CN109492398A - A kind of risk checking method and device of Android application program sensitive behavior - Google Patents
A kind of risk checking method and device of Android application program sensitive behavior Download PDFInfo
- Publication number
- CN109492398A CN109492398A CN201811410284.6A CN201811410284A CN109492398A CN 109492398 A CN109492398 A CN 109492398A CN 201811410284 A CN201811410284 A CN 201811410284A CN 109492398 A CN109492398 A CN 109492398A
- Authority
- CN
- China
- Prior art keywords
- file
- application program
- smali
- android application
- sensitivity function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Abstract
This application discloses the risk checking methods and device of a kind of Android application program sensitive behavior, this method comprises: obtaining the smali file in Android application program installation kit;Whether judge in the file content of the smali file comprising the call instruction for calling sensitivity function;The calling sensitivity function is for executing sensitive behavior;According to judging result, determine whether the Android application program is able to carry out sensitive behavior.Whether include the detection mode for calling the call instruction of sensitivity function in this file content according to smali file, allow the risk supervision personnel of application program according in the file content of smali file whether comprising judging result for calling the call instruction of sensitivity function, determine whether Android application program is able to carry out sensitive behavior, to solve the problems, such as how to detect whether Android application program is able to carry out sensitive behavior in the prior art.
Description
Technical field
This application involves a kind of inspections of the risk of field of computer technology more particularly to Android application program sensitive behavior
Survey method and device.
Background technique
Currently, with the continuous development and universal, more and more users' use of Android (Android) operating system
Application program (abbreviation Android application program) in Android operation system.At the same time, Android application program is opened
The safety problem that originator and user are faced is also increasing.
In practical applications, Android application program usually can execute certain sensitive behaviors, for example obtain mobile device
Facility information, to user send short message, read mobile device on address list, obtain user location information, use movement
The call etc. of camera, monitoring users in equipment.
However, when Android application program executes these sensitive behaviors, it is also possible to leakage of personal information can be brought to user
Risk.But the prior art does not disclose the technical solution whether detection Android application program is able to carry out sensitive behavior.
Therefore, whether detection Android application program is able to carry out sensitive behavior, is technical problems to be solved in this application.
Summary of the invention
The risk checking method and device of a kind of Android application program sensitive behavior are provided in the embodiment of the present application,
To solve the problems of the prior art.
In order to solve the above-mentioned technical problem, the application is achieved in that
In a first aspect, this application provides a kind of risk checking method of Android application program sensitive behavior, this method
Include:
Obtain the smali file in Android application program installation kit;
Whether judge in the file content of the smali file comprising the call instruction for calling sensitivity function;It is described
Call sensitivity function for executing sensitive behavior;
According to judging result, determine whether the Android application program is able to carry out sensitive behavior.
Preferably, the smali file obtained in Android application program installation kit, specifically includes:
Android application program installation kit is decompressed, decompiling is carried out to the classes.dex file after decompression, is obtained anti-
Smali file after compiling.
Preferably, whether include the tune for calling sensitivity function in the file content for judging the smali file
With instruction, specifically include:
The file content of the smali file is matched with the content in sensitivity function call instruction library, described in judgement
Whether include the call instruction for calling sensitivity function in the file content of smali file.
Preferably, the content in the file content by the smali file and sensitivity function call instruction library progress
Match, specifically include:
The file content that the smali file is traversed by the keyword search order of operating system, by the smali text
The file content of part is matched with the content in sensitivity function call instruction library.
It is preferably, described to determine whether the Android application program is able to carry out sensitive behavior according to judging result,
It specifically includes:
If judging result is in the file content of the smali file comprising call instruction for calling sensitivity function,
Then determine that the Android application program is able to carry out sensitive behavior;
If judging result is not include in the file content of the smali file for calling the calling of sensitivity function to refer to
It enables, it is determined that the Android application program can not execute sensitive behavior.
Second aspect, this application provides a kind of risk supervision device of Android application program sensitive behavior, the devices
Include:
File obtaining unit, for obtaining the smali file in Android application program installation kit;
Judging unit is instructed, whether includes for calling sensitive letter in the file content for judging the smali file
Several call instructions;The calling sensitivity function is for executing sensitive behavior;
Risk determination unit, for determining whether the Android application program is able to carry out sensitivity according to judging result
Behavior.
