| Due to the open source features,Android operating system,which is most popular with people,booms quickly in smartphone market.Starting from Android 4.4,Google introduced a new running environment for Android,known as ART,which replaced the original Dalvik virtual machine after Android 5.0,the new running mechanism means more challenges.This paper analyzes the hierarchical architecture,security mechanism,the running process of Android application under both modes,introduces the security problems that exist in Android.It places emphasis on common static and dynamic attack techniques,which lays the foundation for the design and implementation of Android protection scheme in ART mode.This set of scheme contains two major modules,reinforcement and detection.The reinforcement module includes two sub modules,static defense and dynamic defense.The former is realized by means of ProGuard obfuscation,software encryption,digital signature,JNI programming,and this paper adopts the shell technology based secondary loading after studying the loading process of ART virtual machine.The JNI function makes use of mutual invocation between Java and C/C++,at the bottom,a dynamic link library file with.so extention is generated after C/C++code is compiled by NDK.And the.so file is obfuscated and encrypted to improve the anti-static attack ability of the application.The dynamic defense module adopts anti-debugging technology to prevent the JDWP attack and PTRACE attack,the first solution contains debugging state check,port monitoring,the second protects the app from being attacked by polling to examine the TracerPid field value in "/proc/$pid/status",they both enhance the resistance to dynamic attack.The detection module mainly contains two functions,one for calculating the similarity value between apps to prevent plagiarism and protect developers’ intellectual property,another for distinguishing malicious and benign apps by using deep learning technology in order to avoid personal information leaks and property loss while the user is unware of these.This detection module contribute to maintenance of Android market order.This paper conducts the security valuation and analysis of the implementation scheme.For the reinforcement module,it compares and verifies the anti-attack capability of original and reinforced apps with static and dynamic analysis technology,and introduces an analysis method of apps with packetcapture tools.For the detection module,similarity measure and malware identification are carried out respectively with Androguard and Hickwall.In addition,this article makes a comparison and summary of the two running environment,ART and Dalivik.The experimental results demonstrates the effectiveness of the application protection scheme. |