commonNumberList is further set, and whether the short message is a verification code short message is judged according to whether the source address of the short message is in the commonNumberList.
Preferably, all the unmarked short message pdus in step 3.9 are stored into a new pdu array, and replace the old pdus data carried in the intent, and the new intent is sent to the third party application for receiving through broadcasting.
Compared with the prior art, the invention has the following beneficial technical effects:
the invention modifies the generation mode of the short message database, so that the new sms table for storing the short message has one more kind field than the original sms table, and the field represents whether the short message data is the short message verification code data. Then, the invention modifies the relevant logic of the short message broadcast, obtains the address and the content of the short message in the broadcast after the default short message application has received the new short message data and before sending the short message broadcast to the third party application, judges whether the short message is the short message verification code data, and prohibits the short message from being continuously sent to the third party application if the short message verification code data is the short message verification code data. When a default short message application receives a new short message, a SmsProvider object is called to insert the new short message data into a short message database, the insertion logic is modified, whether the short message data to be inserted is short message verification code data or not is judged before insertion, if the short message verification code data is the short message verification code data, the data with the kid of 1 is added into the inserted data, and the short message is verified when the short message is received. Finally, the invention modifies the relevant logic when the application queries the short message database, and when the application queries the short message data by the query method of SmsProvider, if the default short message application calls the method, the short message data is normally returned; and if the third party application queries the short message database, adding kind to 0 to the query condition, so that the queried short messages are necessarily non-verification code short messages. Therefore, the short message verification code data is effectively protected from being stolen, and the safety performance of the short message verification code in the android mobile phone is improved.
Drawings
FIG. 1 is a block flow diagram of the method of the present invention;
FIG. 2 is a flow chart of a short message database insertion module;
FIG. 3 is a flow chart of a short message broadcast transmission module;
fig. 4 is a flow chart of the short message database query module.
Detailed Description
The present invention will now be described in further detail with reference to the attached drawings, which are illustrative, but not limiting, of the present invention.
As shown in fig. 1, a method for protecting a short message verification code in an android mobile phone includes four parts, namely a short message database creating module, a short message database inserting module, a short message broadcast sending module, and a short message database querying module, and specifically includes the following steps:
step one, a short message database creating module
The module is mainly used for adding a field for the short message database, the field is used for indicating whether the corresponding short message is the verification code short message, and the function can be expanded appropriately and represents more meanings.
1.1) modifying the SQL statement of the android created short message database, so that the created new sms table has a kind field, the type of the kind field is INTEREGER, and the default value is 0. When the Kind value is 0, the short message data is represented as common short message data, and when the kid value is 1, the short message is represented as a verification code short message;
when the MmsSmsDatabasehelper object is created for the first time, a short message database file is created, wherein a sms table for storing short message data exists. The invention adds a character string 'kid INTEGER DEFAULT 0' to the corresponding SQL statement, namely, a new kid field is added to the sms table, the type INTEGER of the field has a DEFAULT value of 0. When the field is 0, the short message is a common short message, and when the field is 1, the short message is a verification code short message. Therefore, when the application inquires data again from the short message database, whether each short message is the verification code short message does not need to be judged again.
1.2) setting a short message verification code sending address list commonNumberList, and judging whether the short message is possible to be a verification code short message or not according to whether the source address of the short message is in the commonNumberList or not;
the number for sending the short message verification code is generally greatly different from the common short message number. The research on common verification code sending numbers shows that the mainstream verification code sending numbers are numbers at the beginning of 106 respectively; 95 beginning, 5 numbers of bank and insurance industry; a total of five operator-related numbers beginning at 100; there is also a more specific number for a railway service like 12306. Therefore, the numbers are put into an address record set called common NumberList, so that the number can be judged whether to be the short message verification code or not more quickly. If the number of the sender of a short message is not in the list, the sender can directly judge that the short message is not a short message containing the verification code without the need of further content judgment. This list can also be easily expanded at any time.
