Research On Several Security Analysis Techniques Of Mobile Applications

With the prevalence and development of mobile smart device,the mobile applications begin to play a more and more important role in people's life.Nowadays,users are accustomed to use smartphones for daily activities,such as entertainment,social interaction,mobile office or even consumption.Therefore,if the security of mobile applications is not guaranteed,users will face the threat of privacy and sensitive data leakage,or even loss of property.In addition,developers and manufacturers of the application will also face threats such as copyright infringement,leakage of key business logic and loss of profits.Currently,Android and i OS are the most widely used mobile smart platform,especially Android which has already become the most widely used operating system in the world.Since the first Android device came out and i OS opened the App Store for third-party apps,the two platforms have undergone more than a decade of development and evolution.In this process,there are three main threats and challenges of mobile application security,including app analysis and cracking,malicious application problem,and application vulnerabilities and security issues.For these problems,researchers have proposed corresponding work,including program analysis and protection techniques for mobile apps,which can perform accurate or even automated analysis for program behavior as well as protection measures against such analysis techniques.However,for the current popular code packing techniques of Android apps,existing analysis techniques have limitations.Therefore,designing general analysis techniques which can continuously resist variation of code packing techniques is an urgent problem.In addition,a lot of work also focus on detection and analysis for mobile malware.Among them,repackaged apps(which is the most cases of Android malware)and harmful third-party libraries in apps have been studied in depth.However,for such apps,how to cope with the malicious and abnormal behaviors in a fine-grained manner with efficient strategies,which can not only ensure the app's main function but also cut off the malicious behavior,is a vacancy in current research.Finally,researchers also pay much attention to the app's vulnerabilities and security issues.At present,many security vulnerabilities have been found in mobile apps and corresponding detection techniques have been developed.However,we also found that the currently detectable vulnerabilities are relatively single and simple,which is often based on the matching of specific rules.Even if the detection or analysis techniques for vulnerabilities can handle apps with complex protocols,it can not be large-scaled and automated,especially for the important and emerging mobile payments.Currently,there are no such work on mobile payment security.Aiming at these problems in the current research,we propose following work and contributions in this thesis.1.Android apps are vulnerable to repackaging attack and the undesirable code(tumor code)bundling is becoming a popular way of spreading malicious behavior.Based on the fact that the tumor code in Android APK is usually characteristic and relatively independent in the app,it is possible to resect the tumor from the original APK.We propose an effective tumor code diagnosis and purification system called APKLancet.APKLancet builds feature database of tumor payload based on the samples of malware and apps with harmful third-party libs.Then it diagnoses the tumor code relying on the database and partitions the tumor payload from the host app using program analysis.After that,APKLancet excises of the tumor code and restores the benign function and verifies the app's benign function.APKLancet has been applied to apps with typical tumor payloads and our analysis indicates that it is feasible to defend the undesirable behaviors through app's purification.2.In view of the lack of effective analysis methodology for Android code packing techniques,we conduct a systematic study of code packed Android malware.Commercial Android packers are analyzed and relevant anti-analysis techniques are summarized.An investigation of 37,688 Android malware samples is then conducted and 490 code packed apps are analyzed with the help of our proposed App Spear,an automated code unpacking system.App Spear employs a novel bytecode decrypting and DEX reassembling approach to replace traditional manual analysis and memory dump based unpacking.Experiments demonstrate that our proposed App Spear system is able to unpack most malware samples protected by popular commercial Android packers,and it is expected to become an essential supplementary process of current Android malware detection.3.In the thesis,we conduct an in-depth and comprehensive analysis on the security of third-party in-app payment,reveal potential security risks,and propose attack model and vulnerability detection methodology.We take China,the world's largest mobile payment market as the research subject,and study four mainstream third-party in-app payment with huge number of users,including We Chat Pay,Alipay,Union Pay and Baidu payment,covering two platforms: Android and i OS.We develop automated identification method for payment apps and discover the huge popularity of in-app payments.Our analysis investigates implementations of four in-app payments and concludes two unified payment process models.According to the process models and our reasonable adversary model,we then propose seven security rules that should be obeyed by merchants and cashiers.We also illustrate the serious consequence of violating security rules,which may cause up to four types of attacks including allowing an attacker to buying things without actually purchasing them or deceiving other users to pay for them.Besides,we detect these flawed implementations to the 2679 Android apps and 3972 i OS apps with in-app payment which we identified.Our statistics paint a sobering picture–hundreds of apps integrated with third-party in-app payment SDKs are vulnerable.Our further investigation indicates the root cause of these flawed implementations.Besides,our successful exploits to several apps show that these flawed implementations can cause financial loss in real world.Finally,we have reported these issues to all the related parties and received positive feedbacks.