CN107330332A - A kind of leak detection method for Android mobile phone APP - Google Patents
A kind of leak detection method for Android mobile phone APP Download PDFInfo
- Publication number
- CN107330332A CN107330332A CN201710369224.3A CN201710369224A CN107330332A CN 107330332 A CN107330332 A CN 107330332A CN 201710369224 A CN201710369224 A CN 201710369224A CN 107330332 A CN107330332 A CN 107330332A
- Authority
- CN
- China
- Prior art keywords
- detection
- app
- android
- static
- dynamic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of leak detection method for Android mobile phone APP, comprise the following steps:The preset finger print information record for having detected Android APP and its Static Detection report and dynamic monitoring report in database;User is by detecting that the web interface of program submits Android APP to be detected;Detection program generates and submitted Android APP to be detected finger print information by task management person;Detection program one by one compares the finger print information record of the finger print information and Android APP in database, if finding record, directly returns to the Android APP Static Detection report and dynamic chek report, and this detection terminates;If not finding record, continue lower step work;Task management person starts Static Detection engine and dynamic detection engine successively;Generate the report of static and dynamic detection respectively according to report template, and shown to user;The static state and dynamic detection that task management person generates upper step, which are reported, to be achieved, and so far, once complete Detection task is completed.
Description
Technical field
The invention belongs to Android application safety protection field, more particularly to a kind of leak detection method.
Background technology
Android (Android) system was a large amount of using in intelligence in recent years as freedom and the operating system of open source code
In equipment, such as smart mobile phone and tablet personal computer.The thing followed be the various leaks applied for Android also like the mushrooms after rain
Expand, application program, which has leak, to be utilized by various viral wooden horses, so as to be stolen by Net silver, be monitored prison
Depending on, deduct fees for no reason, privacy leakage, as many infringements such as viral transmission source.Therefore, find Android APP leak to peace early
The general safety of tall and erect equipment is extremely important.On the other hand, current Android APP number of species is very huge, if using artificial
Detection, necessarily expends a large amount of manpower and materials manually, almost not achievable task, and therefore, automatic detection is very necessary.
Fortunately, the basic technology that Android APP Hole Detections are completed at present is ripe.Python parallel distributed frames
Frame Celery is widely used in various Distributed Applications, and is subjected to practice test, and what can be stablized undertakes Detection task
The important task of management;The primary support parallelization of Golang language, and with garbage reclamation function, deployment relies on few, system compatibility
Good, execution efficiency is high, can easily solve some detections, the problem of detection time length;Virtualbox, Docker etc. increase income
Application container engine, allow developer can pack they application and rely on bag into a transplantable container, then
It is published on any popular machine, virtualization can also be realized, container is complete using sandbox mechanism, is not had each other
Any interface, these characteristics can easily realize the management service of Android dynamic detection virtual machine;Automatic test technology can be with
Each interface of the tested application of traversal of automation, and the operations such as click button can be performed automatically, this is that Android APP is dynamically examined
Automatic test provides powerful in survey;Django Web applications Quick Development Framework has friendly man-machine interaction circle
Face, outstanding easily developing instrument is provided for secondary development.
In the prior art, as long as the Hole Detection applied for Android has following several:A. Android is based only on using quiet
The detection of state feature;B. it is based only on the detection of Android application dynamic behaviour;C. static nature detection and dynamic behaviour are detected
Simple combination.
Prior art is based only in the detection scheme of Android application static nature, and Static Detection is complete using serial operation
Into detection speed is slow, and multitask cost is high, the shortcoming of no dynamic behaviour detection.Prior art is based only on Android application dynamic
In the detection scheme of behavior, lack static nature detection, the Hole Detection to APP is not comprehensive enough.Prior art static nature is examined
In the scheme for surveying the simple combination detected with dynamic behaviour, there is Static Detection speed slowly, multitask detection resource occupation is big, use
Family operating experience is not good, the shortcomings of deployment way is single.
The content of the invention
It is an object of the invention to:A kind of leak detection method for Android mobile phone APP is provided, to solve prior art
Middle Static Detection efficiency is low, detection content not comprehensively and the not good technical problem of user's operating experience, compensate for existing scheme
It is not enough.
