| With various types of smart phone applications emerging,consumers addict to experience different kinds applications.However,when these applications bring convenience to consumers,it alse hide mobile security risks that threaten property safety of consumers.Ways that users to access applications mainly from app stores and mobile phone forum,although domestic third-party application markets have review process for submited application,but the vast majority of markets audit focused on functionality,interface,compatibility,etc.,and lack of security review process.This article aims to design and implement an android application market not only focus on security aspects of the audit,but alse guide the developers and users to increase their security awareness.Behavior-based malware detection technology is currently the main way to find security vulnerabilities no matter in domestic or foreign,which include static analysis,dynamic analysis and mixed analysis three ways.Static analysis with high speed and high coverage,it can detect more malware execution path,and thus more comprehensive analysis of the vulnerability of privacy protection mechanisms.Therefore,this article selects static analysis method as analytical way.By analyzing the current status of the android market threats and vulnerabilities,focuse on the data privacy principles and components exposure detect.Against chargeback action,determine whether to apply too many permissions and whether this action is a user instruction.Builder CFG(control flow graph),FCG(call graph)and CCG(assembly call graph),detects if the implicit Intent lead to the components hijacking,information disclosure,and disclosure components permissions.For all vulnerabilities are detected indicate vulnerability location and treatment recommendations to help developers improve.For users,lists all the permissions that are sensitive,indicating its meaning and why the app needs this permission. |
PDF Full Text Request