Research On New Technology And Security Of Application Protection Based On Android Platform

With the development of information technology and the popularization of smart devices,the Android system is supported by many mobile phone device manufacturers and application developers because it uses Linux kernel and Android system is open source.The Android App has become the most frequently object used by users.Apps with different functions such as social software and mobile payment give users more choices in communication and payment methods,and also bring more security threats.Due to the fragmentation of the Android system and the diversification of application release channels,the security of Android applications is difficult to guarantee.A large number of attackers perform various reverse analysis and tampering on Android applications through decompilation,repacking,and code injection,resulting in developers' core algorithms or code logic being cracked or embedded in malicious code.Therefore,an effective protection scheme based on the Android platform is needed to resist these security threats.In this paper,based on the security threats faced by Android platform applications,the application protection scheme is studied on the basis of the Android application program structure.To protect these two types of files,this article proposes a DEX file protection scheme based on virtual machine protection(VMP)and a control Stream Integrity(CFI)Dynamic Link Library SO File Protection Scheme because the code of the Android platform App will be compiled into DEX file and dynamic link library SO file and provide security for applications by protecting these two files that store developer code logic.The main work of the paper is as follows:1.This paper analyzes the current security mechanism of Android platform and the security threats faced by applications.According to the architecture of Android,the security mechanism is analyzed and the security threats of Android platform applications are proposed.From the perspective of attackers,this paper analyzes the current popular reverse analysis,attack methods,and the security threats of local code according to the characteristics of the native layer.2.We design and implement a DEX file protection scheme based on the virtual machine protection technology VMP for the executable file DEX in the Android application.We design a custom virtual machine by referring to the working principle of Dalvik virtual machine to interpret Dalvik byte-code for Java functions and provide a more fine-grained protection scheme with function as the granularity.3.For the dynamic link library file SO in the Android application,the SO file protection scheme based on the control-flow integrity technology CFI is designed and implemented.We construct a legal control flow graph by extracting the transfer function of the original function control flow and analyze characteristics of ARM architecture jump instructions to perform fine-grained integrity checks on control-flow.