Research On Android Application’s Critical Security Methods

In recent years, with the rapid growth of the number of smart phones and the development of Internet, mobile phones has become an indispensable part of people’s life. Among lots of the mobile phone operating systems, android occupies a big part in the market share. As Android system’s being popular, more and more developers are joining to develop applications, the attack methods targeting on Android platform are also rising, which has caused money loss and the risk of the explosure of privacy. In this case, how to develop applications that are more secure has become a direction for developers to pursue.In this paper, I studied on the constructure and the security mechanism first, explicitly analysed the security threats to Android apps, android analysed the critical skills of Android Applications.Secondly, this paper raised a mature method of multi-way signature verification, which makes an multi verification on the hash of signature of an installed app, the hash stored on the Internet and the extra app’s signature within the application. Besides, the verifying actions are proceeded in.so files which are properly encrypted and could only be decrypt when the app is running, as far as one of those verifications dose not accord with the rule, user will be noticed that this app could have been repacked and it is suggest to download the app again from the official website. Besides, in this paper I rasied a dynamic monitoring skill to monitor the critital position of an app. The basic idea is using Inotify to monitor the critical files. For example, the login code in some payment apps, if the code is store in a local file, then even it is encrypted by the developer, there are still high risks for being hacked. If the hacker gets the encrypt algorithm through reverse engineering, then in a high permission environment it is easy to calculate an new code using that encrypt algorithm to represent the original password. Using polling to monitor the critical location is a good way to prevent this kind of hacking. And if we assume that using dynamic link library is more sucure than using Java to write those code, we can get an even more secure way to prevent the method to be hijacked.In the end, a series of simulated attacking experiments was conducted to verify and evaluate the idea. The results show that the mothod in this paper has a rather good protection effect which means it can efficiently prevent the applications from being repacked and reverse engineering.