The previous article introduced phishing vulnerabilities caused by design flaws in Android, and also introduced user prevention methods at the end of the article. However, if such a malicious program really breaks out, we cannot be so careful to check and determine which program is currently running every time we start the program. Therefore, I spent some time writing a program called Anti-Hijacking Assistant a few weeks ago. The principle is very simple, which is to obtain which program is currently running and display it in a floating window to help users determine which program is currently running and prevent the deception of some phishing programs. This time, because it is "self-defense", we no longer use enumeration to obtain the currently running program, but add a permission in the manifest file: - <uses-permission android:name= "android.permission.GET_TASKS" />
Then when the program is started, a Service is started, a floating window is started in the Service, and the currently running program is periodically detected and then displayed in the floating window. The program screenshots are as follows:
The Service code is as follows: -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- package com.sinaapp.msdxblog.antihijacking.service;
- import android.app.ActivityManager;
- import android.app.Notification;
- import android.app.Service;
- import android.content.Context;
- import android.content.Intent;
- import android.content.pm.PackageManager;
- import android.content.pm.PackageManager.NameNotFoundException;
- import android.os.Bundle;
- import android.os.Handler;
- import android.os.IBinder;
- import android.os.Message;
- import android.util.Log;
- import com.sinaapp.msdxblog.androidkit.thread.HandlerFactory;
- import com.sinaapp.msdxblog.antihijacking.AntiConstants;
- import com.sinaapp.msdxblog.antihijacking.view.AntiView;
-
-
-
- public class AntiService extends Service {
- private boolean shouldLoop = false ;
- private Handler handler;
- private ActivityManager am;
- private PackageManager pm;
- private Handler mainHandler;
- private AntiView mAntiView;
- private int circle = 2000 ;
- @Override
- public IBinder onBind(Intent intent) {
- return null ;
- }
- @Override
- public void onStart(Intent intent, int startId) {
- super .onStart(intent, startId);
- startForeground( 19901008 , new Notification());
- if (intent != null ) {
- circle = intent.getIntExtra(AntiConstants.CIRCLE, 2000 );
- }
- Log.i( "circle" , circle + "ms" );
- if ( true == shouldLoop ) {
- return ;
- }
- mAntiView = new AntiView( this );
- mainHandler = new Handler() {
- public void handleMessage(Message msg) {
- String name = msg.getData().getString( "name" );
- mAntiView.setText(name);
- };
- };
- pm = getPackageManager();
- shouldLoop = true ;
- am = (ActivityManager) getSystemService(Context.ACTIVITY_SERVICE);
- handler = new Handler(
- HandlerFactory.getHandlerLooperInOtherThread( "anti" )) {
- @Override
- public void handleMessage(Message msg) {
- super .handleMessage(msg);
- String packageName = am.getRunningTasks( 1 ).get( 0 ).topActivity
- .getPackageName();
- try {
- String progressName = pm.getApplicationLabel(
- pm.getApplicationInfo(packageName,
- PackageManager.GET_META_DATA)).toString();
- updateText(progressName);
- } catch (NameNotFoundException e) {
- e.printStackTrace();
- }
- if (shouldLoop) {
- handler.sendEmptyMessageDelayed( 0 , circle);
- }
- }
- };
- handler.sendEmptyMessage( 0 );
- }
- private void updateText(String name) {
- Message message = new Message();
- Bundle data = new Bundle();
- data.putString( "name" , name);
- message.setData(data);
- mainHandler.sendMessage(message);
- }
- @Override
- public void onDestroy() {
- shouldLoop = false ;
- mAntiView.remove();
- super .onDestroy();
- }
- }
The floating window is just a simple textview, which is not the technical focus of this article and will not be discussed here. Of course, it can be seen from the above code that this program can only prevent programs that use Activity as a phishing interface, because it obtains the program name through the running top-level Activity. It is still powerless against another phishing method recently mentioned by WooYun. We will talk about this next time. |