Research On Android Application Data Protection Based On Reverse Engineering

With the rapid development of the mobile Internet,mobile applications have brought great convenience to people.Android,as the system with the largest market share in mobile smart devices,has been favored by a large number of developers and consumer groups for its open source feature,free of charge,and customizability.However,the high openness of the Android system makes it impossible to guarantee security.The corresponding applications are vulnerable to be attacked.For all kinds of attacks,data protection is crucial for individuals and application developers.For individuals,malicious attackers steal personal information from users and resell them,which lead to leaking user data and personal privacy.For application developers,once the application is cracked,it will lead to the exposure of its resources and source code,which will seriously infringe the interests of application developers.As a series of analysis techniques for existing application software,software reverse engineering can analyze the implementation process of the application,find out the defects and repair it.Malicious code developers insert malicious code by performing reverse analysis of regular software,so that they can get user data.In order to protect the security of Android application data,this thesis combines the idea of reverse engineering to study the Android application cracking technology.Based on this,we design a protection scheme for a small number of key data in android.(1)In this thesis,we investigate the content of Android system and application and the idea of data storage.Firstly,We Introduce the Android system and its security mechanism.Secondly,Dalvik virtual machine and Android Runtime are analyzed.Thirdly,we summarize the application generation and decompile process.Fourthly,we analyze the structure of the Android application and the structure of key logic code files.Finally,the knowledge of secret sharing and Chinese Remainder Theorem is analyzed.(2)The thesis studies Android cracking technology from the perspective of reverse engineering.Firstly,for Android application vulnerabilities,reverse risk framework is put forward.And we analyze the common protection measures.Secondly,the methods of shell protection,reverse engineering and injection technique are analyzed.Thirdly,we find out the attack points,and then put forward the corresponding thought of cracking.Finally,experiments prove the feasibility of crack ideas.(3)This thesis has studied the data protection technology of Android application and put forward the corresponding protection scheme.The data protection scheme is aimed at a small number of key data.It introduces the idea of secret sharing into the storage of Android data.It realizes the data sharing and recovery by adopting the Chinese remainder theorem and threshold idea,which can reduce the risk of data leakage.The scheme adopts a modular design,including a cryptographic module,an anti-reverse module,and a decryption module.These means of shelling,reversed confrontation,and anti-injection attacks are written into the so dynamic link library with the NDK compilation method,which strengthens the ability of anti-reverse attack and reduce the probability of application data being reversed.The experimental results show that the scheme has less effect on the execution efficiency and the volume change of the original application program,and has a higher intensity of protection effect.In terms of data protection,the plaintext exposure of data is avoided,and at the same time,the protected data cannot be obtained through simple interception.