G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit...
Transcript of G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit...
![Page 1: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/1.jpg)
App
V1.2( )
107� 05
![Page 2: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/2.jpg)
App
App
104 4 App V1.0
105 10 App V1.1
107 5 App V1.2
![Page 3: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/3.jpg)
i
1. .......................................................................................................................... 1
2. .................................................................................................................. 2
3. .............................................................................................................. 3
3.1. Mobile Application ....................................................... 3
3.2. Application Store .................................................. 3
3.3. Personal Data ........................................................................ 3
3.4. Secure Sensitive Data ............................................... 3
3.5. Password ................................................................................... 3
3.6. Transaction Resource ............................................................ 4
3.7. Session Identification, Session ID .................................... 4
3.8. Server Certificate .............................................................. 4
3.9. Certificate Authority ............................................................. 4
3.10. Malicious Code ............................................................... 4
3.11. Vulnerability ................................................................ 4
3.12. Library ..................................................................................... 4
3.13. Code Injection ..................................................................... 5
3.14. Mobile Operating System ........................................... 5
3.15. Mobile Resource ......................................................... 5
3.16. In-App Update ............................................ 5
3.17. Common Vulnerabilities and Exposures ................. 5
3.18. Weak Cryptographic Algorithm .............................. 5
3.19. Known Vulnerabilities ............................................ 5
3.20. Authentication ..................................................................... 5
3.21. Advanced Encryption Standard .............................. 5
3.22. Triple Data Encryption Standard .................... 6
3.23. Elliptic Curve Cryptography ................................... 6
![Page 4: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/4.jpg)
ii
3.24. Certificate Pinning .............................................................. 6
3.25. Hash ............................................................................................ 6
3.26. Obfuscation ................................................................................. 6
3.27. Using Secure Sensitive Data ......................... 6
3.28. Log File ............................................................................. 6
3.29. Device Identifier ........................................................... 6
3.30. (Cache Files or Temporary Files) .............................................. 7
3.31. Configuration File ................................................................... 7
3.32. Encode ......................................................................................... 7
3.33. Decode ........................................................................................ 7
3.34. Payload ........................................................................................ 7
3.35. Collecting Secure Sensitive Data .................... 7
3.36. Storing Secure Sensitive Data ......................... 7
3.37. Common Vulnerability Scoring System ............. 8
3.38. (Secure Random Number Generator) ....................... 8
3.39. (Secure Domain) ....................................................................... 8
3.40. (Secure Encryption Function) ........................................... 8
4. .................................................................................................................. 9
4.1. ....................................................... 9
4.1.1. .................................................................... 9
4.1.2. ........................................................................ 9
4.1.3. .......................................................................... 11
4.1.4. .............. 11
4.1.5. ...................................................................... 12
4.2. ............................................................. 12
5. ................................................................................................ 14
6. ................................................................................................................ 15
Open Web Application Security Project (OWASP) ............................................ 15
![Page 5: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/5.jpg)
iii
Cloud Security Alliance (CSA) ........................................................................... 15
..................................................................................................................... 15
..................................................................................................................... 15
..................................................................................................................... 15
..................................................................................................................... 16
............................................................................................................. 16
............................................................................................................. 16
............................................................. 17
......................................................................... 23
![Page 6: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/6.jpg)
1
1.
�
Mobile Application, App
App �
103� 6 24
26 」 App
�
� ,
( (
App 107 5 V1.2
App
App App
�
� �
App App 、
� App
![Page 7: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/7.jpg)
2
2.
1 2
, ,
1
2
![Page 8: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/8.jpg)
3
3.
3.1. Mobile Application
。
3.2. Application Store
3.3. Personal Data
International Mobile Equipment Identity, IMEI
International Mobile Subscriber Identity, IMSI
3.4. Secure Sensitive Data
3.3
3.5. Password
![Page 9: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/9.jpg)
4
3.6. Transaction Resource
、) App �
QRcode App
App
App
。 App App 、
3.7. Session Identification, Session ID
3.8. Server Certificate
3.9. Certificate Authority
3.10. Malicious Code
3.11. Vulnerability
3.12. Library
Function
Object Binary code
![Page 10: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/10.jpg)
5
3.13. Code Injection
Command Injection SQL Injection
3.14. Mobile Operating System
3.15. Mobile Resource
3.16. In-App Update
3.17. Common Vulnerabilities and Exposures
CVE
3.18. Weak Cryptographic Algorithm
CVE
3.19. Known Vulnerabilities
CVE
3.20. Authentication
;
3.21. Advanced Encryption Standard
National Institute of Standards and Technology, NIST 2001 AES Advanced Encryption Standard
FIPS PUB 197 2002 AES
![Page 11: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/11.jpg)
6
128 Data Block 128 192 256Key Size AES Round
Number
3.22. Triple Data Encryption Standard
Triple Data Encryption Standard 64
3.23. Elliptic Curve Cryptography
1985 Neal Koblitz Victor Miller
3.24. Certificate Pinning
3.25. Hash
「
3.26. Obfuscation
「
3.27. Using Secure Sensitive Data
3.28. Log File
3.29. Device Identifier
![Page 12: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/12.jpg)
7
International Mobile Equipment Identity, IMEI Mobile Equipment Identifier, MEID International Mobile Subscriber Identity, IMSI Integrated Circuit Card Identifier, ICCID
Media Access Control Address, MAC addressAndroid Identifier, Android ID Android
Advertising ID, AID iOS IFAID Identifier for Advertisers Identifier, IFAIDWindows Phone Device ID
3.30. (Cache Files or Temporary Files)
,
3.31. Configuration File
3.32. Encode
「
3.33. Decode
「
3.34. Payload
3.35. Collecting Secure Sensitive Data
3.36. Storing Secure Sensitive Data
![Page 13: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/13.jpg)
8
3.37. Common Vulnerability Scoring System
CVSS IT
」 National Infrastructure Advisory Council, NIAC Forum of Incident Response and Security Teams,
FIRST 3
3.38. (Secure Random Number Generator)
ANSI X9.17
3.39. (Secure Domain)
:
Facebook Google Twitter OAuth 2.0
3.40. (Secure Encryption Function)
FIPS 140-2 Annex A
![Page 14: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/14.jpg)
9
4.
