隨著智慧型裝置的發展，企業與使用者也逐漸注重起使用裝置的風險，而為了降低風險，世界上許多國家的政府開始針對行動裝置的安全性訂出規範，並開始要求智慧型裝置在上市前必須要通過相關規範。對於智慧型裝置的生產者來說，可能會因此需要花費很多時間去符合各國不同的要求，從而使得產品上市的時程遭到延期。若能針對此問題提出一個手機安全檢測平台，用以協助檢測單位使用規範項目為實機進行檢測的話，則可增加檢測的效率。
有鑑於此，本研究針對目前智慧型裝置佔有率最高的 Android 平台，提出一測試框架，供檢測人員使用檢測案例為裝置提供各種測試項目，進行全自動、半自動或人工檢測。而在測試進行時，可同時收集測試證據，在測試完成後可產生檢測報告。除了前述的框架，本研究針對 Android 平台所發展的自動化測試機制，可使檢測人員於平台上建立針對實體手機的自動化測試，以便自動化檢測與檢測結果收集。因此，本研究的成果可望提升檢測人員之檢測效率、並減少整理檢測證據與製作檢測報告所花費的時間。

With the advances in smart device technologies, smart devices are usually equipped with various kinds of sensors. To prevent these sensors from collecting user data without obtaining user consents, several countries around the world have started to establish regulations on smart devices. Therefore, if an organization wishes to bring its new smart device to the market in a country, the organization may need to delegate a qualified testing organization in the country to verify that the device complies with the regulation of that country. In this case, if the organization can perform the compliance test in its test bed, it would shorten the time for the product to reach the market.
In light of this, this study proposes a framework and an associated platform for organizations to establish test cases on Android-based smart devices efficiently: First, the organization can define the testing steps of a test case. For each testing step, the organization can define automated, semi-automated or manual testing procedures. Note that this study provides automatic analysis tools specifically for Android smartphones. The organization can then define how to collect testing results. Finally, the organization can use the platform to perform tests based on established test cases. The platform will collect the test results and generates test reports automatically. Therefore, this study may contribute to improve the efficiency and effectiveness of smart device testing.

[1] Android Developers, “AndroidJUnitRunner,“ Google, Retrieved June 30, 2016, from https://developer.android.com/topic/libraries/testing-support-library/index.html#AndroidJUnitRunner.
[2] Android Developers, “Espresso,“ Google, Retrieved June 30, 2016, from https://developer.android.com/topic/libraries/testing-support-library/index.html#Espresso.
[3] Android Developers, “KeyEvent,“ Google, Retrieved June 30, 2016, from https://developer.android.com/reference/android/view/KeyEvent.html.
[4] Android Developers, “Testing Support Library,“ Google, Retrieved June 30, 2016, from https://developer.android.com/topic/libraries/testing-support-library/index.html.
[5] Android Developers, “UI Automator,“ Google, Retrieved June 30, 2016, from https://developer.android.com/topic/libraries/testing-support-library/index.html#UIAutomator.
[6] Android Studio, “Monkey,“ Google, Retrieved June 30, 2016, from https://developer.android.com/studio/test/monkey.html.
[7] Android Studio, “Monkey Runner,“ Google, Retrieved June 30, 2016, from https://developer.android.com/studio/test/monkeyrunner/index.html.
[8] Dimensional Research and Check Point Software Technologies Ltd, “The Impact of Mobile Devices on Information Security: A Survey of IT Professionals,” Check Point Software Technologies Ltd, January 2012, Retrieved June 30, 2016, from http://www.itogether.co.uk/wp-content/uploads/2013/04/check-point-mobile-security-survey-report.pdf.
[9] Dimensional Research and Check Point Software Technologies Ltd, “The Impact of Mobile Devices on Information Security: A Survey of IT Professionals,” Check Point Software Technologies Ltd, June 2013, Retrieved June 30, 2016, from https://www.checkpoint.com/downloads/products/check-point-mobile-security-survey-report.pdf.
[10] Dimensional Research and Check Point Software Technologies Ltd, “The Impact of Mobile Devices on Information Security: A Survey of IT Professionals,” Check Point Software Technologies Ltd, October 2014, Retrieved June 30, 2016, from https://www.checkpoint.com/downloads/product-related/report/check-point-capsule-2014-mobile-security-survey-report.pdf.
[11] Murugiah Souppaya and Karen ScarfoneNational, “Guidelines for Managing the Security of Mobile Devices in the Enterprise,” Institute of Standards and Technology, Special Publication 800-124 Revision 1, 2013, Retrieved June 30, 2016, from http://dx.doi.org/10.6028/NIST.SP.800-124r1.
[12] Lily Chen, Joshua Franklin and Andrew Regenscheid, “Guidelines on Hardware- Rooted Security in Mobile Devices (Draft),” National Institute of Standards and Technology, Special Publication 800-164 (Draft), 2012, Retrieved June 30, 2016, from http://csrc.nist.gov/publications/drafts/800-164/sp800_164_draft.pdf.
