Research And Implementation Of Security Reinforcement Technology For Android Application Combining Encryption And Packing

Android is the most popular smart phone system in the world.Because of the open-source,many people would rather to attack the Android platform.There are a number of Android applications are modify by added malicious code and then re-packaged.The reason is that,on one hand,application developers do not pay attention to APK tamper-proof and decompile,which makes the application vulnerable to malicious modifications.On the other hand,the imperfections of the auditing mechanism make it easy for malicious software developers to release counterfeit products.In order to counteract the APK being tampered with and decompiled,the common method is to make code-level confusion about the files.Code obfuscation can increase the attacker's difficulty in static analysis of the code.By simply changing the code's symbols and order can't prevent from decompile and tamper.It can only delay the time to understand the code for attackers.This article focuses on the problems that Android application security protection causes to developers and users.And a security reinforcement system based on combine encryption with shell is proposed by conducting a research on the Android application security reinforce technology.The design idea is to pack the target APK that has been encrypted,and implement the shell's self-protection function in the shell code to implement the security protection of the target APK.The main problems solved by this scheme described as follow:1.This thesis combines the static and dynamic defense.Static defense can protect the code of Android applications and dynamic defense mainly in the shell program design and implementation.2.The static defense is mainly aimed at the target APK.First,the target APK is encrypted using the AES algorithm,and then the pack the APK file with a shell.3.Dynamic defense mainly implements anti-decompilation,anti-dynamic debugging,anti-emulation,and check protection in the shell program.4.Achieve dynamic loading technology by reflection mechanism.Through the breakthrough of the above technologies,the target APK can be reinforced without changing the functions of the Android application.The test results show that an APK which is reinforced by this system can run normally according to the original logic.And it shows good performance on against static analysis,against dynamic debugging,and against falsification.