| With the rapid development of mobile Internet, more and more people start using mobile devices for work, study, entertainment activities and so on. Smart devices have been inextricably linked with people’s lives. Among these devices, android system has become the worldwide most extensively influential operating system and holds the largest market share due to its open-source. However, because of supervision and review, there are a lot of malicious software which are downloaded to install on users’ devices and threaten their privacy and property safe in android application market. Thus, android applications needs audit analysis to detect malicious behavior.Reverse engineering technology is used to analyze the login process for Skype both in java layer on android platform. To know the process in java layer, the position of the key function is located by code positioning technology. Function calls are tracked and member variables can be viewed during the login process by using IDA to debug dex file.In order to track function calls in library file, the so file is reversed and analyzed. Through the static analysis and dynamic debug, find out how to handle the user name and password. A brief assessment is given for sensitive data to find out if the password can leak out.Then, make an audit analysis of the whole security for the application. It is found that the application does not verify the integrity itself through re-packing, which is easy to inject malicious code. The use of HTTPS protocol is found to exist a vulnerability of man-in-the-middle attacks during analysis of the decompiled source code, which an attacker can make use of to collect sensitive data. Meanwhile, the results show that the audio codec which Skype uses is silk codec during the debug and analysis of the process of voice call. |
PDF Full Text Request