| With the popularity and progress of the Internet technology,the number of Internet users has a rapid growth and mobile computing becomes the most popular computing wave at the same time.After cloud computing,mobile computing is the hottest computing model nowadays.Utilizing mobile Internet technology,mobile devices can easily access the Internet.Complex computations that previously can’t be afforded by mobile devices can be conveniently migrated to cloud servers.Meanwhile,the rich hardware facilities together with powerful programmability of mobile platform have brought dramatic experience and flexibility.For the huge prospect and market of mobile computing,all of Google,Apple and Microsoft,giants in the IT industry,released mobile intelligent terminal platform respectively.As far as the present situation is concerned,the market share of Google’s Android and Apple’s i OS is more than 95%.Benefit from open source and free those two characteristic,Android is widely used in ordinary people’s daily consumption,enterprise business areas,government and military areas,industrial manufacturing and other areas.In the era of cloud computing and mobile Internet,as the wide application of Android devices to all areas of our life,one indispensable requirement of Android is the security of the system itself as well as applications.The security of mobile application has become one of the hottest topics in the security area.With the rapid development of Android’s ecological system,security research of Android is developing rapidly too.Due to some specific features of Android,several challenges are faced when improving the security of Android,such as:(1)Malware analysis and detection,which extract malware behavior characteristics through analyzing the behavior of software;(2)Vulnerability analysis and detection,perform static analysis and dynamic analysis on Android App to find vulnerabilities in different threat models;(3)System security hardening,.by retrofitting current security mechanism to support new paradigm of security service from the system layer.With the rapid development of mobile Internet,the number of mobile applications is growing,the mobile application market is expanding too.As the explosive growth of Android applications,the number of tens of millions of applications on application markets,manual detection has been unable to meet the current security needs of the app.Therefore,the realization of the safety of the app security testing is imminent.The main research direction of this paper is analyze and detect vulnerabilities in the Android apps.We research the security problem of transporting traffic between mobile devices and cloud servers.We make the following contributions:(1)We examine how the popular,important mobile apps on Chines Android markets defend themselves against untrusted networks.We select top apps from major categories,such as banking,travel services,online shopping,social networks and apps form companies with huge market capitalization.(2)For automatic analysis and detection,we developed a set of APIs for operating the Android emulator with Python 3.4 based on ADB shell commands.By calling functions in those APIs,program can perfectly simulate all of users’ UI operations in Android devices.(3)Base on a wealth of experience of analyzing Android apps,we developed two algorithms for going through guide process in a just installed Android app and finish login correctly in a login page after finding this page successfully.We need to collect traffic which is sent by the Android app during the login process.(4)We design an algorithm to determine how developers to protect their apps’ traffic which is sent out during login by analyze itself.In plain text,in encoded text or in cipher text.And we will report whether attackers can perform replay attack to those apps by a man in the middle attack. |