CN107330332A - A kind of leak detection method for Android mobile phone APP - Google Patents

A kind of leak detection method for Android mobile phone APP Download PDF

Info

Publication number
CN107330332A
CN107330332A CN201710369224.3A CN201710369224A CN107330332A CN 107330332 A CN107330332 A CN 107330332A CN 201710369224 A CN201710369224 A CN 201710369224A CN 107330332 A CN107330332 A CN 107330332A
Authority
CN
China
Prior art keywords
detection
app
android
static
dynamic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710369224.3A
Other languages
Chinese (zh)
Inventor
甘刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Union Cloud Security Technology Co Ltd
Original Assignee
Chengdu Union Cloud Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Union Cloud Security Technology Co Ltd filed Critical Chengdu Union Cloud Security Technology Co Ltd
Priority to CN201710369224.3A priority Critical patent/CN107330332A/en
Publication of CN107330332A publication Critical patent/CN107330332A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of leak detection method for Android mobile phone APP, comprise the following steps:The preset finger print information record for having detected Android APP and its Static Detection report and dynamic monitoring report in database;User is by detecting that the web interface of program submits Android APP to be detected;Detection program generates and submitted Android APP to be detected finger print information by task management person;Detection program one by one compares the finger print information record of the finger print information and Android APP in database, if finding record, directly returns to the Android APP Static Detection report and dynamic chek report, and this detection terminates;If not finding record, continue lower step work;Task management person starts Static Detection engine and dynamic detection engine successively;Generate the report of static and dynamic detection respectively according to report template, and shown to user;The static state and dynamic detection that task management person generates upper step, which are reported, to be achieved, and so far, once complete Detection task is completed.