4.1.
4.1.1.
4.1.1.1.
;
4.1.1.2.
4.1.1.3.
4.1.2.
4.1.2.1.
![Page 15: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/15.jpg)
10
4.1.2.2.
4.1.2.3.
4.1.2.4.
4.1.2.5.
![Page 16: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/16.jpg)
11
4.1.2.6.
4.1.3.
4.1.3.1.
4.1.3.2.
4.1.4.
4.1.4.1.
4.1.4.2.
,
![Page 17: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/17.jpg)
12
4.1.5.
4.1.5.1.
4.1.5.2.
4.1.5.3.
4.1.1.
4.1.5.4.
4.2.
;
4.2.1.
。
4.2.2.
![Page 18: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/18.jpg)
13
Web Service
4.2.2.1. Webview
Webview
Webview
![Page 19: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/19.jpg)
14
5.
。
![Page 20: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/20.jpg)
15
6.
Open Web Application Security Project (OWASP)
[1] Mobile App Security Checklist 0.9.3
https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide,
2017
Cloud Security Alliance (CSA)
[2] Mobile Application Security Testing Initiative,
https://www.csaapac.org/mast.html, 2016
[3] Vetting the Security of Mobile ApplicationsApp, NIST Special Publication 800-
163, http://dx.doi.org/10.6028/NIST.SP.800-163, 2015
[4] Cryptographic Algorithm Validation Program (CAVP),
http://csrc.nist.gov/groups/STM/cavp/, NIST
[5] Cryptographic Module Validation Program (CMVP),
http://csrc.nist.gov/groups/STM/cmvp/, NIST
[6] Government Mobile and Wireless Security Baseline, Federal CIO Council,
https://cio.gov/wp-content/uploads/downloads/2013/05/Federal-Mobile-Security-
Baseline.pdf, 2013
[7] Smartphone Secure Development Guidelines,
https://www.enisa.europa.eu/publications/smartphone-secure-development-
guidelines-2016, ENISA, 2017
![Page 21: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/21.jpg)
16
[8] , YD/T 2407-2013, 2013
[9] , YD/T 2408-2013, 2013
[10] Security Guideline for using Smartphones and Tablets - Advantages for work
style innovation - [Version 1],
https://www.jssec.org/dl/guidelines2012Enew_v1.0.pdf, JSSEC, 2011
[11] ISO/IEC 27001:2013 (Information security management)
[12] ISO/IEC 20000:2011 (Information technology - Service management)
[13] ISO/IEC 19790:2012 (Information technology - Security techniques - Security
requirements for cryptographic modules)
[14] ISO/IEC 15408:2009 (Information technology - Security techniques - Evaluation
criteria for IT security)
[15] ISO/IEC 14598:2001 (Information technology - Software product evaluation)
[16] ISO/IEC TR 9126-4:2004 (Software engineering - Product quality)
[17] 104 12 30
[18] , 105 3 2
![Page 22: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/22.jpg)
17
。 OWASP NIST [ 1] ENISA [ 2] YD/T 2407-2013
[ 3] 4.1.1.1.
N/A Executive Summary 9. Secure software
distribution 5.5.2
4.1.1.2.
N/A Executive Summary 9. Secure software
distribution 5.5.4
4.1.1.3.
N/A Executive Summary 9. Secure software
distribution 5.5.4
4.1.2.1.
N/A 4. Mobile App
Evaluation - Privacy and Personally Identifiable Information
1. Identify and protect sensitive data
5.5.4
4.1.2.2.
V2.1: Verify that system credential storage facilities are used appropriately to store sensitive data, such as user credentials or cryptographic keys
4. Mobile App Evaluation - Privacy and Personally Identifiable Information
1. Identify and protect sensitive data
5.5.4
5.6.2
![Page 23: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/23.jpg)
18
OWASP NIST [ 1] ENISA [ 2] YD/T 2407-2013 [ 3]
4.1.2.3.
