CN109413414A - A kind of silence based on android system is taken pictures detection method - Google Patents
A kind of silence based on android system is taken pictures detection method Download PDFInfo
- Publication number
- CN109413414A CN109413414A CN201811504103.6A CN201811504103A CN109413414A CN 109413414 A CN109413414 A CN 109413414A CN 201811504103 A CN201811504103 A CN 201811504103A CN 109413414 A CN109413414 A CN 109413414A
- Authority
- CN
- China
- Prior art keywords
- function
- taking pictures
- pictures
- surfaceview
- app
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 31
- 238000000034 method Methods 0.000 claims abstract description 21
- 230000000694 effects Effects 0.000 claims description 17
- 239000004071 soot Substances 0.000 claims description 5
- 230000003068 static effect Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 description 52
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N17/00—Diagnosis, testing or measuring for television systems or their details
- H04N17/002—Diagnosis, testing or measuring for television systems or their details for television cameras
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N23/00—Cameras or camera modules comprising electronic image sensors; Control thereof
- H04N23/60—Control of cameras or camera modules
- H04N23/62—Control of parameters via user interfaces
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Human Computer Interaction (AREA)
- Studio Devices (AREA)
Abstract
It takes pictures detection method the invention discloses a kind of silence based on android system, including the detection for behavior of taking pictures and for the detection for interface View size of taking pictures;The process of taking pictures found in app, and function of taking pictures is searched in process of taking pictures, it finds after taking pictures function, function and the function of function of taking pictures is called to record taking pictures, and then both flow chart tracking is carried out to the function and function of taking pictures that call function of taking pictures, circulation is to the end, the call flow chart for function of taking pictures thoroughly can all be found, finally only need to judge the handling function of the final click with the presence or absence of user of process;If there is no clicking operation function, continue the detection for interface View size of taking pictures: finding camera preview frame SurfaceView, and judge the size of two attributes of SurfaceView, if two attributes of SurfaceView are less than the threshold value of definition, then judge that the behavior of taking pictures of current app is taken pictures for silence, so that it is further known that current app is malice.
Description
Technical field
It takes pictures detection method the present invention relates to a kind of silence based on android system, belongs to technical field of system security.
Background technique
In daily life, the also indispensable key player of performer of the camera on mobile phone, takes pictures, scans two dimension
Code, record video or even AR function require to call to camera.Also just so, the upper many app of Android can whereabouts system
System applies for the permission of camera to be developed, this accounting has reached 30.75%, and the safety of this camera that just seems is especially heavy
It wants.But Android is in the design of the call-by mechanism of camera at present, there is one to be called the silent attack taken pictures, together
Sample is also known as spy cameras, that is, malice app is by returning to video camera the live-pictures preview of user
The sufficiently small of frame size setting can call camera to go to take pictures in the unwitting situation of user, and malice app is being supervised
After hearing that user has clapped photograph using normal app, it is taken pictures using silence and is quickly taken on the sly one, to steal the interior of user's shooting
Hold.
This problem all occurred in many attacks before, but did not caused great attention.So far,
Android8.0 or less still remains such problems, everybody do not pay attention to be the main reason for this problem, it is believed that just
Calculate that will not can obtain using this attack is useful and the information of enough menaces can be played to user.In fact not
So, we take the lead in finding, take pictures to attack using silence and attack in conjunction with the RAM leakage that money teacher proposes upper before, can be to mesh
Preceding very fiery two dimensional code payment causes very big harm, can directly steal payment cipher of the user on payment platform even
Log-on message, this is an attack very serious.
One is paid using the take pictures survey channel attack of attack and memory overflow of silence to steal user after study for we
The attack of the payment cipher of platform, the attack of taking pictures of discovery silence is an attack very serious.For this purpose, we are to this attack
Comprehensive and systematic analysis is carried out.App popular on 3827 sections of APK.com by inquiry, to wherein real calling camera
241 sections of app are analyzed, and have obtained the sensitive information that silent attack of taking pictures may be stolen, and it was found that by these information,
Silence, which is taken pictures, will also cause further to endanger.
