1239 results about "Android application" patented technology

The invention provides a security detection method and system of an Android application program, aiming to solve the problems of an antivirus method of the existing Android platform that the scanning speed is slow and the false positive ratio is high. The method comprises the following steps of: scanning an Android installation package and extracting appointed characteristic information from the Android installation package; finding characteristic records which are matched with the appointed single characteristic information or a combination thereof from a pre-arranged security identification base, wherein the security identification base comprises the characteristic records and security grades corresponding to the characteristic records, and each characteristic record comprises single characteristic information or the combination of the characteristic information; and respectively displaying the security grade corresponding to the found characteristic records in a security detection result of the Android installation package. The security detection method and system of the Android application program disclosed by the invention have the advantages of fast scanning speed and high searching and killing accuracy.

The invention provides a security detection method and system of an Android application program, solving the problems of low scanning speed and high false alarm rate of the traditional virus killing method of an Android platform. The security detection method comprises the steps of: scanning an Android installation package, extracting appointed characteristic information from the Android installation package; uploading the appointed characteristic information to a server, searching a characteristic record matched with appointed single characteristic information or combination from a security identification base preset in the server; and receiving a security detection result returned by the server aiming at the Android installation package, and displaying on a client end user interface, wherein the security detection result includes a security level corresponding to the characteristic record searched by the server. The client end detection is combined with the server detection, thus the security detection method is high in scanning speed and high in killing accuracy rate.

The invention discloses an Android malicious application detection method and system based on multi-feature fusion. The method comprises the following steps that: carrying out decompilation on an Android application sample to obtain a decompilation file; extracting static features from the decompilation file; operating the Android application sample in an Android simulator to extract dynamic features; carrying out feature mapping on the static features and the dynamic features by the text Hash mapping part of a locality sensitive Hash algorithm, mapping to a low-dimensional feature space to obtain a fused feature vector; and on the basis of the fused feature vector, utilizing a machine learning classification algorithm to train to obtain a classifier, and utilizing the classifier to carry out classification detection. By use of the method, the high-dimensional feature analysis problem of a malicious code rare sample family can be solved, and detection accuracy is improved.

The invention discloses a malicious Android application program detection method, system and device. The method comprises the following steps of: imitating the execution of Android application programs by a server; matching sensitive characteristic information and sensitive date of system functions called by the Android application programs with sensitive characteristic information stored in a rule base, and marking variables of the matched system functions as sensitive data; and matching the functions containing the sensitive data with characteristic information of malicious acts stored in a malicious act detection rule base, and marking parameters of the matched functions as malicious acts. According to the technical scheme, the method, the system and the device can be used for detecting malicious Android application programs on the premise that manual analysis of characteristic codes is not relied on, thus alleviating the workload of technicians.

The invention discloses an android system-based application program backup and recovery method, which comprises the following steps of: analyzing data of a local loaded application program of a mobile terminal; generating an application program backup list according to the acquired analysis result of the loaded application program; and extracting the backup data of the selected application program according to the selection of a user in the application program backup list, and backing up the data to a storage device. By using the method, the android application program is subjected to mirror image transfer and used among different android mobile terminals, consistency of application and desktop configuration of two mobile terminals is ensured, the using habit of a user is continued, and the satisfaction of the user is improved.

An ANDROID application package (APK) file for an application is repackaged into a secured APK file to protect a Dalvik executable (DEX) file of the application. The DEX file is encrypted to generate an encrypted DEX file that is included in the secured APK file along with a stub DEX file. The secured APK file is received in a mobile computing device where the stub DEX file is started to start a wrapper Activity. The wrapper Activity replaces an APK class loader of a mobile operating system of the mobile computing device with a decryptor class loader. The decryptor class loader decrypts the encrypted DEX file to recover the DEX file, and loads classes of the DEX file into a Dalvik virtual machine. The original Activity of the application is then started to provide the functionality of the application in the mobile computing device.

The invention provides an android application program permanent Root permission acquiring method. The method includes the steps of editing operations where Root permission is needed, compiling the operations into an executable program document, containing the executable program document into an application program which is authorized through a one-time subscriber unit (su) program, copying the executable program document to a /system/bin directory, modifying an owner and a group of the executable program document to be a root, and setting the subscriber unit identification (suid) position. As a result, the executable program document can have the Root permission every time the executable program document is executed so as to prevent an authorized window from popping out again. Due to changes of requirements, the executable program document is likely to need upgrading. Therefore, the executable program document needs achieving a self-upgrading function so as to prevent the authorized window from popping out again when upgrading. The android application program permanent Root permission acquiring method executes various operations with the identification of the Root. Even if the application program is reinstalled and upgraded, the su program authorization operation does not need repeating again. Therefore, the android application program permanent Root permission acquiring method brings great convenience to users.

The invention discloses an Android application program risk assessment method based on dynamic monitoring, and belongs to the technical field of information safety. The method comprises the steps that firstly, monitoring codes are dynamically injected to a ServiceManager system process, and the aim of monitoring behaviors is achieved by monitoring an application service of an application program; then the risk grade of the application program is determined according to the behavior features of the application program, wherein the behavior features comprise whether a sensitivity operation is executed or not, whether operating is carried out in a background or not, whether operation frequency exceeds a certain threshold value or not and the like. The risk is divided into five grades, and meanwhile a white list and black list mechanism is set up to improve efficiency and accuracy. According to the method, maliciousness of unknown (malicious) software can be predicated, and potential safety hazards of an Android platform can be detected.

The behavior of an installed application within the Android device is modified. The program code is modified to allow a security application to load and run the application within its own context. The modified program code is repacked into a modified APK file, executed within the context of the security application. A component within a target application includes APIs for starting other components. These APIs are modified to use a new intent object which points to a proxy component. A modified target application is executed. The security application loads the target application into memory without installing it. The security application includes a component of each type and creates a proxy component instance for each component in the target application. A proxy component under control of the security application is created for each component within the target application. The target application is executed under the control of the security application.

The invention is applicable to the technical field of communication and provides an Android-based application program upgrading method, an Android-based application program upgrading system and an application development platform. The method comprises the following steps of: releasing a corresponding difference packet from a terminal according to different attributes; and downloading and installing a difference packet matched with the attribute of the terminal through the terminal. In the process of upgrading an application program, difference packets of the application program corresponding to the terminal with different attributes can be rapidly released, namely that the same application program adapts to the terminal with different attributes can be met, while whole application development and release of different versions are not needed to be performed. Moreover, the terminal can upgrade the installed application program only by downloading and installing the difference packet without downloading and installing the whole application program of related versions. Therefore, the Android application program can be efficiently and conveniently upgraded at low cost.

The invention discloses an Android application strengthening method based on dynamic execution of dex and so files. Through an encryption method, key codes of an Android application are strengthened such that codes of the Android application are protected. The strengthening method comprises an encryption process and a decryption process and comprises following steps: strengthening key codes of the Android application during the encryption process; and decrypting when dynamic execution of the Android application. The Android application strengthening method based on dynamic execution of dex and so files has following beneficial effects: the C++ language is utilized for writing core dex decryption functions so that difficulty in decompilation is increased and the dex decryption functions are present in the form of a dynamic link library and encrypted; compared with the method of core dex dual encryption, key codes of the dynamic link library are encrypted and a JNI calling mechanism is removed during encryption; therefore, plaintext so files encrypted during encryption do not exist in a hard disk and stored in a memory; and the Android application strengthening method is higher in safety.

The invention discloses an Android platform malicious application detection method and device based on deep learning. The method comprises the first step of extracting Android application original installation files, the second step of extracting Android application installation operating features, the third step of setting up an Android application deep learning model and the fourth step of recognizing Android normal applications and Android malicious applications.

The invention discloses a static taint analysis and symbolic execution-based Android application vulnerability discovery method, and mainly aims at solving the problems that the analysis range is fixed, the memory consumption is huge and the analysis result is mistakenly reported in the process of discovering vulnerabilities by using the existing static taint analysis method. The method is realized through the following steps of: 1) configuring an analysis target and decompiling a program source code; 2) carrying out control flow analysis on the decompilation result; 3) selecting a source function by a user according to the control flow analysis result, so as to narrow an analysis target; 4) carrying out data flow analysis according to the control flow analysis result, so as to generate a vulnerability path; and 5) filtering the data flow analysis result by adoption of a static symbolic execution technology, taking the residual parts after the filtration as discovered vulnerabilities, warning the user and printing the vulnerability path. On the basis of the existing static taint analysis technology, the method disclosed by the invention has the advantages of extending the vulnerability discovery range, decreasing the memory consumption of vulnerability discovery and improving the accuracy of vulnerability discovery results, and can be applied to the discovery and research of Android application program vulnerabilities.