Description

A kind of leak detection method for Android mobile phone APP
Technical field
The invention belongs to Android application safety protection field, more particularly to a kind of leak detection method.
Background technology
Android (Android) system was a large amount of using in intelligence in recent years as freedom and the operating system of open source code In equipment, such as smart mobile phone and tablet personal computer.The thing followed be the various leaks applied for Android also like the mushrooms after rain Expand, application program, which has leak, to be utilized by various viral wooden horses, so as to be stolen by Net silver, be monitored prison Depending on, deduct fees for no reason, privacy leakage, as many infringements such as viral transmission source.Therefore, find Android APP leak to peace early The general safety of tall and erect equipment is extremely important.On the other hand, current Android APP number of species is very huge, if using artificial Detection, necessarily expends a large amount of manpower and materials manually, almost not achievable task, and therefore, automatic detection is very necessary.
Fortunately, the basic technology that Android APP Hole Detections are completed at present is ripe.Python parallel distributed frames Frame Celery is widely used in various Distributed Applications, and is subjected to practice test, and what can be stablized undertakes Detection task The important task of management;The primary support parallelization of Golang language, and with garbage reclamation function, deployment relies on few, system compatibility Good, execution efficiency is high, can easily solve some detections, the problem of detection time length;Virtualbox, Docker etc. increase income Application container engine, allow developer can pack they application and rely on bag into a transplantable container, then It is published on any popular machine, virtualization can also be realized, container is complete using sandbox mechanism, is not had each other Any interface, these characteristics can easily realize the management service of Android dynamic detection virtual machine;Automatic test technology can be with Each interface of the tested application of traversal of automation, and the operations such as click button can be performed automatically, this is that Android APP is dynamically examined Automatic test provides powerful in survey;Django Web applications Quick Development Framework has friendly man-machine interaction circle Face, outstanding easily developing instrument is provided for secondary development.
In the prior art, as long as the Hole Detection applied for Android has following several:A. Android is based only on using quiet The detection of state feature;B. it is based only on the detection of Android application dynamic behaviour;C. static nature detection and dynamic behaviour are detected Simple combination.
Prior art is based only in the detection scheme of Android application static nature, and Static Detection is complete using serial operation Into detection speed is slow, and multitask cost is high, the shortcoming of no dynamic behaviour detection.Prior art is based only on Android application dynamic In the detection scheme of behavior, lack static nature detection, the Hole Detection to APP is not comprehensive enough.Prior art static nature is examined In the scheme for surveying the simple combination detected with dynamic behaviour, there is Static Detection speed slowly, multitask detection resource occupation is big, use Family operating experience is not good, the shortcomings of deployment way is single.
The content of the invention
It is an object of the invention to:A kind of leak detection method for Android mobile phone APP is provided, to solve prior art Middle Static Detection efficiency is low, detection content not comprehensively and the not good technical problem of user's operating experience, compensate for existing scheme It is not enough.
The technical solution adopted by the present invention is as follows:
A kind of leak detection method for Android mobile phone APP, it is characterised in that comprise the following steps:
Step one:In database it is preset detected Android APP finger print information record and its Static Detection report and Dynamic monitoring is reported;
Step 2:User is by detecting that the web interface of program submits Android APP to be detected;
Step 3:Detection program generates and submitted Android APP to be detected finger print information by task management person;
Step 4:Detection program one by one compares the finger print information record of the finger print information and Android APP in database, If finding record (explanation is crossed after testing), the Android APP Static Detection report and dynamic chek report are directly returned (directly match, extract from database), this detection terminates;If not finding record, continue lower step work;
Step 5:Task management person starts Static Detection engine, and Static Detection engine distributes to Static Detection subtask The Detection task unit of parallel distributed operation;The Static Detection subtask execution unit run by parallel distributed performs each The Static Detection subtask of Detection task unit, by test results report Static Detection engine;Static Detection engine is according to report Template generation Android APP Static Detection report, and show that the Static Detection is reported to user, Static Detection is completed;
Step 6:Static Detection is reported and achieved by task management person, and starts dynamic detection engine;
Step 7:Dynamic detection engine distributes and starts detection container, after xylometer to be checked starts successfully, automatically will be to be checked Android APP is surveyed to be installed on the Android system in detection container;
Step 8:Dynamic detection engine start Android APP to be detected, detection container travels through each of Android APP automatically Individual interface, performs various inputs automatically, and driver is performed, and detects its implementation procedure and result, finds and record Android APP's Leak, and report result to dynamic detection engine;
Step 9:Dynamic detection engine closes the Android system of detection container, reclaims detection container, is given birth to according to report template Show that the dynamic detection is reported into dynamic detection report, and to user, dynamic detection is completed;
Step 10:Dynamic detection is reported and achieved that so far, once complete Detection task is completed by task management person.
Further, Static Detection subtask includes APP shellings, the detection of decompiling APP, authority, broadcast detection, sensitive number According to detection, Internet communication checks, dangerous API Calls detection and weak encryption detection.
Further, Static Detection subtask also includes pressure test.
Further, decompiling APP includes by the way of:
(1) obtains the bag name and class name of apk bags, and decompiling goes out Java source code;
(2) it and will be added in after apk bag decompilings before oneself, and change parameter.
Further, the implementation process of broadcast detection includes:
A. broadcast recipients are registered by Binder mechanism to AMS;
B. broadcast transmission person is sent to AMS by Binder mechanism and broadcasted;
C.AMS searches the broadcast recipients for meeting corresponding conditionses, and broadcast transmission is followed to the corresponding message of broadcast recipients In ring queue;
D. message loop, which is performed, takes this broadcast, onReceive () method in readjustment broadcast recipients.
Further, detection container is VirtalBox or Docker.
Further, in step 4, using stationary detection technique by Android APP to be detected finger print information and database Android APP finger print information record compares.
In summary, by adopting the above-described technical solution, the beneficial effects of the invention are as follows:
The present invention finger print information recording method for having detected Android APP preset in database, then by detecting program Android APP to be detected finger print information is submitted, and its finger print information one by one with preset Android APP is compared, so One, if the finger print information of the Android APP to be detected has been present, Android APP Static Detection report can be recalled immediately With dynamic monitoring report, the problem of can not rapidly detecting APP leak situations is solved;And the present invention is using sub by Static Detection Task distributes to the Detection task unit of parallel distributed operation, and the Static Detection subtask run by parallel distributed performs list Member performs the Static Detection subtask of each Detection task unit, and test results report Static Detection engine is ultimately produced quiet State examining report, this series of Static Detection mode is different from general Static Detection, accelerates Static Detection efficiency, solves Static Detection efficiency low technical problem in the prior art;And the present invention is in combination with Static Detection and dynamic detection, Android APP can be detected from different perspectives, solve the incomplete technical problem of detection content in the prior art;Pass through Quick detection, accelerates the mode such as comprehensive of Static Detection efficiency and lifting detection, solves the not good skill of user's operating experience Art problem, compensate for the deficiency of existing scheme.
The present invention uses stationary detection technique, and the Android APP finger print informations in database are entered with Android APP to be detected Row matching, Data Matching technology when use, mainly by get after the unique signing messages of Android APP to be detected with The finger print information existed in database i.e. signing messages is matched one by one, and peace to be detected is illustrated if matching Tall and erect APP can directly extract Android APP information generation report, solve detection APP and took in our database Fast the problem of.
Brief description of the drawings
A kind of leak detection method flow charts for Android mobile phone APP of Fig. 1;
A kind of module maps for Android APP leak detection methods of Fig. 2.
Embodiment
All features disclosed in this specification, can be with any in addition to mutually exclusive feature and/or step Mode is combined.
The present invention is elaborated with reference to Fig. 1~Fig. 2.
The method that the present invention is provided has that Compatibility of Operating System is good, detection efficiency is high, stability is strong, detection content is complete Face, secondary development threshold are low, system maintenance work amount is few, and can be conveniently used in APP Hole Detections platform construction or solely It is vertical to detect the advantages of terminal is integrated.
A kind of leak detection method for Android mobile phone APP, comprises the following steps:
Step one:In database it is preset detected Android APP finger print information record and its Static Detection report and Dynamic monitoring is reported;
Step 2:User is by detecting that the web interface of program submits Android APP to be detected;
Step 3:Detection program generates and submitted Android APP to be detected finger print information by task management person;
Step 4:Detection program is one by one by the finger print information (Android APP i.e. to be detected finger print information) and database Android APP finger print information record compares (matching), if finding record, directly returns to Android APP Static Detection Report and dynamic chek report, this detection terminate;If not finding record, continue lower step work;
Step 5:Task management person starts Static Detection engine, and Static Detection engine generates specific Static Detection and appointed Business;Meanwhile, the Detection task unit of Static Detection engine generation parallel distributed operation, and Static Detection subtask is distributed to Detection task unit;The Static Detection subtask execution unit of Static Detection engine generation parallel distributed operation, Static Detection Subtask execution unit is by the test results report Static Detection engine of Static Detection subtask;Static Detection engine, which is collected, to be integrated The testing result of each Static Detection subtask, is reported according to the Static Detection that report template generates Android APP, and to user Show that the Static Detection is reported, Static Detection is completed;
Step 6:Static Detection is reported and achieved by task management person, and starts dynamic detection engine;
Step 7:Dynamic detection engine distributes and starts detection container, after xylometer to be checked starts successfully, automatically will be to be checked Android APP is surveyed to be installed on the Android system in detection container;
Step 8:Dynamic detection engine start Android APP to be detected, detection container travels through each of Android APP automatically Individual interface, performs input, driver automatically, detects its implementation procedure and result, find and record Android APP leak, and Result is reported to dynamic detection engine;
Step 9:Dynamic detection engine closes the Android system of detection container, reclaims the virtual resources such as detection container, according to Report template generation dynamic detection report, and show that the dynamic detection is reported to user, dynamic detection is completed;
Step 10:The dynamic detection that task management person generates upper step, which is reported, to be achieved, so far, once complete Detection task Complete.
Static Detection subtask includes shelling, decompiling, privilege analysis detection, Activity event detections, Receiver Event detection, intent event monitorings, sql injections event detection, sensitive data leak detection.
Static Detection engine is managed using the Celery Detection tasks for carrying out parallel distributed, each Static Detection subtask For a Celery independent worker, each worker is concurrently performed, cooperative cooperating, and whole Static Detection is completed jointly and is appointed Business.
It is husky that dynamic detection engine completes dynamic detection using the virtualization container such as VirtalBox or Docker (detection container) The deployment of box, realizes each interface of APP UI traversal automatically using automatization testing technique, input is performed automatically, so that automatically Ground completes APP dynamic Hole Detection task.
Android APP in the present invention, refers mainly to run on the types of applications program in Android operation system.Run Android behaviour Making the equipment of system includes smart mobile phone, flat board, intelligent watch etc..
The invention has the characteristics that:
In methods described, detection object is only applicable to Android APP, is not suitable for the leak inspection of the applications such as windows, ios Look into;
In methods described, detect that the report of generation is both reported comprising Static Detection, and comprising dynamic detection report, and report The pattern of announcement supports customization.
In methods described, preset Android APP finger print information recording method, Android APP finger print information in database Refer to the signature of APP programs, be also equivalent to the identification code of APP programs.APP programs are signed to compile for program and packed Afterwards, whether mobile phone will first go the signature (can also regard MD5 as) of proving program legal before operation APP programs, only Having passed through the file of checking can just be run, so the effect of signature is to make file legal by the checking of mobile phone, different dry Mobile phone, system are the different signatures of correspondence.Here because each APP has the signature of unique identification, can by sign come Recognize that each APP identity, therefore equivalent to the finger print information of the mankind, APP signing messages is stored in database and is easy to rear Matched when being detected in face of APP.
Described upload APP to be detected web interface a, it is characterised in that boundary for uploading APP to be detected can be provided Face.
Described matches the APP finger print informations in database with APP to be detected, Data Matching when use Technology, mainly by getting the finger print information after the unique signing messages of APP to be detected with having existed in database I.e. signing messages is matched one by one, illustrates that APP to be detected in our database, can be carried directly if matching The information of the APP is taken to generate report.
If described do not find the APP fingerprints that can be matched in database, Static Detection is carried out.Static Detection mistake Journey is mainly:
(1) APP shells, and is realized using Dalvik interpreters, and analyzes DexHunter realizations.Interpreter is Dalvik empty The enforcement engine of plan machine, it is main to be responsible for performing Dalvik byte codes.After bytecode loaded, Dalvik virtual machine chooses use Interpreter starts fetching and explains bytecode, and interpreter is jumped at interpretive program and performed.
After External Function Call interpreter, the main flow that interpreter is performed has following steps.
A. interpreter performing environment is initialized;
B. according to systematic parameter, selection uses portable interpreters;
C. the execution of respective explanations device is jumped to;
D. fetching and instruction checking;
E. bytecode correspondence program segment is performed.
(2) decompiling APP, mainly completes to carry out decompiling to APP to be detected, behind completing using two instruments Static Detection process.One be the bag name and class name for obtaining apk bags instrument, decompiling goes out Java source code, one be by Then one apk bags decompiling is added before oneself, is changed some parameters and is easy to preferably for automatic test APPtools。
A. get after apk and suffix name is changed to zip in a program;
B. opened file folder finds classes.dex files, and he is copied to below dex2jar files, in cmd lives Dex2jar.bat classes.dex orders are performed in order, classes_dex2jar files are obtained;
C. jd-gui is opened, selection open file find decompiling file classes_dex2jar.jar, it is possible to To bag name and class name;
D. decompiling order:APPtool.bat-d-o E:/test/test.apk.Decompiling test.apk files are to E: Under test catalogues.Return compiler directive:APPtool.bat-b-o E:/ test/test1.apk returns compiling E:/ test catalogues are hereafter Part is test1.apk;
It is that bottom source code is changed according to smaile after decompiling is complete.Res is apk related resources, is signed after repacking Name or it is original, for automation cannot, so also needing to sign again.
E. sign again:A signature file debug.keystore is generated with eclipse.Can also oneself generation one Signature, is ordered as follows:keytool-genkey-v-keystore debug.keystore-alias androiddebugkey- keyalg RSA-validity 10000.According in previous step, MANIFEST files are then deleted;
Check and simplify information apkhelper;
Check signing messages keytool-list-v-keystore apkname.
(3) authority is detected, judges whether the application has the every authority deeply detected after decompiling.Obtain first The right list of the APP is taken, corresponding PackageInfo is obtained, all authorities are just in requestPermission.
(4) broadcast detection, detects which broadcast the APP have sent.Using the self-defined radio receiver of Android technologies, Wherein need to inherit base class BroadcastReceiver.Concrete implementation flow is:
A. broadcast recipients BroadcastReceiver by Binder mechanism to AMS (Activity Manager Service) registered;
B. broadcast transmission person is sent to AMS by binder mechanism and broadcasted;
C.AMS searches the BroadcastReceiver for meeting corresponding conditionses (IntentFilter/Permission etc.), By in the corresponding Message Rotation Queue of broadcast transmission to BroadcastReceiver (being generally Activity);
D. message loop, which is performed, takes this broadcast, onReceive () method in readjustment BroadcastReceiver.
(5) whether sensitive data is detected, according to the leak detection method of Android, by checking APP by the leak of Android Obtain local sensitive data.For digital certificate and the relative theory of https communication cryptologies, leak form is primarily present following three Kind:
A. self-defined X509TrustManager.When initiating HTTPS request using HttpsURLConnection, carry For a customized X509TrustManager, safety check logic is realized.There is provided by using above method self-defined X509TrustManager.
B. self-defined HostnameVerifier.During shaking hands, if URL host name and the mark main frame of server Name is mismatched, then authentication mechanism can adjust back this interface and realize program to determine whether allow this to connect.If readjustment Incorrect, all domain names of acquiescence receiving are inside realized, then have security risk.
C. All hosts name is trusted.
For these problems, we are detected using following methods:
A. whether authoritative institution issues first certificate or from signature, packing is a, and to arrive application internal, such as deposit It is placed on inside assets, by one KeyStore of credential initialization built in this part, then goes guiding to give birth to this KeyStore Into TrustManager checking is provided.
If B. with above-mentioned same code access https://www.taobao.com/ or https:// Www.baidu.com/, then that SSLHandshakeException that can dish out is abnormal, that is to say, that generated for particular certificate TrustManager, be able to validate only and set up secure link with particular server, which improves security.So premise Arrive, for non-browser APP, this is acceptable.
C. pack it is a to certificate to application program inside, go what guiding was generated not only through KeyStore TrustManager, but a clear-cut directly self-defined TrustManager, oneself realizes check logic;Check logic is main Including:Whether server certificate is expired, whether certificate signature is legal.
D. the self-defined HostnameVerifier of connection failure, simple simon says is exactly to carry out string matching school according to domain name Test;If business is complicated, configuration center is can be combined with, white list, blacklist is positive to wait the multi-level dynamic checks such as matching;Always Logic or fairly simple for body, anyway as long as correctly realize that method.Host name authentication policy makes strict mould into Formula.
(6) Internet communication checks, usual Android network services have six kinds of methods, are usual in detection APP leaks It can detect whether the APP can change the communication mode of network.
A. TCP/IP socket, SeverSocket form are directed to.
B. UDP DatagramSocket, DatagramPackage are directed to.For UDP service ends, start intercept first Service, then obtains packet and is handled, and is fed back after group according to acquisition packet.
(7) dangerous API Calls detection.If the solution when Request.Path being potentially dangerous is detected in APP Scheme:
A. if only simply conversion page, produced problem when passing ginseng can be to data encryption.
B. if occurring this problem when being operated to database data, first, can deposit database in before Add character filtering function (using Baidu.com, you are known that concrete methods of realizing).Secondth, judgement can also be added with JS:
C. it is exactly to cancel Microsoft to test its spcial character if not the so most directly simple method of first two problem Demonstrate,prove.
D. there is this problem, be typically due to what .Net Framework were caused using 4.0 versions.From .Net Framework 4.0 starts, and ASP.NET starts compulsory test Request parameter safeties.
(8) weak encryption detection:The reason for causing weak encryption in Android APP has a lot, has mainly used weak encryption algorithm, Therefore there is leak in AES.Encryption and decryption is realized using weak password algorithm.
Said process is further described below:
(1) using construction controlling stream graph technology, in addition combined with some static stains analyses or data-flow analysis technology with Improve the accuracy rate of detection.Detection program is controlled by being set up to the Dalvik bytecodes after Android application program decompilings Flow graph determines possible execution route, and then result above is further simplified using data stream analysis techniques and obtains possibility Trigger the path set of authority leakage.
(2) the Java source code static analysis after detection program decompiling, extracts doubtful authority from Manifest files Android the component lists of leakage, then construct CFG, in combination with quiet since the corresponding java applet entrance of each component State stain analytical technology, positioning causes the system point of invocation that authority is revealed.
(3) by the privacy leakage in Android APP and data contamination leak, the Java source code after decompiling is carried out quiet State is analyzed, and generating function calling figure and program control flowchart, the program of SQLite database manipulation functions perform stream, determines and deposit In the application of leak.
(4) by analyzing Android APP to be detected Content Provider interface characteristics, judge whether it there may be Privacy leakage leak;If possible exist, the Android APP to be detected for there may be privacy leakage leak, by right The monitoring of related api function in android system, the disclosure to Android APP to be detected may have access to URI progress SQL injection leaks Test and the test of traversal path leak, detect passive leaking data security risk.
Dynamic detection is further described:
(1) network bag sniff:Realize that the packet on crawl APP is analyzed again using tcpdump.
(2) HTTPS flows are decrypted:
A.Man-in-the-middle (go-between, referred to as MITM), can be respectively created company with network communication two ends Connect, exchange its data received so that communication two ends all think that oneself directly talks with other side, and in fact whole session is all by Between people controlled.In brief, in real service end, go-between is client;And during really client will be considered that Between people be service end.
B.Wireshark packet capturing principle is to directly read and analyze network card data.TLS handshake phases need to carry out key Exchange and the two important operations of server side authentication, key, which is exchanged, to be only had to produce one in dangerous data channel The shared key Premaster Secret that communicating pair is known, and then generate Master Secret and follow-up symmetric cryptography Session Key and MAC Key.And the purpose that client carries out server side authentication is to ensure that the conjunction for being connected to and possessing website private key Method server.
This mode incorporates key and exchanged and two steps of server side authentication, if service end can decrypt Premaster Secret, also implies that service end possesses correct private key.Go-between does not have private key, it is impossible to obtain Premaster Secret, afterflow rate after also can not just decrypting.
In methods described, task management person is responsible for the reception and execution of Detection task, and the displaying of testing result is put in storage Etc. management work, while supporting the historical archive of Detection task, in that context it may be convenient to reach " second inspection " effect.
In methods described, by an APP according to detection in Static Detection, multiple subtasks are decomposed into, each height is appointed Business distributed can be performed concurrently;
Virtualization Container Management is supported in methods described, in dynamic detection, it is automatic to distribute, start, stopping detection container, branch The automatic traversal at APP interfaces is held, automatically clicking etc. is operated;
In methods described, examining report storage is supported to achieve.
There is provided friendly man-machine interface in methods described, the operation difficulty of user is greatly reduced.
Present approach provides a kind of leak detection method for Android mobile phone APP, this method operating system is compatible Property it is good, detection efficiency is high, and stability is strong, and comprehensively, secondary development threshold is low, and system maintenance work amount is few, can facilitate for detection content Ground is applied to the integrated of the platform construction of APP Hole Detections or independent detection terminal.
By the description of embodiment of above, those skilled in the art can be understood that the present invention can be with By Celery, Golang, the mature technology such as Virtalbox is realized by way of secondary development.Although passing through embodiment The present invention is described, but it will be apparent to one skilled in the art that the present invention has many variations or change and can not depart from the present invention's Spirit, is equally protected by the claim of the present invention.What the present invention was not elaborated partly belongs to techniques well known, ability Field technique personnel can have been implemented on the premise of not paying creative work according to existing description, therefore, no longer be gone to live in the household of one's in-laws on getting married State.

