Research On Android Application Reinforcement To Prevent Forged Login

While the openness of the Android system makes it develop rapidly,it brings many problems.Now there are many Android malicious applications hidden in various third-party application markets,these malicious applications have the behavior of stealing application key data.Attackers can use this data to fake logins on other Android devices,they can use the fake login application to control the smart devices in the user’s home and view the user’s consumption records and other malicious behaviors.Although there are many Android application reinforcement technologies and repackaged application detection technologies to prevent malicious applications from entering the market,there are still few application reinforcement solutions that can avoid the risk of forged logins after key application data has been lost.After the data has been lost,the research on Android application reinforcement that can still detect fake login has important research significance.The main researches in this thesis include:(1)According to the requirement of efficient and safe self-detection of forged login risks for applications,this thesis designs a candidate branch search module and a reinforcement code generation module,these modules widely insert the code for forgery login detection into candidate branches for execution.To improve the security of the hardened code,a hardened code protection module and a hardened code embedded packaging module are designed,these modules extract the hardened code and candidate branch code into separate files for protection.(2)First,a method for detecting fake login in Android applications based on multiple environmental parameters is proposed,which uses the changes of environment parameters during application runtime to determine whether fake login occurs,this thesis also proposes a code protection method based on function extraction and dynamic recovery,this method can extract and hide the functions in the code,and restore them dynamically when loading.Finally,the reinforced application is tested from four aspects: extra performance consumed,feasibility,security,and effectiveness.(3)This thesis implements the code for each module of the Android application reinforcement system to prevent fake login,and tested the system function.The test results show that the system can meet the needs of developers for fake login detection,and it has a certain anti-reverse ability.