Alipay SecurityGuard SDK: Architecture Analysis and Privacy Overreach Documentation
收藏Zenodo2026-03-23 更新2026-05-26 收录
下载链接:
https://zenodo.org/doi/10.5281/zenodo.19186847
下载链接
链接失效反馈官方服务:
资源简介:
Complete static and dynamic analysis of the SecurityGuard SDK embedded in Alipay for Android (v10.8.30.8000, SHA-256: 2eebd18eb78b2bdcc737c568a8057345255b9660dbf6f5af83743644effcaad2). Documents aggressive telemetry collection, dynamic code execution mechanisms (PatchProxy: 90,000+ remotely replaceable methods), cryptographic weaknesses (DES, AES/ECB, java.util.Random), absence of certificate pinning, and 22 undisclosed behavioral monitoring events. Includes Docker-based automated verification environment (37 signature checks). 36 reports submitted to MITRE (pending assignment). Related preprint: IACR ePrint 2026/526 (unreviewed).
提供机构:
Zenodo创建时间:
2026-03-23



