| As an open source operating system,the Android system is widely used by major manufacturers,developers and users,and together t hey form a complete Android ecosystem.Manufacturers,developers and users promote each other and jointly ensure the prosperity of the Android system.Google,which is released as an Android application,does not have full control over the release of applications like Apple.Developers can publish applications on Google Play,or publish applications developed in third-party applications or through their own ways.With the popularity of mobile devices,people are increasingly using their own mobile devices to work,and seldom use company-issued devices.More and more mobile devices are used in commercial environments,making the work environment vuln erable to attacks.risks of.Android devices are the largest mobile devices on the market today,so it is important to study the security of Android applications.The main work of this thesis is as follows: First,collect and sort out the typical security vulnerabilities in the current Android system,analyze the causes of these security vulnerabilities and the hazards of the vulnerabi lities in detail,and propose a method to divide security vulnerabilities.Features build a set of vulnerability rule bases.The specific categories are as follows: Android component security vulnerability,component permission exposure vulnerabilit y,Web View security vulnerability,data security vulnerability,and configuration file security vulnerability.Then,based on this,a static analysis method based on feature database is proposed.Unlike traditional static analysis methods,this method combines regular expressions with feature libraries to effectively improve detection efficiency and detection accuracy.In dynamic analysis,a dynamic detection method based on dynamic binary injection is proposed.This method can better simulate the real operating environment without modifying the program code,effectively reducing the threshold of dynamic detection and improving the efficiency of dynamic detection.In the aspect of dynamic detection technology,a unique Smali injection point detection method is proposed.This method combines dynamic monitoring technology to successfully find the function function suitable for Smali injection in the application program.Finally,an Android application security detection framework is designed and implemented.The framework can accurately detect the security threats of components,permissions,Web View,data,and configuration files that exist in the Android application and can detect injection points suitable for Smali injection.In short,the work of this thesis is of great significance for improving the security of Android applications. |
PDF Full Text Request