Design And Implementation Of The Android Application Security Evaluation Tool

Now, Android system is one of the most popular smartphone operating systems. Because of its open source feature, the number of applications is growing rapidly. But unfortunately, the number of malware also starts to increase, and Android system security risks also increased. The current security software cannot detect unknown malware and have a little protection effect.In this paper, an application security evaluation tool for Android system is designed and implemented. It can monitor and test application by using the behavior detection method and has a good effect on the preventing unknown malware. In the case of malware raging increasingly, this evaluation tool has very important application value and practical significance.This system is completed in the Android system virtual machine. We use C and Java programming language, as well as Eclipse and ADT(Android Development Tools) plug-in as the development tool. The system includes the following several modules: management unit module, processing unit module, alarm processing module, features management module and upgrade module. The design and development of the following modules was completed:(1) The management unit module is mainly responsible for monitoring the behavi-or of the application. Using the dynamic analysis method, it monitors the application’s behavior through capture system and libraries calls.(2) The processing unit module is mainly for static detection with calculating the suspected malware right value and classifying the malware risk.(3) The alarm processing module is mainly for capturing and reading the behavior log, and analyzing the log, displays the malicious behavior conclusion analysis in the user interface.(4) The features management module includes three feature database:security pr-ogram feature library, malicious program feature library and security policy library. The author is only responsible for the design of the security policy library.According to the analysis of single sample testing and varied sample testing results, this system background monitoring and testing function can achieve the desired effect. The false negative rate and false alarm rate are controlled at about10%. It can also get a more satisfactory effect for unknown malware testing than the existing mobile security software. It will have more long-term prospect for development in mobile communi-cation security protection work.