| The Android system is a Linux-based open-source operating system developed by Google. With the increasing popularity of Android system,Android application market is developing rapidly. Therefore, Android application software has become the target of hackers and other malicious attackers. Meanwhile, there are more and more vulnerabilities of Android exposed due to the continuous improvement on vulnerability exploiting technology. Attackers use Android application soft spot for malicious operation, which brings severe threat to user privacy and property security.In this paper, we conduct research on the Android application software vulnerability analysis in the following areas: based on definition of this technology, the cause of vulnerability is analyzed; common vulnerabilities for Android applications are classified and studied; an Android application vulnerability detection system AAVS which can provide dynamic and static analysis is designed and implemented.The main contents and results of this paper is provided below:1. The system architecture and security mechanism of Android system is studied. The commonly used analysis methodology of Android vulnerability detection, in both static and dynamic ways, are explored in depth. In addition, the technology of spot tracking and dynamic fuzzing is analyzed.2. Based on the vulnerability of Android application, we provide the definition of this technology, the analysis of the cause, and the study in loophole and other common scenarios of' malicious attack.3. On the basis of above, a vulnerability detection system named AAVS is designed and implemented for Android application software. This system combines the static stain analysis technology and the dynamic fuzzy test technology based on the protocol Fuzzing which can quickly locate the potential security vulnerabilities and risks in the Android application. AAVS dose not only enable accurate detection, fast scan, but also a wide coverage of scanned items (up to 30). |
PDF Full Text Request