And we pass through test discovery, the at present market the Android detection platform of mainstream or the security classes app on mobile phone
It all has no idea to detect such attack.
Summary of the invention
Goal of the invention: aiming at the problems existing in the prior art with deficiency, the present invention provides a kind of based on android system
Silence is taken pictures detection method.
Technical solution: a kind of silence based on android system is taken pictures detection method, including for behavior of taking pictures detection and
For the detection for interface View size of taking pictures;The process of taking pictures found in app, and function of taking pictures is searched in process of taking pictures,
It finds after taking pictures function, function and the function of function of taking pictures is called to record taking pictures, and then take pictures function to calling
Both function and function of taking pictures carry out flow chart tracking, be recycled to last, it will be able to which the call flow chart for function of taking pictures is thorough
Bottom is all found, and finally only needs to judge the handling function of the final click with the presence or absence of user of process;If not point
Handling function is hit, the detection for interface View size of taking pictures is continued: finding camera preview frame SurfaceView, and sentences
The size of two attributes of disconnected SurfaceView judges if two attributes of SurfaceView are less than the threshold value of definition
The behavior of taking pictures of current app is taken pictures for silence, so that it is further known that current app is malice.
The method of the process of taking pictures found in app are as follows: carry out static analysis, tracking using apk of the Soot to app
In the Activity of apk, if the signature comprising function of taking pictures just takes pictures calling the letter of function if containing this function
The signature of number A is recorded, and then both carries out flow chart tracking to function A and function of taking pictures, and is recycled to finally, just
The call flow chart for function of taking pictures thoroughly can all be found, finally only need to judge the final point that whether there is user of process
The handling function hit.
The function of taking pictures is the api function takePicture () that Android system provides;On API > 21, some app meetings
Replace takePicture () with capture () function, in such cases, the function of taking pictures is capture ().
Detection for interface View size of taking pictures includes the following steps:
1) firstly, it will be understood that in the process of development, developer can be by an initial good SurfaceHolder object
SetPreviewDisplay (SurfaceHolder surfaceHolder) is come into, then camera could pass through system
StartPreview () function opens the live preview frame of a camera, and then user could execute photographing command, and
In Android exploitation, this live preview frame using SurfaceView come realizing, which means that we are tracked by counter
SetPreviewDisplay () can be obtained by this SurfaceView object;
It 2) is next exactly the size for finding this SurfaceView after finding this SurfaceView object,
It is to have no idea to know size that light, which finds object, we will find the corresponding layout description section of SurfaceView object.
Because each interface is in an activity in Android app, this object of SurfaceView is no exception,
We can find activity locating for SurfaceView object, utilize the function of layout resource file
SetcontentView (R.layout.id) just can obtain the id at interface corresponding to activity, can be by id
The specific name of topology file is found in public.xml, because public.xml file is exactly for recording resource id and resource
The corresponding file of filename;Using title also activity can be found in the resource folder that apktool is unziped to
Corresponding topology file, and the description of the layout of SurfaceView preview pane object is just stored in this activity and corresponds to
Topology file in;
3) after having found the SurfaceView for showing photo preview to user, judge set by developer
The size of the attribute of two SurfaceView of layout_width and layout_height.
Detailed description of the invention
Fig. 1 is the flow chart that Android takes pictures;
Fig. 2 is that the normal app of Android takes pictures the call flow chart of function;
Fig. 3 is the function flow chart that Android app camera preview frame generates.
Specific embodiment
Combined with specific embodiments below, the present invention is furture elucidated, it should be understood that these embodiments are merely to illustrate the present invention
Rather than limit the scope of the invention, after the present invention has been read, those skilled in the art are to various equivalences of the invention
The modification of form falls within the application range as defined in the appended claims.
Silence based on android system is taken pictures detection method, including the detection for behavior of taking pictures and for interface of taking pictures
The detection of View size.
