Unlock instant, AI-driven research and patent intelligence for your innovation.

Static analysis method for detecting security vulnerabilities of Android hybrid app

A static analysis and hybrid technology, applied in computer security devices, network data retrieval, and other database retrieval, etc., can solve problems such as malicious advertisement loading, leakage of user sensitive information, phishing attacks, etc., and achieve enhanced risk detection capabilities and semantic analysis Comprehensive, taint analysis-accurate results

Pending Publication Date: 2022-03-08
SHANGHAI JIAO TONG UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, the interaction mechanism between Native and WebView is very complicated, and it is easy to cause various security problems in Android applications, such as leakage of user sensitive information, phishing attacks, malicious advertisement loading, etc.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Static analysis method for detecting security vulnerabilities of Android hybrid app
  • Static analysis method for detecting security vulnerabilities of Android hybrid app
  • Static analysis method for detecting security vulnerabilities of Android hybrid app

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] The following describes several preferred embodiments of the present invention with reference to the accompanying drawings, so as to make the technical content clearer and easier to understand. The present invention can be embodied in many different forms of embodiments, and the protection scope of the present invention is not limited to the embodiments mentioned herein.

[0041]In the drawings, components with the same structure are denoted by the same numerals, and components with similar structures or functions are denoted by similar numerals. The size and thickness of each component shown in the drawings are shown arbitrarily, and the present invention does not limit the size and thickness of each component. In order to make the illustration clearer, the thickness of parts is appropriately exaggerated in some places in the drawings.

[0042] figure 1 It is a method flowchart of a preferred embodiment of the present invention. In one embodiment of the present inve...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a static analysis method for detecting security vulnerabilities of an Android hybrid app, and relates to the field of information security detection, comprising the following steps: disassembling an apk; performing configuration detection on the obtained jimple code; performing semantic analysis on the js bridge, and extracting a js bridge method; analyzing dangerous calling of a js side, replacing a webview module, covering and loading an h5url method, injecting a js bridge method and a sink method into the method, and inputting the repackaged app into the flowAndroid for analysis; an h5 page is pulled to generate an abstract language tree, and a jsbridge method on the js side is positioned on a js code; carrying out fuzzy testing on a jsbridge method in the h5 page by using selenium; and summarizing analysis results. The method can accurately detect security vulnerabilities.

Description

technical field [0001] The invention relates to the field of information security detection, in particular to a static analysis method for detecting security loopholes of an Android hybrid app. Background technique [0002] With the development of the mobile Internet, the demand for Android Apps is becoming stronger and stronger. Android developers distribute a large number of Android Apps on Google Play and Huawei App Market for users to use to complete different operating functions. Currently, Android applications are mainly divided into three categories: native apps, web apps, and hybrid apps. Native app is based on the Android operating system and developed in native language. It can directly access resources, such as camera, address book and other data, with the help of the operating system, and it runs smoothly, but it has higher requirements for developers and requires users to go to App market download and install. Web app is an application program developed using ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/57G06F8/41G06F8/53G06F16/955
CPCG06F21/563G06F21/577G06F8/436G06F8/53G06F16/955
Inventor 吴越赖敬之邹福泰
Owner SHANGHAI JIAO TONG UNIV