| With the development and popularization of intelligent mobile terminal, the capability of each market to ensure the quality of Android Apps is relatively low, and users will have more and more chances to download and use malicious Android Apps. These malicious Android Apps will steal users' important data, automatically send SMS, and deduct money secretly. They seriously impact the interests of users. So how to detect malicious Apps to prevent their threats has become a major problem of the mobile Internet open platform.Focusing on the behavior of automatically sending SMS, this paper proposes a user-centric method based on static analysis, and designs an analysis tool used in the PC terminal. Firstly, the analysis tool loads the source code files which are got by decompiling the APK file of Android Apps. Then it analyzes the source codes to generate function call relationships. Since sending text message needs to call the Send Text Message() function of Android operation system, we follow the path of calling this function back to the top function. If the top function is to activate by users, the behavior of sending short messages is legal; otherwise this behavior is suspicious.The main contents of this paper are as follows:(1)analyzes the market impact of the android mobile phone, describes the security threats of malicious Apps for android telephone, and summarizes the related research work about the malicious App in recent years.(2)summarizes the architecture and the four major components of the android system, and describes the android security mechanisms.(3)by focusing on malicious behavior of automatically sending SMS, proposes a method based on static analysis, and designs a tool. |
PDF Full Text Request