For the detection for the behavior of taking pictures
As shown in Figure 1, be the flow chart that Android takes pictures, it can be seen from the figure that after opening camera,
Android mobile phone, which passes through a SurfaceView first photo preview is shown to user, to be seen, when initiating a bat to camera
After request, the initial data photographed will be returned to mobile phone by camera, and waiting is further processed.As shown in Fig. 2, just
In normal behavior of taking pictures, this CaptureRequest is often by Client-initiated, and meaning user click, some is taken pictures
Button, app just can initiate request of taking pictures to CameraDevice, and among silence is taken pictures, CameraRequest is by malice
What app was initiated in the unwitting situation of user, therefore be not have that click is operated.
Therefore, for the detection for the behavior of taking pictures, what we to be done is exactly to obtain the calling stream of takePicture () function
Journey, upper figure are the processes of taking pictures that we find in an app, we can easily see, takePicture () function
It was called before this by a User-Defined Functions captrue (), and captrue's () is finally by an onClick ()
Function call, which means that only when app listen to user click operation when, app just will start camera into
Row is taken pictures.And for silence is taken pictures, it can not find an onClick () in the flow chart of takePicture () function
Source.
So we are when carrying out static analysis to apk using decompiling instrument Soot, it is only necessary to go to search
The call flow chart of takePicture ().In Soot, each function suffers from oneself unique signature, so
When being analyzed using Soot, it is only necessary to by constantly tracking whether the call statement in Activity includes this letter
Number signature is just recorded the signature for the function A for calling takePicture () and then right if containing this function
A and takePicture () both carries out flow chart tracking, is recycled to last, it will be able to by the calling of takePicture ()
Flow chart is thoroughly all found, and finally only needs to judge the final clicking operation function such as onClick that whether there is user of process
The handling function of ().
It is exactly with capture () function instead of takePicture () function it is worth noting that, after API21,
When tracking, tracking capture () should be just selected, others do not have an impact.
For the detection for interface View size of taking pictures
If an only upper detection, can not also illustrate whether app is safe completely, because we are in reality
Middle discovery has some developers that can introduce third-party packet during exploitation, and is possible to have bat in third-party packet
According to relevant function, and developer and this partial function is not used, if only with the judgement of a upper trifle, it is easy to just straight
It connects and this is judged as malice app, but actually this is not so, it would therefore be desirable to for the detection for interface View size of taking pictures.
This detects the detection of the size primarily directed to real time camera preview pane, and this problem essentially consists in how to go really
Recognize the SurfaceView for real-time display camera preview, the effect of SurfaceView can be not only in Android after all
For showing photo preview to user, and how to find the SufaceView to take pictures is the most important thing.
It is divided into following several steps to find SufaceView:
1) function is called setPreviewDisplay (SurfaceHolder in Android
SurfaceHolder it) determines to select which SurfaceView as the live preview frame for being shown to user, is with Fig. 3
Example, it can be seen that the wherein calling sequence of SurfaceView carried out assignment by findViewById before this, and then passed through
GetHolder () function assignment gives a SurfaceHolder variable, finally by setPreviewDisplay () function tune
With by this, the preview pane that this SurfaceView will act as a Camera is shown to user.
2) it after we find this SurfaceView, also just has found locating for this SurfaceView
Activity, after finding activity, the function setcontentView that is outlined above using us
(R.layout.id) id at interface corresponding to activity just can be obtained, id here is just as in Fig. 3
String number in findViewById function, by the way that this string number is switched to 16 systems, we can be in public.xml
In find the specific name of topology file.Also it can be found in the resource folder that apktool is unziped to using title,
Namely we are used to carry out the interface of photo preview.
3) we can be right after once we have found the SurfaceView for showing photo preview to user
Its size judge, the judgement of size is exactly to see layout_width set by developer and layout_
The size of the attribute of two SurfaceView of height.
If it find that size be really it is too small, here too small refers to that human eye can not be seen, above reflection to numerical value,
Difference, but generally less than 100dp are had according to different mobile phone screens, just illustrates that developer is not intended to the preview graph photo
User's viewing is sent back to, then user also just has no idea to judge whether the camera of oneself has successfully opened, it is meant that
Developer has reached the intention for opening camera quietly by the eyes of user cheating.
