Research And Implementation Of App Security Reinforcement Technology For Android System

With the development of science and Technology and mobile network,mobile phones have become an essential thing in people's Daily life,and Android mobile phones with its open source and cheap occupy the vast number of mobile phone market,its market share reached 86%.Android apps play a huge role in people's daily lives,but with it there are more malicious Android application reverse personnel,which through reverse analysis,dynamic debugging and other reverse means to crack the software developer's genuine Android application.Android reverse personnel through the modification and reuse of genuine application code for their own personal gain,seriously affecting the interests of genuine software developers,to the detriment of the user's personal privacy,so the protection of Android applications becomes very important.On the basis of studying the structure of Android application program and various common application protection methods,this paper proposes a set of application protection scheme that can deal with most attack means.The main work of this paper includes:(1)the Hook function under the instruction set of ARM system is designed and implemented,and the Hook function can be injected at any address to modify the program or other operations during the normal execution of the program;(2)the self-modification protection scheme of files based on Hook function was designed for the methods in Dex files and functions in So dynamic library,and the self-modification state machine encryption algorithm was used to protect the decryption function in Hook.(3)the protection scheme of resource id and string encryption in Dex file was proposed to realize the dual protection of resource file to code mapping with resource confusion.(4)anti-debugging module and signature verification module are added,and Hook self-modification scheme is used to protect these two modules.Compared with the traditional reinforcement scheme,Hook code-based file encryption granularity smaller,since the modification plan encryption accuracy is more accurate,use of Hook function can be greatly delayed encryption,decryption program in memory of the time,increases the ciphertext exist in the memory of the time,and realized the dynamic repository So function after operation decrypted before encryption,So any time So dynamic libraries are not complete clear.In this paper,the random key is used to encrypt the resource id to prevent the reverse personnel from global searching the resource id.The anti-debugging module and signature verification module are protected by the Hook based self-modification scheme,which prevents the Android reverse-engineer from destroying the two defense modules,greatly increasing the reverse cost and cracking difficulty.