Issues of identity verification of typical applications over mobile terminal platform

Recent studies have shown that attacks against USIM card are increasing, and an attacker can use the cloned USIM card to bypass the identity verification process in some applications and thereby get the unauthorized access. Considering the USIM card being cloned easily even under 5G network, the identity verification process of the popular mobile applications over mobile platform was analyzed. The application behaviors were profiled while users were logging in, resetting password, and performing sensitive operations, thereby the tree model of application authentication was summarized. On this basis, 58 popular applications in 7 categories were tested including social communication, healthcare, etc. It found that 29 of them only need SMS verification codes to get authenticated and obtain permissions. To address this issue, two-step authentication was suggested and USIM anti-counterfeiting was applied to assist the authentication process.