The invention provides an Android application vulnerability detection method which comprises the following steps: 1, judging whether a privacy leakage vulnerability possibly exists or not by virtue of analyzing Content Provider interface characteristics of a to-be-detected Android application; 2, if the privacy leakage vulnerability possibly exists, performing an SQL (Structured Query Lanaguge) injection vulnerability test and a path traversal vulnerability test on a public accessible URI (Uniform Resource Identifier) of the to-be-detected Android application which possibly has the privacy leakage vulnerability by virtue of monitoring a related API (Application Program Interface) function in an Android system, and then detecting passive data leakage safety risks. The invention also provides an Android application vulnerability detection system. The method and the system can be used for rapidly discovering privacy leakage and data pollution vulnerabilities possibly existing in the Android application, avoiding misdeclaration, and providing a powerful support for discovering the privacy leakage and data pollution vulnerabilities in the Android application on a large scale.

The invention discloses an application not responding positioning system and method, and relates to the technical field of networks. The application not responding positioning system includes a plugging module which is used for plugging an application not responding positioning tool in an Android application source program, compiling and packing the plugged application source program, and then sending the packed application source program to a mobile client. The application not responding positioning tool includes: a preset module for predetermining the time threshold of application not responding before an application runs; a monitoring module which is used for monitoring the page refreshing time length while the application runs, and sending an application not responding alarm while the page refreshing time length exceeds the time threshold; and a recording module which is used for acquiring and recording the application not responding alarm, and recording relative operation records of the application and the mobile client within certain time before the application not responding alarm is sent. The application not responding positioning system and method can rapidly and accurately position the root of application not responding, can help a developer to perform further analysis and improvement on defects of the application, can improve the development efficiency of the application, and can reduce the development cost.

The invention provides a static analysis method and a static analysis device for an Android application program and relates to the technical field of security detection. The static analysis method includes: S1, unzipping an application program to be detected to obtain a Smali file; S2, traversing the Smali file to acquire a source code information and structuring a control flow diagram and a data flow diagram of the source code information; S3, traversing the control flow diagram and the data flow diagram according to a malicious behavior judging engine to respectively match an API (application program interface) of the application program with another API in a predefined malicious behavior library and marking the successfully matched API of the application program as the malicious behavior API; S4, calculating the malicious measuring value of the application program to be detected; S5, matching the malicious measuring value with a predefined malicious degree index to acquire risk level of the application program to be detected. Through behavior analysis and comprehensive judgment of combined rules, misjudgment rate of virus detection upon the Android application program can be reduced.

The invention discloses a privacy leaking detecting method and system for android application network communication. The method comprises the following steps: crawling android application to be detected, and building an application set to be detected; building a main-in-the-middle attack server; initializing each tester environment; arranging a multi-tester distributive running scheduling system; analyzing APK files of the application to be detected; installing the application program corresponding to the APK file, and driving the application program to run; analyzing a log file created by the Burp Suite, and acquiring the application set with SSL man-in-the-middle attack; analyzing a network data pack file created in the running process of the collected application program; recognizing the privacy leaking type of the network data pack file according to the application set with the SSL man-in-the-middle attack. The method is flexible to use, and automatic in the whole process; the android system and the android application program structure are not modified; the privacy leaking behavior of the android application in the network communication process can be safely and accurately detected.

The invention belongs to the field of computer basic software and relates to an Android running environment realization method based on a non-virtualized system architecture. According to the method,an Android running environment is constructed on an existing Linux kernel and recorded as xDroid, and an Android application framework and an Android running time library are migrated to a standard Linux kernel. The xDroid does not need the virtualization technology but stands from a basic library and a basic running mechanism provided by a desktop operating system kernel, an Android bottom running supporting library needed for Android application running is realized layer by layer from bottom to top, then efficient migration of the Android running time library is realized, and the Android running environment is realized on a desktop operating system platform. Compared with a virtualization-based technology, ecological complete fusion of desktop applications and Android applications is realized in a true sense through the xDroid, and the applications are high in starting speed and high in performance; and meanwhile realization is based on different platforms, so that cross-platform running is easy to realize.

The invention discloses an implementation method of a version management tool for Android application development. The whole version management process of modifying an encapsulation version number, updating a local code, compiling the current project, submitting the local code and adding version description information can be completed by adopting one key operation, thus an interactive interface is realized. Compared with the traditional operation method, the method provided by the invention has the advantages that the whole process can be completed by means of one key operation, operating steps of SVN (subversion) are simplified, and the version number of an Android project and the version number of the SVN can be ensured to be consistent; and meanwhile an Eclipse plug-in form is adoptedfor release, the complete integration with an Android application development environment can be realized, the good interactive interface is realized, the working efficiency of a developer is improved, and the cost is reduced.

The invention discloses a method for protecting an application program of an Android system. By using a local transfer interface and a secure virtual machine, a key code of the application program of the Android system is seamlessly transplanted to a security environment to operate, so that the difficulty in decompiling and tracking can be greatly improved, and the method has a great practical value.