Universal method and universal system for performing safety testing on Android application programs

A technology for security testing and application programs, applied in the field of information security, can solve the problems of increasing the difficulty of program cracking and reverse engineering, program security loopholes and vulnerability testing, evaluation, discovery and utilization, etc. Small false negative rate, reduced false positive rate, accurate information leakage effect

Inactive Publication Date: 2015-04-01
SHANGHAI JIAO TONG UNIV +1
View PDF5 Cites 66 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this technology implements strong protection on the original code to increase the difficulty of the program being cracked and reversed, but it does not essentially test and evaluate the security loopholes and vulnerabilities of the program, but only allows potential loopholes that may exist to be discovered and more difficult to use

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Universal method and universal system for performing safety testing on Android application programs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] like figure 1 As shown, this embodiment includes the following steps:

[0039] 1) Unpack and decompile the program to be tested: use reverse tools such as apktool or jeb to decompile the dex code and decode the manifest.xml configuration file of Android,

[0040] 2) For the code obtained by decompilation and the configuration file obtained by decoding, use the static analysis method to perform security detection in four aspects:

[0041] 2.1) Component exposure: scan the components in the manifest file, if the exported attribute is set to true, if exported is not set and has intent-filtered, if exported is not set, and the provider whose sdkversion is set to be less than or equal to 16, it means that the component is exposed.

[0042] 2.2) Misuse of cryptography: Define a set of cryptography usage standards, such as the IV of CBC encryption mode must be random, ECB encryption mode should not be used, etc., and find a series of encryption in Java by scanning the source ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a universal method and a universal system for performing safety testing on Android application programs. The universal method comprises the following steps of unpacking and decompiling a to-be-tested program to obtain an XML (extensive markup language) source code; then, through static analysis on configuration files and the code of the to-be-tested program, performing vulnerability detection and safety testing on the aspects of component exposed vulnerability, cryptology misuse, webview code execution vulnerability and code protection; then, performing actual running on the to-be-tested program, and configuring a network detection environment; finally, performing dynamic analysis, and performing dynamic vulnerability detection and the safety testing on three aspects of information leakage, data transmission safety and data storage safety, thus obtaining a vulnerability detection and safety testing report. According to the universal method and the universal system disclosed by the invention, by performing a static analysis and dynamic analysis combination mode on an optional Android application program and through a series of steps of detection and estimation, safety flaws and potential safety hazards existing in the aspects of design and implementation of the application program can be finally given out.

Description

technical field [0001] The present invention relates to a technology in the field of information security, and relates to a method and system for testing the security of an Android application program. Background technique [0002] With the development of the mobile Internet and the popularization of smart devices, various applications based on the Android system have grown explosively. Followed by the increase in the security issues of the Android application itself. Due to the uneven level of Android application developers, developers do not have uniform coding standard requirements, the developers' own security awareness is relatively weak, and the endless 0day vulnerabilities of the Android platform itself will lead to various Android applications. Vulnerabilities and vulnerability to various attacks. [0003] On the one hand, Android applications need to process various data from users. For example, banking applications need to process sensitive information related to...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 张媛媛杨文博束骏亮李卷孺谷大武
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap