| In order to provide a customized execution environment for applications,the developer proposes the Android Security Container,an application that can provide a virtual execution environment for other applications.However,there are still many security problems in common security containers,including applications attacking each other,unauthorized attacks,and leakage of user privacy data.In order to solve the security problems of Android security containers,this paper proposes a privacy protection container with application reinforcement and permission control functions.When the application is imported and installed,the application code is reinforced and protected,and the application is verified and decrypted when the application is started,so as to protect the application source code from being attacked and cracked.At the same time,a permission isolation mechanism is introduced into the container to control the interfaces that are easy to spread private data such as network and external storage access,which strengthens the security of private data in the container.The main work of this thesis is as follows:(1)The Android security container that provides virtual execution environment for applications is designed and implemented.By learning the principle of Android application plug-in framework,Framework layer proxy technology and Hook technology,etc.,we designed and implemented a secure container that can run common applications,in which the application execution environment can be customized and modified according to needs easily.(2)The application reinforcement system that can run on Android system is designed and implemented.Ported reverse analysis tools such as Apktool from the desktop system to the Android system,and designed a set of application reinforcement systems that can run on the Android system to protect applications from three aspects:dex file protection,shared library file protection,and application anti-debugging.The reinforcement system is moved into the security container,so that the application can be reinforced in the container,and the security of the application in the security container is enhanced.(3)Privacy-related permission control functions are added to the secure container.In the application startup phase,according to the user’s authorization of the application,it is possible to choose whether to use the Hook technology to intercept the data transmission interface of the system to control the application’s permission to transmit information,so as to realize the permission separation and control of the application in the container.The permission control function prevents applications in the container from unauthorized attacks or leaks user privacy,and strengthens the security of private data in the container. |
PDF Full Text Request