Design And Implementation Of Android Application Reinforcement And Protection System

With the rapid development of the Internet industry,the Android system,with its open source features,has rapidly grown into the largest market share of smartphone operating systems.However,because of the weak protection technology for Android application software,malicious attacks on Android applications are increasing day by day.These malicious attacks not only harm the lawful rights and interests of the developers,but also harm the user’s private property and privacy data.At present,there are three aspects of Android application protection technology:code obfuscation,security reinforcement and privilege control.In the aspect of code obfuscation,although with the use of Proguard,reverse engineering has been more difficult,but the obfuscation intensity is relatively low.Compared with code obfuscation,security reinforcement has a higher protection strength,but the current mainstream classloader-based and approach based on the replacement shell technology has a cracked solution.The study of privilege control is relatively less,and the existing privilege control technology has certain limitation,and it is difficult to popularize.To solve these problems,we deeply studied the shortcomings of Android’s application security mechanism and existing application protection technology,and propose an Android application protection system based on code obfuscation,security reinforcement and privilege control.The main work of this paper is as follow:1.With the study of limitation of the existing code obfuscation technology,besides the shape obfuscation,this study propose an ASM bytecode framework based string obfuscation and resource file obfuscation technology.2.In order to improve the strength of reinforcement,this study combine static and dynamic defense with the existing reinforcement technology.In the aspect of static denfense,with key code extraction and implement application runtime dynamic decryption in the JNI layer reduces the possibility of reverse analysis.In the aspect of dynamic defense,the inotify file system is monitored by anti debug technology,and the security of application is further improved through the anti dump debugging mechanism.3.This paper studies and analyzes the shortcomings of the existing privilege control technology,and proposes a privilege control scheme based on smali injection,which does not need to modify the system.The sensitive API is hooked through the mapping relationship between sensitive API and permissions,so as to realize the monitoring and interception effect for sensitive API.4.An Android application reinforcement and protection system,which combines three technologies of code confusion,security reinforcement and privilege control,is designed and implemented.The experimental results show that the application through the system’s reinforcement and protection can run normally,and it can resist the common reverse analysis and memory attack on Android application at low time and space cost,which effectively enhance the security of the Android software.