The Implementation And Prevention Of Android Malicious Code Based On Reverse Engineering

In recent years, with the rapid development of intelligent terminal and thepopularity3G network, mobile phones play a more significant role in people’s dailylife. Android got the largest share of the mobile operating system market with itsproperty of open-source and cost-effective. But in the same time, Android alsobecame the main target of current mobile phone malicious code. However, diffferentfrom the date stored in other device, the data of mobile phones has a highe level ofprivacy. So the attacks against mobile phones give users a greater impact. So studyingthe Android-based malicious code plays a very important role in analysising anddetecting Android malicious code.This paper studied the Android’s existing security mechanism to find out thevulnerabilities of it. Then the paper gave four ways, the Android system kernel, thevulnerability of Android permissions, java reflection and reverse engineering toimplement Android malicious code programs. Combining with the advantages of theprograms, the paper desinged and implemented an Android malicious code injectorbased on reserving engineering. Once the injected application is installed, it will try toconnect to the server and execute the malicious code from it such as sending fakemessage and sending malicious e-mail.To verify the correctness and feasibility of the Android malicious injector, thepaper designed a test with the top10applications in Google Play. From the test wecan find the hazards of this system is that it can produce a large number of maliciousprogram in a short time, expand the spread range,improve the portability by automaticinjection and it will be the main direction of malicious code’ development.After the test, the paper designed two types of prevention methods by research theprinciple of the Android malicious code injector:First, signature comparison. In any way, code injection will chage the signature ofthe application. That is biggest drawback of Android malicious based on reservingengineering. So the paper has implemented an online signature contrast program inthe java layer, and hides the program by code obfuscation, dynamic loading and JNIcall.. Second, active defence. The reason why there is so much malicious code is thestatic allocation of Android permission. Based on the permission’s dynamic allocation,the paper gave three solutions. First, API modifying. We can record and judge themalicious actions of the applications by mark the sensitive APIs. Second, privilegemanagement component. To install a component as an API proxy to manage thesensitive APIs. All programs should apply the sensitive APIs by this component andbefore calling the real sensitive APIs, there will be a judgement. Third, APIinterception. This is an improvement of the previous program. We record and notifythe user when sensitive APIs are called by injecting our own code to the API serviceprocess.However, if we want to avoid the attacks from the increasingly complexmalicious code, only relying on the advamced defense shceme is not enough.Improving the users’ security awareness is also very significant. Only by combiningthe both ways can we avoid the attacks of Android malicious code.