The technical solution adopted by the present invention is as follows:
A kind of leak detection method for Android mobile phone APP, it is characterised in that comprise the following steps:
Step one:In database it is preset detected Android APP finger print information record and its Static Detection report and
Dynamic monitoring is reported;
Step 2:User is by detecting that the web interface of program submits Android APP to be detected;
Step 3:Detection program generates and submitted Android APP to be detected finger print information by task management person;
Step 4:Detection program one by one compares the finger print information record of the finger print information and Android APP in database,
If finding record (explanation is crossed after testing), the Android APP Static Detection report and dynamic chek report are directly returned
(directly match, extract from database), this detection terminates;If not finding record, continue lower step work;
Step 5:Task management person starts Static Detection engine, and Static Detection engine distributes to Static Detection subtask
The Detection task unit of parallel distributed operation;The Static Detection subtask execution unit run by parallel distributed performs each
The Static Detection subtask of Detection task unit, by test results report Static Detection engine;Static Detection engine is according to report
Template generation Android APP Static Detection report, and show that the Static Detection is reported to user, Static Detection is completed;
Step 6:Static Detection is reported and achieved by task management person, and starts dynamic detection engine;
Step 7:Dynamic detection engine distributes and starts detection container, after xylometer to be checked starts successfully, automatically will be to be checked
Android APP is surveyed to be installed on the Android system in detection container;
Step 8:Dynamic detection engine start Android APP to be detected, detection container travels through each of Android APP automatically
Individual interface, performs various inputs automatically, and driver is performed, and detects its implementation procedure and result, finds and record Android APP's
Leak, and report result to dynamic detection engine;
Step 9:Dynamic detection engine closes the Android system of detection container, reclaims detection container, is given birth to according to report template
Show that the dynamic detection is reported into dynamic detection report, and to user, dynamic detection is completed;
Step 10:Dynamic detection is reported and achieved that so far, once complete Detection task is completed by task management person.
Further, Static Detection subtask includes APP shellings, the detection of decompiling APP, authority, broadcast detection, sensitive number
According to detection, Internet communication checks, dangerous API Calls detection and weak encryption detection.
Further, Static Detection subtask also includes pressure test.
Further, decompiling APP includes by the way of:
(1) obtains the bag name and class name of apk bags, and decompiling goes out Java source code;
(2) it and will be added in after apk bag decompilings before oneself, and change parameter.
Further, the implementation process of broadcast detection includes:
A. broadcast recipients are registered by Binder mechanism to AMS;
B. broadcast transmission person is sent to AMS by Binder mechanism and broadcasted;
C.AMS searches the broadcast recipients for meeting corresponding conditionses, and broadcast transmission is followed to the corresponding message of broadcast recipients
In ring queue;
D. message loop, which is performed, takes this broadcast, onReceive () method in readjustment broadcast recipients.
Further, detection container is VirtalBox or Docker.
Further, in step 4, using stationary detection technique by Android APP to be detected finger print information and database
Android APP finger print information record compares.
In summary, by adopting the above-described technical solution, the beneficial effects of the invention are as follows:
The present invention finger print information recording method for having detected Android APP preset in database, then by detecting program
Android APP to be detected finger print information is submitted, and its finger print information one by one with preset Android APP is compared, so
One, if the finger print information of the Android APP to be detected has been present, Android APP Static Detection report can be recalled immediately
With dynamic monitoring report, the problem of can not rapidly detecting APP leak situations is solved;And the present invention is using sub by Static Detection
Task distributes to the Detection task unit of parallel distributed operation, and the Static Detection subtask run by parallel distributed performs list
Member performs the Static Detection subtask of each Detection task unit, and test results report Static Detection engine is ultimately produced quiet
State examining report, this series of Static Detection mode is different from general Static Detection, accelerates Static Detection efficiency, solves
Static Detection efficiency low technical problem in the prior art;And the present invention is in combination with Static Detection and dynamic detection,
Android APP can be detected from different perspectives, solve the incomplete technical problem of detection content in the prior art;Pass through
Quick detection, accelerates the mode such as comprehensive of Static Detection efficiency and lifting detection, solves the not good skill of user's operating experience
Art problem, compensate for the deficiency of existing scheme.
The present invention uses stationary detection technique, and the Android APP finger print informations in database are entered with Android APP to be detected
Row matching, Data Matching technology when use, mainly by get after the unique signing messages of Android APP to be detected with
The finger print information existed in database i.e. signing messages is matched one by one, and peace to be detected is illustrated if matching
Tall and erect APP can directly extract Android APP information generation report, solve detection APP and took in our database
Fast the problem of.
Brief description of the drawings
A kind of leak detection method flow charts for Android mobile phone APP of Fig. 1;
A kind of module maps for Android APP leak detection methods of Fig. 2.
Embodiment
All features disclosed in this specification, can be with any in addition to mutually exclusive feature and/or step
Mode is combined.
The present invention is elaborated with reference to Fig. 1~Fig. 2.
The method that the present invention is provided has that Compatibility of Operating System is good, detection efficiency is high, stability is strong, detection content is complete
Face, secondary development threshold are low, system maintenance work amount is few, and can be conveniently used in APP Hole Detections platform construction or solely
It is vertical to detect the advantages of terminal is integrated.
A kind of leak detection method for Android mobile phone APP, comprises the following steps:
Step one:In database it is preset detected Android APP finger print information record and its Static Detection report and
Dynamic monitoring is reported;
Step 2:User is by detecting that the web interface of program submits Android APP to be detected;
Step 3:Detection program generates and submitted Android APP to be detected finger print information by task management person;
Step 4:Detection program is one by one by the finger print information (Android APP i.e. to be detected finger print information) and database
Android APP finger print information record compares (matching), if finding record, directly returns to Android APP Static Detection
Report and dynamic chek report, this detection terminate;If not finding record, continue lower step work;
Step 5:Task management person starts Static Detection engine, and Static Detection engine generates specific Static Detection and appointed
Business;Meanwhile, the Detection task unit of Static Detection engine generation parallel distributed operation, and Static Detection subtask is distributed to
Detection task unit;The Static Detection subtask execution unit of Static Detection engine generation parallel distributed operation, Static Detection
Subtask execution unit is by the test results report Static Detection engine of Static Detection subtask;Static Detection engine, which is collected, to be integrated
The testing result of each Static Detection subtask, is reported according to the Static Detection that report template generates Android APP, and to user
Show that the Static Detection is reported, Static Detection is completed;
Step 6:Static Detection is reported and achieved by task management person, and starts dynamic detection engine;
Step 7:Dynamic detection engine distributes and starts detection container, after xylometer to be checked starts successfully, automatically will be to be checked
Android APP is surveyed to be installed on the Android system in detection container;
Step 8:Dynamic detection engine start Android APP to be detected, detection container travels through each of Android APP automatically
Individual interface, performs input, driver automatically, detects its implementation procedure and result, find and record Android APP leak, and
Result is reported to dynamic detection engine;
Step 9:Dynamic detection engine closes the Android system of detection container, reclaims the virtual resources such as detection container, according to
Report template generation dynamic detection report, and show that the dynamic detection is reported to user, dynamic detection is completed;
Step 10:The dynamic detection that task management person generates upper step, which is reported, to be achieved, so far, once complete Detection task
Complete.
Static Detection subtask includes shelling, decompiling, privilege analysis detection, Activity event detections, Receiver
Event detection, intent event monitorings, sql injections event detection, sensitive data leak detection.
Static Detection engine is managed using the Celery Detection tasks for carrying out parallel distributed, each Static Detection subtask
For a Celery independent worker, each worker is concurrently performed, cooperative cooperating, and whole Static Detection is completed jointly and is appointed
Business.
It is husky that dynamic detection engine completes dynamic detection using the virtualization container such as VirtalBox or Docker (detection container)
The deployment of box, realizes each interface of APP UI traversal automatically using automatization testing technique, input is performed automatically, so that automatically
Ground completes APP dynamic Hole Detection task.
Android APP in the present invention, refers mainly to run on the types of applications program in Android operation system.Run Android behaviour
Making the equipment of system includes smart mobile phone, flat board, intelligent watch etc..
The invention has the characteristics that:
In methods described, detection object is only applicable to Android APP, is not suitable for the leak inspection of the applications such as windows, ios
Look into;
In methods described, detect that the report of generation is both reported comprising Static Detection, and comprising dynamic detection report, and report
The pattern of announcement supports customization.
In methods described, preset Android APP finger print information recording method, Android APP finger print information in database
Refer to the signature of APP programs, be also equivalent to the identification code of APP programs.APP programs are signed to compile for program and packed
Afterwards, whether mobile phone will first go the signature (can also regard MD5 as) of proving program legal before operation APP programs, only
Having passed through the file of checking can just be run, so the effect of signature is to make file legal by the checking of mobile phone, different dry
Mobile phone, system are the different signatures of correspondence.Here because each APP has the signature of unique identification, can by sign come
Recognize that each APP identity, therefore equivalent to the finger print information of the mankind, APP signing messages is stored in database and is easy to rear
Matched when being detected in face of APP.
Described upload APP to be detected web interface a, it is characterised in that boundary for uploading APP to be detected can be provided
Face.
Described matches the APP finger print informations in database with APP to be detected, Data Matching when use
Technology, mainly by getting the finger print information after the unique signing messages of APP to be detected with having existed in database
I.e. signing messages is matched one by one, illustrates that APP to be detected in our database, can be carried directly if matching
The information of the APP is taken to generate report.
If described do not find the APP fingerprints that can be matched in database, Static Detection is carried out.Static Detection mistake
Journey is mainly:
(1) APP shells, and is realized using Dalvik interpreters, and analyzes DexHunter realizations.Interpreter is Dalvik empty
The enforcement engine of plan machine, it is main to be responsible for performing Dalvik byte codes.After bytecode loaded, Dalvik virtual machine chooses use
Interpreter starts fetching and explains bytecode, and interpreter is jumped at interpretive program and performed.
After External Function Call interpreter, the main flow that interpreter is performed has following steps.
A. interpreter performing environment is initialized;
B. according to systematic parameter, selection uses portable interpreters;
C. the execution of respective explanations device is jumped to;
D. fetching and instruction checking;
E. bytecode correspondence program segment is performed.
(2) decompiling APP, mainly completes to carry out decompiling to APP to be detected, behind completing using two instruments
Static Detection process.One be the bag name and class name for obtaining apk bags instrument, decompiling goes out Java source code, one be by
Then one apk bags decompiling is added before oneself, is changed some parameters and is easy to preferably for automatic test
APPtools。
A. get after apk and suffix name is changed to zip in a program;
B. opened file folder finds classes.dex files, and he is copied to below dex2jar files, in cmd lives
Dex2jar.bat classes.dex orders are performed in order, classes_dex2jar files are obtained;
C. jd-gui is opened, selection open file find decompiling file classes_dex2jar.jar, it is possible to
To bag name and class name;
D. decompiling order:APPtool.bat-d-o E:/test/test.apk.Decompiling test.apk files are to E:
Under test catalogues.Return compiler directive:APPtool.bat-b-o E:/ test/test1.apk returns compiling E:/ test catalogues are hereafter
Part is test1.apk;
It is that bottom source code is changed according to smaile after decompiling is complete.Res is apk related resources, is signed after repacking
Name or it is original, for automation cannot, so also needing to sign again.
E. sign again:A signature file debug.keystore is generated with eclipse.Can also oneself generation one
Signature, is ordered as follows:keytool-genkey-v-keystore debug.keystore-alias androiddebugkey-
keyalg RSA-validity 10000.According in previous step, MANIFEST files are then deleted;
Check and simplify information apkhelper;
Check signing messages keytool-list-v-keystore apkname.
(3) authority is detected, judges whether the application has the every authority deeply detected after decompiling.Obtain first
The right list of the APP is taken, corresponding PackageInfo is obtained, all authorities are just in requestPermission.
(4) broadcast detection, detects which broadcast the APP have sent.Using the self-defined radio receiver of Android technologies,
Wherein need to inherit base class BroadcastReceiver.Concrete implementation flow is:
A. broadcast recipients BroadcastReceiver by Binder mechanism to AMS (Activity Manager
Service) registered;
B. broadcast transmission person is sent to AMS by binder mechanism and broadcasted;
C.AMS searches the BroadcastReceiver for meeting corresponding conditionses (IntentFilter/Permission etc.),
By in the corresponding Message Rotation Queue of broadcast transmission to BroadcastReceiver (being generally Activity);
D. message loop, which is performed, takes this broadcast, onReceive () method in readjustment BroadcastReceiver.
(5) whether sensitive data is detected, according to the leak detection method of Android, by checking APP by the leak of Android
Obtain local sensitive data.For digital certificate and the relative theory of https communication cryptologies, leak form is primarily present following three
Kind:
A. self-defined X509TrustManager.When initiating HTTPS request using HttpsURLConnection, carry
For a customized X509TrustManager, safety check logic is realized.There is provided by using above method self-defined
X509TrustManager.
B. self-defined HostnameVerifier.During shaking hands, if URL host name and the mark main frame of server
Name is mismatched, then authentication mechanism can adjust back this interface and realize program to determine whether allow this to connect.If readjustment
Incorrect, all domain names of acquiescence receiving are inside realized, then have security risk.
C. All hosts name is trusted.
For these problems, we are detected using following methods:
A. whether authoritative institution issues first certificate or from signature, packing is a, and to arrive application internal, such as deposit
It is placed on inside assets, by one KeyStore of credential initialization built in this part, then goes guiding to give birth to this KeyStore
Into TrustManager checking is provided.
If B. with above-mentioned same code access https://www.taobao.com/ or https://
Www.baidu.com/, then that SSLHandshakeException that can dish out is abnormal, that is to say, that generated for particular certificate
TrustManager, be able to validate only and set up secure link with particular server, which improves security.So premise
Arrive, for non-browser APP, this is acceptable.
C. pack it is a to certificate to application program inside, go what guiding was generated not only through KeyStore
TrustManager, but a clear-cut directly self-defined TrustManager, oneself realizes check logic;Check logic is main
Including:Whether server certificate is expired, whether certificate signature is legal.
D. the self-defined HostnameVerifier of connection failure, simple simon says is exactly to carry out string matching school according to domain name
Test;If business is complicated, configuration center is can be combined with, white list, blacklist is positive to wait the multi-level dynamic checks such as matching;Always
Logic or fairly simple for body, anyway as long as correctly realize that method.Host name authentication policy makes strict mould into
Formula.
(6) Internet communication checks, usual Android network services have six kinds of methods, are usual in detection APP leaks
It can detect whether the APP can change the communication mode of network.
A. TCP/IP socket, SeverSocket form are directed to.
B. UDP DatagramSocket, DatagramPackage are directed to.For UDP service ends, start intercept first
Service, then obtains packet and is handled, and is fed back after group according to acquisition packet.
(7) dangerous API Calls detection.If the solution when Request.Path being potentially dangerous is detected in APP
Scheme:
A. if only simply conversion page, produced problem when passing ginseng can be to data encryption.
B. if occurring this problem when being operated to database data, first, can deposit database in before
Add character filtering function (using Baidu.com, you are known that concrete methods of realizing).Secondth, judgement can also be added with JS:
C. it is exactly to cancel Microsoft to test its spcial character if not the so most directly simple method of first two problem
Demonstrate,prove.
D. there is this problem, be typically due to what .Net Framework were caused using 4.0 versions.From .Net
Framework 4.0 starts, and ASP.NET starts compulsory test Request parameter safeties.
(8) weak encryption detection:The reason for causing weak encryption in Android APP has a lot, has mainly used weak encryption algorithm,
Therefore there is leak in AES.Encryption and decryption is realized using weak password algorithm.
Said process is further described below:
(1) using construction controlling stream graph technology, in addition combined with some static stains analyses or data-flow analysis technology with
Improve the accuracy rate of detection.Detection program is controlled by being set up to the Dalvik bytecodes after Android application program decompilings
Flow graph determines possible execution route, and then result above is further simplified using data stream analysis techniques and obtains possibility
Trigger the path set of authority leakage.
(2) the Java source code static analysis after detection program decompiling, extracts doubtful authority from Manifest files
Android the component lists of leakage, then construct CFG, in combination with quiet since the corresponding java applet entrance of each component
State stain analytical technology, positioning causes the system point of invocation that authority is revealed.
(3) by the privacy leakage in Android APP and data contamination leak, the Java source code after decompiling is carried out quiet
State is analyzed, and generating function calling figure and program control flowchart, the program of SQLite database manipulation functions perform stream, determines and deposit
In the application of leak.
(4) by analyzing Android APP to be detected Content Provider interface characteristics, judge whether it there may be
Privacy leakage leak;If possible exist, the Android APP to be detected for there may be privacy leakage leak, by right
The monitoring of related api function in android system, the disclosure to Android APP to be detected may have access to URI progress SQL injection leaks
Test and the test of traversal path leak, detect passive leaking data security risk.
Dynamic detection is further described:
(1) network bag sniff:Realize that the packet on crawl APP is analyzed again using tcpdump.
(2) HTTPS flows are decrypted:
A.Man-in-the-middle (go-between, referred to as MITM), can be respectively created company with network communication two ends
Connect, exchange its data received so that communication two ends all think that oneself directly talks with other side, and in fact whole session is all by
Between people controlled.In brief, in real service end, go-between is client;And during really client will be considered that
Between people be service end.
B.Wireshark packet capturing principle is to directly read and analyze network card data.TLS handshake phases need to carry out key
Exchange and the two important operations of server side authentication, key, which is exchanged, to be only had to produce one in dangerous data channel
The shared key Premaster Secret that communicating pair is known, and then generate Master Secret and follow-up symmetric cryptography
Session Key and MAC Key.And the purpose that client carries out server side authentication is to ensure that the conjunction for being connected to and possessing website private key
Method server.
This mode incorporates key and exchanged and two steps of server side authentication, if service end can decrypt Premaster
Secret, also implies that service end possesses correct private key.Go-between does not have private key, it is impossible to obtain Premaster
Secret, afterflow rate after also can not just decrypting.
In methods described, task management person is responsible for the reception and execution of Detection task, and the displaying of testing result is put in storage
Etc. management work, while supporting the historical archive of Detection task, in that context it may be convenient to reach " second inspection " effect.
In methods described, by an APP according to detection in Static Detection, multiple subtasks are decomposed into, each height is appointed
Business distributed can be performed concurrently;
Virtualization Container Management is supported in methods described, in dynamic detection, it is automatic to distribute, start, stopping detection container, branch
The automatic traversal at APP interfaces is held, automatically clicking etc. is operated;
In methods described, examining report storage is supported to achieve.
There is provided friendly man-machine interface in methods described, the operation difficulty of user is greatly reduced.
Present approach provides a kind of leak detection method for Android mobile phone APP, this method operating system is compatible
Property it is good, detection efficiency is high, and stability is strong, and comprehensively, secondary development threshold is low, and system maintenance work amount is few, can facilitate for detection content
Ground is applied to the integrated of the platform construction of APP Hole Detections or independent detection terminal.
By the description of embodiment of above, those skilled in the art can be understood that the present invention can be with
By Celery, Golang, the mature technology such as Virtalbox is realized by way of secondary development.Although passing through embodiment
The present invention is described, but it will be apparent to one skilled in the art that the present invention has many variations or change and can not depart from the present invention's
Spirit, is equally protected by the claim of the present invention.What the present invention was not elaborated partly belongs to techniques well known, ability
Field technique personnel can have been implemented on the premise of not paying creative work according to existing description, therefore, no longer be gone to live in the household of one's in-laws on getting married
State.
Claims (7)
1. a kind of leak detection method for Android mobile phone APP, it is characterised in that comprise the following steps:
Step one:The preset finger print information record for having detected Android APP and its Static Detection report and dynamic in database
Surveillance;
Step 2:User is by detecting that the web interface of program submits Android APP to be detected;
Step 3:Detection program generates and submitted Android APP to be detected finger print information by task management person;
Step 4:Detection program one by one compares the finger print information record of the finger print information and Android APP in database, if
Record is found, then directly returns to the Android APP Static Detection report and dynamic chek report, this detection terminates;If not
Record is found, continues lower step work;
Step 5:Task management person starts Static Detection engine, and Static Detection engine distributes to Static Detection subtask parallel
The Detection task unit of distribution operation;The Static Detection subtask execution unit run by parallel distributed performs each detection
The Static Detection subtask of TU task unit, by test results report Static Detection engine;Static Detection engine is according to report template
Android APP Static Detection report is generated, and shows that the Static Detection is reported to user, Static Detection is completed;
Step 6:Static Detection is reported and achieved by task management person, and starts dynamic detection engine;
Step 7:Dynamic detection engine distributes and starts detection container, after xylometer to be checked starts successfully, automatically by peace to be detected
Tall and erect APP is installed on the Android system in detection container;
Step 8:Dynamic detection engine start Android APP to be detected, detection container travels through Android APP each boundary automatically
Face, performs various inputs automatically, and driver is performed, and detects its implementation procedure and result, finds and record Android APP leakage
Hole, and report result to dynamic detection engine;
Step 9:Dynamic detection engine closes the Android system of detection container, reclaims detection container, is generated according to report template dynamic
State examining report, and show that the dynamic detection is reported to user, dynamic detection is completed;
Step 10:Dynamic detection is reported and achieved that so far, once complete Detection task is completed by task management person.
2. a kind of leak detection method for Android mobile phone APP as claimed in claim 1, it is characterised in that Static Detection
Subtask include APP shellings, decompiling APP, authority detection, broadcast detection, sensitive data detection, Internet communication checks,
Dangerous API Calls detection and weak encryption detection.
3. a kind of leak detection method for Android mobile phone APP as claimed in claim 2, it is characterised in that Static Detection
Subtask also includes pressure test.
4. a kind of leak detection method for Android mobile phone APP as claimed in claim 2, it is characterised in that decompiling APP
Include by the way of:
(1) obtains the bag name and class name of apk bags, and decompiling goes out Java source code;
(2) it and will be added in after apk bag decompilings before oneself, and change parameter.
