Design And Implementation Of Security Protection System Based On Android Application

With the development and popularization of mobile Internet and intelligent terminal, the proportion of people using mobile phone application software has increased greatly, and Android application is very popular due to the huge market share of Android system. However,due to the diversity of access channels and the fragmentation of the system, Android applications are faced with complex and challenging attacking situations, including reverse analysis, secondary packaging,malicious code injection and so on. With this kind of demand, mobile application of reinforcement protection technology research is particularly urgent.This paper analyzes the security and software attacks of Android application, and points out the existing static attacks and dynamic attacks of Android applications, and introduces the existing Android protect technologies. Based on the situation design for the Android application of protecting technology solutions and system implementation.Based on the dex dynamic loading technology, dex concealment technology based on AES white-box encryption protection is designed,which can transparently protect the source dex file encryption, so that the attacker can not get the complete source dex file data directly on the disk.At the same time for the Shared Object file with the static attacking, a set of shared object file static defense scheme, from the Ndk code confusion,shared object code encryption and software packer make defense protection, it is difficult to realize the inverse analysis to the shared object file, and for the problem of internal code increment after protecting, the corresponding compression algorithm is adopted to optimize the code structure after protecting. Then, for the defect of static protection and the insufficiency of existing dynamic protection, an anti-debugging protection technology based on the signal mechanism and ptrace is designed, it uses the detection process and monitor process of mutual communication protection and the main process of ptrace to achieve multi-process protection to improve the dynamic analysis of the difficulty of the attacker for Android. With the tampering and the second packaging attack,the hash protection scheme based on hash algorithm is designed to protect the integrity of the key shared object code and the source dex file.and the integrity of the inconsistency in the case of suspension of the program to run, to prevent its attack by the attacker tampering.Finally, according to the designed Android application protection scheme, a complete Android application protection system is designed and implemented, which is used to strengthen the protection of Apk from static defense and dynamic defense, Realize the protection of dex file security protection, and the effective defense dynamic debugging attack and tampering attacks to resist the protection of attacks. In addition, the security of the system and the function of each sub-module are tested and evaluated, and the existing problems of the protection system are forecasted and discussed in the future.