Apk security risk automatic static auditing system and method

Abstract

The invention provides an Apk security risk automatic static auditing system and method. The method comprises the steps that S101, an AndroidManifest.xml file, a classes.dex file and a resource file of an Apk are decompiled, and a basic function call graph is generated according to Dalvik byte codes and the AndroidManifest.xml file; S102, an asynchronous call function and a life cycle relevant function in an Android bank are both added into the basic function call graph to obtain a spread function call graph; S103, code paths in the spread function call graph are filtered to obtain a suspicious path set containing possible taint data propagation behaviors; and S104, a taint analyzer performs simulation execution on a byte code instruction of a function of each suspicious path in the suspicious path set, taint analysis is performed based on a memory object model, and taint data information and a taint data propagation behavior are accurately detected. Through the Apk security risk automatic static auditing system and method, security auditing analysis can be performed on an Apk application comprehensively, quickly and effectively, and high practicability is achieved.

Description

Technical field [0001] The invention relates to the technical field of mobile information security, in particular to an Apk security risk automated static audit system and method. Background technique [0002] With the development of the mobile Internet, more and more attention has been paid to the security of mobile terminals. In particular, the rapid development of the Android system has made the Android platform gradually become the world's largest mobile terminal platform. Its products cover set-top boxes, mobile phones, tablets, and various smart terminals, which affect people's lives from all angles. Moreover, the functions of these smart terminals are becoming more powerful, including voice calls, data services, and NFC near field communication. Android smart terminals have penetrated deeply into each of our lives, including payment services, life services, map services, entertainment services, personal information services and so on. In this case, the number of users of...

AI Technical Summary

Problems solved by technology

On the one hand, this review method needs to rely on the operating system log module and APP operation logs. The log information volume is large and there are too many redundant information. Therefore, a large number of complex analysis work is required to correctly analyze the malicious behavior of the APP. , this method also cannot audit the standardization of the code

On the other hand, it is necessary to run or simulate running the APP for a relatively long period of time to collect enough logs to audit the behavior of the APP in a more comprehensive way. Only in the running stage can the security problems of the APP be found. The audit granularity of the audit system is not fine enough. Inadequacies in audit security and flexibility

Images