Design And Implementation Of Android Vulnerability Analysis System Based On Static And Dynamic Combination

With the rapid development of mobile Internet,mobile application software is widely used in people's daily life and work,and people use mobile devices more and more.Common mobile application development platforms include Android platform and IOS platform.The Android platform is favored by developers because of its good user experience and open and open source features.This makes the number of Android applications on the market extremely rich,involving daily life.Every aspect of work and life.The Android application on the Android system is changing with each passing day,but because the Android market is not strict with the application review,and the mobile device stores many sensitive data of the user,which is affected by the malicious application,the Android security situation is increasingly severe.Android security is especially important for people's privacy and personal information.The Android vulnerability issue has always been the focus of people's research.Currently,Android vulnerability detection mainly includes static analysis and dynamic analysis.Static analysis can't simulate the real running state of the application,and there is a high false positive rate problem,and the memory leak and concurrency error diagnosis is poor.The dynamic analysis can dynamically simulate the application running condition and has better accuracy than the static analysis,but Dynamic analysis analyzes complex weights and often fails to achieve the desired results.Therefore,in order to improve the accuracy of Android vulnerability analysis,this paper studies the existing Android vulnerability analysis technology,and proposes an Android vulnerability analysis method combining static and dynamic analysis.Based on this method,a static and dynamic phase is designed and implemented.Combined Android vulnerability analysis prototype system.The first chapter introduces the key components of the Android vulnerability analysis system,and gives the research background and research significance of the research questions.This paper introduces the research status of Android vulnerability analysis technology at home and abroad,and explains the main work of this paper and introduces the organization structure of this paper.The second chapter introduces the relevant technical basis of Android vulnerability analysis.The Android system architecture is described in detail,namely the kernel,runtime,library and application framework.Then it analyzes the Android vulnerability related files of Android application files,and focuses on the Android project permission files such as Androidmanifest file,introduces the dex file and smali format,and lays down the Android vulnerability analysis technology for the later chapters.The theoretical basis.The third chapter analyzes the key technologies of Android vulnerability analysis.Firstly,the Android security mechanism is briefly introduced from six aspects.Then the Android vulnerability static analysis technology and dynamic analysis technology are described in detail.The reverse engineering and source code au diting methods in static analysis and the sandbox in dynamic analysis are introduced.Analysis and stain analysis techniques.Through the elaboration of the key techniques of Android vulnerability analysis,it provides a technical basis for the design of t he static dynamic Android vulnerability analysis system.The fourth chapter is about the overall design of Android vulnerability analysis system.Firstly,the overall framework design of the system is given and the system function is described in general with static and dynamic analysis techniques.Then the development tools used in the system are briefly introduced.Finally,the detailed design ideas of the system are introduced in two modules.The fifth chapter puts forward the prototype implementation of Android vulnerability analysis system,introduces the system development environment,and expounds the prototype implementation of the system in two parts.Finally,the effectiveness of the system is verified and the system is tested.The sixth chapter summarizes the full text and puts forward a constructive outlook for the subsequent research.