WO2015074489A1 - Method and apparatus for testing android application program - Google Patents

Method and apparatus for testing android application program Download PDF

Info

Publication number
WO2015074489A1
WO2015074489A1 PCT/CN2014/090259 CN2014090259W WO2015074489A1 WO 2015074489 A1 WO2015074489 A1 WO 2015074489A1 CN 2014090259 W CN2014090259 W CN 2014090259W WO 2015074489 A1 WO2015074489 A1 WO 2015074489A1
Authority
WO
WIPO (PCT)
Prior art keywords
call
command
application
runtime data
command call
Prior art date
Application number
PCT/CN2014/090259
Other languages
French (fr)
Chinese (zh)
Inventor
柴洪峰
杨文博
何朔
李卷孺
杨阳
徐泽伟
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2015074489A1 publication Critical patent/WO2015074489A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3692Test management for test results analysis

Definitions

  • the present invention relates to software testing, and more particularly to a method and apparatus for testing an Android application.
  • the prior art does not disclose a solution to the above problem.
  • a problem with the static automated test methods of the prior art is that runtime parameters cannot be obtained, and runtime parameters are critical to the analysis of the application's cryptographic algorithms and portions of protocol usage.
  • Dynamic testing methods in the prior art often need to modify the application or add breakpoints to debug, and this will reduce the transparency and stability of the program monitoring. For example, modifying the application may cause the application to run incorrectly and also damage the application. The signature mechanism of the program.
  • the prior art test methods are only for general-purpose code problems, and cannot be tested and analyzed for specific command calls in the application.
  • a specific security analysis eg, whether a certificate is missing or tampered with
  • an application's cryptographic algorithms and portions of the protocol cannot be performed, making it impossible to test and discover cryptographic algorithms and protocol usage in the application.
  • the present invention proposes a method and apparatus for testing an Android application.
  • a method of testing an Android application comprising the steps of:
  • step A includes:
  • the positioning command is called.
  • step A includes:
  • step B includes:
  • the command call is monitored and the runtime data is retrieved using a monitoring module attached to the Zygote process of the Dalvik virtual machine.
  • the runtime data is a parameter related to cryptographic algorithms and/or protocol usage.
  • step A its command call is located in the binary code of the application.
  • the command call is a method call or an instruction call.
  • an apparatus for testing an Android application including:
  • a monitoring module configured to monitor the command call and obtain runtime data
  • An analysis module for analyzing acquired runtime data.
  • the positioning module is configured to:
  • the positioning command is called.
  • the positioning module is configured to:
  • the monitoring module is attached to the Zygote process of the Dalvik virtual machine, thereby monitoring the command call and obtaining runtime data.
  • the runtime data is a parameter related to cryptographic algorithms and/or protocol usage.
  • the positioning module locates its command call in the binary code of the application.
  • the invention dynamically monitors the test program and obtains the operation content of the cryptographic algorithm and the protocol.
  • One advantage of the present invention is that it can actively check the mechanism, mode, problem, and various operational information of the code during the running of the program, so that the summary analysis can be performed in stages, and the code quality related judgment result can be obtained according to the specified standard.
  • the present invention can directly analyze the binary code of the program without relying on the source code of the program, and when the program is running, the technical solution of the present invention dynamically analyzes the program code loaded in the memory to find the insertion instruction. The location and add specific instructions for program monitoring.
  • FIG. 1 is a schematic diagram showing the steps of a method of testing an Android application according to an embodiment of the present invention.
  • FIG. 2 is a schematic structural diagram of an apparatus for testing an Android application according to an embodiment of the present invention.
  • FIG. 1 is a schematic diagram showing the steps of a method of testing an Android application according to an embodiment of the present invention. As shown in Figure 1, the method includes the following steps:
  • a specific command call of the application can be located, such as a command call associated with a cryptographic algorithm and/or protocol usage.
  • a command call can be a method call, an interface call, or a fine-grained instruction call for the application.
  • the application is statically decompiled to get the class descriptor of the APK program; based on the class descriptor, the method call is filtered to filter out the specific method call.
  • step B the command call is monitored and the runtime data is retrieved using a monitoring module attached to the Zygote process of the Dalvik VM (Dalvik VM).
  • its command call is located in the application's binary code.
  • the programming language used by Android applications is the Java language and runs in the Dalvik VM.
  • One embodiment of the present invention monitors the running of a program by adding a monitoring module to the Dalvik VM.
  • An Android application runs in a corresponding Dalvik virtual machine instance, a virtual machine instance is a separate process space, so in order for the monitoring module to monitor each process, embodiments of the present invention attach the monitoring module to the Zygote process. on.
  • the Zygote process is a special virtual machine process and an incubator for a virtual machine instance. Whenever an Android application is to be executed, Zygote uses the fork function to create a child process to execute the application. The Zygote process completes the initialization of the virtual machine, the loading of the library, the loading and initialization of the preset class library, etc. When a new virtual machine instance is needed, Zygote provides a process template by copying itself. Therefore, when the monitoring module is loaded on the Zygote process, each newly launched APK program will have a monitoring module in the process space, thereby ensuring the reliability of the monitoring.
  • the interpreter is the execution engine of the Dalvik virtual machine, which is responsible for Explain the implementation of dex bytecode (that is, the runnable code that is finally generated after the Android source code is compiled).
  • Dalvik's dex bytecode includes a constant pool (describes all constants, including references, method names, and numeric constants, as well as class definitions, including access permission flags, class names, etc.), and data segments (including all target virtual machine execution methods).
  • the code and the data information associated with the class and method) and the class instance variables which enable the monitoring module to monitor all the information in a fine-grained manner.
  • the monitoring module is used to perform policy matching monitoring on the command call. For example, in the process of matching monitoring, the application is first monitored, then monitored and analyzed for its specific class, and then filtered at the instruction level to obtain instructions related to the use of the cryptographic algorithm/protocol, and finally through the monitoring.
  • the module extracts runtime data to analyze the application (eg, analyze encryption behavior).
  • the runtime data is a parameter related to cryptographic algorithms and/or protocol usage.
  • the device for testing an Android application includes a positioning module, a monitoring module, and an analysis module.
  • the positioning module is configured to locate a command call of the application
  • the monitoring module is configured to monitor the command call and obtain runtime data
  • the analysis module is configured to analyze the acquired runtime data.
  • the positioning module is configured to perform static code decompilation on the application to obtain a class descriptor; and to locate the method call according to the class descriptor.
  • the positioning module is configured to locate and invoke command commands associated with cryptographic algorithms and/or protocol usage.
  • the monitoring module is attached to the Zygote process of the Dalvik virtual machine, thereby monitoring the command call and obtaining runtime data.
  • the runtime data is a parameter related to cryptographic algorithms and/or protocol usage.
  • the positioning module locates its command call in the application's binary code.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The present invention discloses a method and apparatus for testing Android application programs. The method comprises the following steps: A. locate an apparatus program command call; B. monitor the command call and acquire runtime data; C. analyse the acquired runtime data.

Description

一种测试Android应用程序的方法和装置Method and device for testing Android application 技术领域Technical field
本发明涉及软件测试,并且尤其涉及一种测试Android应用程序的方法和装置。The present invention relates to software testing, and more particularly to a method and apparatus for testing an Android application.
背景技术Background technique
在应用程序中,通常会使用标准的密码算法和协议来保护数据。但是,在应用程序的开发过程中可能会错误地设置参数(例如,密钥长度、密钥内容)和/或使用步骤(例如,是否使用证书、是否校验证书链),使得安全性得不到保证。为此,需要对应用程序进行测试来避免这样的问题。In an application, standard cryptographic algorithms and protocols are often used to protect data. However, parameters may be incorrectly set during application development (for example, key length, key content) and/or usage steps (for example, whether to use a certificate, whether to verify the certificate chain), so that security is not To guarantee. To do this, you need to test your application to avoid such problems.
现有技术未公开针对上述问题的解决方案。现有技术中的静态自动化测试方法存在的问题是无法获取运行时参数,而运行时的参数对于应用程序的涉及密码算法与协议使用的部分的分析是至关重要的。现有技术中的动态测试方法往往需要修改应用程序或者添加断点来调试,而这样做将降低程序监控的透明性和稳定性,例如,修改应用程序可能导致应用程序运行错误,也会破坏应用程序的签名机制。The prior art does not disclose a solution to the above problem. A problem with the static automated test methods of the prior art is that runtime parameters cannot be obtained, and runtime parameters are critical to the analysis of the application's cryptographic algorithms and portions of protocol usage. Dynamic testing methods in the prior art often need to modify the application or add breakpoints to debug, and this will reduce the transparency and stability of the program monitoring. For example, modifying the application may cause the application to run incorrectly and also damage the application. The signature mechanism of the program.
另一方面,现有技术的测试方法仅仅针对通用性的代码问题,而无法正对应用程序中的特定命令调用进行测试和分析。例如,无法对应用程序的涉及密码算法与协议使用的部分进行特定性的安全分析(例如,证书是否缺失或者被篡改),从而无法进行测试并发现应用程序中的错误的密码算法和协议使用。On the other hand, the prior art test methods are only for general-purpose code problems, and cannot be tested and analyzed for specific command calls in the application. For example, a specific security analysis (eg, whether a certificate is missing or tampered with) for an application's cryptographic algorithms and portions of the protocol cannot be performed, making it impossible to test and discover cryptographic algorithms and protocol usage in the application.
为此,本发明提出一种测试Android应用程序的方法和装置。To this end, the present invention proposes a method and apparatus for testing an Android application.
发明内容Summary of the invention
根据本发明的一个目的,公开一种测试Android应用程序的方法,包括以下步骤:In accordance with one aspect of the present invention, a method of testing an Android application is disclosed, comprising the steps of:
A:定位应用程序的命令调用,A: locate the command call of the application,
B:监控所述命令调用并获取运行时数据,B: monitor the command call and get the runtime data,
C:对获取的运行时数据进行分析。C: Analyze the acquired runtime data.
在一个技术方案中,步骤A包括:In one technical solution, step A includes:
对应用程序进行静态代码反编译,获取类描述符;Decompilation of the application static code to get the class descriptor;
根据类描述符,定位命令调用。According to the class descriptor, the positioning command is called.
在一个技术方案中,步骤A包括:In one technical solution, step A includes:
定位与密码算法和/或协议使用相关的命令调用。Locate the command calls associated with cryptographic algorithms and/or protocol usage.
在一个技术方案中,步骤B包括: In one technical solution, step B includes:
利用被附加到Dalvik虚拟机的Zygote进程上的监控模块来监控所述命令调用并获取运行时数据。The command call is monitored and the runtime data is retrieved using a monitoring module attached to the Zygote process of the Dalvik virtual machine.
在一个技术方案中,所述运行时数据是与密码算法和/或协议使用相关的参数。In one technical solution, the runtime data is a parameter related to cryptographic algorithms and/or protocol usage.
