Research On Detection Technology Of Android Applicaiton Vulnerability Based On Sandbox

With the development of mobile Internet and the popularity of smart phones,smart phone has become an indispensable part of most people's life,especially,the Android mobile phone took a giant smartphone market share.Although the Android system provides system level security mechanism,but due to the complexity of the Android runtime environment,application research and development personnel safety consciousness is uneven loopholes in the application,which can lead to rely solely on the Android native security mechanism to protect the security of the application is not enough.This paper proposed an Android application vulnerabilities detection system based on sandbox.Sandbox can provide the application with the virtual operating environment,also be able to detect running behavior of the application.Existing work pay more attention to how to use the sandbox in identifing malicious applications,this paper proposes to apply sandbox for vulnerability detection technology,and implements a lightweight vulnerability dynamic detection client for Android applications.In addition,the system uses both static vulnerability detection and dynamic vulnerability analysis,which can systematically detect the vulnerability of the Android software.In this paper,the specific research contents and results are as follows:1,Classifying the subclass of the cryption misuse vulnerability of Android application.By studying the Android provides cryption mechanism and summarizes the application of actual implementation method,we inductive and extract the vulnerabilities characteristics description and key code of each subclass in the cryption misuse vulnerability.According to the characteristics of the vulnerability,we established the assessment model,which can be used in safety rating for the cryption misuse vulnerability.2,Research the Android vulnerability of static and dynamic analysis method,and designed static vulnerability detection strategy and dynamic vulnerability analysis strategy according to the features of the cryption misuse vulnerability.3,Studies on the Android application sandbox the principle and implementation way,implements an Android application software vulnerability detection system based on sandbox.The sandbox we use in our system,which can provide a virtual environment for Android applications,and do not have to modify the operating system nether need to change the code of application software to test the application running behavior.