Using at least one the above-mentioned technical solution provided in the embodiment of the present application, following effect can achieve:
When the file content of smali file in Android application program installation kit includes the tune for calling sensitivity function
When with instruction, illustrate that Android application program can call sensitivity function, that is to say, bright Android application program is able to carry out
The corresponding sensitive behavior of the sensitivity function.Therefore, using this method provided herein, by the text for judging smali file
Whether comprising the call instruction for calling sensitivity function in part content, to determine whether Android application program is able to carry out
Sensitive behavior can solve and the problem of whether Android application program is able to carry out sensitive behavior how detected in the prior art.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present application, constitutes part of this application, this Shen
Illustrative embodiments and their description please are not constituted an undue limitation on the present application for explaining the application.In the accompanying drawings:
Fig. 1 is a kind of risk supervision of the Android application program sensitive behavior provided in one embodiment of the application
The flow diagram of method;
Fig. 2 is a kind of risk supervision of the Android application program sensitive behavior provided in one embodiment of the application
The structural schematic diagram of device.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete
Site preparation description, it is clear that described embodiment is some embodiments of the present application, instead of all the embodiments.Based on this Shen
Please in embodiment, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, shall fall in the protection scope of this application.
Below in conjunction with attached drawing, the technical solution provided in each embodiment of the application is described in detail.
Embodiment 1
To solve the problems of the prior art, the embodiment of the present application 1 provides a kind of Android application program sensitive behavior
Risk checking method.Due to including for executing the power function of sensitive behavior (referred to as sensitive letter in Android operation system
Number), Android application program can execute sensitive behavior by calling sensitivity function.Therefore, detection can be passed through
Whether the file content of smali file includes call instruction for calling sensitivity function in Android application program installation kit,
Determine whether the Android application program is able to carry out sensitive behavior, to solve the problems of the prior art.
The executing subject of the risk checking method of the Android application program sensitive behavior, can be for detecting
The detection system (or detection program) run on the server or server of Android application program;Or it should
The executing subject of the risk checking method of Android application program sensitive behavior can be for detecting Android application program
Client (or user terminal) etc..
The embodiment of the present application 1 for ease of description, following detailed description is with the wind of the Android application program sensitive behavior
The detection system that the executing subject of dangerous detection method is run on the server to detect Android application program is (hereinafter referred to as
For detection system) for, the risk checking method of the Android application program sensitive behavior is introduced.
Figure of description 1 is referred to, a kind of Android application program sensitive behavior provided for the embodiment of the present application 1
Risk checking method flow diagram, which specifically comprises the following steps:
Step 11: obtaining the smali file in Android application program installation kit.
In the embodiment of the present application 1, in one embodiment, the Android application program installation kit refers to be detected
Android (Android) operating system on application program (Application, abbreviation APP) installation kit, for example can be and carried
Enter application market or is loaded onto the installation of each application program in the Android operation system that the needs of application market detect
Packet.
In the embodiment of the present application 1, in one embodiment, the installation kit refers to Android installation kit, i.e. APK text
Part (Android Package).All the elements of an Android application program are contained in the APK file.
In the embodiment of the present application 1, in one embodiment, the APK file can be understood as Android application program
A compressed package being compressed into of program file, but the APK file is the suffix name using .apk as file.Such as it can be with
It is: xxx.apk, wherein the xxx is the filename that the developer of Android application program is named.
In the embodiment of the present application 1, in one embodiment, the APK file by decompression after included file and
File is for example following shown, is respectively mainly:
AndroidManifest.xml file, classes.dex file, resources.arsc file and assets
File, lib file, META-INF file, res file.
Wherein, the AndroidManifest.xml file is the class file that must include in each APK file,
This document is used to describe the name of application program, version, permission, the information such as library file of reference, can be used for searching component;
The classes.dex file is java byte code files generated after the compiling of java source code, is virtual machine
File performed by Davilk;
The resources.arsc file is the Binary Resources file after compiling;
The assets file is for storing some original configuration files;
For storing all so library files, these so library files are called the lib file for other programs;
What is stored under the META-INF file is signature, information description etc., and this document folder is that APK file is signed
When the position stored of signing certificate;
What is stored under the res file is a plurality of types of engineering resource texts such as icon, picture, JavaScript file
Part.
It should be noted that the developer due to each application program is different, so the file for including after each APK file decompression
It can also include images file, org file etc., these files are not specific other than above-mentioned specific file.
