CN104732146A - Android program bug detection method and system - Google Patents
Android program bug detection method and system Download PDFInfo
- Publication number
- CN104732146A CN104732146A CN201510158271.4A CN201510158271A CN104732146A CN 104732146 A CN104732146 A CN 104732146A CN 201510158271 A CN201510158271 A CN 201510158271A CN 104732146 A CN104732146 A CN 104732146A
- Authority
- CN
- China
- Prior art keywords
- class
- android program
- android
- program
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention provides an Android program bug detection method and system. The Android program bug detection system is applied to the Android program development, and comprises a program bug detection module, and the program bug detection module is used for obtaining Android Manifest.xml of an Android program for analysis and determining the module composition and the inherit class relationship of the Android program; the inherit class is detected, and when it is detected that an interface of the inherit class does not meet the corresponding interface encoding specification, a user is prompted that class interface bugs exist in the inherit class. According to the Android program bug detection method and system, based on a prototype that software coding errors will cause safety bugs of system software, a corresponding program bug detection scheme is constructed, and the program bugs caused by nonstandard programs can be detected.
Description
Technical field
The present invention relates to a kind of computer technology, particularly relate to a kind of Android program leak detection method and system.
Background technology
Along with day by day universal in people's life of internet and intelligent mobile terminal, mobile security problem and potential safety hazard are also thereupon more and more serious.The event that the current malicious code of implantation on mobile terminals carries out the network crime shows a rising trend, and the user of mobile terminal is facing unprecedented security risk.Especially the smart mobile phone of android system, based on the increasing income property of source code, the risk that the application program of its exploitation exists enjoys people to pay close attention to especially.
In order to detect potential safety hazard existing in application program, many Android program leak detection methods are there is, mainly by carrying out static analysis to the Dalvik bytecode after the decompiling of Android application program.Android program leak detection method specifically comprises: 1, adopts orecontrolling factor flow graph (CFG, Control Flow Graph) technology, in addition in conjunction with the technology of some static stain analyses or data-flow analysis to improve the accuracy rate of detection.Trace routine determines possible execution route by setting up controlling stream graph to the Dalvik bytecode after the decompiling of Android application program, then adopts data stream analysis techniques above result to be simplified further to the path collection obtaining triggering authority leakage.2, Java source code static analysis after trace routine decompiling, Android the component list that doubtful authority is revealed is extracted from Manifest file, then from the java applet entrance that each assembly is corresponding, CFG is constructed, simultaneously in conjunction with static stain analytical technology, locate the system call point causing authority to be revealed.3, privacy leakage in being applied by Android and data contamination leak, carry out static analysis to the Java source code after decompiling, generating function calling graph and program control flowchart, the program of SQLite database manipulation function performs stream, determines the application that there is leak.4, by analyzing the Content Provider interface characteristics that Android to be detected applies, judge whether it may exist privacy leakage leak; If possible exist, for the Android application to be detected that may there is privacy leakage leak, by the monitoring to api function relevant in android system, the test of SQL injection loophole and the test of traversal path leak are carried out to the URI that openly may have access to that Android to be detected applies, detects passive leaking data security risk.These methods are all the static detection methods after compiling of application, and for the Android application program of writing, leak wherein is just present in before this program compilation.If these leaks can just be detected before compiling, the workload of Hole Detection can not only be reduced, find faster and eliminate leak, and it also avoid existing leak detection method to Java decompiling instrument accurately and the dependence of integrality.
Given this, the method and system how finding a kind of Android program of the Java of not relying on decompiling instrument to detect leak just become those skilled in the art's problem demanding prompt solution.
Summary of the invention
The shortcoming of prior art in view of the above, the object of the present invention is to provide a kind of Android program leak detection method and system, for solve Android program in prior art detect leak method usually need depend on Java decompiling instrument problem.
For achieving the above object and other relevant objects, the invention provides a kind of Android program leak detection method, described Android program leak detection method comprises: resolve the AndroidManifest.xml of Android program, determines that the assembly of described Android program is formed and derived class relation; Described derived class being detected, when detecting that the interface of described derived class does not meet corresponding interface coding criterion, then reminding described derived class to there is class interface leak.
Alternatively, described Android program leak detection method also comprises: when detecting that described assembly is made up of uneasy universal class, reminds described assembly to there are class security breaches.
Alternatively, described Android program leak detection method also comprises: there are class security breaches to described prompting to described assembly and process, described process comprises: revise described assembly, again carries out Hole Detection to described assembly.
