×

Loading...
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。

Security risks from mobile apps 几个要点,和微信相关

Security risks from mobile apps

- Everyone is carrying a smartphone to the office;

- A smartphone is a computer with the capability of communication to remote servers;

- Mobile communication can be done directly through data traffic of telecom carriers , thus corporate firewall is useless on mobile devices;

- The true functions of a mobile app are never limited as what it claims officially;

- Google and Apple app stores are not capable of detecting malicious apps;

- Apps can be controlled remotely in real time from remote servers.  Malicious functions can be turned on and off as needed, thus make it harder to be detected.

- Many popular apps are created and owned by adversary regimes, and are not subject to laws of Canada and its allies;

- Apps are able to conduct espionage through audio recording without the awareness of the users;

- Apps are able to collect users' accurate location during office hours, to determine users' workplace, thus to facilitate intelligence analysis by adversary regimes.

- Apps are able to access users' address book entries, send them to remote servers controlled by adversary regimes.  With advanced AI and data mining technology, great intelligence information can be obtained.

Sign in and Reply Report

Replies, comments and Discussions:

  • 枫下家园 / 电脑电信 / Security risks from mobile apps 几个要点,和微信相关 +6

    Security risks from mobile apps

    - Everyone is carrying a smartphone to the office;

    - A smartphone is a computer with the capability of communication to remote servers;

    - Mobile communication can be done directly through data traffic of telecom carriers , thus corporate firewall is useless on mobile devices;

    - The true functions of a mobile app are never limited as what it claims officially;

    - Google and Apple app stores are not capable of detecting malicious apps;

    - Apps can be controlled remotely in real time from remote servers.  Malicious functions can be turned on and off as needed, thus make it harder to be detected.

    - Many popular apps are created and owned by adversary regimes, and are not subject to laws of Canada and its allies;

    - Apps are able to conduct espionage through audio recording without the awareness of the users;

    - Apps are able to collect users' accurate location during office hours, to determine users' workplace, thus to facilitate intelligence analysis by adversary regimes.

    - Apps are able to access users' address book entries, send them to remote servers controlled by adversary regimes.  With advanced AI and data mining technology, great intelligence information can be obtained.

    • 这样看来,手机网络安全最关键的环节是手机网络提供商,政府应该在这环节做工作,普通大众能做的微乎其微。 +1
      • 楼主帖子说的很清楚了,除了手机网络提供商,手机上安装的app同样很重要。中国的app各种乱七八糟的权限都要,在后台搞点什么你根本搞不清。关键是app生产厂家在中国,还不受加拿大法律管辖。 +3
        • 美国人斯诺登不这么认为。 +2
        • 除了加拿大的APP,都不受加拿大法律管辖,对不对? +1
    • 嗯,我去敏感机构的时候,门口都有 locker,一切电子设备包括电子表都要锁起来。走时出门后再取。 +1
    • 通过公司WIFI突然不能连接微信Server,可能被禁了。 装了一个VPN App,又可以了。
      • 你在公司用VPN上微信?我觉得你可能违规了。 +2
        • 公司没有说哪个 APP不能用。应该没有违规。我也不能去问IT。
          • 既然公司wifi屏蔽了微信,那就说明不让你在公司内用微信。 +1
    • 微信的通信是不加密的。不仅腾讯的人能看到,公司的系统管理员也能看到
      • 为了政府的工作便利,政府不允许它加密 +4
        • 可以用暗语
          • 天王盖地虎 +1
      • 微信和服务器端的通讯是加密的,这个是肯定的(腾讯自己说),但是呢,所有的信息传输都是经过服务器的,不是端到端的,这个也是更肯定的。
        • 关键通讯是加密的没有用,随便哪个派出所的小民警就能得到你的聊天记录,删除也没有用,法律规定必须记录好几年。 +1
          • 是啊, WHATSAPP才是真正的点对点加密。
            • 想安全,用telegram,whatsapp和signal都没有电报来得安全。 +1
              • 谢谢推荐, 已经在下载APP。 在中国大陆不能用, 是吧? 得翻墙?
                • 必须的。
                • 这些都被墙了,连游戏爱好者的discord都被墙了。据可靠资料说,苹果的imessage没有被墙,imessage也是一个很好的应用,只是不知道它如何能躲得被墙的命运。我没用苹果的产品,无法论证这个事情。
                  • 因为苹果中国的服务器设在贵州。。。如果是以前在国内时注册的apple ID,赶紧重新注册一个吧,切记国家要选加拿大而不是中国。
              • telegram安全性还可以,不过不是100%开源,而且默认对话不是点对点加密。理论上signal最安全,100%开源,斯诺登都推荐。
                • 按照美国的法律,signal不是完全可信的,毕竟按NSA的权力和水平能放过signal?
                  • 没有办法。Signal是100%开源产品,非实名注册,点对点对密,服务器无法截获,原理上第三方无法获取通话内容。
            • 你没明白我的意思,我的意思是加密技术不是重点,加密的再厉害不如一个电话。
              • 电话也有被监听的吧
                • 加密的再厉害,不如人家一个电话打过去,不用解密就知道你发送的内容了。
          • 本来只是讨论通讯的,服务器的数据是另外一个概念,至于国家公权力机关要看,人家直接看服务器的,中间不拦截。
            • 对的,这就是我的意思。微信不管用什么加密根本没有意义,对想看的人来说不存在加密。
    • 微信是应用级app,android杀后台,早把微信都杀掉了,真正厉害是美帝和android,系统级别的偷数据,搞窃听, +2
      • 害怕你就别用啊,唧唧歪歪的有意思吗?
        • 不要总指责国产app,应该先骂美帝 +1
      • 如果后台微信也杀掉,那你的微信也就收不到信息了,安装微信也就没有什么意义了。
        • 原生android里微信被杀的溜溜,国产手机系统才能避免微信被杀,
          • 睁眼说瞎话. 三星手机不能用微信? +1
    • 苹果apple store管的很严,相对iOS上的app. andrio就管的很松。因为我家孩子有一些列国内免费的app一直用,突然有一天apple store上被下架一段时间,说是需要修改access permission。google play上一点都没被要求修改过。一个小孩的app需要access很多东西,真说不过去。
      • apple偷数据更厉害,apple限制app偷,但自己偷的厉害, +1
    • 关于各个国家和公司都用户数据的问题,这个倒是哪里都有,目的可能不一样,以整人为目的的查看用户数据,特别是通话记录实在是下作、无耻的。