Wherein, tool used in the decompression of above-mentioned APK file is carried out, for example can be WinRAR decoder software, WinZip
Decoder software, 7-Zip decoder software etc. decompress tool.
It should be noted that not needing when the installation kit to Android application program detects to after decompression
All files are detected, and the detection of the embodiment of the present application 1 can be completed by specified portions therein.Therefore, the application is real
It applies in example 1, the specified portions therein specifically include: classes.dex file.
But since classes.dex file can not directly be read relevant the file information, therefore, it is necessary to by anti-
The classes.dex file that APK file solution presses out is decompiled into smali file by compilation tool, can just be directly read and be divided
Analyse relevant the file information.Wherein, the decompiling instrument, for example can be baksmali tool etc..
Based on above description, it is contemplated that the classes.dex file that APK file solution presses out can not directly be read correlation
The file information, then, and in the embodiment of the present application 1, in one embodiment, the acquisition Android application program installation kit
In smali file, specifically include:
Android application program installation kit is decompressed, decompiling is carried out to the classes.dex file after decompression, is obtained anti-
Smali file after compiling.
It should be noted that if not got after carrying out decompression and decompiling to the installation kit of Android application program
Smali file, then detection system can not analyze the file content of smali file, i.e., do not getting this of smali file
In the case of whether can not execute in the file content for judging the smali file described hereinafter comprising for calling sensitive letter
The step for several call instructions.Therefore, step 11 obtains the smali file in Android application program installation kit, is step
Whether 12 judge in the file content of the smali file comprising the precondition for calling the call instruction of sensitivity function.
Step 12: whether judging in the file content of the smali file comprising for calling the calling of sensitivity function to refer to
It enables;The calling sensitivity function is for executing sensitive behavior.
In the embodiment of the present application 1, in one embodiment, Android application program is contained in the smali file
All instructions, these instructions are that one or more Davilk is instructed, and it is literary that these instructions are mainly used for describing its corresponding java
Part.
In the embodiment of the present application 1, in one embodiment, the sensitivity function refers in Android operation system and uses
In the power function for executing sensitive behavior.
In the embodiment of the present application 1, in one embodiment, described instruction refers to the program in Android application program
Code;Said program code is presented in the form of character string.
Wherein, the character string is referred to the arbitrary sequence of multiple printable characters, is terminated with newline or null character.
In the embodiment of the present application 1, in one embodiment, the call instruction for being used to call sensitivity function refers to,
By calling the instruction that can call the sensitivity function in Android operation system, thus corresponding to execute the sensitivity function
Sensitive behavior.
In the embodiment of the present application 1, in one embodiment, the sensitive behavior, for example may is that the position for obtaining user
Confidence ceases, then the corresponding sensitivity function of the sensitive behavior are as follows: getLastKnownLocation (), then, for calling this quick
Feel the call instruction of function are as follows: Landroid/location/LocationManager;->getLastKnownLocation.
In the embodiment of the present application 1, in one embodiment, it is in the file content of the judgement smali file
The no call instruction comprising for calling sensitivity function, comprising:
The file content of the smali file is matched with the content in sensitivity function call instruction library, described in judgement
Whether include the call instruction for calling sensitivity function in the file content of smali file.
In the embodiment of the present application 1, in one embodiment, sensitivity function call instruction library is specifically included: all
The set of call instruction.
Wherein, the call instruction, specifically includes: for calling the call instruction of sensitivity function.
In the embodiment of the present application 1, in one embodiment, the file content by the smali file and sensitivity
The content in function call instruction library is matched, and is specifically included:
The file content that the smali file is traversed by the keyword search order of operating system, by the smali text
The file content of part is matched with the content in sensitivity function call instruction library.
Then, in the embodiment of the present application 1, in one embodiment, in the file content of the judgement smali file
Whether comprising the call instruction for calling sensitivity function, specifically include:
The file content that the smali file is traversed by the keyword search order of operating system, by the smali text
The file content of part is matched with the content in sensitivity function call instruction library;
According to matching result, whether judge in the file content of the smali file comprising for calling sensitivity function
Call instruction.
In the embodiment of the present application 1, in one embodiment, the operating system is specifically included: (SuSE) Linux OS,
It is used to run some tool software, application program etc..
In the embodiment of the present application 1, in one embodiment, the keyword search order is specifically included: Linux behaviour
Make the grep order in system.