Alternatively, described Android program leak detection method also comprises: there is class interface leak to the described derived class of described prompting and process, described process comprises: revise described class interface coding, again carry out Hole Detection to described derived class interface.
Alternatively, described interface coding criterion comprises: limit the accessibility of class interface member.
Alternatively, described Android program leak detection method also comprises: build corresponding bug detection class and realize described Android program Hole Detection.
The invention provides a kind of Android program leakage location, be applied in Android program exploitation, described Android program leakage location comprises: bug detecting module, AndroidManifest.xml for obtaining Android program resolves, and determines that the assembly of described Android program is formed and derived class relation; Described derived class being detected, when detecting that the interface of described derived class does not meet corresponding interface coding criterion, then reminding described derived class to there is class interface leak.
Alternatively, described bug detecting module also for: described assembly being detected, when detecting that described assembly is made up of uneasy universal class, reminding described assembly to there are class security breaches.
Alternatively, described Android program leakage location also comprises bug processing module, modifies for there are class security breaches to described assembly.
Alternatively, described Android program leakage location also comprises bug processing module, modifies for there is class interface leak to described derived class.
Alternatively, described interface coding criterion comprises: limit the addressable authority of class interface member.
Alternatively, the function of described bug detecting module realizes by building corresponding bug detection class.
As mentioned above, Android program leak detection method of the present invention and system, there is following beneficial effect: before Android application program does not also generate corresponding APK program and program also before formal compiling, not the security mechanism for java language itself, but a kind of safety standard set review mechanism of application programs and source code.Provide powerful support for for finding in Android application that privacy leakage and data class security breaches provide as early as possible.When also not compiling, time namely application program does not also generate APK, depth scan is carried out to the code of programmer, the code lack of standardization of discovery procedure person's coding, and corresponding authority mechanism is carried out from review mechanism.Technical scheme of the present invention does not rely on accuracy and the integrality of Java decompiling instrument, simultaneously not by the impact of this behavioral characteristics polymorphic of Java yet.
Accompanying drawing explanation
Fig. 1 is shown as the schematic flow sheet of an embodiment of Android program leak detection method of the present invention.
Fig. 2 is shown as the schematic flow sheet of an embodiment of Android program leak detection method of the present invention.
Fig. 3 is shown as the module diagram of an embodiment of Android program leakage location of the present invention.
Element numbers explanation
1 Android program leakage location
11 bug detecting modules
12 bug processing modules
S1 ~ S2 step
Embodiment
Below by way of specific instantiation, embodiments of the present invention are described, those skilled in the art the content disclosed by this instructions can understand other advantages of the present invention and effect easily.The present invention can also be implemented or be applied by embodiments different in addition, and the every details in this instructions also can based on different viewpoints and application, carries out various modification or change not deviating under spirit of the present invention.
It should be noted that, the diagram provided in the present embodiment only illustrates basic conception of the present invention in a schematic way, then only the assembly relevant with the present invention is shown in graphic but not component count, shape and size when implementing according to reality is drawn, it is actual when implementing, and the kenel of each assembly, quantity and ratio can be a kind of change arbitrarily, and its assembly layout kenel also may be more complicated.
The invention provides a kind of Android program leak detection method.In one embodiment, as shown in Figure 1, described Android program leak detection method comprises:
Step S1, resolves the AndroidManifest.xml of Android program, determines that the assembly of described Android program is formed and derived class relation.In one embodiment, movable component <activity></acti vity> is had in the assembly of AndroidManifest.xml, service receiver <receiver></rece iver> serviced component <service></servi ce> etc., the class that these assemblies comprise, represent corresponding class
From the service that this receives, basic class be ClearService after system start-up, after program loads, ClearService removes service class, other classes corresponding can be called, program class is certainly or by combination after all, or can see which class application loads by inheriting the mode quoted.These have certain adduction relationship in virtual machine, and this class ClearService refer to here:
import android.app.Service;
import android.content.Context;
import android.content.Intent;
import android.os.IBinder;
import android.text.TextUtils;
import android.util.Log;
And these classes, the physical layer interfaces such as basic JAVA can be called again by inheritance.Such class one deck calls one deck, will demonstrate the call relation of class.If bad class adds to come in, be the call relation being difficult to the class being fused to ecosystem class certainly, namely he does not know how ecosystem class is called on earth, and bad behavior class only can call its behavior class of writing.
