| With the rapid development of communication technology and the popularity of smart phones,the Internet has moved from the PC era to the mobile Internet era.Mobile applications have had a profound impact on people's daily life,such as travel,diet,payment and communication.Some aspects have even changed people's living habits.While these applications bring convenience to people,they also bring a lot of security problems.For example,user information disclosure,the application was maliciously modified,the phone was implanted with a virus and so on.These situations not only threaten the data security of users,but also have a negative impact on software developers.Therefore,it is necessary to analyze the security of mobile applications and detect potential errors and threats.Firstly,this thesis analyzes the characteristics of Android and IOS operating systems and the security threats.Then introduces the security mechanism of Android and IOS platform technology,the structure of installation package files and relevant static analysis tools,and analyzes the common errors and vulnerable to malicious tampering of applications in the two operating systems.Finally,a set of error detection system including macro configuration analysis,illegal system sensitive permission call analysis,signature and channel number and other important data validation was designed and implemented.The mobile software installation package was analyzed from multiple aspects,which improved the security and correctness of Android and IOS installation packages.The system consists of three error detection modules,namely macro configuration parsing module,illegal system call parsing module and important configuration data error detection module.The macro configuration parsing module is responsible for error detection of configuration files in the Android and IOS installation packages,parsing out the configuration template corresponding to each configuration code block,and analyzing whether the macro values are configured correctly.The illegal system call resolution module is responsible for decompiling the engineering source code in the Android and IOS installation packages,diagnosing the illegal system sensitive permission calls contained therein,and helping users to manage and monitor the system sensitive permission calls in the software.The important configuration data error detection module is for the Android installation package's error detection function.It is responsible for extracting the signature information,channel number information and important macro configuration data information in the installation package,and then verifying the correctness of the above data through the remote data server. |
PDF Full Text Request