基于Android平台的备忘录软件设计外文

UnderstandandroidsecurityThenextgenerationofopenoperatingsystemswon’tbeondesktopsormainframesbutonthesmallmobiledeviceswecarryeveryday.Theopennessofthesenewenvironmentswillleadtonewapplicationsandmarketsandwillenablegreaterintegrationwithexistingonlineservices.However,astheimportanceofthedataandservicesourcellphonessupportincreases,sotoodotheopportunitiesforvulnerability.It’sessentialthatthisnextgenerationofplatformsprovideacomprehensiveandusablesecurityinfrastructure.DevelopedbytheOpenHandsetAlliance(visiblyledbyGoogle),Androidisawidelyanticipatedopensourceoperatingsystemformobiledevicesthatprovidesabaseoperatingsystem,anapplicationmiddlewarelayer,aJavasoftwaredevelopmentkit(SDK),andacollectionofsystemapplications.AlthoughtheAndroidSDKhasbeenavailablesincelate2007,thefrstpubliclyavailableAndroid-ready“G1”phonedebutedinlateOctober2008.Sincethen,Android’sgrowthhasbeenphenomenal:TMobile’sG1manufacturerHTCestimatesshipmentvolumesofmorethan1millionphonesbytheendof2008,andindustryinsidersexpectpublicadoptiontoincreasesteeplyin2009.Manyothercellphoneprovidershaveeitherpromisedorplantosupportitinthenearfuture.AlargecommunityofdevelopershasorganizedaroundAndroid,andmanynewproductsandapplicationsarenowavailableforit.OneofAndroid’schiefsellingpointsisthatitletsdevelopersseamlesslyextendonlineservicestophones.Themostvisibleexampleofthisfeatureis—unsurprisingly—thetightintegrationofGoogle’sGmail,Calendar,andContactsWebapplicationswithsystemutilities.Androiduserssimplysupplyausernameandpassword,andtheirphonesautomaticallysynchronizewithGoogleservices.Othervendorsarerapidlyadaptingtheirexistinginstantmessaging,socialnetworks,andgamingservicestoAndroid,andmanyenterprisesarelookingforwaystointegratetheirowninternaloperations(suchasinventorymanagement,purchasing,receiving,andsoforth)intoitaswell.Traditionaldesktopandserveroperatingsystemshavestruggledtosecurelyintegratesuchpersonalandbusinessapplicationsandservicesonasingleplatform;althoughdoingsoonamobileplatformsuchasAndroidremainsnontrivial,manyresearchershopeitprovidesacleanslatedevoidofthecomplicationsthatlegacysoftwarecancause.Androiddoesn’tofficiallysupportapplicationselopedforotherplatforms:applicationsexecuteontopofaJavamiddlewarelayerrunningonanembeddedLinuxkernel,sodeveloperswishingtoporttheirapplicationtoAndroidmustuseitscustomuserinterfaceenvironment.Additionally,AndroidrestrictsapplicationinteractiontoitsspecialAPIsbyrunningeachapplicationasitsownuseridentity.Althoughthiscontrolledinteractionhasseveralbenefcialsecurityfeatures,ourexperiencesdevelopingAndroidapplicationshaverevealedthatdesigningsecureforward.Androidusesasimplepermissionlabelassignmentmodeltorestrictaccesstoresourcesandotherapplications,butforreasonsofnecessityandconvenience,itsdesignershaveaddedseveralpotentiallyconfusingrefinementsasthesystemhasevolved.ThisarticleattemptstounmaskthecomplexityofAndroidsecurityandnotesomepossibledevelopmentpitfallsthatoccurwhendefininganapplication’ssecurity.Weconcludebyattemptingtodrawsomelessonsandidentifyopportunitiesforfutureenhancementsthatshouldaidinclarityandcorrectness.AndroidApplicationsTheAndroidapplicationframeworkforcesastructureondevelopers.Itdoesn’thaveamain()functionorsingleentrypointforexecution—instead,developersmustdesignapplicationsintermsofcomponents.ExampleApplication.WedevelopedapairofapplicationstohelpdescribehowAndroidapplicationsoperate.Interestedreaderscandownloadthesourcecodefromourweb.(site：).Let’sconsideralocation-sensitivesocialnetworkingapplicationformobilephonesinwhichuserscandiscovertheirfriends’locations.Wesplitthefunctionalityintotwoapplications:onefortrackingfriendsandoneforviewingthem.AsFigure1shows,theFriendTrackerapplicationconsistsofcomponentsspecifictotrackingfriendlocations(forexample,viaaWebservice),storinggeographiccoordinates,andsharingthosecoordinateswithotherapplications.TheuserthenusestheFriendViewerapplicationtoretrievethestoredgeographiccoordinatesandviewfriendsonamap.Bothapplicationscontainmultiplecomponentsforperformingtheirrespectivetasks;thecomponentsthemselvesareclassifiedbytheircomponenttypes.AnAndroiddeveloperchoosesfrompredefinedcomponenttypesdependingonthecomponent’spurpose(suchasinterfacingwithauserorstoringdata).ComponentTypesAndroiddefnesfourcomponenttypes:Activity.Thiscomponentsdefineanapplication’suserinterface.Typically,anapplicationdeveloperdefinesoneactivityper“screen.”Activitiesstarteachother,possiblypassingandreturningvalues.Onlyoneactivityonthesystemhaskeyboardandpocessingfocusatatime;allothersaresuspended.Service.Thiscomponentsperformbackgroundprocessing.Whenanactivityneedstoperformsomeoperationthatmustcontinueaftertheuserinterfacedisappears(suchasdownloadafleorplaymusic),itcommonlystartsaservicespecifcallydesignedforthataction.Thedevelopercanalsouseservicesasapplication-specificdaemons,possiblystartingonboot.ServicesoftendefineaninterfaceforRemoteProcedureCall(RPC)thatothersystemcomponentscanusetosendcommandsandretrievedata,aswellasregistercal