Step S2, detects described derived class, when detecting that the interface of described derived class does not meet corresponding interface coding criterion, then reminds described derived class to there is class interface leak.Described interface coding criterion comprises: limit the accessibility of class interface member.In one embodiment, described Android program leak detection method also comprises: there are class security breaches to described prompting to described assembly and process, described process comprises: revise described assembly, again carries out Hole Detection to described assembly.
In one embodiment, described Android program leak detection method also comprises: detect described assembly, when detecting that described assembly is made up of uneasy universal class, reminds described assembly to there are class security breaches.In one embodiment, described Android program leak detection method also comprises: there is class interface leak to the described derived class of described prompting and process, described process comprises: revise described class interface coding, again carry out Hole Detection to described derived class interface.
In one embodiment, described Android program leak detection method also comprises: build corresponding bug detection class and realize described Android program Hole Detection.Particularly, described Android program leak detection method is by building corresponding bug detection class, realizes described Android program Hole Detection in described bug detection class.
In one embodiment, as shown in Figure 2, described Android program leak detection method comprises: step 1, read Android application program, described Android application program refers to APK (AndroidPackage, Android installation kit) program, or APK source code.Step 2, resolves Android application program, starts to resolve the AndroidManifest.xml basic configuration table of Android application program.Time program loads, this table very first time corresponding is loaded in virtual machine, thus can confirm which assembly is an APK program have, and just independently can analyze these assemblies.Step 3, resolves the Activity of an Android application program, the associated components such as Service, Broadcast, Receive, Provider.The assembly of corresponding program just can be found to be made up of which, thus can the relation integration of constructor, and derived class relation.Step 4, by analyzing the adduction relationship of corresponding Android component code.Thus can judge that corresponding assembly is quoted and whether derive from unsafe class, if there is corresponding assembly to have problem, system jumps to step 5.Step 5, corresponding Android assembly of modifying, automatically enters auditing system to amendment rear section simultaneously, re-executes step 4.Step 6, if do not find that corresponding andorid assembly is quoted, and the interface of class imports more safely.System is called corresponding coding criterion storehouse, sees and whether meets corresponding standard code standard (i.e. interface coding criterion), jump to step 7 if do not met.Here coding criterion storehouse is not that java traditional accordingly writes coding criterion standard, but a kind of specification of Aulomatizeted Detect.The specification of Aulomatizeted Detect, namely when carrying out system development, each different program language, there are its grammer and semantic and corresponding compiling system, after program is write as code, be that the language that corresponding program will be converted into corresponding computing machine understanding goes to perform certainly when running, but program is the fusion of code, single program may meet corresponding language specification.
But the set of program just not necessarily just meets specification, the super class that Java such as writes, single statement meets specification, but merge, say when program inherits that the authority of the accessibility of program expands, which results in the generation of the leak of program, time such program compilation runs, is exactly risk point place.Aulomatizeted Detect specification or rule detect automatically to the code of program exactly, and whether the accessibility authority comprising program when detecting program inherits as above expands.Detected by the Aulomatizeted Detect program of a set of this class method of special disposal, whether the code in program meets Aulomatizeted Detect specification, and this kind of Aulomatizeted Detect program is just Aulomatizeted Detect specification.
For java applet in Aulomatizeted Detect specification class, comprise class, interface, the accessibility of method and data member limits.In one embodiment, described Aulomatizeted Detect specification comprises a method preventing program inherits from expanding class authority:
In this example, if the doLogic () method of subclass manifolding base class, adds the accessibility of manifolding method, because the method for base class is protected, it is Public that subclass Sub defines the method, thus adds the accessibility of doLogic () method.After the method is defined as Public, the user of any Sub can call the method.
Now, the interface coding criterion in examination in legal method can comprise arrange as follows: if the method for base class is protected, then corresponding subclass can not be newly defined as Public to the method.The disposal route of this derived class bug is comprised: corresponding method is set to final, so just can avoid a malice manifolding program.Concrete modification is as follows:
Step 7, modifies to the dangerous code not meeting corresponding specification, automatically carries out system review mechanism simultaneously, namely jump to step 6 and perform the code of amendment.Until when Android program code meets corresponding safety standard (i.e. interface coding criterion), perform step 8.Step 8, terminates described method.
