In order to reduce the variety of security issues of Android application components widespread in the third markets, the article analyzed the cause of this issues at first, and then proposed a detection method by static detecting the attribute information of four components and sensitive Java system services APIs (Application Programming Interface) in Android application, perform static executable path detection to detect security risks that might exist from components entry function to services APIs in the Android application components by constructing a function calling graph. The system mainly use decompile, XML (extensible markup language) file parsing and regular expression matching techniques to obtain information about the application's components and sensitive APIs. Experimental results show the feasibility and effectiveness of this system.%针对当前Android系统第三方应用程序组件中普遍存在的各种安全问题,分析了引起这种问题的原因。提出了一种基于静态分析Android应用程序中四种组件的属性信息和Java系统服务中的敏感API(Application Programming Interface)调用信息,通过构建Android应用程序的函数调用关系图,检测组件入口函数和和敏感API之间可能存在的不安全的静态可执行路径。该方案主要利用反编译、XML(extensible markup language)文件解析和正则表达式匹配技术以获取应用程序的组件和敏感API的调用信息。实验结果表明了该方案的可行性和有效性。
展开▼