V2.1: Verify that system credential storage facilities are used appropriately to store sensitive data, such as user credentials or cryptographic keys
4. Mobile App Evaluation - Protect Sensitive Data
1. Identify and protect sensitive data on the mobile device
5.6.3
4.1.2.4.
V2.6: Verify that no sensitive data is exposed via IPC mechanisms
4. Mobile App Evaluation - Protect Sensitive Data
4. Ensure sensitive data protection in transit
5.5.4
5.6.2
4.1.2.5.
V2.3: Verify that no sensitive data is shared with third parties unless it is a necessary part of the architecture
4. Mobile App Evaluation - Preserve Privacy
1. Identify and protect sensitive data on the mobile device
5.6.2
4.1.2.6.
V2.1: Verify that system credential storage facilities are used appropriately to store sensitive data, such as user credentials
N/A 1. Identify and protect sensitive data on the mobile device
5.6.4
![Page 24: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/24.jpg)
19
OWASP NIST [ 1] ENISA [ 2] YD/T 2407-2013 [ 3]
or cryptographic keys
4.1.3.1. V4.9: Verify that step-up authentication is required to enable actions that deal with sensitive data or transactions
N/A 8. Protect paid resources 5.5.4
4.1.3.2. V4.9: Verify that step-up authentication is required to enable actions that deal with sensitive data or transactions
N/A 8. Protect paid resources 5.5.4
4.1.4.1.
V4.1 : Verify that if the app provides users with access to a remote service, an acceptable form of authentication such as username/password authentication is performed at the remote endpoint
4. Mobile App Evaluation - Privacy and Personally Identifiable Information
3. Handle authentication and authorization factors securely on the device correctly
5.6.2
![Page 25: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/25.jpg)
20
OWASP NIST [ 1] ENISA [ 2] YD/T 2407-2013 [ 3]
4.1.4.2. V5.4: Verify that the app either uses its own certificate store, or pins the endpoint certificate or public key, and subsequently does not establish connections with endpoints that offer a different certificate or key, even if signed by a trusted CA
4. Mobile App Evaluation – Network Events
2. User authentication, authorization and session management
5.5.4
4.1.5.1. 。
、
V1.7: Verify that a threat model for the mobile app and the associated remote services, which identifies potential threats and countermeasures, has been produced
4. Mobile App Evaluation: Malicious Functionality Malware Detection Communication with Known Disreputable Sites Libraries Loaded
6. Secure data integration with third party code 10. Handle runtime code interpretation
5.5.4
4.1.5.2.
V7.2: Verify that the app has been built in
4. Mobile App Evaluation – Classes
N/A 5.5.4
![Page 26: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/26.jpg)
21
OWASP NIST [ 1] ENISA [ 2] YD/T 2407-2013 [ 3]
release mode, with settings appropriate for a release build (e.g. non-debuggable)
Loaded
4.1.5.3.
V1.2: Verify all third party components used by the mobile app, such as libraries and frameworks, are identified, and checked for known vulnerabilities
4. Mobile App Evaluation: Native Methods Libraries Loaded
6. Secure data integration with third party code
5.5.4
4.1.5.4.
V6.2: Verify that all inputs from external sources and the user are validated and if necessary sanitized. This includes data received via the UI, IPC mechanisms such as intents, custom URLs, and network sources
4. Mobile App Evaluation – Input Validation
10. Handle runtime code interpretation
5.5.4
![Page 27: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/27.jpg)
22
OWASP NIST [ 1] ENISA [ 2] YD/T 2407-2013 [ 3]
4.2.2.1. Webview
N/A N/A N/A N/A
[ 1] Vetting the Security of Mobile ApplicationsApp, NIST Special Publication 800-163, http://dx.doi.org/10.6028/NIST.SP.800-163, 2015 [ 2] Smartphone Secure Development Guidelines, https://www.enisa.europa.eu/publications/smartphone-secure-development-guidelines-2016, ENISA, 2017 [ 3] , YD/T 2407-2013, 2013
![Page 28: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/28.jpg)
23
4.1.1.1. 1 2
4.1.1.2. 3
4 4.1.1.3. 5
6 4.1.2.1. 7
4.1.2.2. 8
9 、
、 10 、
4.1.2.3. 11
12 13
![Page 29: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/29.jpg)
24
14
15
16
17 、 18
4.1.2.4. 19
4.1.2.5. 20
21
4.1.2.6. 22
4.1.3.1. 23
4.1.3.2. 24 25
![Page 30: G 3R App PL Ùk y - spo.org.tw · 2018-08-01 · Identity, IMSI ' l â ÚB T Integrated Circuit Card Identifier, ICCID lj¹ _µ{ Media Access Control Address, MAC address k·¢ r](https://reader033.fdocuments.in/reader033/viewer/2022041921/5e6be536affabd3cf924e210/html5/thumbnails/30.jpg)
25
4.1.4.1. 26 ,
4.1.4.2. 27 、
28 , 29
30
4.1.5.1. 。 、
31 、 32
4.1.5.2. 33 ,
4.1.5.3. 34
4.1.1. 4.1.5.4. 35
4.2.2.1. Webview 36 Webview
37 Webview