Design And Implementation Of Security SDK To Solve Unknown Subscription Problem In Mobile Application

The openness and popularity of the use of Android system attract more and more developers to devote to the research of the mobile applications.However,it is threatened by some harmful behaviors such as piracy of Android application,secondary packaging and unknown subscription.The former researches mainly involve code obfuscation and software reinforcement,and these approaches can't meet the need to guarantee the safety of Android applications and neglect self-protection of Android system security and the threat from Android running environment.With a deep study and practice on this issue,this thesis focus on the solution of unknown subscription in Android applications,proposing three ways from the perspective of analysis of the features of Android simulator,increasing the difficulty of code cracking and post data analysis,as will be made clear in this paper.The first is the identification of Android simulator by feature analysis.This can distinguish whether the running environment is Android cell phone or simulator by analyzing the typical features of Android simulator.It can be identified by the ways of testing the Bluetooth,sensors,temperature,gravity,light,the change of the battery amount,and whether the message can be sent out.The second is increasing the difficulty of code cracking.Effective ways include moving core code from Java to C,encryption of communication messages,fingerprint verification and so on.The last is post data analysis on the server side.To avoid the disadvantage of the difficulty to discover the problem by using a single application behavior,effective measures can be taken through collecting data in application and doing analysis in the server of the legitimacy of application behavior.Illegal behaviors can be found among a large number of users,and this can judge the user is attacked or not.Prompt remedial steps should be taken if necessary.The three methods proposed in this thesis compose the solution of Security SDK,which not only apply to solve the problem of unknown subscription,but also other types of attacks to the Android applications.