In the embodiment of the present application 1, in one embodiment, the grep order is a kind of text search tools, complete
Referred to as Global Regular Expression Print, its major function are to carry out the comparison of key-strings, that is, are used
Regular expression searches for text, and the row of key character String matching is printed.
Wherein, because when grep order finds out a key-strings in data, be come as unit of a full line into
Row data decimation, so what is printed after matching is the corresponding full line character string of the key-strings.
In the embodiment of the present application 1, in one embodiment, the format of the regular expression of the grep order is for example following
It is shown:
Character string ' filename #grep [- acinv] [-- color=auto] ' to be sought.
Wherein, the meaning of each option and parameter, it is specific as follows state shown in:
- a: binary file is searched into data in a manner of text file;
- c: the number for finding ' to be sought character string ' is calculated;
- i: the difference of ignorecase, so capital and small letter be considered as it is identical;
- n: line number is exported in passing;
- v: Negative selection, that is, be shown without ' that a line of character string ' content to be sought;
-- the key-strings part found color=auto: can be added to the display of color;
Filename: need to carry out the filename of the text of key-strings search.
In the embodiment of the present application 1, in one embodiment, the grep order can be used for being carried out according to file content
Recurrence does not show matched row to find out the catalogue of file, but directly display the file directory (text of key-strings
Part path), the format of specific regular expression is for example following shown:
Character string #grep-l-r' to be sought '.
It should be noted that the grep order of (SuSE) Linux OS can search multiple key-strings simultaneously and match
The corresponding each file path of these key-strings out.
Based on above description, it is contemplated that grep order can directly display out the matched file directory of key-strings institute
(file path), then, in the embodiment of the present application 1, in one embodiment, the keyword search by operating system is ordered
The file content for traversing the smali file is enabled, by the file content of the smali file and sensitivity function call instruction library
Content is matched, and is specifically included:
The file content that the smali file is traversed by the grep order of (SuSE) Linux OS, sensitivity function is called
The content of instruction database carries out search matching in the file content of the smali file as key-strings.
Specific matching process is for example following shown:
It regard each instruction in sensitivity function call instruction library as a key-strings, that is, is ordered as grep
' to be sought character string ' in regular expression is enabled, then executes the grep order of (SuSE) Linux OS in smali file
Search matching is carried out in All Files content, finally returns to the file comprising above-mentioned ' to be sought character string ' in smali file
Path.
It is in one embodiment, described according to matching result in the embodiment of the present application 1, judge the smali file
Whether comprising the call instruction for calling sensitivity function in file content, specifically include:
If matching result is the smali file road that one or more key-strings are shown in detection system display interface
Diameter then judges in the file content of the smali file comprising the call instruction for calling sensitivity function;
If matching result is that detection system display interface does not show smali file path, the smali file is judged
File content in do not include call instruction for calling sensitivity function.
In the embodiment of the present application 1, in one embodiment, above-mentioned deterministic process, for example, may is that by ' it is to be sought
Character string ' be set as ' Landroid/content/BroadcastReceiver;-> abortBroadcast', wherein the tune
Refer to the call instruction of the function of calling " SMS interception " this sensitive behavior with instruction.Then grep order is executed, if
The smali file path of set key-strings is matched in the file content of smali file and is shown in detection system
Display interface then illustrates in the file content of smali file comprising above-mentioned key-strings, i.e., comprising call " SMS interception " this
The call instruction of the function of one sensitive behavior.
It should be noted that whether judging in the file content of the smali file comprising for calling sensitivity function
Call instruction, it is therefore intended that determine whether the Android application program can call sensitivity function, thus described to determine
Whether Android application program is able to carry out sensitive behavior.Therefore, step 12 judges in the file content of the smali file
Whether comprising the call instruction for calling sensitivity function, it is step 13 according to judging result, determines the Android application journey
Whether sequence is able to carry out the important prerequisite condition of sensitive behavior.
Step 13: according to judging result, determining whether the Android application program is able to carry out sensitive behavior.
It is in one embodiment, described according to judging result in the embodiment of the present application 1, determine the Android application
Whether program is able to carry out sensitive behavior, specifically includes:
Whether include the judgement for calling the call instruction of sensitivity function according in the file content of the smali file
As a result, determining whether the Android application program can call sensitivity function;
The determination of sensitivity function whether can be called according to the Android application program as a result, determining the Android
Whether application program is able to carry out sensitive behavior.