在一个技术方案中,在步骤A中,在应用程序的二进制代码中定位其命令调用。In one technical solution, in step A, its command call is located in the binary code of the application.
在一个技术方案中,所述命令调用是方法调用或者指令调用。In one technical solution, the command call is a method call or an instruction call.
根据本发明的另一个目的,公开一种测试Android应用程序的装置,包括:According to another object of the present invention, an apparatus for testing an Android application is disclosed, including:
定位模块,用于定位应用程序的命令调用,A positioning module for locating a command call of an application,
监控模块,用于监控所述命令调用并获取运行时数据,a monitoring module, configured to monitor the command call and obtain runtime data,
分析模块,用于对获取的运行时数据进行分析。An analysis module for analyzing acquired runtime data.
在一个技术方案中,定位模块被配置成:In one technical solution, the positioning module is configured to:
对应用程序进行静态代码反编译,获取类描述符;Decompilation of the application static code to get the class descriptor;
根据类描述符,定位命令调用。According to the class descriptor, the positioning command is called.
在一个技术方案中,定位模块被配置成:In one technical solution, the positioning module is configured to:
定位与密码算法和/或协议使用相关的命令调用。Locate the command calls associated with cryptographic algorithms and/or protocol usage.
在一个技术方案中,所述监控模块被附加到Dalvik虚拟机的Zygote进程上,由此来监控所述命令调用并获取运行时数据。In one technical solution, the monitoring module is attached to the Zygote process of the Dalvik virtual machine, thereby monitoring the command call and obtaining runtime data.
在一个技术方案中,所述运行时数据是与密码算法和/或协议使用相关的参数。In one technical solution, the runtime data is a parameter related to cryptographic algorithms and/or protocol usage.
在一个技术方案中,所述定位模块在应用程序的二进制代码中定位其命令调用。In one technical solution, the positioning module locates its command call in the binary code of the application.
本发明对待测试程序进行动态监控,获取其密码算法和协议使用的操作内容。本发明的一个优势是在程序运行期间能够主动检查代码运行的机制、模式、问题以及收集代码的各种运行信息,从而可以分阶段执行汇总分析,根据指定的标准,获得代码质量相关判断结果。特别地,本发明可以直接对程序的二进制代码进行分析,无需依赖于程序的源代码,并且在程序运行的时候,本发明的技术方案动态地对内存中加载的程序代码进行分析,找到插入指令的位置,并加入特定指令进行程序监控。The invention dynamically monitors the test program and obtains the operation content of the cryptographic algorithm and the protocol. One advantage of the present invention is that it can actively check the mechanism, mode, problem, and various operational information of the code during the running of the program, so that the summary analysis can be performed in stages, and the code quality related judgment result can be obtained according to the specified standard. In particular, the present invention can directly analyze the binary code of the program without relying on the source code of the program, and when the program is running, the technical solution of the present invention dynamically analyzes the program code loaded in the memory to find the insertion instruction. The location and add specific instructions for program monitoring.
附图说明DRAWINGS
在参照附图阅读了本发明的具体实施方式以后,本领域技术人员将会更清楚地了解本发明的各个方面。本领域技术人员应当理解的是,这些附图仅仅用于配合具体实施方式说明本发明的技术方案,而并非意在对本发明的保护范围构成限制。Various aspects of the present invention will become apparent to those skilled in the <RTIgt; It should be understood by those skilled in the art that these drawings are only used to illustrate the technical solutions of the present invention, and are not intended to limit the scope of the present invention.
图1是根据本发明实施例的测试Android应用程序的方法的步骤示意图。1 is a schematic diagram showing the steps of a method of testing an Android application according to an embodiment of the present invention.
图2是根据本发明实施例的测试Android应用程序的装置的结构示意图。 2 is a schematic structural diagram of an apparatus for testing an Android application according to an embodiment of the present invention.
具体实施方式detailed description