Claims (7)

1. a kind of leak detection method for Android mobile phone APP, it is characterised in that comprise the following steps:
Step one:The preset finger print information record for having detected Android APP and its Static Detection report and dynamic in database Surveillance;
Step 2:User is by detecting that the web interface of program submits Android APP to be detected;
Step 3:Detection program generates and submitted Android APP to be detected finger print information by task management person;
Step 4:Detection program one by one compares the finger print information record of the finger print information and Android APP in database, if Record is found, then directly returns to the Android APP Static Detection report and dynamic chek report, this detection terminates;If not Record is found, continues lower step work;
Step 5:Task management person starts Static Detection engine, and Static Detection engine distributes to Static Detection subtask parallel The Detection task unit of distribution operation;The Static Detection subtask execution unit run by parallel distributed performs each detection The Static Detection subtask of TU task unit, by test results report Static Detection engine;Static Detection engine is according to report template Android APP Static Detection report is generated, and shows that the Static Detection is reported to user, Static Detection is completed;
Step 6:Static Detection is reported and achieved by task management person, and starts dynamic detection engine;
Step 7:Dynamic detection engine distributes and starts detection container, after xylometer to be checked starts successfully, automatically by peace to be detected Tall and erect APP is installed on the Android system in detection container;
Step 8:Dynamic detection engine start Android APP to be detected, detection container travels through Android APP each boundary automatically Face, performs various inputs automatically, and driver is performed, and detects its implementation procedure and result, finds and record Android APP leakage Hole, and report result to dynamic detection engine;
Step 9:Dynamic detection engine closes the Android system of detection container, reclaims detection container, is generated according to report template dynamic State examining report, and show that the dynamic detection is reported to user, dynamic detection is completed;
Step 10:Dynamic detection is reported and achieved that so far, once complete Detection task is completed by task management person.
2. a kind of leak detection method for Android mobile phone APP as claimed in claim 1, it is characterised in that Static Detection Subtask include APP shellings, decompiling APP, authority detection, broadcast detection, sensitive data detection, Internet communication checks, Dangerous API Calls detection and weak encryption detection.
3. a kind of leak detection method for Android mobile phone APP as claimed in claim 2, it is characterised in that Static Detection Subtask also includes pressure test.
4. a kind of leak detection method for Android mobile phone APP as claimed in claim 2, it is characterised in that decompiling APP Include by the way of:
(1) obtains the bag name and class name of apk bags, and decompiling goes out Java source code;
(2) it and will be added in after apk bag decompilings before oneself, and change parameter.
5. a kind of leak detection method for Android mobile phone APP as claimed in claim 2, it is characterised in that broadcast detection Implementation process include:
A. broadcast recipients are registered by Binder mechanism to AMS;
B. broadcast transmission person is sent to AMS by Binder mechanism and broadcasted;
C.AMS searches the broadcast recipients for meeting corresponding conditionses, by broadcast transmission to the corresponding message loop team of broadcast recipients In row;
D. message loop, which is performed, takes this broadcast, onReceive () method in readjustment broadcast recipients.
6. a kind of leak detection method for Android mobile phone APP as claimed in claim 1, it is characterised in that detection container For VirtalBox or Docker.
7. a kind of leak detection method for Android mobile phone APP as claimed in claim 1, it is characterised in that in step 4, The finger print information record work of Android APP in Android APP to be detected finger print information and database is compared using stationary detection technique It is right.
CN201710369224.3A 2017-05-23 2017-05-23 A kind of leak detection method for Android mobile phone APP Pending CN107330332A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710369224.3A CN107330332A (en) 2017-05-23 2017-05-23 A kind of leak detection method for Android mobile phone APP

