由於Android對於敏感應用程式介面 (Application Programming Interface, API)是用權限機制來做管理與限制,所以這些惡意軟體想要存取這些敏感API的話,只要在 AndroidManiflest.XML 檔案當中揭露它所需要的權限,就可以一直使用,直到它被解除安裝為止,也因此SMS malware可以利用這種機制,在使用者不知道的情況下,擅自寄送簡訊,造成使用者財務損失。在本篇論文中,我們藉由分析SMS malware發送SMS簡訊的行為,設計出防止SMS簡訊被濫發的機制 ─ Taurus,以解決目前SMS malware的問題。Taurus以動態監控的方式,透過記錄使用者輸入的內容與即將要發送出去的SMS簡訊內容和接收方的電話號碼做比對,來確認SMS簡訊是否使用者發送。若兩者比對不成功,則Taurus會向使用者發出通知訊息,讓使用者確認是否要發送此SMS簡訊,一旦曾經被拒絕發送的應用程式和簡訊又再次重新發送,Taurus就會判定其為惡意行為並中止其執行,阻止SMS malware發送簡訊。 Android uses permission mechanism to protect sensitive Application Programming Interface (API) and private data. Malicious app can access these sensitive APIs and private data as long as it declares the permissions that it needs in AndroidManifest.xml until it is removed from Android device. Therefore SMS malware can steal money from victims' mobile accounts by sending SMS messages without victim awareness.In this paper, we designed a mechanism named Taurus, to prevent SMS malware sending SMS messages automatically. Taurus monitors the outgoing SMS message and compares the recorded user input with the SMS message to confirm whether they are being sent by the user or not. If two comparing contents are different, Taurus will notify user for confirmation before sending the SMS message. If there is other attempts of sending the rejected message, Taurus will determine it to be malicious behavior and terminate the execution of the app.