Then, described to determine whether the Android application program is able to carry out sensitive behavior according to judging result, specifically
Definitive result is for example following shown:
If judging result is in the file content of the smali file comprising call instruction for calling sensitivity function,
Indicate that the Android application program can call sensitivity function, it is determined that the Android application program is able to carry out sensitivity
Behavior;
If judging result is not include in the file content of the smali file for calling the calling of sensitivity function to refer to
It enables, indicates that the Android application program can not call sensitivity function, it is determined that the Android application program can not
Execute sensitive behavior.
The scheme provided using the embodiment of the present application 1, when the file of smali file in Android application program installation kit
When content includes the call instruction for calling sensitivity function, illustrate that Android application program can call sensitivity function, also
Illustrate that Android application program is able to carry out the corresponding sensitive behavior of the sensitivity function.It therefore, should using provided herein
Method, whether comprising the call instruction for calling sensitivity function in the file content by judging smali file, to determine
Whether Android application program is able to carry out sensitive behavior, can solve and how to detect Android application program in the prior art
The problem of whether being able to carry out sensitive behavior.
Embodiment 2
To solve the problems of the prior art, the embodiment of the present application 2 provides a kind of Android application program sensitive behavior
Risk supervision device 20.
Figure of description 2 is referred to, a kind of Android application program sensitive behavior provided for the embodiment of the present application 2
Risk supervision device structural schematic diagram, which specifically includes: file obtaining unit 21, instructs judging unit 22, risk
Determination unit 23.
The function of lower each unit is introduced in detail below:
File obtaining unit 21, for obtaining the smali file in Android application program installation kit;
Judging unit 22 is instructed, whether includes for calling sensitivity in the file content for judging the smali file
The call instruction of function;The calling sensitivity function is for executing sensitive behavior;
Risk determination unit 23, for it is quick to determine whether the Android application program is able to carry out according to judging result
Sense behavior.
In the embodiment of the present application 2, in one embodiment, the file obtaining unit 21 is specifically included:
Android application program installation kit is decompressed, decompiling is carried out to the classes.dex file after decompression, is obtained anti-
Smali file after compiling.
In the embodiment of the present application 2, in one embodiment, the sensitivity function is specifically included: Android operation system
For executing the power function of sensitive behavior in system.
In the embodiment of the present application 2, in one embodiment, described instruction judging unit 22 is specifically included:
The file content of the smali file is matched with the content in sensitivity function call instruction library, described in judgement
Whether include the call instruction for calling sensitivity function in the file content of smali file.
In the embodiment of the present application 2, in one embodiment, sensitivity function call instruction library is specifically included: all
The set of call instruction.Wherein, the call instruction, specifically includes: for calling the call instruction of sensitivity function.
In the embodiment of the present application 2, in one embodiment, by the file content and sensitivity function of the smali file
The content in call instruction library is matched, and is specifically included:
The file content that the smali file is traversed by the keyword search order of operating system, by the smali text
The file content of part is matched with the content in sensitivity function call instruction library.
In the embodiment of the present application 2, in one embodiment, the file content by the smali file and sensitivity
Whether the content in function call instruction library is matched, judge in the file content of the smali file comprising quick for calling
The call instruction for feeling function, specifically includes:
The file content that the smali file is traversed by the keyword search order of operating system, by the smali text
The file content of part is matched with the content in sensitivity function call instruction library;
According to matching result, whether judge in the file content of the smali file comprising for calling sensitivity function
Call instruction.
In the embodiment of the present application 2, in one embodiment, the risk determination unit 23 is specifically included:
Whether include the judgement for calling the call instruction of sensitivity function according in the file content of the smali file
As a result, determining whether the Android application program can call sensitivity function;
The determination of sensitivity function whether can be called according to the Android application program as a result, determining the Android
Whether application program is able to carry out sensitive behavior.
Then, specific definitive result is for example following shown:
If judging result is in the file content of the smali file comprising call instruction for calling sensitivity function,
Indicate that the Android application program can call sensitivity function, it is determined that the Android application program is able to carry out sensitivity
Behavior;
If judging result is not include in the file content of the smali file for calling the calling of sensitivity function to refer to
It enables, indicates that the Android application program can not call sensitivity function, it is determined that the Android application program can not
Execute sensitive behavior.