Step two, inserting module of short message database
When a new short message comes, after the frame layer receives the short message, the short message data is stored in an Intent object in a PDU (protocol data Unit) data mode, the data is firstly transmitted to a default short message application through broadcasting, then the data is transmitted to a SmsBroadcastReceiver object, and the object is responsible for continuously transmitting and broadcasting the data to all third party applications registered with short message broadcasting. The default short message application can insert the short message data into the short message database, and the application does not have the authority to directly operate the short message database. It calls the services of the framework layer by means of interprocess communication. The SMS insertion service is provided by a SmsProvider object, and the SmsProvider object is finally an insert method for calling the SQLiteDatabase object. Therefore, as shown in fig. 2, the present invention needs to modify the insert method provided by the sqlite database, determine whether the content of the short message to be inserted includes the verification code information, and if so, make the kid field of the short message data 1 (default to 0). The specific process is as follows:
2.1) modifying an insert method of the SQLiteDatabase object, judging whether the name of a short message data table to be inserted is 'sms', if so, executing 2.2), otherwise, jumping to 2.8);
the short message database has a plurality of tables for storing different data, and the analyzed data such as the content of the short message, the source address and the like are generally stored in the sms table, so the operation of the invention is mainly performed aiming at the sms table, and only when the table of the data to be inserted is the sms table, the relevant logic judgment is needed. The insert (String table, String nullColumHack, ContentValueInitialValuesForce) method of the SQLiteDatabase object is called, wherein the table parameter is the table name to be inserted, so that whether the table parameter is "sms" or not is judged.
2.2) judging whether the key value pair of the short message data to be inserted contains body and address fields, if so, executing 2.3), otherwise, jumping to 2.8);
in the insert (String table, String nullColumHack, ContentValueInitialValuesFor) method of a SQLiteDatabase object, the initialValuesrepresents the key-value pairs for all fields to be inserted into the database. If the data to be inserted is the content of the short message that we need, the initial values key-value pair will inevitably contain the body and address keys, in which the content of the short message and the value of the source address are respectively.
2.3) obtaining the values of body and address fields in the initial values key value pair, namely the short message content and the short message source address;
2.4) judging whether the source address of the short message is in a common NumberList, if so, executing 2.5), otherwise, jumping to 2.8);
if the source address of the short message is not in the designated list, the short message can be considered as not a verification code short message, so that the verification speed can be increased.
2.5) judging whether the short message content field contains 4-8 continuous digits or digits plus English, if so, executing 2.6), otherwise, jumping to 2.8);
in the examination of the verification codes of various channels, all the verification codes are found to contain 4-8 continuous numbers (or numbers plus English).
2.6) judging whether the short message content field contains a key word of 'verification' or 'password', if so, indicating that the short message content field is short message verification code data, executing 2.7), otherwise, jumping to 2.8);
2.7) storing the key value pair with the kid ═ 1 in the initial values key value pair;
if the short message is judged to contain the verification code, a kid field with a value of 1 is added to the inserted data, namely, a key value pair with kid being 1 is needed. As long as the data is also stored in the initial value key value pair, the information is automatically added into the SQL statement in the process of generating the SQL statement next.
2.8) generating a corresponding SQL insert statement according to the initialValues key value peer-to-peer parameter;
2.9) executing the SQL statement and inserting the short message data into the short message database;
that is, the kind field of the common short message data is 0 due to the relationship of default values, and when the verification code short message is inserted, the corresponding kind field value 1 is newly added, so that the kind field of the verification code short message in the short message database can be ensured to be 1.
Step three, short message broadcasting sending module
When a new short message arrives, the SmsBroadcastReceiver object of the framework layer receives the same short message broadcast after the default short message application, and the object sends the short message pdu data in the broadcast to other third party applications registered with the short message broadcast in a broadcast mode. As shown in fig. 3, the onReceive () method of the smsbroadcastrceiverver object for receiving the broadcast is modified, the pdu array of the short message to be broadcast is obtained from the intent, then the pdu array is converted into the corresponding SmsMessage object, the source address and the short message content of the SmsMessage object are obtained, whether each short message is the verification code short message or not is judged, if the short message is the verification code short message, the short message cannot be continuously sent to the third party application, and therefore the third party application can be effectively guaranteed not to obtain the verification code short message from the broadcast. The specific operation steps are as follows:
3.1) modifying an onReceive () method in the SmsBroadcastReceiver object, acquiring a short message pdu array from the Intent object, and traversing all short message pdu data;
original short message data is stored in an Intent object of short message broadcasting in a form of a two-dimensional byte array. From the object, one or more short message raw data are taken out and traversed. Each message original data is stored in a byte array called PDU.
3.2) converting the short message pdu into the SmsMessage object by a createFromPdu () method of the SmsMessage object;
all data of the short message are contained in a byte array, which is inconvenient to understand and judge. Therefore, the sms message object needs to be analyzed to obtain the source address and the content character string of the short message. The judgment of whether the short message is the verification code can be carried out. The createfrom PDU () method can resolve the correct short message source address and short message content from the short message PDU. Different SmsMessage objects are needed to analyze the short messages with different GSM formats and CDMA formats.
3.3) obtaining the source address and the short message content of the current short message;
and respectively acquiring a short message source address and short message content from the analyzed SmsMessage object by a getOriginatingAddress () method and a getMessageBody () method.
3.4) judging whether the source address of the short message is in the address list commonumberlist, if so, executing 3.5), otherwise, jumping to 3.8);
if the source address of the short message is not in the designated list, the short message can be considered as not a verification code short message, so that the verification speed can be increased.
3.5) judging whether the short message content field contains 4-8 continuous digits or digits plus English, if so, executing 3.6), otherwise, jumping to 3.8);
in the examination of the verification codes of various channels, all the verification codes are found to contain 4-8 continuous numbers (or numbers plus English).
3.6) judging whether the short message content field contains a key word of 'verification' or 'password', if so, indicating that the short message content field is short message verification code data, executing 3.7), otherwise, jumping to 3.8);
3.7) recording the pdu of the short message, representing the data of the short message verification code contained in the pdu;
and 3.2) to 3.6) of each short message PDU, and recording the sequence number of the short message PDU in the array into a specific temporary array if the short message is the verification code short message. Finally, all the common short message PDUs which are not recorded are added into a newly created PDU array through the recording of the temporary array. The new group only containing the common short message PDU can be broadcasted and sent to the third party application registered with the short message broadcast.
3.8) whether all the short message pdus are traversed or not, if yes, executing 3.9), otherwise, jumping to 3.2);
3.9) if the number of the recorded short message verification codes is equal to the size of the pdu array, which indicates that all the short messages in the broadcast are verification code short messages, the broadcast is not sent any more, otherwise, 3.10) is executed;
if the short messages PDU array is found to be the verification code short messages, the broadcast is not sent continuously, namely the third party application cannot receive the new short message prompt, because the received short messages are the verification code short messages.
3.10) storing all the unmarked short message pdus into a new pdu array, and replacing the old pdus data carried in the intent with the new pdu array;
in step 3.7), the sequence numbers of all the verification code short messages are recorded by the temporary array, so that the common short message PDU in the original PDU array which is not recorded in the temporary array is stored in a new array, and then the value corresponding to the 'PDUs' key in the intent is replaced by the new array.
3.11) sending the new intent to a third party application for receiving through broadcasting;
and sending the intent object carrying the new array and removing the verification code short message data to all third-party applications registered with the short message broadcast through broadcasting.
Step four, short message database query module
The third party application can acquire the short message data through broadcasting and can also inquire the short message data through a short message database. The third party application cannot directly operate the short message database, and needs to call the query method for querying the short message database, which is provided by the SmsProvider object of the framework layer, in a cross-process communication mode. Thus, as shown in fig. 4, the present invention requires modifying the query method of the smsrovider object. The selection and selectorargs parameters of the Query method indicate the values of the Query condition and the Query condition, respectively. The invention realizes the protection of the short message of the verification code by reconstructing the two parameters. Firstly, judging whether the application initiating the request is a default short message application, and if the application is the default short message application, directly allowing the application to inquire all short message data. If the application is a common third-party application, the parameters of selection and selection arms need to be reconstructed, so that the inquiry condition is increased by adding the fact that the fact field is 0 (non-verification code short message) can only be inquired.