By two above-mentioned steps, we have obtained the call flow chart and SurfaceView of takePicture ()
Size, we are it may determine that whether an app is legal app, because of the open source of android, corresponding to app
Installation kit apk is readily available, and can all be provided in the market, therefore, we be easy to by the above method come pair
Apk is analyzed to judge whether an app is legal app.
It is worth noting that, because that we to be checked is takePicture () and setPreviewDisplay ()
Function, the two functions be all system provide api function (on API > 21, some app can with capture () function replace
TakePicture () function, but our analytical plan is not influenced), so we are also after being obscured apk
It is the calling path that can find the two functions, is all that our result will not be had an impact.So our side
Case has very big effect in fact.
Claims (4)
- The detection method 1. a kind of silence based on android system is taken pictures, it is characterised in that: including for take pictures behavior detection and For the detection for interface View size of taking pictures;The process of taking pictures found in app, and function of taking pictures is searched in process of taking pictures, it finds after taking pictures function, letter of taking pictures Number and the function of function of taking pictures is called to record, and then to calling take pictures function function and take pictures function both into The tracking of row flow chart is recycled to last, it will be able to thoroughly all find the call flow chart for function of taking pictures, finally only need to judge The handling function of the final click with the presence or absence of user of process;If there is no clicking operation function, continue the detection for interface View size of taking pictures: finding camera preview frame SurfaceView, and judge the size of two attributes of SurfaceView, determine if two attributes of SurfaceView are less than The threshold value of justice, then judge that the behavior of taking pictures of current app is taken pictures for silence, so that it is further known that current app is malice.
- The detection method 2. silence based on android system as described in claim 1 is taken pictures, it is characterised in that: described in app The method of the process of taking pictures found are as follows: carry out static analysis using apk of the Soot to app, track in the Activity of apk, be It is no, if containing this function, just the take pictures signature of function A of function of calling to be recorded comprising the signature of function of taking pictures, And then both flow chart tracking is carried out to function A and function of taking pictures, it is recycled to last, it will be able to by the tune for function of taking pictures It is thoroughly all found with flow chart, finally only needs to judge the handling function of the final click with the presence or absence of user of process.
- The detection method 3. silence based on android system as claimed in claim 1 or 2 is taken pictures, it is characterised in that: described to take pictures Function is the api function takePicture () that Android system provides;On API > 21, some app can use capture () function Replace takePicture (), in such cases, the function of taking pictures is capture ().
- The detection method 4. silence based on android system as described in claim 1 is taken pictures, it is characterised in that: for boundary of taking pictures The detection of face View size includes the following steps:1) SurfaceView pairs of live preview frame is obtained by instead tracking the take pictures setPreviewDisplay () of process of app As;It 2) is next exactly the size for finding this SurfaView after finding this SurfaceView object, light is to look for It has no idea to know size to object, needs to find the corresponding layout description section of SurfaceView object;It finds Activity locating for SurfaceView object utilizes the function setcontentView of layout resource file (R.layout.id) id that just can obtain interface corresponding to activity can be looked for by id in public.xml To the specific name of topology file, because public.xml file is exactly corresponding for recording resource id and resource file name File;The corresponding topology file of activity can be also found in the resource folder that apktool is unziped to using title , and the description of the layout of SurfaceView preview pane object is just stored in the corresponding topology file of this activity;3) after having found the SurfaceView for showing photo preview to user, judge layout_ set by developer The size of the attribute of two SurfaceView of width and layout_height.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811504103.6A CN109413414B (en) | 2018-12-10 | 2018-12-10 | silent photographing detection method based on android system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811504103.6A CN109413414B (en) | 2018-12-10 | 2018-12-10 | silent photographing detection method based on android system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109413414A true CN109413414A (en) | 2019-03-01 |
CN109413414B CN109413414B (en) | 2020-01-31 |
Family
ID=65458156
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811504103.6A Active CN109413414B (en) | 2018-12-10 | 2018-12-10 | silent photographing detection method based on android system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109413414B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113282909A (en) * | 2021-05-11 | 2021-08-20 | 南京大学 | Equipment fingerprint information acquisition item identification method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20120034276A (en) * | 2010-10-01 | 2012-04-12 | 김수복 | Mobile communication apparatus and control method thereof, server for providing recovery service of the missing mobile apparatus |
JP2013128165A (en) * | 2011-12-16 | 2013-06-27 | Nikon Corp | Imaging apparatus |
CN104966031A (en) * | 2015-07-01 | 2015-10-07 | 复旦大学 | Method for identifying permission-irrelevant private data in Android application program |
CN108491722A (en) * | 2018-03-30 | 2018-09-04 | 广州汇智通信技术有限公司 | A kind of malware detection method and system |
-
2018
- 2018-12-10 CN CN201811504103.6A patent/CN109413414B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20120034276A (en) * | 2010-10-01 | 2012-04-12 | 김수복 | Mobile communication apparatus and control method thereof, server for providing recovery service of the missing mobile apparatus |
JP2013128165A (en) * | 2011-12-16 | 2013-06-27 | Nikon Corp | Imaging apparatus |
CN104966031A (en) * | 2015-07-01 | 2015-10-07 | 复旦大学 | Method for identifying permission-irrelevant private data in Android application program |
CN108491722A (en) * | 2018-03-30 | 2018-09-04 | 广州汇智通信技术有限公司 | A kind of malware detection method and system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113282909A (en) * | 2021-05-11 | 2021-08-20 | 南京大学 | Equipment fingerprint information acquisition item identification method |
CN113282909B (en) * | 2021-05-11 | 2024-04-09 | 南京大学 | Equipment fingerprint information acquisition item identification method |
Also Published As
Publication number | Publication date |
---|---|
CN109413414B (en) | 2020-01-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Roesner et al. | World-driven access control for continuous sensing | |
Lin et al. | Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing | |
RU2018129947A (en) | COMPUTER SECURITY SYSTEM BASED ON ARTIFICIAL INTELLIGENCE | |
Saltaformaggio et al. | Vcr: App-agnostic recovery of photographic evidence from android device memory images | |
EP2211286B1 (en) | Method for securing an interface between a user and an application, corresponding system, terminal and computer program | |
CN107729752A (en) | One kind extorts software defense method and system | |
CN103136472A (en) | Method and mobile device of stopping application program to steal privacy | |
CN106200891A (en) | The display method of user interface, Apparatus and system | |
CN109388538A (en) | A kind of file operation behavior monitoring method and device based on kernel | |
Aafer et al. | Android {SmartTVs} vulnerability discovery via {log-guided} fuzzing | |
CN106961558A (en) | One kind is taken pictures treating method and apparatus | |
Reddy | Practical cyber forensics | |
Tariq et al. | Am I a real or fake celebrity? Evaluating face recognition and verification APIs under deepfake impersonation attack | |
Bhatia et al. | Tipped Off by Your Memory Allocator: Device-Wide User Activity Sequencing from Android Memory Images. | |
ES2967061T3 (en) | System and method to detect a malicious file through image analysis prior to file execution | |
CN109413414A (en) | A kind of silence based on android system is taken pictures detection method | |
CN106874718A (en) | privacy processing method, device and terminal | |
Abi Din et al. | Boxer: Preventing fraud by scanning credit cards | |
Cai et al. | Resource race attacks on android | |
CN106203148B (en) | Unauthorized data access blocking method and computing device with unauthorized data access blocking function | |
CN109600361A (en) | Identifying code anti-attack method and device based on hash algorithm | |
CN114513703A (en) | Block chain-based trusted reward service processing method, device and equipment | |
CN113364766A (en) | APT attack detection method and device | |
Kayabaş et al. | Cyber wars and cyber threats against mobile devices: Analysis of mobile devices | |
Ma | Android application install-time permission validation and run-time malicious pattern detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |