信息安全研究 ›› 2017, Vol. 3 ›› Issue (2): 139-144.

• 学术论文 • 上一篇    下一篇

Android应用权限检测技术研究

雷磊   

  1. 四川大学
  • 收稿日期:2017-02-20 出版日期:2017-02-15 发布日期:2017-02-20
  • 通讯作者: 雷磊
  • 作者简介:雷磊 硕士研究生,主要研究方向为恶意代码检测.

Research on Android Application Permission Monitor

  • Received:2017-02-20 Online:2017-02-15 Published:2017-02-20

摘要: 随着近年来移动互联网的快速兴起,智能手机,特别是基于Android系统的智能手机极速崛起.Android系统问题日益突出,Android系统虽然提供较完整的安全机制,但其“AllOrNone”的应用授权模式以及应用一旦安装,用户就无法更改其权限,这一权限管理模式存在安全隐患.为此,提出一种基于静态权限分析,并通过重打包注入代码的方法,实现对目标应用敏感权限的实时监控.实验证明,该方法能对权限的使用进行有效监控.

关键词: 安卓, 恶意应用, 静态分析, 重打包, 权限监控

Abstract: With the rapid rise of mobile Internet in recent years, smart phones, especially based on Android system, also developed rapidly. The issues of Android system become increasingly prominent. Though Android system provides a relatively complete security mechanism, its “AllOrNone” application authorization mode, as well as the permission management mode in which users cannot change their permissions after the application is installed, exists security risks. Therefore, this paper proposed a method based on the static permission analysis and code injection method, to achieve the target for realtime monitoring of sensitive permission. Experiments show that this method can effectively monitor the use of permissions.

Key words: Android, malicious application, static analysis, repackage, permission monitor