下面参照附图,对本发明的具体实施方式作进一步的详细描述。在下面的描述中,为了解释的目的,陈述许多具体细节以便提供对实施例的一个或多个方面的透彻理解。然而,对于本领域技术人员可以显而易见的是,可以这些具体细节的较少程度来实践各实施例的一个或多个方面。因此下面的描述不被视为局限性的,而是通过所附权利要求来限定保护范围。Specific embodiments of the present invention will be further described in detail below with reference to the drawings. In the following description, numerous specific details are set forth However, it will be apparent to those skilled in the art that one or more aspects of the various embodiments can be The following description is therefore not to be taken in a limiting
图1是根据本发明实施例的测试Android应用程序的方法的步骤示意图。如图1所示,该方法包括以下步骤:1 is a schematic diagram showing the steps of a method of testing an Android application according to an embodiment of the present invention. As shown in Figure 1, the method includes the following steps:
A:定位应用程序的命令调用,A: locate the command call of the application,
B:监控所述命令调用并获取运行时数据,B: monitor the command call and get the runtime data,
C:对获取的运行时数据进行分析。C: Analyze the acquired runtime data.
在步骤A中,可以定位应用程序的特定命令调用,例如与密码算法和/或协议使用相关的命令调用。命令调用可以是该应用程序的方法调用、接口调用或更细粒度的指令调用。在一个示例中,对应用程序进行静态代码反编译,获取APK程序的类描述符;根据类描述符,对方法调用进行筛选,过滤出特定的方法调用。In step A, a specific command call of the application can be located, such as a command call associated with a cryptographic algorithm and/or protocol usage. A command call can be a method call, an interface call, or a fine-grained instruction call for the application. In one example, the application is statically decompiled to get the class descriptor of the APK program; based on the class descriptor, the method call is filtered to filter out the specific method call.
在步骤B中,利用被附加到Dalvik虚拟机(Dalvik VM)的Zygote进程上的监控模块来监控所述命令调用并获取运行时数据。In step B, the command call is monitored and the runtime data is retrieved using a monitoring module attached to the Zygote process of the Dalvik VM (Dalvik VM).
在一个示例中,在应用程序的二进制代码中定位其命令调用。In one example, its command call is located in the application's binary code.
Android应用程序所使用的编程语言是Java语言,并运行Dalvik VM中。本发明的一个实施例通过在在Dalvik VM上增加监控模块,对程序运行过程进行监控。一个Android应用程序运行在相应的一个Dalvik虚拟机实例里,一个虚拟机实例是一个独立的进程空间,因此为使监控模块对每个进程进行监控,本发明的实施例将监控模块附加到Zygote进程上。The programming language used by Android applications is the Java language and runs in the Dalvik VM. One embodiment of the present invention monitors the running of a program by adding a monitoring module to the Dalvik VM. An Android application runs in a corresponding Dalvik virtual machine instance, a virtual machine instance is a separate process space, so in order for the monitoring module to monitor each process, embodiments of the present invention attach the monitoring module to the Zygote process. on.
Zygote进程是一个特殊的虚拟机进程,同时也是一个虚拟机实例的孵化器,每当要执行一个Android应用程序时,Zygote使用fork函数创建出一个子进程来执行该应用程序。Zygote进程完成虚拟机的初始化、库的加载、预置类库的加载和初始化等操作,当需要一个新的虚拟机实例时,Zygote通过复制自身,最快速地提供一个进程模版。因此,当监控模块加载在Zygote进程上时,每一个新启动的APK程序都会在进程空间上拥有监控模块,由此保证监控的可靠性。The Zygote process is a special virtual machine process and an incubator for a virtual machine instance. Whenever an Android application is to be executed, Zygote uses the fork function to create a child process to execute the application. The Zygote process completes the initialization of the virtual machine, the loading of the library, the loading and initialization of the preset class library, etc. When a new virtual machine instance is needed, Zygote provides a process template by copying itself. Therefore, when the monitoring module is loaded on the Zygote process, each newly launched APK program will have a monitoring module in the process space, thereby ensuring the reliability of the monitoring.
在APK程序执行过程中,解释器(Interpreter)是Dalvik虚拟机的执行引擎,它负责 解释执行dex字节码(即Android程序源代码经过编译后最终产生的可运行的编码)。Dalvik的dex字节码中包括常量池(描述所有的常量,包括引用、方法名和数字常量等,以及类定义,包括访问权限标志,类名等),数据段(包括所有目标虚拟机执行的方法代码以及与类和方法相关的数据信息)和类实例变量等内容,这些信息使得监控模块能够细粒度地监控所有信息。在一个实施例中,在Dalvik dex字节码的解释执行过程中,利用监控模块,对命令调用进行策略匹配监控。例如,在匹配监控过程中,首先对应用程序进行监控,然后针对其具体的class进行监控分析,接下来在指令级别上进行过滤,获取和密码算法/协议使用相关的指令调用,最后通过从监控模块提取运行时数据来分析应用(例如分析加密行为)。在一个示例中,所述运行时数据是与密码算法和/或协议使用相关的参数。During the execution of the APK program, the interpreter is the execution engine of the Dalvik virtual machine, which is responsible for Explain the implementation of dex bytecode (that is, the runnable code that is finally generated after the Android source code is compiled). Dalvik's dex bytecode includes a constant pool (describes all constants, including references, method names, and numeric constants, as well as class definitions, including access permission flags, class names, etc.), and data segments (including all target virtual machine execution methods). The code and the data information associated with the class and method) and the class instance variables, which enable the monitoring module to monitor all the information in a fine-grained manner. In one embodiment, during the interpretation execution of the Dalvik dex bytecode, the monitoring module is used to perform policy matching monitoring on the command call. For example, in the process of matching monitoring, the application is first monitored, then monitored and analyzed for its specific class, and then filtered at the instruction level to obtain instructions related to the use of the cryptographic algorithm/protocol, and finally through the monitoring. The module extracts runtime data to analyze the application (eg, analyze encryption behavior). In one example, the runtime data is a parameter related to cryptographic algorithms and/or protocol usage.
图2是根据本发明实施例的测试Android应用程序的装置的结构示意图。如图2所示,测试Android应用程序的装置包括定位模块、监控模块、分析模块。其中,定位模块用于定位应用程序的命令调用,监控模块用于监控所述命令调用并获取运行时数据,分析模块用于对获取的运行时数据进行分析。在一个技术方案中,定位模块被配置成对应用程序进行静态代码反编译,获取类描述符;根据类描述符,定位方法调用。在一个技术方案中,定位模块被配置成定位和与密码算法和/或协议使用相关的命令调用。在一个技术方案中,所述监控模块被附加到Dalvik虚拟机的Zygote进程上,由此来监控所述命令调用并获取运行时数据。在一个技术方案中,所述运行时数据是与密码算法和/或协议使用相关的参数。在一个示例中,定位模块在应用程序的二进制代码中定位其命令调用。2 is a schematic structural diagram of an apparatus for testing an Android application according to an embodiment of the present invention. As shown in FIG. 2, the device for testing an Android application includes a positioning module, a monitoring module, and an analysis module. The positioning module is configured to locate a command call of the application, the monitoring module is configured to monitor the command call and obtain runtime data, and the analysis module is configured to analyze the acquired runtime data. In one technical solution, the positioning module is configured to perform static code decompilation on the application to obtain a class descriptor; and to locate the method call according to the class descriptor. In one aspect, the positioning module is configured to locate and invoke command commands associated with cryptographic algorithms and/or protocol usage. In one technical solution, the monitoring module is attached to the Zygote process of the Dalvik virtual machine, thereby monitoring the command call and obtaining runtime data. In one technical solution, the runtime data is a parameter related to cryptographic algorithms and/or protocol usage. In one example, the positioning module locates its command call in the application's binary code.
通过以上实施方式的描述,本领域中的普通技术人员能够理解,在不偏离本发明的精神和范围的情况下,还可以对本发明的具体实施方式作各种变更和替换。这些变更和替换都落在本发明权利要求书所限定的范围内。 Various changes and substitutions of the specific embodiments of the present invention can be made by those of ordinary skill in the art. Such changes and substitutions are intended to fall within the scope of the appended claims.

Claims (14)

  1. 一种测试Android应用程序的方法,其特征在于,包括以下步骤:A method of testing an Android application, comprising the steps of:
    A:定位应用程序的命令调用,A: locate the command call of the application,
    B:监控所述命令调用并获取运行时数据,B: monitor the command call and get the runtime data,
    C:对获取的运行时数据进行分析。C: Analyze the acquired runtime data.
  2. 如权利要求1所述的方法,其特征在于,步骤A包括:The method of claim 1 wherein step A comprises:
    对应用程序进行静态代码反编译,获取类描述符;Decompilation of the application static code to get the class descriptor;
    根据类描述符,定位命令调用。According to the class descriptor, the positioning command is called.
  3. 如权利要求2所述的方法,其特征在于,步骤A包括:The method of claim 2 wherein step A comprises:
    定位与密码算法和/或协议使用相关的命令调用。Locate the command calls associated with cryptographic algorithms and/or protocol usage.
  4. 如权利要求3所述的方法,其特征在于,步骤B包括:The method of claim 3 wherein step B comprises:
    利用被附加到Dalvik虚拟机的Zygote进程上的监控模块来监控所述命令调用并获取运行时数据。The command call is monitored and the runtime data is retrieved using a monitoring module attached to the Zygote process of the Dalvik virtual machine.
  5. 如权利要求4所述的方法,其特征在于,The method of claim 4 wherein:
    所述运行时数据是与密码算法和/或协议使用相关的参数。The runtime data is a parameter related to cryptographic algorithms and/or protocol usage.
  6. 如权利要求5所述的方法,其特征在于,The method of claim 5 wherein:
    在步骤A中,在应用程序的二进制代码中定位其命令调用。In step A, locate its command call in the application's binary code.
  7. 如权利要求6所述的方法,其特征在于,The method of claim 6 wherein:
    所述命令调用是方法调用或者指令调用。The command call is a method call or an instruction call.
  8. 一种测试Android应用程序的装置,其特征在于,包括:An apparatus for testing an Android application, comprising:
    定位模块,用于定位应用程序的命令调用,A positioning module for locating a command call of an application,
    监控模块,用于监控所述命令调用并获取运行时数据,a monitoring module, configured to monitor the command call and obtain runtime data,
    分析模块,用于对获取的运行时数据进行分析。 An analysis module for analyzing acquired runtime data.
  9. 如权利要求8所述的装置,其特征在于,定位模块被配置成:The apparatus of claim 8 wherein the positioning module is configured to:
    对应用程序进行静态代码反编译,获取类描述符;Decompilation of the application static code to get the class descriptor;
    根据类描述符,定位命令调用。According to the class descriptor, the positioning command is called.
  10. 如权利要求9所述的装置,其特征在于,定位模块被配置成:The apparatus of claim 9 wherein the positioning module is configured to:
    定位与密码算法和/或协议使用相关的命令调用。Locate the command calls associated with cryptographic algorithms and/or protocol usage.
  11. 如权利要求10所述的装置,其特征在于,The device of claim 10 wherein:
    所述监控模块被附加到Dalvik虚拟机的Zygote进程上,由此来监控所述命令调用并获取运行时数据。The monitoring module is attached to the Zygote process of the Dalvik virtual machine, thereby monitoring the command call and obtaining runtime data.
  12. 如权利要求11所述的装置,其特征在于,The device of claim 11 wherein:
    所述运行时数据是与密码算法和/或协议使用相关的参数。The runtime data is a parameter related to cryptographic algorithms and/or protocol usage.
  13. 如权利要求12所述的装置,其特征在于,The device of claim 12 wherein:
    所述定位模块在应用程序的二进制代码中定位其命令调用。The positioning module locates its command call in the binary code of the application.
  14. 如权利要求13所述的装置,其特征在于,The device of claim 13 wherein:
    所述命令调用是方法调用或者指令调用。 The command call is a method call or an instruction call.
PCT/CN2014/090259 2013-11-22 2014-11-04 Method and apparatus for testing android application program WO2015074489A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310598510.9A CN104657259B (en) 2013-11-22 2013-11-22 A kind of method and apparatus for testing Android application programs
CN201310598510.9 2013-11-22

Publications (1)

Publication Number Publication Date
WO2015074489A1 true WO2015074489A1 (en) 2015-05-28

Family

ID=53178917

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/090259 WO2015074489A1 (en) 2013-11-22 2014-11-04 Method and apparatus for testing android application program

Country Status (2)

Country Link
CN (1) CN104657259B (en)
WO (1) WO2015074489A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106911537A (en) * 2017-04-19 2017-06-30 深圳天珑无线科技有限公司 Information collecting method and information collecting device

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105740701A (en) * 2016-02-01 2016-07-06 中国人民大学 Reconstruction method and device of application execution environment of Android platform
CN107704393B (en) * 2017-09-29 2018-08-21 武汉斗鱼网络科技有限公司 Data test method, apparatus and electronic equipment
CN108133229B (en) * 2017-12-11 2021-08-06 广州能量盒子科技有限公司 Classified encryption method and system for android APK (android package) file
CN109086200B (en) * 2018-07-13 2020-04-14 南京大学 Effective test framework based on android virtual machine modification
CN113032183A (en) * 2021-03-24 2021-06-25 西安闻泰信息技术有限公司 System management method, device, computer equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120151269A1 (en) * 2010-12-10 2012-06-14 Helix Technology Inc. Mobile communication terminal capable of testing application and method thereof
CN102810143A (en) * 2012-04-28 2012-12-05 天津大学 Safety detecting system and method based on mobile phone application program of Android platform

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7296190B2 (en) * 2003-01-29 2007-11-13 Sun Microsystems, Inc. Parallel text execution on low-end emulators and devices
CN102521118B (en) * 2011-11-11 2014-12-10 福建星网视易信息系统有限公司 Automatic testing method of Android program

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120151269A1 (en) * 2010-12-10 2012-06-14 Helix Technology Inc. Mobile communication terminal capable of testing application and method thereof
CN102810143A (en) * 2012-04-28 2012-12-05 天津大学 Safety detecting system and method based on mobile phone application program of Android platform

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
BU, ZHE ET AL.: "A Behavior Analysis Method to Android Mobile Application Software", NETINFO SECURITY, 31 December 2012 (2012-12-31), pages 33 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106911537A (en) * 2017-04-19 2017-06-30 深圳天珑无线科技有限公司 Information collecting method and information collecting device

Also Published As

Publication number Publication date
CN104657259A (en) 2015-05-27
CN104657259B (en) 2018-05-18

Similar Documents

Publication Publication Date Title
WO2015074489A1 (en) Method and apparatus for testing android application program
CN106778103B (en) Reinforcement method, system and decryption method for preventing reverse cracking of android application program
CN104834859B (en) The dynamic testing method of malicious act in a kind of Android applications
Peng et al. {X-Force}:{Force-Executing} binary programs for security applications
US7818721B2 (en) Dynamic application tracing in virtual machine environments
US8407800B2 (en) Method for software vulnerability flow analysis, generation of vulnerability-covering code, and multi-generation of functionally-equivalent code
TWI541669B (en) Detection systems and methods for static detection applications, and computer program products
Zhauniarovich et al. Towards black box testing of android apps
Zhang et al. {CryptoREX}: Large-scale analysis of cryptographic misuse in {IoT} devices
Zhang et al. IntPatch: Automatically fix integer-overflow-to-buffer-overflow vulnerability at compile-time
Lu et al. DeepAutoD: Research on distributed machine learning oriented scalable mobile communication security unpacking system
CN108182359B (en) Method, device and storage medium for testing API security in trusted environment
CN114021142A (en) Android application program vulnerability detection method
Lim et al. An Android Application Protection Scheme against Dynamic Reverse Engineering Attacks.
CN108197476B (en) Vulnerability detection method and device for intelligent terminal equipment
Chen et al. Syzgen: Automated generation of syscall specification of closed-source macos drivers
Huang et al. Code coverage measurement for Android dynamic analysis tools
Arzt et al. The soot-based toolchain for analyzing android apps
KR20170079961A (en) Method for detectiing similarity of software and apparatus therefor
Chao et al. An android application vulnerability mining method based on static and dynamic analysis
WO2015067170A1 (en) Method and system for analyzing android application program
Hamlen et al. Aspect-oriented runtime monitor certification
Riganelli et al. Controlling interactions with libraries in android apps through runtime enforcement
CN111291377A (en) Application vulnerability detection method and system
CN113836023A (en) Compiler security testing method based on system structure cross check

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14864745

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205N DATED 29/07/2016)

122 Ep: pct application non-entry in european phase

Ref document number: 14864745

Country of ref document: EP

Kind code of ref document: A1