android 内存警告

The release of Android 4.4 KitKat brought a wide array of improvements included enhanced security. While the security might be tighter, the messages can still be a bit cryptic. What exactly does the persistent “Network May Be Monitored” warning mean, should you be concerned, and what can you do to get rid of it?

Android 4.4 KitKat的发布带来了许多改进，包括增强的安全性。 虽然安全性可能会更严格，但是消息仍然可能有点神秘。 持续存在的“可能受到监视的网络”警告到底是什么意思，应该引起您的注意，以及如何消除该警告？

Dear How-To Geek,

亲爱的How-To Geek，

I recently bought a new Android phone, and there’s been this new warning message that’s kind of freaking me out a little bit. It never popped up on my old Android phone and now it pops up every few days or whenever I restart the phone. The message that flashes in the status bar and then appears in the notification menu is, “Network May Be Monitored,” and then if I click on the warning shortcut in the notification menu it takes me to a system menu labeled, “Trusted credentials,” with two tabs. One is labeled “system” and one is labeled “user.” There are tons of items listed in the “system” tab and only one in the “user” tab. What’s weird is the one item listed in the user tab looks like a router name “netgear.”

我最近购买了一部新的Android手机，并且出现了一条新的警告消息，这让我有些惊讶。 它从未在旧的Android手机上弹出，现在每隔几天或每当我重新启动手机时都会弹出。 状态栏中闪烁的消息，然后出现在通知菜单中的消息是“可以监视网络”，然后，如果我单击通知菜单中的警告快捷方式，它将带我到标有“受信任的凭据， ”和两个标签。 一个标记为“系统”，另一个标记为“用户”。 “系统”选项卡中列出了许多项目，而“用户”选项卡中仅列出了一项。 奇怪的是，用户选项卡中列出的一项看起来像路由器名称“ netgear”。

I have no idea what any of this stuff is or why Android is telling me that my network may be monitored. Should I be as freaked out by this message as I am, and what can I do to make it go away? I’ve attached some screenshots in case I’ve done a poor job describing the problem.

我不知道这些东西是什么，或者为什么Android告诉我可能会监视我的网络。 我是否应该像现在这样被消息吓坏了，我该怎么做才能使其消失？ 如果我在描述问题时做得很差，我还附上了一些屏幕截图。

Sincerely,

真诚的

Paranoid Android

偏执的Android

This kind of situation is exactly why we weren’t particularly fond of the implementation of credential handling in Android 4.4. Google’s heart was in the right place, but the way the update handled it (and warned the user) is inelegant at best and unsettling (to the uninitiated end user) at worst. Let’s take a look at what the warning message even is and what you can do about it.

正是这种情况正好说明了我们并不特别喜欢Android 4.4中的凭证处理的实现。 Google的心是对的，但是更新处理它(警告用户)的方式充其量是微不足道的，最糟糕的是(对于未启动的最终用户)。 让我们看一下警告消息是什么，以及您可以采取的措施。

警告的来源 (The Source of the Warning)

First, let’s explain why you’re getting this error message since Android gives next to zero useful feedback in this regard. Your phone maintains a list of trusted and user supplied security certificates. That long list of entries under “system” you found in the “Trusted credentials” menu is essentially just a big old white list of approved security certificate issuers that Google pre-seeded your Android phone with. Essentially your phone says “Oh, okay, these people are trustworthy, so we can trust security certificates issued by them.”

首先，让我们解释一下为什么会收到此错误消息，因为Android在这方面提供了几乎为零的有用反馈。 您的电话会维护受信任和用户提供的安全证书列表。 您在“受信任的凭据”菜单中的“系统”下的一长串条目实质上只是Google预先将您的Android手机植入其中的已批准安全证书颁发者的大白名单。 本质上，您的电话说：“哦，好的，这些人是值得信任的，因此我们可以信任他们颁发的安全证书。”

When a security certificate is added to your phone (either manually by you, maliciously by another user, or automatically by some service or site you’re using) and it is not issued by one of these pre-approved issuers, then Android’s security feature springs into action with the warning “Networks May Be Monitored.” Technically, that’s an accurate warning: if a malicious/compromised security certificate is installed on your device it is possible that traffic from your device can be monitored under certain circumstances. It’s also possible for a company or hotspot provider to use self-issued certificates on their own hardware for this purpose (although, typically, their motives are more benign).