The scheme provided using the embodiment of the present application 2, when the file of smali file in Android application program installation kit
When content includes the call instruction for calling sensitivity function, illustrate that Android application program can call sensitivity function, also
Illustrate that Android application program is able to carry out the corresponding sensitive behavior of the sensitivity function.It therefore, should using provided herein
Method, whether comprising the call instruction for calling sensitivity function in the file content by judging smali file, to determine
Whether Android application program is able to carry out sensitive behavior, can solve and how to detect Android application program in the prior art
The problem of whether being able to carry out sensitive behavior.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net
Network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices
Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates
Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability
It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap
Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want
There is also other identical elements in the process, method of element, commodity or equipment.
The above description is only an example of the present application, is not intended to limit this application.For those skilled in the art
For, various changes and changes are possible in this application.All any modifications made within the spirit and principles of the present application are equal
Replacement, improvement etc., should be included within the scope of the claims of this application.
Claims (10)
1. a kind of risk checking method of Android application program sensitive behavior characterized by comprising
Obtain the smali file in Android application program installation kit;
Whether judge in the file content of the smali file comprising the call instruction for calling sensitivity function;The calling
Sensitivity function is for executing sensitive behavior;
According to judging result, determine whether the Android application program is able to carry out sensitive behavior.
2. the method as described in claim 1, which is characterized in that in the file content for judging the smali file whether
Comprising specifically including for calling the call instruction of sensitivity function:
The file content of the smali file is matched with the content in sensitivity function call instruction library, judges the smali
Whether include the call instruction for calling sensitivity function in the file content of file.
3. method according to claim 2, which is characterized in that the file content by the smali file and sensitive letter
The content in number call instruction library is matched, and is specifically included:
The file content that the smali file is traversed by the keyword search order of operating system, by the smali file
File content is matched with the content in sensitivity function call instruction library.
4. the method as described in claim 1, which is characterized in that it is described according to judging result, determine the Android application journey
Whether sequence is able to carry out sensitive behavior, specifically includes:
If judging result is comprising the call instruction for calling sensitivity function in the file content of the smali file, really
The fixed Android application program is able to carry out sensitive behavior;
If judging result is the call instruction not included in the file content of the smali file for calling sensitivity function,
Determine that the Android application program can not execute sensitive behavior.
5. the method as described in claim 1, which is characterized in that the smali obtained in Android application program installation kit
File specifically includes:
Android application program installation kit is decompressed, decompiling is carried out to the classes.dex file after decompression, obtains decompiling
Smali file afterwards.
6. a kind of risk supervision device of Android application program sensitive behavior characterized by comprising
File obtaining unit, for obtaining the smali file in Android application program installation kit;
Judging unit is instructed, whether includes for calling sensitivity function in the file content for judging the smali file
Call instruction;The calling sensitivity function is for executing sensitive behavior;
Risk determination unit, for determining whether the Android application program is able to carry out sensitive row according to judging result
For.
7. device as claimed in claim 6, which is characterized in that the file obtaining unit is specifically used for:
Android application program installation kit is decompressed, decompiling is carried out to the classes.dex file after decompression, obtains decompiling
Smali file afterwards.
8. device as claimed in claim 6, which is characterized in that described instruction judging unit specifically includes:
The file content of the smali file is matched with the content in sensitivity function call instruction library, judges the smali
Whether include the call instruction for calling sensitivity function in the file content of file.
9. device as claimed in claim 6, which is characterized in that the risk determination unit specifically includes:
If judging result is comprising the call instruction for calling sensitivity function in the file content of the smali file, really
The fixed Android application program is able to carry out sensitive behavior;
If judging result is the call instruction not included in the file content of the smali file for calling sensitivity function,
Determine that the Android application program can not execute sensitive behavior.