4.1) modifying the query method for short message database query provided by the SmsProvider object, judging whether the application calling the method is the default short message application, if not, executing 4.2), otherwise, skipping to 4.10);
the invention considers that the default short message application is reliable and has all the authority of short message operation. Therefore, during query, only the third-party non-default application query short message request is subjected to logic limitation.
4.2) judging whether the parameter selection of the query method is empty, if so, executing 4.3), otherwise, jumping to 4.5);
the selection parameter of the Query method is a string that indicates the condition of the Query. Is used? The query mode of the placeholder only declares the field of the constraint condition and the condition sign (equal to or more than equal to the equal sign) in the character string, and the real parameter is in the next selectorArgs parameter.
4.3) assign the selection parameter to "kid? ";
if the field is empty, which indicates that the original query has no constraint, we only need to modify to "kid? "that is, the constraint condition representing the query is that the kind field of the short message is equal to a certain value.
4.4) assigning the selectionArgs parameter of the query method to a string array containing only one string "0", and then executing 4.10);
the selectorargs parameter represents in previous selection? The actual value in the placeholder. Since we need to protect the short message verification code from being acquired, the third-party application can only acquire common short message data, i.e. short message data with kid ═ 0. Therefore, in the selectorargs string array, a string "0" is added.
4.5) add string "and kid? ";
if the selection string is not empty, the statement is originally with the constraint. We need to add a kid constraint condition to make it only able to query the non-verification code sms (sms data with kid field equal to 0).
4.6) obtaining the size of the array of selectorArgs array, and creating a new character string array with the size of size + 1;
since the selection string is not empty, the selectorArgs array is also not empty, and the previous selection adds a constraint of a kind field. Therefore, the selectorArgs array also requires an increase in the string size.
4.7) copying all array elements of the selectionArgs array into the new array;
4.8) and assigns "0" to the last array element of the new array;
and writing the constraint value of the kid field into an array.
4.9) assigning the new array to selectionArgs;
the old selectorargs parameter is replaced with the new array and the next operation is performed.
4.10) continuing to execute the query method to generate a corresponding SQL statement.
The short message verification code data is protected from being stolen by the modification of short message database creation logic, short message broadcast sending logic, short message database insertion logic and short message database query logic. The invention identifies and protects the verification code information from the source of short message acquisition, and effectively ensures that the third-party application cannot acquire the short message verification code data. And the invention only modifies part of the logic code of the framework layer, thus ensuring the stability of the system. Moreover, the invention causes very little performance loss.
The functional effects of the present invention can be further illustrated by the following experiments:
step A, starting a simulator configured with the android 6.0 system;
step B, taking out the short message database through an adb command, checking the sms table and confirming that a kind field exists in the sms table;
step C, an application which can acquire the short message content from the short message database and the short message broadcast is installed on the simulator, and if the application acquires the short message content, the short message content can be directly printed;
step D, sending a simulation short message to the simulator, wherein the short message content is as follows: "test short message";
and step E, successfully acquiring the short message through the short message database and the short message broadcast in the application, and successfully printing twice: "test short message";
step F, sending a simulation short message to the simulator, wherein the short message content is as follows: "this is a short message verification code, verification code: 123456, do not forward to others ";
step G, the insertion content that the insertion command executed by the short message database is increased by 'kid ═ 1' can be seen in logcat;
step H, the logcat can see that the command for inquiring the short message database by the application has an additional inquiry condition of 'kid ═ 0';
and step I, the application in logcat does not receive the short message broadcast and does not print out any short message content.
The performance effects of the present invention can be further illustrated by the following experiments:
1) conditions of the experiment
The invention is implemented in a modified android version 6.0. The android simulator was started on a PC using Eclipse for testing. The PC machine is Hewlett-packard Pro 3380MT desktop, and its CPU is
CoreTMi5-3470, memory 4 GB.