The invention provides a kind of Android program leakage location, be applied in Android program exploitation.In one embodiment, as shown in Figure 3, described Android program leakage location 1 comprises bug detecting module 11:
Bug detecting module 11 is resolved for the AndroidManifest.xml obtaining Android program, determines that the assembly of described Android program is formed and derived class relation; When detecting that described assembly is made up of uneasy universal class, described assembly is reminded to there are class security breaches; If the interface of described derived class does not meet corresponding interface coding criterion, then described derived class is reminded to there is class interface leak.Described interface coding criterion comprises: limit the addressable authority of class interface member.In one embodiment, described bug detecting module 11 also for: when detecting that described assembly is made up of uneasy universal class, remind described assembly to there are class security breaches.In one embodiment, the function of described bug detecting module 11 realizes by building corresponding bug detection class.
In one embodiment, as shown in Figure 3, described Android program leakage location 11 comprises bug detecting module 11 and bug processing module 12, wherein:
Bug detecting module 11 is resolved for the AndroidManifest.xml obtaining Android program, determines that the assembly of described Android program is formed and derived class relation; Described derived class being detected, when detecting that the interface of described derived class does not meet corresponding interface coding criterion, then reminding described derived class to there is class interface leak.In one embodiment, described bug detecting module 11 also for: described assembly being detected, when detecting that described assembly is made up of uneasy universal class, reminding described assembly to there are class security breaches.
Bug processing module 12 processes for the security breaches of reminding bug detecting module 11.Particularly, there are class security breaches for described assembly and modify or/and modify for there is class interface leak to described derived class in bug processing module 12.In one embodiment, there are class security breaches for described assembly and modify in bug processing module 12.In another embodiment, bug processing module 12 is also modified for there is class interface leak to described derived class.
In sum, Android program leak detection method of the present invention and system, mistake based on Software Coding can cause the security breaches of system software to be that prototype is set out, and builds corresponding bug detection scheme, can detect the leak of the program caused by nonstandard programming.Technical scheme of the present invention is before Android application program does not also generate corresponding APK program and program also before formal compiling, not the security mechanism for java language itself, but a kind of safety standard set review mechanism of application programs and source code.This provides powerful support for for privacy leakage and data class security breaches in discovery Android application as early as possible provide.Owing to being when also not compiling, time namely application program does not also generate APK, depth scan is carried out to the code of programmer, the code lack of standardization of discovery procedure person's coding, and corresponding authority mechanism is carried out from review mechanism.So technical scheme of the present invention does not rely on accuracy and the integrality of Java decompiling instrument, simultaneously also not by the impact of this behavioral characteristics polymorphic of Java.So the present invention effectively overcomes various shortcoming of the prior art and tool high industrial utilization.
Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not for limiting the present invention.Any person skilled in the art scholar all without prejudice under spirit of the present invention and category, can modify above-described embodiment or changes.Therefore, such as have in art usually know the knowledgeable do not depart from complete under disclosed spirit and technological thought all equivalence modify or change, must be contained by claim of the present invention.
Claims (12)
1. an Android program leak detection method, is characterized in that, described Android program leak detection method comprises:
The AndroidManifest.xml of Android program is resolved, determines that the assembly of described Android program is formed and derived class relation;
Described derived class being detected, when detecting that the interface of described derived class does not meet corresponding interface coding criterion, then reminding described derived class to there is class interface leak.
2. Android program leak detection method according to claim 1, it is characterized in that: described Android program leak detection method also comprises: detect described assembly, when detecting that described assembly is made up of uneasy universal class, described assembly is reminded to there are class security breaches.
3. Android program leak detection method according to claim 2, it is characterized in that: described Android program leak detection method also comprises: to described assembly, class security breaches are existed to described prompting and processes, described process comprises: revise described assembly, again carries out Hole Detection to described assembly.
4. Android program leak detection method according to claim 1, it is characterized in that: described Android program leak detection method also comprises: class interface leak is existed to the described derived class of described prompting and processes, described process comprises: revise described class interface coding, again carry out Hole Detection to described derived class interface.
5. Android program leak detection method according to claim 1, is characterized in that: described interface coding criterion comprises: limit the accessibility of class interface member.
6. Android program leak detection method according to claim 1, is characterized in that: described Android program leak detection method also comprises: build corresponding bug detection class and realize described Android program Hole Detection.
