Research On The Security Protection Technology Of Android Application

With the rapid development of mobile internet,more and more applications are applied from PC to the smart phone.However,due to the open source characteristics of Android platform and the diversity of Android application markets,Android applications are faced with greater security risks,and the research on the security technology for mobile applications on the Android platform has become crucial.In mobile applications,a large amount of user sensitive data is generated,and the vulnerabilities and defects of applications will lead to the leaks of sensitive data,which in turn raise security risks.Another challenge faced by mobile applications is the code attack from malicious attackers.By tampering with the application code and injecting the malicious code,attackers can hijack the application and obtain the sensitive data of the user.Based on the full summary of the existing security solutions of Android applications,this paper makes an in-depth analysis of the risks in data security and code security of Android applications,and proposes new solutions based on application container,framework layer reinforcement and native layer reinforcement.The main research and contributions of this paper include:(1)Research on the defense technology of cyptographic misuse vulnerability.Since lots of cryptographic misuse vulnerabilies exist in Android applications,this paper summarizes the characteristics and security risks of such vulnerabilities,designs a cyrptographic misuse vulnerability repair model,and on this basis,proposes a secure container for cryptographic misuse vulnerability in Android applications.Through experimentation,the additional time and memory loss increased by the container is within an acceptable range,which achieves our designed goals of vulnerability detection and vulnerability fixes.(2)Research on cache leak protection technology for Android social applications based on framework layer reinforcement.This paper presents a threat model for the cache leak risks of Android social applications,rates the security risks of cache leak points,and on this basis,designs and implements a cache leak detection and reinforcement framework based on Android framework layer,which provids effective protection for the cache file security.Experimental results show that our scheme can effectively weaken the threat of cache leaks of social applications,based on the user's non-perceived perf-ormance loss,and realize the security protection for the cache file of social applications.(3)Research on privacy leak protection technology based on application-layer container.To solve the privacy leak problems of Android applications,this paper analyzes the risk of the life cycle of application privacy data,and proposes an application-layer privacy protection scheme.The scheme firstly defends against Android system vulnerabilities,then tracks the paths of privacy data leaks in the application by static analysis and dynamic analysis,and finally protects the privacy data by reinforcement program according to the policy file based on Java hook and native code hook technology.It can be seen from the experiments that the privacy data protection container can effectively protect the user privacy data in Android applications,and the performance loss is restricted within an acceptable range f-or users.(4)Research on security technology of code reinforcement.This paper proposes a native code protection framework,based on control flow integrity protection and code enhanced encryption protection technology,against malicious attacks faced by Android applications in native code.This framework can extract the control-flow features of subroutine invocation process by static analysis,provide developers with a visual policy configuration view to set the reinforced points,generate the reinforcement code based on the CFI policy,and integrate the verification module into the target application.While the target application is running,the CFI check is excuted to defend against the malicious attack.Experiments show that the reinforcement framework can realize secure protection to native code of applications by minimal performance overhead.In conclusion,to deal with the security risks of mobile applications on the Android platform,this paper proposes a series of security solutions from four aspects:cyptographic misuse vulnerability defense,cache file leak protection,privacy data leak protection,and code reinforcement technology.These solutions make Android applications greatly improve their security abilities under an acceptable performance overhead,and be capable of defense of malicious attacks.