以量化檢視機制調降行動應用程式安全使用風險之探討

賴森堂(Sen-Tarng Lai)

行動App ； 檢視程序 ； 安全查核項目 ； 行動裝置 ； MASUIP ； mobile App device ； inspection procedure ； checklists ； mobile device ； MAUSIP

電腦稽核

27期（2013 / 01 / 01）

54 - 64

繁體中文

資訊網路熱潮下的E世代，行動裝置已成為人們隨身攜帶的一項物品，各種行動裝置中又以智慧型手機居多，攜帶方便、互動性高、易於操作與多樣化通訊方式等是智慧型手機的優勢。行動裝置應用程式（Mobile App）正是此熱潮下的重要產品，配合行動裝置的各項特性，如雨後春筍般，快速且持續成長，吸引眾多行動裝置用戶下載與使用。不過，快速成長卻缺乏安全考量的App交易與使用行為，將為行動App使用者帶來高度使用安全風險，已成為值得探究的課題。為了有效調降行動App的安全使用行為，應該規範App安全使用機制，協助App使用者隨時注意與調整App的安全使用風險。本文以安全查核項目為基礎，提出一套行動App使用安全檢視程序（Mobile App Using Security Inspection Procedure; MAUSIP），透過多層次的查核活動，具體找出購置、下載、設定與使用App等行為可能存在的安全問題，進而協助使用者調整高風險App使用安全行為，以有效降低行動App的使用安全風險。

In the age of information and network, mobile device has become a portable object. Most of mobile devices are smart phone, portable, interactivity, easy operation and many communication styles are major advantages. Mobile devices Applications (Mobile App) are critical and indispensable products for increasing applicability of mobile devices. However, personal mobile App general lacks a secure assurance mechanism. Mobile App using behavior always fills many security problems. App payment, download, setting and operation may cause several security issues. However, general user of mobile App does not care about App using security. In this paper, App secure using defects and problems will be surveyed. And, based on App using secure checklists, proposes a Mobile App Using Security Inspection Procedure (MAUSIP). Applying MAUSIP, App purchasing, download, setting and using security defects can be identified. And assist in timely to adjust and revise App security using behavior, effectively and concretely reduce mobile App using security risk.

1. IThome (2012) http://www.ithome.com.tw/itadm/article.php?c=76295
2. 資策會FIND 網站 (2012) , http://www.find.org.tw/find/home.aspx
3. Canalys, (2010)“ Apple Takes the Lead in the US Smart Phone Market with a 26% Share,” Canalys, 1 Nov. 2010; http://www.canalys.com/newsroom/apple-takes-lead-us-smart-phone-market-26-share
4. Noyes, K. (2010)“ Why Android App Security Is Better than for iPhone,” PCWorld, 6 Aug.;www.pcworld.com/businesscenter/article/202758 why_android_app_security_is_better_than_for_the_iphone.html
5. TechCrunch (2012) http://techcrunch.com/2012/09/11/free-apps/
6. 數位時代網站 (2012)「一張圖看行動App下載權限安全問題」。
7. Mobilewalla (2011) http://mobilewalla.com/Desktop/AppIntel_AppCount.htm
8. Gartner Group, (2010)“ Gartner Says Android to Become No. 2 Worldwide Mobile Operating System in 2010 and Challenge Symbian for No. 1 Position by 2014”, 10 Sept. 2010；http://www.gartner.com/it/page.jsp?id=1434613
9. Abrams, R., (2010)“ Android Application Security,” blog, 19 Aug. 2010; http://blog.eset.com/2010/08/19/android-application-security-2
10. 產業新聞 (2011)「行動裝置夯，IMS：2011年平板電腦和電子閱讀器成長率分別為242% 和146%」，http://www.smartmobix.com.tw/node/448。
11. IThome (2012b)「趨勢行動安全產品能預先找出惡意App」。
12. 理財網新聞 (2011)「顧能：Q3 手機作業系統，Android 市佔逾5 成」，http://www.moneydj.com/kmdj/news/NewsViewer.aspx?a=c4a0a7d0-63e3-4559-b9dc-4e03caca654d
13. Butler, Margaret(2011).Android: Changing the Mobile Landscape.IEEE Pervasive Computing,10(1),4-7.
14. Gavalas, D.,Economou, D.(2011).Development Platforms for Mobile Applications: Status and Trends.IEEE Software,28(1),77-86.
15. Hense, A.,Quadt, Florian,Römer, Matthias(2009).Towards a Mobile Workbench for Researchers.2009 Fifth IEEE International Conference on e-Science
16. Huntley, C.L.(2011).Onshore Mobile App Development: Successes and Challenges.Computer,44(9),102-104.

1. 賴森堂(2013)。結合QR code 的食品成份監控App 之設計與使用。電腦稽核，28，49-60。