7. an Android program leakage location, is characterized in that: be applied in Android program exploitation, described Android program leakage location comprises:
Bug detecting module, resolves for the AndroidManifest.xml obtaining Android program, determines that the assembly of described Android program is formed and derived class relation; Described derived class being detected, when detecting that the interface of described derived class does not meet corresponding interface coding criterion, then reminding described derived class to there is class interface leak.
8. Android program leakage location according to claim 7, it is characterized in that: described bug detecting module also for: described assembly is detected, when detecting that described assembly is made up of uneasy universal class, described assembly is reminded to there are class security breaches.
9. Android program leakage location according to claim 8, is characterized in that: described Android program leakage location also comprises bug processing module, modifies for there are class security breaches to described assembly.
10. Android program leakage location according to claim 7, is characterized in that: described Android program leakage location also comprises bug processing module, modifies for there is class interface leak to described derived class.
11. Android program leakage location according to claim 7, is characterized in that: described interface coding criterion comprises: limit the addressable authority of class interface member.
12. Android program leakage location according to claim 7, is characterized in that: the function of described bug detecting module realizes by building corresponding bug detection class.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510158271.4A CN104732146A (en) | 2015-04-03 | 2015-04-03 | Android program bug detection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510158271.4A CN104732146A (en) | 2015-04-03 | 2015-04-03 | Android program bug detection method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104732146A true CN104732146A (en) | 2015-06-24 |
Family
ID=53456027
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510158271.4A Pending CN104732146A (en) | 2015-04-03 | 2015-04-03 | Android program bug detection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104732146A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105243329A (en) * | 2015-10-26 | 2016-01-13 | 北京奇虎科技有限公司 | Method and system for vulnerability discovery of Android system |
| CN106201889A (en) * | 2016-07-15 | 2016-12-07 | 国云科技股份有限公司 | A kind of system and its implementation checking that program code writes specification |
| CN106326103A (en) * | 2015-07-06 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Method and apparatus used for detecting vulnerability of to-be-detected application |
| CN107025168A (en) * | 2015-12-15 | 2017-08-08 | 阿里巴巴集团控股有限公司 | Leak detection method and device |
| CN107239706A (en) * | 2017-06-06 | 2017-10-10 | 贵州大学 | The safety loophole mining method of application program of mobile phone under a kind of Android platform |
| CN110427757A (en) * | 2019-08-06 | 2019-11-08 | 南方电网科学研究院有限责任公司 | A kind of Android leak detection method, system and relevant apparatus |
| CN111353146A (en) * | 2020-05-25 | 2020-06-30 | 腾讯科技(深圳)有限公司 | Method, device, equipment and storage medium for detecting sensitive permission of application program |
| CN112100620A (en) * | 2020-09-04 | 2020-12-18 | 百度在线网络技术(北京)有限公司 | Code security detection method, device, equipment and readable storage medium |
| CN112733158A (en) * | 2021-04-06 | 2021-04-30 | 北京邮电大学 | Android system vulnerability detection method, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102339252A (en) * | 2011-07-25 | 2012-02-01 | 大连理工大学 | Static state detecting system based on XML (Extensive Makeup Language) middle model and defect mode matching |
| CN103984900A (en) * | 2014-05-19 | 2014-08-13 | 南京赛宁信息技术有限公司 | Android application vulnerability detection method and Android application vulnerability detection system |
| CN103996007A (en) * | 2014-05-29 | 2014-08-20 | 诸葛建伟 | Testing method and system for Android application permission leakage vulnerabilities |
| US20140380283A1 (en) * | 2013-06-25 | 2014-12-25 | Purdue Research Foundation | Systems and Methods of Detecting Power Bugs |
-
2015
- 2015-04-03 CN CN201510158271.4A patent/CN104732146A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102339252A (en) * | 2011-07-25 | 2012-02-01 | 大连理工大学 | Static state detecting system based on XML (Extensive Makeup Language) middle model and defect mode matching |
| US20140380283A1 (en) * | 2013-06-25 | 2014-12-25 | Purdue Research Foundation | Systems and Methods of Detecting Power Bugs |
| CN103984900A (en) * | 2014-05-19 | 2014-08-13 | 南京赛宁信息技术有限公司 | Android application vulnerability detection method and Android application vulnerability detection system |
