Dynamic Monitor Of Android Application Based On Sensitive API Calls

In recent years, Android operating system has occupied the mobile operating system market for the advantage of its openness. It attracts a large number of third-party developers to create feature-rich Android applications by providing API to reorganize resources. However, there is a dramatic growth of malicious applications because of the poor supervision. The malicious applications' problems of automatically connecting to the Internet, sending SMS and stealing users' privacy not only do great harm to Android users but also curb the development of the platform. Therefore, how to detect malicious applications is an urgent problem to solve.This thesis designs and implements an Android application dynamic monitor system based on sensitive API Calls. The system can automatically install, start, run applications and monitor sensitive behaviors at real time through monitoring sensitive API calls. Finally, a security report is generated.The main contributions of this thesis are as follows:1. The thesis researches the architecture of Android operating system, the start-up procedure, the security monitor technology and existing dynamic testing tools on Android platform. Finally, a method that combines the dynamic automated testing technology and the security monitoring technology is proposed.2. Based on the existing automatically testing technology, an Android application dynamic automated testing system is designed and implemented in the thesis. The system generates and runs the python scripts to automatically install, start, run, test and uninstall the application by parsing the Android Manifest.xml file. Sensitive behaviors will be triggered and recorded by the terminal security system at the same time. And finally, it generates a security report.3. The thesis designs and implements an Android terminal security monitoring system. By analyzing the corresponding relationship between permissions and APIs, it creates a sensitive API library. The monitoring of malicious behaviors is implemented by the sensitive API monitoring module based on sensitive API calls. And finally, the system records sensitive behaviors and generates a security report.4. A variety of Android applications are tested and analyzed to verify the system. The result shows that the system can effectively detect most malicious behaviors, which improves the quality and efficiency of Android application audit.