| Because the mini program has the property that has nothing to do with the system,the mini program can be used in many systems at one time,which greatly saves the development time.The mini program has also been developed,and the mini program is more widely used.The extensive use of mini program makes the security of mini program concerned.The security of mini program is related to the interests of users.It can be seen that the research of mini program security is of great significance.The main work of this paper is as follows.(1)Study and understand the operation principle of mini program and the architecture of small program.Investigate and study how mini program work.APIs called by mini program are executed by Java methods in the mini program host.By learning how mini program work and how they are structured,we have found a way to analyze their security.(2)The security analysis framework of mini program is designed and implemented.This paper focuses on the shortcomings of the current mini program security research environment,and designs and implements a container-based mini program security analysis framework through learning container technology,and uses this framework to study the security of mini programs.(3)This paper analyzes the security of mini programs,and puts forward corresponding solutions to the problems found.First,we found that the local code of the mini program is easy to leak on Android,so users can open the private directory hosted by the mini program directly after they get the root privilege on their mobile phone.After opening the local code file of the mini program,we find that the code file of the mini program is plain text and not encrypted.We use the open source mini program decompiling tool to decompile the code package to get the source code of the mini program.Next,we find a logical vulnerability in the applet itself.We propose solutions to the security issues of mini program 'local code packages and their own logical vulnerabilities. |
PDF Full Text Request