Design And Implementation Of Android Application Vulnerability Analysis And Test System

In today's mobile smart operating system,the Android system benefits from its open source to occupy the highest market share.However,there are a large number of vulnerabilities in Android applications due to insufficient security knowledge of developers,and the influx of attackers has made their security problems increasingly serious.Meanwhile,the Android application vulnerability detection platform on the market currently has too few detection items and a single function,making it difficult to make a comprehensive security assessment of the application.This paper combines static analysis,dynamic analysis and penetration testing technology to design and implement the Android application vulnerability analysis and test system.The main work of this paper is as follows:(1)According to the vulnerability information published by the authoritative vulnerability database and each detection platform,38 kinds of common vulnerabilities in Android applications are sorted out and divided into five categories:AndroidManifest configuration file vulnerability,server communication vulnerability,WebView Component vulnerabilities,data security vulnerabilities,and component verification vulnerabilities have been built on this basis.(2)Combining lexical analysis with taint analysis in static analysis,a regular matching analysis method based on vulnerability rule base is proposed.In the dynamic analysis,a man-in-the-middle attack program is added to the traditional sandbox monitoring,which realizes the monitoring of system sensitive functions and the modification of insecure network data packets.(3)Static and dynamic analysis methods only detect the existence and location of the vulnerability,and can not reproduce the process of attackers using the vulnerability to launch an attack.Therefore,this paper adopts the penetration test method based on Drozer tool,and simulates the vulnerability risk item to make the detection result of the vulnerability more reliable.This paper uses Python to design and implement Android application vulnerability analysis test system,quickly detect the vulnerabilities and risks in Android applications,and complete a comprehensive and reliable evaluation of Android application security.In short,the work of this paper is beneficial to improve the security of Android applications.