2) Content of the experiment
The invention mainly modifies the sending logic of the short message broadcast and the insertion and query operation of the short message database. Therefore, the invention carries out the statistics of the execution time of the query () method and the insert () method of the SmsBroadcastReceiver object and the statistics of the execution time of the onReceive () method of the SmsBroadcastReceiver object, and compares the performance loss before and after modification. The execution time of the query () method is shorter, so the time of executing the loop 100 times is counted. Each test was performed 10 times, and the average of the 10 statistical times was taken as the experimental result.
3) Analysis of results
As shown in table 1, the loss caused by modifying the key method in the android 6.0 system is small. Wherein the database insertion method is only 3 milliseconds slower than before the modification, and the performance loss is about 2.1%; the query of the short message database (100 times) is only 24 milliseconds slower than that of the original method, and the performance loss is about 1.3 percent; whereas the onReceive () method is 2 milliseconds slower than before the modification, with a performance penalty of about 8.3%. In general, the difference in execution time is very small and negligible.
TABLE 1 Performance loss Table for key methods before and after system modification
The above-mentioned contents are only for illustrating the technical idea of the present invention, and the protection scope of the present invention is not limited thereby, and any modification made on the basis of the technical idea of the present invention falls within the protection scope of the claims of the present invention.
Claims (3)
1. A method for protecting a short message verification code in an android mobile phone is characterized by comprising the following steps;
s1 short message database creating process
1.1. Modifying SQL sentences of a short message database created by the android, so that the created new sms table has a kind field, the type of the kind field is INTEGER, when the kind value is 0, the short message data is common short message data, and when the kind value is 1, the short message is a verification code short message;
s2 short message database insertion process
2.1. Modifying an insert method of the SmsProvider object, judging whether the name of the short message data table to be inserted is 'sms', if so, executing 2.2, otherwise, jumping to 2.8;
2.2. judging whether the key value pair of the short message data to be inserted contains body and address fields, if so, executing 2.3, otherwise, jumping to 2.8;
2.3. obtaining values of body and address fields in the initial values key value pair, namely short message content and a short message source address;
2.4. judging whether the source address of the short message is in a common NumberList, if so, executing 2.5, otherwise, jumping to 2.8;
2.5. judging whether the short message content field contains 4-8 continuous digits or digits plus English, if so, executing 2.6, otherwise, jumping to 2.8;
2.6. judging whether the short message content field contains a key word of 'verification' or 'password', if so, indicating that the short message content field is short message verification code data, executing 2.7, otherwise, jumping to 2.8;
2.7. storing key value pairs with kind ═ 1 in the initial values key value pairs;
2.8. generating a corresponding SQL insert statement according to the initialValues key value peer-to-peer parameter;
2.9. executing SQL sentences and inserting the short message data into a short message database;
s3, short message broadcast sending process
3.1. Modifying an onReceive () method in the SmsBroadcastReceiver object, acquiring a short message pdu array from the Intent object, and traversing all short message pdu data;
3.2. converting the short message pdu into a SmsMessage object by a createFromPdu () method of SmsMessage;
3.3. acquiring a source address and short message content of a current short message;
3.4. judging whether the source address of the short message is in a common NumberList, if so, executing 3.5, otherwise, jumping to 3.8;
3.5. judging whether the short message content field contains 4-8 continuous digits or digits plus English, if so, executing 3.6, otherwise, jumping to 3.8;
3.6. judging whether the short message content field contains a key word of 'verification' or 'password', if so, indicating that the short message content field is short message verification code data, executing 3.7, otherwise, jumping to 3.8;
3.7. recording the strip of pdu, wherein the strip of pdu comprises short message authentication code data;
3.8. whether all the short message pdus are traversed or not, if so, executing 3.9, otherwise, jumping to 3.2;
3.9. if the number of the recorded short message verification codes is equal to the size of the pdu array, all the short messages in the broadcast are verification code short messages, and the broadcast is not sent continuously;
s4 short message database query process
4.1. Modifying a query method of a short message database provided by the SmsProvider object, judging whether the application calling the method is a default short message application, if not, executing 4.2, otherwise, skipping to 4.10;
4.2. judging whether the parameter selection of the query method is empty, if so, executing 4.3, otherwise, jumping to 4.5;
4.3. assigning the selection parameter to "kid? ";
4.4. assigning the parameter selectionArgs of the query method to a character string array only containing one character string of '0', and then executing 4.10;
4.5. add string "and did? ";
4.6. acquiring the array size of a selectorArgs array, and creating a new character string array with the size of size + 1;
4.7. copying all array elements of the selectionArgs array into the new array;
4.8. and assigns "0" to the last array element of the new array;
4.9. assigning the new array to selectionArgs;
4.10. and continuing to execute the query method to generate a corresponding SQL statement.