如果将安全证书添加到您的手机中(由您手动，由其他用户恶意或由您正在使用的某些服务或网站自动添加)并且未由这些预先批准的发布者之一颁发，那么Android的安全功能出现警告“网络可能受到监视”的操作。 从技术上讲，这是一个准确的警告：如果您的设备上安装了恶意/安全漏洞证书，则在某些情况下可能会监视来自设备的流量。 公司或热点提供商也可以为此目的在自己的硬件上使用自行颁发的证书(尽管通常情况下，其动机更为温和)。

Unfortunately the issued warning is needlessly scary and it’s unclear: if you don’t know what the deal with trusted credentials and security certificates is then the warning might as well be in binary.

不幸的是，发出的警告不必要地令人恐惧，并且不清楚：如果您不知道如何处理受信任的凭据和安全证书，那么警告也可能是二进制的。

A certificate doesn’t even have to be genuinely malicious to trigger the warnings, however, it just has to be issued/signed by an authority that isn’t listed in the trusted “system” list. This means if you signed your own certificate for some use (like setting up a secure connection to your home server) then Android will complain about it. It also means that if your company self-signs their certificates for in-house use and doesn’t pay for an officially signed certificate, you’ll also get a warning.

证书甚至不必真的是恶意的即可触发警告，但是，它只需由未在受信任的“系统”列表中列出的授权机构颁发/签名即可。 这意味着，如果您签署了自己的证书以作某种用途(例如建立与家庭服务器的安全连接)，则Android会对此进行投诉。 这也意味着，如果您的公司对自己的证书进行自我签名以供内部使用，并且不支付正式签署的证书的费用，则还会收到警告。

Finally, and we’re pretty sure this exactly what happened in your case, if you connect to a secure Wi-Fi network that is using a security certificate from an issuer that isn’t on the trusted list in your phone, you’ll get the error. Technically, as we mentioned above, the company could be using the self-signed certificate for malicious purposes but practically most of the time you run into this issue it will be cause 1) the company doesn’t want to pay the fees for a public certificate they use for private purposes and 2) they want total control over the certificate creation and signing process.

最后，我们很确定这确实是您的情况，如果您连接到使用来自发件人的安全证书的安全Wi-Fi网络，而该发件人不在手机的受信任列表中，则您会得到错误。 从技术上讲，如上所述，公司可能出于恶意目的使用自签名证书，但实际上大多数情况下您会遇到此问题，这是由于1)公司不想为公众支付费用他们用于私人目的的证书； 2)他们希望对证书创建和签名过程进行完全控制。

If you want to read more about the technical side of the warning (as well as how upset the new system for handling certificates has made more than a few people) you can check out these Android bug report threads [, 2] and these two blog posts at GeekTaco [, ] discussing the issue in depth.

如果您想了解更多关于该警告的技术方面(以及如何打乱处理证书的新系统已经有不少人提出更多)，你可以看看这些Android的bug报告线程[ ，2]这两个在GeekTaco [博客文章 ， ]在深入讨论的问题。

您应该担心吗？ (Should You Be Worried?)

The warning is worded very seriously, and we hardly blame you for being a little freaked out. But should you actually be worried? In the vast majority of cases users seeing this error are not seeing it because someone has installed a malicious certificate on their machine, and they’re now in danger. The most typical reason is the one we outlined above: companies using self-signed certificates that aren’t listed in the system’s directory of trusted certificates because they were never issued by an authorized issuer.