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710369224.3A CN107330332A (en) 2017-05-23 2017-05-23 A kind of leak detection method for Android mobile phone APP

Publications (1)

Publication Number Publication Date
CN107330332A true CN107330332A (en) 2017-11-07

Family

ID=60192656

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710369224.3A Pending CN107330332A (en) 2017-05-23 2017-05-23 A kind of leak detection method for Android mobile phone APP

Country Status (1)

Country Link
CN (1) CN107330332A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108154035A (en) * 2017-12-21 2018-06-12 杭州安恒信息技术有限公司 Extensive website vulnerability scan method, device and electronic equipment
CN109063490A (en) * 2018-08-31 2018-12-21 北京梆梆安全科技有限公司 A kind of method, device and equipment detecting host name loophole
CN109740351A (en) * 2018-12-28 2019-05-10 广东电网有限责任公司 A kind of leak detection method, device and the equipment of embedded firmware
CN109784060A (en) * 2018-12-12 2019-05-21 平安科技(深圳)有限公司 Vulnerability Management report-generating method, device and storage medium, server
CN110096380A (en) * 2019-05-08 2019-08-06 苏州浪潮智能科技有限公司 Android corresponding internal communication method, system, device and storage medium
CN111177715A (en) * 2018-11-12 2020-05-19 中移(杭州)信息技术有限公司 Mobile App vulnerability detection method and device
CN111984963A (en) * 2020-07-31 2020-11-24 厦门安胜网络科技有限公司 Method and device for bypassing self-signed certificate verification
CN112733138A (en) * 2020-12-25 2021-04-30 北京中微云安信息科技有限公司 Audio-visual APP safety and business compliance automatic detection system, method and medium
CN116418518A (en) * 2023-04-11 2023-07-11 沈阳云盛互联网服务有限公司 Data intrusion protection method and system based on cloud computing

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102930210A (en) * 2012-10-14 2013-02-13 江苏金陵科技集团公司 System and method for automatically analyzing, detecting and classifying malicious program behavior
CN103685251A (en) * 2013-12-04 2014-03-26 电子科技大学 Android malicious software detecting platform oriented to mobile internet
US20150163237A1 (en) * 2013-12-11 2015-06-11 International Business Machines Corporation Testing web applications for security vulnerabilities with metarequests
CN105187394A (en) * 2015-08-10 2015-12-23 济南大学 Proxy server having mobile terminal malicious software behavior detection capability and method
CN105791250A (en) * 2014-12-26 2016-07-20 北京奇虎科技有限公司 Application detection method and device
CN106155880A (en) * 2015-03-27 2016-11-23 中国科学院信息工程研究所 A kind of automated procedures based on strategy analyze system and method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102930210A (en) * 2012-10-14 2013-02-13 江苏金陵科技集团公司 System and method for automatically analyzing, detecting and classifying malicious program behavior
CN103685251A (en) * 2013-12-04 2014-03-26 电子科技大学 Android malicious software detecting platform oriented to mobile internet
US20150163237A1 (en) * 2013-12-11 2015-06-11 International Business Machines Corporation Testing web applications for security vulnerabilities with metarequests
CN105791250A (en) * 2014-12-26 2016-07-20 北京奇虎科技有限公司 Application detection method and device
CN106155880A (en) * 2015-03-27 2016-11-23 中国科学院信息工程研究所 A kind of automated procedures based on strategy analyze system and method
CN105187394A (en) * 2015-08-10 2015-12-23 济南大学 Proxy server having mobile terminal malicious software behavior detection capability and method

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108154035A (en) * 2017-12-21 2018-06-12 杭州安恒信息技术有限公司 Extensive website vulnerability scan method, device and electronic equipment
CN108154035B (en) * 2017-12-21 2021-01-26 杭州安恒信息技术股份有限公司 Large-scale website vulnerability scanning method and device and electronic equipment
CN109063490A (en) * 2018-08-31 2018-12-21 北京梆梆安全科技有限公司 A kind of method, device and equipment detecting host name loophole
CN111177715A (en) * 2018-11-12 2020-05-19 中移(杭州)信息技术有限公司 Mobile App vulnerability detection method and device
CN109784060A (en) * 2018-12-12 2019-05-21 平安科技(深圳)有限公司 Vulnerability Management report-generating method, device and storage medium, server
CN109740351A (en) * 2018-12-28 2019-05-10 广东电网有限责任公司 A kind of leak detection method, device and the equipment of embedded firmware
CN110096380A (en) * 2019-05-08 2019-08-06 苏州浪潮智能科技有限公司 Android corresponding internal communication method, system, device and storage medium
CN111984963A (en) * 2020-07-31 2020-11-24 厦门安胜网络科技有限公司 Method and device for bypassing self-signed certificate verification
CN111984963B (en) * 2020-07-31 2022-05-20 厦门安胜网络科技有限公司 Method and apparatus for bypassing self-signed certificate verification
CN112733138A (en) * 2020-12-25 2021-04-30 北京中微云安信息科技有限公司 Audio-visual APP safety and business compliance automatic detection system, method and medium
CN116418518A (en) * 2023-04-11 2023-07-11 沈阳云盛互联网服务有限公司 Data intrusion protection method and system based on cloud computing
CN116418518B (en) * 2023-04-11 2024-01-19 上海瑞玑计算机科技有限公司 Data intrusion protection method and system based on cloud computing

Similar Documents

Publication Publication Date Title
CN107330332A (en) A kind of leak detection method for Android mobile phone APP
Potharaju et al. Plagiarizing smartphone applications: attack strategies and defense techniques
He et al. Vetting SSL usage in applications with SSLINT
Schmidt et al. Enhancing security of linux-based android devices
Lee et al. A sealant for inter-app security holes in android
CN104221024B (en) Unified scanning engine
Liu et al. On manually reverse engineering communication protocols of linux-based iot systems
CN108769071A (en) attack information processing method, device and internet of things honey pot system
Casola et al. Security monitoring in the cloud: an SLA-based approach
US20190245870A1 (en) Mitigating communication and control attempts
Johari et al. Penetration testing in IoT network
LaBarge et al. Cloud penetration testing
Li et al. Securing serverless computing: Challenges, solutions, and opportunities
Dalezios et al. Digital forensics cloud log unification: Implementing CADF in Apache CloudStack
Tang et al. Ssldetecter: detecting SSL security vulnerabilities of android applications based on a novel automatic traversal method
Larrucea et al. Assessing source code vulnerabilities in a cloud‐based system for health systems: OpenNCP
Putra et al. Infrastructure as code for security automation and network infrastructure monitoring
Wen et al. An empirical study of sdk credential misuse in ios apps
GLAVAN et al. Multi-access edge computing analysis of risks and security measures
CN108235766A (en) The control method and terminal device of a kind of terminal device
Horcas et al. An approach for deploying and monitoring dynamic security policies
Park et al. A-pot: a comprehensive android analysis platform based on container technology
Chaurasia Dynamic analysis of Android malware using DroidBox
CN104363256B (en) A kind of identification and control method, equipment and system of mobile phone viruses
Yuan et al. MQTTactic: Security Analysis and Verification for Logic Flaws in MQTT Implementations

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171107