5. a kind of leak detection method for Android mobile phone APP as claimed in claim 2, it is characterised in that broadcast detection
Implementation process include:
A. broadcast recipients are registered by Binder mechanism to AMS;
B. broadcast transmission person is sent to AMS by Binder mechanism and broadcasted;
C.AMS searches the broadcast recipients for meeting corresponding conditionses, by broadcast transmission to the corresponding message loop team of broadcast recipients
In row;
D. message loop, which is performed, takes this broadcast, onReceive () method in readjustment broadcast recipients.
6. a kind of leak detection method for Android mobile phone APP as claimed in claim 1, it is characterised in that detection container
For VirtalBox or Docker.
7. a kind of leak detection method for Android mobile phone APP as claimed in claim 1, it is characterised in that in step 4,
The finger print information record work of Android APP in Android APP to be detected finger print information and database is compared using stationary detection technique
It is right.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710369224.3A CN107330332A (en) | 2017-05-23 | 2017-05-23 | A kind of leak detection method for Android mobile phone APP |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710369224.3A CN107330332A (en) | 2017-05-23 | 2017-05-23 | A kind of leak detection method for Android mobile phone APP |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107330332A true CN107330332A (en) | 2017-11-07 |
Family
ID=60192656
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710369224.3A Pending CN107330332A (en) | 2017-05-23 | 2017-05-23 | A kind of leak detection method for Android mobile phone APP |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107330332A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108154035A (en) * | 2017-12-21 | 2018-06-12 | 杭州安恒信息技术有限公司 | Extensive website vulnerability scan method, device and electronic equipment |
CN109063490A (en) * | 2018-08-31 | 2018-12-21 | 北京梆梆安全科技有限公司 | A kind of method, device and equipment detecting host name loophole |
CN109740351A (en) * | 2018-12-28 | 2019-05-10 | 广东电网有限责任公司 | A kind of leak detection method, device and the equipment of embedded firmware |
CN109784060A (en) * | 2018-12-12 | 2019-05-21 | 平安科技(深圳)有限公司 | Vulnerability Management report-generating method, device and storage medium, server |
CN110096380A (en) * | 2019-05-08 | 2019-08-06 | 苏州浪潮智能科技有限公司 | Android corresponding internal communication method, system, device and storage medium |
CN111177715A (en) * | 2018-11-12 | 2020-05-19 | 中移(杭州)信息技术有限公司 | Mobile App vulnerability detection method and device |
CN111984963A (en) * | 2020-07-31 | 2020-11-24 | 厦门安胜网络科技有限公司 | Method and device for bypassing self-signed certificate verification |
CN112733138A (en) * | 2020-12-25 | 2021-04-30 | 北京中微云安信息科技有限公司 | Audio-visual APP safety and business compliance automatic detection system, method and medium |
CN116418518A (en) * | 2023-04-11 | 2023-07-11 | 沈阳云盛互联网服务有限公司 | Data intrusion protection method and system based on cloud computing |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102930210A (en) * | 2012-10-14 | 2013-02-13 | 江苏金陵科技集团公司 | System and method for automatically analyzing, detecting and classifying malicious program behavior |
CN103685251A (en) * | 2013-12-04 | 2014-03-26 | 电子科技大学 | Android malicious software detecting platform oriented to mobile internet |
US20150163237A1 (en) * | 2013-12-11 | 2015-06-11 | International Business Machines Corporation | Testing web applications for security vulnerabilities with metarequests |
CN105187394A (en) * | 2015-08-10 | 2015-12-23 | 济南大学 | Proxy server having mobile terminal malicious software behavior detection capability and method |
CN105791250A (en) * | 2014-12-26 | 2016-07-20 | 北京奇虎科技有限公司 | Application detection method and device |
CN106155880A (en) * | 2015-03-27 | 2016-11-23 | 中国科学院信息工程研究所 | A kind of automated procedures based on strategy analyze system and method |
-
2017
- 2017-05-23 CN CN201710369224.3A patent/CN107330332A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102930210A (en) * | 2012-10-14 | 2013-02-13 | 江苏金陵科技集团公司 | System and method for automatically analyzing, detecting and classifying malicious program behavior |
CN103685251A (en) * | 2013-12-04 | 2014-03-26 | 电子科技大学 | Android malicious software detecting platform oriented to mobile internet |
