The Design And Implementation Of Security Detection System On Android Open Platform Application

With the rapid development of Internet technology, open platform gradually become a new trend. It attracts many third-part developers to create rich applications by providing API to reorganization resources. However, a large number of malicious applications appear because of platform’s poor supervision. Among the malicious applications, many Android applications in the app-store accounts for a high proportion because of the freedom of its system source code and low development technical requirements. At the same time, app-store’s poor supervision provides a paltform to spread malicious applications. These malicious applications steal user’s personal data, connect to the Internet automatically and send SMS in the background, doing great harm to the user and app-store’s interests. Therefore, how to detect the application is an urgent problem to solve for the Internet and mobile Internet open platform.To meet the security need of Android open platform application, this paper designs and implements an Android application dynamic automated testing and security monitor system based on Android dynamic testing and end-monitor technologies that already exist from the view of application security detection. The system can automatically install, start, run the apk application and monitor the malicious behavior at real time. Finally, the system will generate a screenshot report and security log.This paper mainly embraces the following work:1. The article researchs the architecture of Android platform and deeply analyses Android security monitor mechanism from application layer and kernel layer. The paper also researchs the principle and shortcomings of the existing dynamic testing tools and proposes a method that combines the automated testing and security monitoring.2. Based on the existing automatically testing technology, the paper designs and implements an Android application dynamic automated testing system. With the socket connection to the Android device, we deal with the data source and obtain the absolute XY coordinate of the interface element. Then the system generates and runs the python script to automatically install, start, run the application like real users and finally generate a screenshot report. Malicious behavior will be triggered by the dynamic running and recorded by the security system at the same time.3. This paper introduces the implementation of the end-monitor module from the level of kernel security and applicaion layer security. By replacing the original system call function with custom function, the end-monitor records the malicious behavior in the user-defined function. Taking advantage of Android system call interception principle and Netlink communication method, the end-monitor module realizes the function that records the malicious behaviors such as stealing the privacy documents, sending SMS in the background,connecting to the Internet. The security detection in application layer is achieved by receiving the system message broadcast.4.The paper finally tests the dynamic testing and security monitor system. The test result shows that this system can detect most malicious behavior and quality problems, which can improve the efficiency and quality of application audit in order to strengthen the security of Android open platform.