| The Android system provides measures such as file access control,security sandbox,permission mechanism,and application signature mechanism to protect the security of the system and applications.However,the Android system still exposes serious problems such as permission mechanism loopholes and privacy information leakage.One of the reasons for these security problems is that the components of Android applications are not properly configured.Although the component configuration elements have been described in the official Android documentation,these natural language descriptions have uncertainty and ambiguity,which will cause some deviations in developers’ understanding,which may cause developers to improperly configure the application,and then Create security holes.Therefore,the identification and exploration of the semantics of Android App component configuration elements and the relationship between each element are of great significance for ensuring application security.The main research contents are as follows:(1)Aiming at the problem of vague semantics in some component configuration descriptions in Android official documents,construct test cases with fuzz testing and combined testing methods,and clarify the meaning of these configuration items by analyzing the results of the use cases.The order predicate logic describes the semantics of these configuration items and forms of several formal configuration rules for designers and developers to use,thereby reducing design loopholes.(2)To show the App security problems caused by the vulnerabilities in the configuration,taking three typical task hijacking attacks as examples,the vulnerabilities in the configuration are studied,and five groups of instances are implemented,including phishing attacks(2 groups).Examples),spoofing attacks(1 group of examples),ransomware App(2 groups of examples),reproduced several hijacking attack processes caused by configuration,exemplified the key role of configuration on vulnerability discovery,and gave mitigations for such Security Guidelines for Attacks.(3)Based on the above configuration rules and configuration vulnerabilities related to hijacking attacks,a security check method for Android App configuration is proposed,and an Android App configuration security detection tool is designed and developed,including a reverse analysis module,component information analysis Module,log output module three modules.Experiments are carried out using the CICMalDroid 2020 public dataset and apps downloaded from major app vendors to demonstrate the effectiveness of the tool.The tool is further compared with the configuration security detection in the existing mature tool MobSF.The results show that the tool can additionally detect the possible security vulnerabilities caused by configuration items such as launchMode,allowTaskReparenting,taskAffinity,etc.,forming a useful extension and supplement to MobSF. |
PDF Full Text Request