10. a kind of risk supervision device of Android application program sensitive behavior characterized by comprising
Memory, for storing computer program instructions;
Processor, for reading the computer program instructions of the memory storage and realizing that right such as is wanted on the processor
A kind of the step of risk checking method of Android application program sensitive behavior described in asking any one of 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811410284.6A CN109492398A (en) | 2018-11-23 | 2018-11-23 | A kind of risk checking method and device of Android application program sensitive behavior |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811410284.6A CN109492398A (en) | 2018-11-23 | 2018-11-23 | A kind of risk checking method and device of Android application program sensitive behavior |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109492398A true CN109492398A (en) | 2019-03-19 |
Family
ID=65696520
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811410284.6A Pending CN109492398A (en) | 2018-11-23 | 2018-11-23 | A kind of risk checking method and device of Android application program sensitive behavior |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109492398A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111949608A (en) * | 2020-07-27 | 2020-11-17 | 广州掌淘网络科技有限公司 | Method and device for searching text in APP |
| CN112784272A (en) * | 2021-01-26 | 2021-05-11 | 京东数字科技控股股份有限公司 | Application program processing method and device, electronic equipment, system and storage medium |
| CN112817603A (en) * | 2021-01-26 | 2021-05-18 | 京东数字科技控股股份有限公司 | Application program processing method and device, electronic equipment, system and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7392514B2 (en) * | 2003-06-26 | 2008-06-24 | Microsoft Corporation | Data flow chasing |
| CN103440458A (en) * | 2013-09-25 | 2013-12-11 | 西安交通大学 | Method for statically identifying malicious codes of Android system in heuristic manner |
| CN104715196A (en) * | 2015-03-27 | 2015-06-17 | 北京奇虎科技有限公司 | Static analysis method and system of smart phone application program |
| CN106203122A (en) * | 2016-07-25 | 2016-12-07 | 西安交通大学 | Android malice based on sensitive subgraph beats again bag software detecting method |
-
2018
- 2018-11-23 CN CN201811410284.6A patent/CN109492398A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7392514B2 (en) * | 2003-06-26 | 2008-06-24 | Microsoft Corporation | Data flow chasing |
| CN103440458A (en) * | 2013-09-25 | 2013-12-11 | 西安交通大学 | Method for statically identifying malicious codes of Android system in heuristic manner |
| CN104715196A (en) * | 2015-03-27 | 2015-06-17 | 北京奇虎科技有限公司 | Static analysis method and system of smart phone application program |
| CN106203122A (en) * | 2016-07-25 | 2016-12-07 | 西安交通大学 | Android malice based on sensitive subgraph beats again bag software detecting method |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111949608A (en) * | 2020-07-27 | 2020-11-17 | 广州掌淘网络科技有限公司 | Method and device for searching text in APP |
| CN112784272A (en) * | 2021-01-26 | 2021-05-11 | 京东数字科技控股股份有限公司 | Application program processing method and device, electronic equipment, system and storage medium |
| CN112817603A (en) * | 2021-01-26 | 2021-05-18 | 京东数字科技控股股份有限公司 | Application program processing method and device, electronic equipment, system and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108763928B (en) | Open source software vulnerability analysis method and device and storage medium | |
| Wang et al. | Using text mining to infer the purpose of permission use in mobile apps | |
| KR101246623B1 (en) | Apparatus and method for detecting malicious applications | |
| CN107992307B (en) | Function compiling method and device | |
| CN111507086B (en) | Automatic discovery of translated text locations in localized applications | |
| CN108229112A (en) | A kind of operation method and device for protecting application program, application program | |
| CN109492398A (en) | A kind of risk checking method and device of Android application program sensitive behavior | |
| TW201403368A (en) | Computing environment security method and electronic computing system | |
| CN109271789B (en) | Malicious process detection method and device, electronic equipment and storage medium | |
| US20220198003A1 (en) | Detecting added functionality in open source package | |
| CN106886445A (en) | Java packets generation method and equipment and information extracting method and equipment | |
| Karim et al. | Mining android apps to recommend permissions | |
| CN112395253B (en) | Index file generation method, terminal device, electronic device and medium | |
| Gadyatskaya et al. | Evaluation of resource-based app repackaging detection in android | |
| CN111753291B (en) | Application container creating method, device and equipment | |
| CN113961919A (en) | Malicious software detection method and device | |
| CN105760761A (en) | Software behavior analyzing method and device | |
| Usman et al. | Test case generation from android mobile applications focusing on context events | |
| US20230141948A1 (en) | Analysis and Testing of Embedded Code | |
| CN109165512A (en) | A kind of the intention agreement URL leak detection method and device of application program | |
| CN108334775B (en) | Method and device for detecting jail-crossing plug-in | |
| CN111240987A (en) | Migration program detection method and device, electronic equipment and computer readable storage medium | |
| US11947966B2 (en) | Identifying computer instructions enclosed by macros and conflicting macros at build time | |
| CN114296793A (en) | Anti-obfuscation method and device for obfuscated codes, readable medium and electronic device | |
| CN109670308A (en) | A kind of Intent calls risk checking method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190319 |
|
| RJ01 | Rejection of invention patent application after publication |