| CN103996007A (en) * | 2014-05-29 | 2014-08-20 | 诸葛建伟 | Testing method and system for Android application permission leakage vulnerabilities |
Non-Patent Citations (1)
| Title |
|---|
| 黄燕忠: "《Internet理论与实作应用大全》", 31 May 2002 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106326103A (en) * | 2015-07-06 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Method and apparatus used for detecting vulnerability of to-be-detected application |
| CN106326103B (en) * | 2015-07-06 | 2019-01-04 | 阿里巴巴集团控股有限公司 | For detecting the method and device of the loophole of application to be detected |
| CN105243329A (en) * | 2015-10-26 | 2016-01-13 | 北京奇虎科技有限公司 | Method and system for vulnerability discovery of Android system |
| CN107025168B (en) * | 2015-12-15 | 2022-01-07 | 阿里巴巴集团控股有限公司 | Vulnerability detection method and device |
| CN107025168A (en) * | 2015-12-15 | 2017-08-08 | 阿里巴巴集团控股有限公司 | Leak detection method and device |
| CN106201889A (en) * | 2016-07-15 | 2016-12-07 | 国云科技股份有限公司 | A kind of system and its implementation checking that program code writes specification |
| CN107239706A (en) * | 2017-06-06 | 2017-10-10 | 贵州大学 | The safety loophole mining method of application program of mobile phone under a kind of Android platform |
| CN110427757A (en) * | 2019-08-06 | 2019-11-08 | 南方电网科学研究院有限责任公司 | A kind of Android leak detection method, system and relevant apparatus |
| CN111353146B (en) * | 2020-05-25 | 2020-08-25 | 腾讯科技(深圳)有限公司 | Method, device, equipment and storage medium for detecting sensitive permission of application program |
| CN111353146A (en) * | 2020-05-25 | 2020-06-30 | 腾讯科技(深圳)有限公司 | Method, device, equipment and storage medium for detecting sensitive permission of application program |
| CN112100620A (en) * | 2020-09-04 | 2020-12-18 | 百度在线网络技术(北京)有限公司 | Code security detection method, device, equipment and readable storage medium |
| CN112100620B (en) * | 2020-09-04 | 2024-02-06 | 百度在线网络技术(北京)有限公司 | Code security detection method, apparatus, device and readable storage medium |
| CN112733158A (en) * | 2021-04-06 | 2021-04-30 | 北京邮电大学 | Android system vulnerability detection method, electronic equipment and storage medium |
| CN112733158B (en) * | 2021-04-06 | 2021-08-03 | 北京邮电大学 | Android system vulnerability detection method, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104732146A (en) | Android program bug detection method and system | |
| CN107832619B (en) | Automatic application program vulnerability mining system and method under Android platform | |
| Xue et al. | Malton: Towards {On-Device}{Non-Invasive} Mobile Malware Analysis for {ART} | |
| US20210149788A1 (en) | Software diagnosis using transparent decompilation | |
| Au et al. | Pscout: analyzing the android permission specification | |
| Yang et al. | Leakminer: Detect information leakage on android with static taint analysis | |
| CN103729595B (en) | A kind of Android application program private data leakage off-line checking method | |
| Rountev et al. | Static reference analysis for GUI objects in Android software | |
| Junaid et al. | Dexteroid: Detecting malicious behaviors in android apps using reverse-engineered life cycle models | |
| CN103984900A (en) | Android application vulnerability detection method and Android application vulnerability detection system | |
| Li et al. | Peruim: Understanding mobile application privacy with permission-ui mapping | |
| CN103577324A (en) | Static detection method for privacy information disclosure in mobile applications | |
| CN109558304B (en) | Component association analysis method and device and electronic equipment | |
| CN114021142A (en) | Android application program vulnerability detection method | |
| CN101901184B (en) | Method, device and system for inspecting vulnerability of application program | |
| Kashyap et al. | Security signature inference for javascript-based browser addons | |
| Xu | Techniques and tools for analyzing and understanding android applications | |
| Pan et al. | Static asynchronous component misuse detection for Android applications | |
| Wu et al. | Sentinel: generating GUI tests for sensor leaks in Android and Android wear apps | |
| EP2885712A1 (en) | Imperative attribution for elements in managed runtimes | |
| CN115495745A (en) | Industrial software source code static detection method and system based on risk function | |
| Zhang et al. | Contextual approach for identifying malicious inter-component privacy leaks in android apps | |
| Wu et al. | CydiOS: A Model-Based Testing Framework for iOS Apps | |
| CN110069926B (en) | Malicious code positioning method, storage medium and terminal for Android repackaging application | |
| Mao et al. | Automatic permission inference for hybrid mobile apps |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150624 |