2. The method as claimed in claim 1, further comprising setting a common numberlist of sms sending addresses before step 1, and determining whether the sms is a possibility of an authenticator sms according to whether the source address of the sms is in the common numberlist.
3. The method for protecting the short message authentication code in the android mobile phone as claimed in claim 1, wherein all the short message pdus which are not marked in the step 3.9 are stored in a new pdu array, old pdu data carried in the intent is replaced by the pdu array, and the new intent is sent to a third party for receiving through broadcasting.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810996054.6A CN109145645B (en) | 2018-08-29 | 2018-08-29 | Method for protecting short message verification code in android mobile phone |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810996054.6A CN109145645B (en) | 2018-08-29 | 2018-08-29 | Method for protecting short message verification code in android mobile phone |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109145645A CN109145645A (en) | 2019-01-04 |
| CN109145645B true CN109145645B (en) | 2021-09-10 |
Family
ID=64829012
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810996054.6A Active CN109145645B (en) | 2018-08-29 | 2018-08-29 | Method for protecting short message verification code in android mobile phone |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109145645B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112543251B (en) * | 2019-09-05 | 2022-05-17 | 青岛海信移动通信技术股份有限公司 | Method, device and equipment for analyzing terminal short message and storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103577773A (en) * | 2013-11-15 | 2014-02-12 | 北京奇虎科技有限公司 | Mobile equipment safety protection method and device based on Android |
| WO2014143070A1 (en) * | 2013-03-15 | 2014-09-18 | Eyelock, Inc. | Efficient prevention of fraud |
| CN104202736A (en) * | 2014-08-26 | 2014-12-10 | 东南大学常州研究院 | Mobile terminal short message end-to-end encryption method oriented to Android system |
| CN104270763A (en) * | 2014-10-27 | 2015-01-07 | 中国建设银行股份有限公司 | Message protection method and system |
| CN106506844A (en) * | 2016-11-23 | 2017-03-15 | 北京三体高创科技有限公司 | A kind of wechat remote mobile based on agreement note is monitored and return system, method |
| CN106714116A (en) * | 2016-06-29 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Message processing method and apparatus |
| CN106803028A (en) * | 2017-01-18 | 2017-06-06 | 西安电子科技大学 | A kind of method for preventing Android mobile phone short message verification code to be stolen |
| CN107079004A (en) * | 2015-12-31 | 2017-08-18 | 华为技术有限公司 | A kind of identifying code acquisition methods, device and terminal |
| CN107295179A (en) * | 2017-06-29 | 2017-10-24 | 青岛海信移动通信技术股份有限公司 | The method and apparatus that a kind of short message is shown |
| CN107635200A (en) * | 2016-07-19 | 2018-01-26 | 中兴通讯股份有限公司 | A kind of processing method of short message, device and mobile terminal |
| CN108184025A (en) * | 2018-01-16 | 2018-06-19 | 青岛海信移动通信技术股份有限公司 | The processing method and processing device of identifying code short message |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140273987A1 (en) * | 2013-03-14 | 2014-09-18 | Google Inc. | Challenge Response System to Detect Automated Communications |
-
2018
- 2018-08-29 CN CN201810996054.6A patent/CN109145645B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014143070A1 (en) * | 2013-03-15 | 2014-09-18 | Eyelock, Inc. | Efficient prevention of fraud |
| CN103577773A (en) * | 2013-11-15 | 2014-02-12 | 北京奇虎科技有限公司 | Mobile equipment safety protection method and device based on Android |
| CN104202736A (en) * | 2014-08-26 | 2014-12-10 | 东南大学常州研究院 | Mobile terminal short message end-to-end encryption method oriented to Android system |
| CN104270763A (en) * | 2014-10-27 | 2015-01-07 | 中国建设银行股份有限公司 | Message protection method and system |
| CN107079004A (en) * | 2015-12-31 | 2017-08-18 | 华为技术有限公司 | A kind of identifying code acquisition methods, device and terminal |
| CN106714116A (en) * | 2016-06-29 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Message processing method and apparatus |
| CN107635200A (en) * | 2016-07-19 | 2018-01-26 | 中兴通讯股份有限公司 | A kind of processing method of short message, device and mobile terminal |
| CN106506844A (en) * | 2016-11-23 | 2017-03-15 | 北京三体高创科技有限公司 | A kind of wechat remote mobile based on agreement note is monitored and return system, method |
| CN106803028A (en) * | 2017-01-18 | 2017-06-06 | 西安电子科技大学 | A kind of method for preventing Android mobile phone short message verification code to be stolen |
| CN107295179A (en) * | 2017-06-29 | 2017-10-24 | 青岛海信移动通信技术股份有限公司 | The method and apparatus that a kind of short message is shown |
| CN108184025A (en) * | 2018-01-16 | 2018-06-19 | 青岛海信移动通信技术股份有限公司 | The processing method and processing device of identifying code short message |
Non-Patent Citations (3)
| Title |
|---|
| "Android平台恶意短信行为的预防和检测技术研究与实现";王辉;《中国优秀硕士学位论文全文数据库 信息科技辑》;20150815;第I138-45页 * |
| "CodeTracker: A Lightweight Approach to Track and Protect Authorization Codes in SMS Messages";Jinku Li等;《IEEE Access》;20180315;第10107-10120页 * |
| "基于安卓的短信验证码数据保护与追踪技术研究";叶阳天;《中国优秀硕士学位论文全文数据库 信息科技辑》;20190215;第I138-230页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109145645A (en) | 2019-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108259502B (en) | Authentication method for obtaining interface access authority, server and storage medium | |
| CN107679370B (en) | Equipment identifier generation method and device | |
| CN110061967B (en) | Service data providing method, device, equipment and computer readable storage medium | |
| CN106465076B (en) | Method and terminal for controlling short message reading | |
| CN110445792B (en) | Verification code generation method and verification code login system | |
| CN110071937B (en) | Login method, system and storage medium based on block chain | |
| CN112131564A (en) | Encrypted data communication method, apparatus, device, and medium | |
| CN110034926A (en) | The generation and verification method of Internet of Things dynamic password, system and computer equipment | |
| CN113225324A (en) | Block chain anonymous account creation method, system, device and storage medium | |
| KR102421567B1 (en) | Internet access management service server capable of providing internet access management service based on terminal grouping and operating method thereof | |
| CN114117482A (en) | Database encryption method and device, electronic equipment and storage medium | |
| CN112149068A (en) | Access-based authorization verification method, information generation method and device, and server | |
| CN109145645B (en) | Method for protecting short message verification code in android mobile phone | |
| US11695740B2 (en) | Anonymization method and apparatus, device, and storage medium | |
| CN108418679B (en) | Method and device for processing secret key under multiple data centers and electronic equipment | |
| CN110602051B (en) | Information processing method based on consensus protocol and related device | |
| CN108965335B (en) | Method for preventing malicious access to login interface, electronic device and computer medium | |
| CN109302442B (en) | Data storage proving method and related equipment | |
| CN113254986B (en) | Data processing method, device and computer readable storage medium | |
| CN115567271A (en) | Authentication method and device, page skip method and device, electronic equipment and medium | |
| CN109936522B (en) | Equipment authentication method and equipment authentication system | |
| CN112733166A (en) | license authentication and authorization function realization method and system | |
| CN107172106B (en) | Security information interaction method and system | |
| CN111339578A (en) | Key access method, device, system, equipment and storage medium | |
| CN107517177B (en) | Interface authorization method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |