Client security threats mainly include configuration security, component security and code security. Configuration security means that the Debug attribute and the allowbackup attribute of the mobile APP are not set to false before it is officially released, which leads to the risk of debugging and arbitrary backup of the mobile APP; Component security means that before the release of APP, the attribute settings of exported activities, services, content providers and broadcast receivers are incorrect, resulting in the exposure of components; Code security means that the code of mobile APP will not be confused and reinforced before it is released. Attackers can easily obtain the source code of the APP by using decompilation tools such as dex2jar, Jadx, apktool, etc. There are mainly file decompilation risks such as signature verification risk and dex file decompilation risk. In the process of using the car networking mobile APP, the user information will be stored in the owner's mobile phone. For example, the developer's security awareness is weak, and the user's private information is not encrypted, and it is directly stored in the owner's mobile phone in plain text. Hackers only need the user's mobile phone ROOT, and in theory, they can steal all the personal information of users. In addition, if you view the real-time print log through adb or monitor, there is a risk that sensitive information (user name, password, etc.) will be stolen. ) If the output of the log is not well controlled, it will be leaked. In addition, in order to ensure the privacy and confidentiality of data, data is often encrypted, and the safe storage of keys is very important. If the key is leaked, the security of encrypted data will be lost. The security risks faced by data security mainly include the risk of clear storage of shared preference data, the risk of clear storage of SQLite data, the risk of Logcat log data leakage and the risk of hard coding.