Currently, in existing mobile service, it often requires a user to make use of verification information to operate, in order to ensure the security of the service. The user can obtain verification information via short message or e-mail and other ways. For example, when registering account or making payment with a mobile phone, it is needed to send short messages to current phone number from a server to verify user identity and short messages are sent in plain text. However now some operating systems (such as Android) are relatively open, so any software after registering short message permission can freely read the contents of short messages, causing great risks in terms of security.
In many processes of verification, especially in payment processes, mobile phone message verification is the last security measure, in which the server (a service provider, such as Alipay) sends, via short message gateway, a short message containing verification code of numbers or characters to a user's cell-phone number that has previously been bound. After the user receives the short message, the user sends the verification code to the server via the cell phone application or certified/paid WEB page. According to the verification code, the server judges whether it is the user who is verifying or paying.
The problem is that, cell phone is personal belonging, so short message is not as safe as what the service providers and the users thought. Just turn on a cell phone and look at each application installed, and one will find that many seemingly completely irrelevant applications will ask for the permission to read the short message or even send short messages. Thus, users will not care about some permissions that the installed applications have gained. A malicious application that contains Trojan horses can silently read the verification codes described previously. Under systems with version previous to Android4.4 (currently most of the Android phones on the market), Trojan horses can even delete a short message after stealing the short message that contains a verification code in the absence of the Root, and steal the verification code with the user unaware of it. In addition, other objects, desirable features and characteristics will become apparent from the subsequent summary and detailed description, and the appended claims, taken in conjunction with the accompanying drawings and this background.