US20150163237A1 (en) * | 2013-12-11 | 2015-06-11 | International Business Machines Corporation | Testing web applications for security vulnerabilities with metarequests |
CN105791250A (en) * | 2014-12-26 | 2016-07-20 | 北京奇虎科技有限公司 | Application detection method and device |
CN106155880A (en) * | 2015-03-27 | 2016-11-23 | 中国科学院信息工程研究所 | A kind of automated procedures based on strategy analyze system and method |
CN105187394A (en) * | 2015-08-10 | 2015-12-23 | 济南大学 | Proxy server having mobile terminal malicious software behavior detection capability and method |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108154035A (en) * | 2017-12-21 | 2018-06-12 | 杭州安恒信息技术有限公司 | Extensive website vulnerability scan method, device and electronic equipment |
CN108154035B (en) * | 2017-12-21 | 2021-01-26 | 杭州安恒信息技术股份有限公司 | Large-scale website vulnerability scanning method and device and electronic equipment |
CN109063490A (en) * | 2018-08-31 | 2018-12-21 | 北京梆梆安全科技有限公司 | A kind of method, device and equipment detecting host name loophole |
CN111177715A (en) * | 2018-11-12 | 2020-05-19 | 中移(杭州)信息技术有限公司 | Mobile App vulnerability detection method and device |
CN109784060A (en) * | 2018-12-12 | 2019-05-21 | 平安科技(深圳)有限公司 | Vulnerability Management report-generating method, device and storage medium, server |
CN109740351A (en) * | 2018-12-28 | 2019-05-10 | 广东电网有限责任公司 | A kind of leak detection method, device and the equipment of embedded firmware |
CN110096380A (en) * | 2019-05-08 | 2019-08-06 | 苏州浪潮智能科技有限公司 | Android corresponding internal communication method, system, device and storage medium |
CN111984963A (en) * | 2020-07-31 | 2020-11-24 | 厦门安胜网络科技有限公司 | Method and device for bypassing self-signed certificate verification |
CN111984963B (en) * | 2020-07-31 | 2022-05-20 | 厦门安胜网络科技有限公司 | Method and apparatus for bypassing self-signed certificate verification |
CN112733138A (en) * | 2020-12-25 | 2021-04-30 | 北京中微云安信息科技有限公司 | Audio-visual APP safety and business compliance automatic detection system, method and medium |
CN116418518A (en) * | 2023-04-11 | 2023-07-11 | 沈阳云盛互联网服务有限公司 | Data intrusion protection method and system based on cloud computing |
CN116418518B (en) * | 2023-04-11 | 2024-01-19 | 上海瑞玑计算机科技有限公司 | Data intrusion protection method and system based on cloud computing |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107330332A (en) | A kind of leak detection method for Android mobile phone APP | |
Potharaju et al. | Plagiarizing smartphone applications: attack strategies and defense techniques | |
He et al. | Vetting SSL usage in applications with SSLINT | |
Schmidt et al. | Enhancing security of linux-based android devices | |
Lee et al. | A sealant for inter-app security holes in android | |
CN104221024B (en) | Unified scanning engine | |
Liu et al. | On manually reverse engineering communication protocols of linux-based iot systems | |
CN108769071A (en) | attack information processing method, device and internet of things honey pot system | |
Casola et al. | Security monitoring in the cloud: an SLA-based approach | |
US20190245870A1 (en) | Mitigating communication and control attempts | |
Johari et al. | Penetration testing in IoT network | |
LaBarge et al. | Cloud penetration testing | |
Li et al. | Securing serverless computing: Challenges, solutions, and opportunities | |
Dalezios et al. | Digital forensics cloud log unification: Implementing CADF in Apache CloudStack | |
Tang et al. | Ssldetecter: detecting SSL security vulnerabilities of android applications based on a novel automatic traversal method | |
Larrucea et al. | Assessing source code vulnerabilities in a cloud‐based system for health systems: OpenNCP | |
Putra et al. | Infrastructure as code for security automation and network infrastructure monitoring | |
Wen et al. | An empirical study of sdk credential misuse in ios apps | |
GLAVAN et al. | Multi-access edge computing analysis of risks and security measures | |
CN108235766A (en) | The control method and terminal device of a kind of terminal device | |
Horcas et al. | An approach for deploying and monitoring dynamic security policies | |
Park et al. | A-pot: a comprehensive android analysis platform based on container technology | |
Chaurasia | Dynamic analysis of Android malware using DroidBox | |
CN104363256B (en) | A kind of identification and control method, equipment and system of mobile phone viruses | |
Yuan et al. | MQTTactic: Security Analysis and Verification for Logic Flaws in MQTT Implementations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171107 |