[13] Official Android Blog, “Get ready for the sweet taste of Android 6.0 Marshmallow,” Google, October 2015, Retrieved June 30, 2016, from https://android.googleblog.com/2015/10/get-ready-for-sweet-taste-of-android-60.html.
[14] PCI Security Standards Council, LLC., “Template for Report on Compliance for use with PCI DSS v3.0 Version 1.0,” Payment Card Industry (PCI) Data Security Standard, Report on Compliance, 2014, Retrieved June 30, 2016, from https://www.pcisecuritystandards.org/documents/PCI_DSS_v3_ROC_Reporting_Template.pdf.
[15] Wikipedia, ”PRISM (surveillance program),” Retrieved June 30, 2016, from https://en.wikipedia.org/wiki/PRISM_(surveillance_program).
[16] 中華人民共和國工業及信息化部, ”移動智能終端安全能力技術要求,” 中華人民共和國通信行業標準, YD/T 2407-2013, 2013, Retrieved June 30, 2016, from http://www.tenaa.com.cn/html/2407-2013%20%E7%A7%BB%E5%8A%A8%E6%99%BA%E8%83%BD%E7%BB%88%E7%AB%AF%E5%AE%89%E5%85%A8%E8%83%BD%E5%8A%9B%E6%8A%80%E6%9C%AF%E8%A6%81%E6%B1%82.pdf.
[17] 中華人民共和國工業及信息化部, “移動智能終端安全能力測試方法,” 中華人民共和國通信行業標準, YD/T 2408-2013, 2013, Retrieved June 30, 2016, from http://www.tenaa.com.cn/html/2408-2013%20%E7%A7%BB%E5%8A%A8%E6%99%BA%E8%83%BD%E7%BB%88%E7%AB%AF%E5%AE%89%E5%85%A8%E8%83%BD%E5%8A%9B%E6%B5%8B%E8%AF%95%E6%96%B9%E6%B3%95.pdf.
[18] 國家通訊傳播委員會(NCC), “NCC抽測市售12款手機結果說明,” 國家通訊傳播委員會(NCC), December 2014, Retrieved June 30, 2016, from http://www.ncc.gov.tw/chinese/print.aspx?table_name=news&site_content_sn=8&sn_f=33122.
[19] 國家通訊傳播委員會(NCC), “104 年手機系統內建軟體資安檢測計畫委託研究案期末報告,” 國家通訊傳播委員會(NCC), June 2015, Retrieved June 30, 2016, from http://ise.ncc.gov.tw/NccGIP/wSite/public/Data/f1466479737530.pdf.
[20] 覓雲 and 川江, ”加州槍擊案：FBI成功解鎖疑犯蘋果手機,” BBC中文網, March 2016, Retrieved June 30, 2016, from http://www.bbc.com/zhongwen/trad/world/2016/03/160329_fbi_apple_case_end.
[21] Antonia Bertolino, “Software Testing Research: Achievements, Challenges, Dreams,” in 2007 Future of Software Engineering, Minneapolis, MN, USA, 2007, pp. 85-103.
[22] Bo Jiang, Xiang Long, and Xiaopeng Gao, “MobileTest: A Tool Supporting Automatic Black Box Test for Software on Smart Mobile Devices,” in Proceedings of the Second International Workshop on Automation of Software Test, Minneapolis, MN, USA, 2007, pp. 1-8.
[23] Chuanqi Tao and Jerry Gao, “Modeling Mobile Application Test Platform and Environment: Testing Criteria and Complexity Analysis,” in Proceedings of the 2014 Workshop on Joining AcadeMiA and Industry Contributions to Test Automation and Model-Based Testing, San Jose, CA, USA, 2014, pp. 28-33.
[24] Daniel Vecchiato, Marco Vieira, and Eliane Martins, “A Security Configuration Assessment for Android Devices,” in Proceedings of the 30th Annual ACM Symposium on Applied Computing, Salamanca, Spain, 2015, pp. 2299-2304.
[25] Dudekula Mohammad Rafi, Katam Reddy Kiran Moses, Kai Petersen, and Mika V. Mäntylä, “Benefits and Limitations of Automated Software Testing: Systematic Literature Review and Practitioner Survey,” in Proceedings of the 7th International Workshop on Automation of Software Test, Zurich, Switzerland, 2012, pp. 36-42.
[26] Klaus Haller, “Mobile Testing,” ACM SIGSOFT Software Engineering Notes, vol. 38, no. 6, pp. 1-8, November, 2013.
[27] Sufatrio, Darell J. J. Tan, Tong-Wei Chua, and Vrizlynn L. L. Thing, “Securing Android: A Survey, Taxonomy, and Challenges,” ACM Computing Surveys (CSUR), vol. 47, no. 4, pp. 1-45, July, 2015.
[28] Zhifang Liu, Bin Liu, and Xiaopeng Gao, “Test Automation on Mobile Device,” in Proceedings of the 5th Workshop on Automation of Software Test, Cape Town, South Africa, 2010, pp. 1-7.