警告的措词非常认真，我们几乎不怪您有点吓坏了。 但是您真的应该担心吗？ 在大多数情况下，看到此错误的用户没有看到此错误，因为有人在其计算机上安装了恶意证书，并且现在处于危险中。 最典型的原因是我们在上面概述的原因：使用自签名证书的公司未在系统的受信任证书目录中列出，因为它们从未由授权发行人发行。

Given the probability of someone using a malicious certificate against you being low and the probability of the certificate causing the warning to be a non-malicious certificate that just wasn’t created by a publicly verified certificate authority, you don’t need to panic.

鉴于有人对您使用恶意证书的可能性很低，并且该证书导致警告是不是由公开验证的证书颁发机构创建的非恶意证书的可能性，因此您不必惊慌。

That said, there’s no reason to keep unknown certificates around and no reason to endure warnings that don’t apply to your situation. Let’s look at what you can do in both scenarios.

也就是说，没有理由保留未知证书，也没有理由忍受不适用于您的情况的警告。 让我们看看两种情况下都可以做什么。

你能做什么？ (What Can You Do?)

The super majority of certificates from legitimate sources should be properly signed and verified. In the rare instances that you have an unsigned by valid certificate (e.g. you created it yourself or your company is using it for internal networks) you would either be aware of the origin of the certificate because you had a hand in making it or a conversation with the IT folks should clear things up.

来自合法来源的绝大多数证书应正确签名和验证。 在极少数情况下，您具有有效证书的未签名(例如，您自己创建的证书或公司正在将其用于内部网络)，您可能会知道证书的来源，因为您需要进行签名或进行对话与IT人员应该清理一下。

So unless you’re using Android in a corporate environment (wherein you should check with your IT guys to see what the deal is with the certificate because it might be one they created) or you created the certificate yourself, the easiest solution is just to press and hold on any unknown certificates found in the “user” category of the “trusted certificates” category and delete them (the removal button is located at the bottom of the information pane). The less unidentified loose ends (especially in your certificates list) the better.

因此，除非您在公司环境中使用Android(在这种情况下，您应该与IT人员核实证书的内容，因为这可能是他们创建的)，否则您自己创建证书，最简单的解决方案就是按住“受信任的证书”类别的“用户”类别中找到的所有未知证书，然后将其删除(“删除”按钮位于信息窗格的底部)。 不确定的散尾越少(尤其是在证书列表中)越好。

If you have a legitimate certificate that is throwing up the error because it’s in the “user” list instead of the “system” list, you can (at your own discretion and risk) manually move the certificate from the user list/directory to the system list/directory. This is not a task to be undertaken lightly so if you are not completely confident that the certificate in the “user” list is safe because either 1) you created it or 2) the IT staff at your company verified that it’s one of their certificates, you should not attempt a move.

如果您有合法证书，因为它在“用户”列表而不是“系统”列表中而引发错误，则可以(根据您自己的判断和风险)手动将证书从用户列表/目录移至系统列表/目录。 这不是一件容易的事，因此，如果您不能完全确定“用户”列表中的证书是安全的，因为1)您创建了该证书，或者2)您公司的IT人员已验证该证书是他们的证书之一，您不应尝试移动。

If you are confident in the security and origin of the certificate, engineer and Android enthusiast Sam Hobbs has a and another programmer and enthusiast Felix Ableitner has without the command line work. Again, unless you have a pressing (and well understood) need to the certificate, we recommend against it.

如果您对证书的安全性和来源有信心，工程师和Android发烧友Sam Hobbs会的而另一个程序员和发烧友Felix Ableitner会提供而无需命令行工作。 再说一次，除非您迫切需要(并且很好地理解)证书，否则我们建议您不要使用该证书。

Have a pressing tech question? Shoot us an email at ask@howtogeek.com and we’ll do our best to answer it.

有紧迫的技术问题吗？ 向我们发送电子邮件至ask@howtogeek.com，我们将尽力答复。

翻译自:

android 内存警告