Android NFC Application Software Static Analysis

In recent years,with the rapid development of science and technology,smart phones have occupied most of the mobile phone market and provide people with a convenient lifestyle.Among them,the Android system is welcomed by more and more users.In order to more conveniently serve people's lives,many hardware modules are integrated into the Android system-installed mobile phone,such as WIFI,GPS,camera,and NFC(Near Field Communication).NFC is a module that has developed rapidly in recent years and has obtained support from mobile phones including Samsung,Huawei,HTC,Nexus,etc.As more Android phones integrate NFC hardware modules,this has prompted many software developers to its software was developed so that software using NFC hardware modules has been improved in quantity.However,at the same time,the NFC application may have the following problems: 1)There is a special string AID(Application Identifier)in NFC software.Using AID can identify different application programs.AID needs to follow the principle of first applying after using the program.But in some software,there will be cases where not all of the requested AIDs are used,resulting in redundant AIDs in the software and consuming system resources.2)When NFC software controls NFC hardware,it first needs to obtain the interface corresponding to the NFC hardware.However,not all mobile phones have integrated NFC hardware modules.Therefore,in the process of encoding,it is necessary to determine whether the return value of the interface is empty.Otherwise,the software may easily crash due to a null pointer exception.This dissertation proposes a static analysis method of Android NFC application for these two problems.Since the source code of NFC application software is often difficult to obtain,we started with analyzing the corresponding bytecode after decompilation,designed and implemented two static analysis tools based on Androguard,Relda2: Redundant AID static analysis tool for Android software using NFC,and specific null pointer exception risk assessment tool for Android software using NFC.In the first tool,we propose a static analysis framework based on Relda2,and convert the problem into constructing a string problem in ?-NFA(non-deterministic finite automaton with ?-moves),and then convert To construct a string problem in DFA(Deterministic Finite Automaton),the DFA model is finally used to analyze whether there is redundant AID in the software.In order to improve the efficiency of the tool,we also performed lightweight processing on the function call graph generated by Relda2.In the second tool,we propose a static analysis framework based on Androguard and Apktool,and propose a measure RL(Risk Length)that measures the size of the specific null pointer anomaly risk,through each module in the framework.The software analyzes and finally calculates the RL corresponding value to assess the risk of a particular null pointer exception in the software.In order to evaluate the effectiveness of the tools,we analyzed 28 domestic and foreign commercial NFC software using first tool and found that 9 software have redundant AIDs.Manual verification results show that redundant AIDs do exist and most of the redundancy is found.AID appears in the software that applies for more AIDs.In addition,through the processing of 275 domestic and foreign commercial NFC software,91 experimental software were obtained,and the corresponding risk parameters(RL)were calculated using the first tool.After that,the 91 experiments were tested on the real machine through the automatic testing tool Monkey.The software finally found that 14 software crashed due to specific null pointer exception,which accounted for 15.38% of the experimental software.This indicates that the specific null pointer exception in the NFC software does exist.At the same time,the experimental results show that when the RL value is larger,the software is more likely to appear due to the specific null pointer exception crashes.87.5% of the software in the high-risk segment of the RL crashes due to a specific null pointer exception,illustrating the accuracy of the RL in detecting NFC-specific null pointer exceptions.