Android安全的研究现状与展望

doi:10.11959/j.issn.1000-0801.2016256

摘要/Abstract

摘要：

Android 是目前最受用户欢迎的智能手机操作系统，与此同时，其安全态势也日益严重。介绍了Android 版本更新的发展历程、Android 系统的特色、Android 的安全机制、Android 的安全隐患分析、Android 恶意软件与攻击、Android的分析与防御。最后，阐述了Android安全的研究现状与发展趋势以及今后可能的研究方向。

关键词: Android系统, 安全机制, 安全隐患, 恶意软件, 分析与防御

Abstract:

Currently, Android is the most popular operating system for smartphones. At the same time, its security situation is becoming increasingly serious. The following topics: the development course of Android version updates, the features of Android system, Android security mechanism, analysis of Android security risks, Android malware and attack, and the analysis and defense measures were covered. Finally, the current research status and progress, and the future research directions regarding Android security were addressed.

Key words: Android system, security mechanism, security ris, malware, analysis and defense

卿斯汉. Android安全的研究现状与展望[J]. 电信科学, 2016, 32(10): 2-14.

Sihan QING. Research status and outlook of Android security[J]. Telecommunications Science, 2016, 32(10): 2-14.

图/表 9

表1

表2

表3

图1

表4

表5

图2

表6

图3

参考文献 32

[1]	Gartner . Gartner report[EB/OL]. [2016-02-16] .
[2]	ENCK W , ONGTANG M , MCDANIEL P . Understanding Android security[J]. IEEE Security ＆ Privacy, 2009,7(1): 50-57.
[3]	ENCK W , OCTEAU D , MCDANIEL P , et al. A study of Android application security[J]. British Medical Journal, 2015,2(3859): 1175.
[4]	卿斯汉 . Android 安全研究进展[J]. 软件学报， 2016,27(1):45-71. QING S H . Research progress on Android security[J]. Journal of Software, 2016,27(1):45-71.
[5]	ELISH K O , SHU X , YAO D , et al. Profiling user-trigger dependence for Android malware detection[J]. Computers ＆Security, 2015,49(C): 255-273.
[6]	FANG Z , HAN W , LI Y . Permission-based Android security:issues and counter measures[J]. Computers ＆ Security, 2014(43): 205-218.
[7]	SHABTAI A , KANONOV U , ELOVICI Y , et al. Andromaly: a behavioral malware detection framework for android devices[J]. Journal of Intelligent Information Systems, 2012,38(1): 161-190.
[8]	ZHANG X , YING K , AAFER Y , et al. Life after app uninstallation: are the data still alive data residue attacks on Android[C]// The 23rd Network and Distributed System Security Symposium（NDSS 2016） , February 21-24,2016, San Diego, California, USA .[S.l.:s.n.], 2016.
[9]	XING L , PAN X , WANG R , et al. Upgrading your android, elevating my malware: privilege escalation through mobile os updating[C]// The 2014 IEEE Symposium on Security and Privacy （SP 2014）, May 18-21,2014, San Jose, California, USA. New Jersey:IEEE Press, 2014: 393-408.
[10]	SEO J , KIM D , CHO D , et al. FLEXDROID: enforcing in-app privilege separation in Android[C]// The 23rd Network and Distributed System Security Symp（NDSS 2016）, February 21-24,2016, San Diego, California, USA.[S.l.:s.n.], 2016.
[11]	ARP D , SPREITZENBARTH M , HUBNER M D , et al. Drebin:effective and explainable detection of Android malware in your pocket[C]// The 21st Network and Distributed System Security Symp（NDSS 2014）, February 23-26,2014, San Diego, California, USA.[S.l.:s.n.], 2014.
[12]	CHECK POINT HummingBad: a persistent mobile chain attack[EB/OL]. [2016-02-16]. .
[13]	Ded: decompiling Android applications[EB/OL]. [2016-02-16]. .
[14]	Android decompiling with Dex2jar[EB/OL]. [2016-02-16]. .
[15]	ENCK W , GILBERT P , CHUN B G , et al. TaintDroid: an information flow tracking system for real- time privacy monitoringon smartphones[J]. Communications of the ACM, 2014,57(3): 99-106.
[16]	FUCHS A P , CHAUDHURI A , FOSTER J S . SCanDroid:automated security certification of Android Applications[R/OL]. (2015-0203) [2016-02-16]..
[17]	ARZT S , RASTHOFER S , FRITZ C , et al. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps[J]. ACM Sigplan Notices, 2014,49(6): 259-269.
[18]	WEI F , ROY S , FRITZ C , et al. Amandroid: a precise and general inter-component data flow analysisframework for security vetting of Android apps[C]// The 21st ACM Conference on Computerand Communications Security （CCS'14）, November 3-7,2014, Scottsdale,Arizona,USA.[S.l.:s.n.], 2014: 1329-1341.
[19]	FELT A P , CHIN E , HANNA S , et al. Android permissions demystied[C]// The 18th ACM Conference on Computer and Communications Security（CCS'11）, Oct 17-21,2011, Chicago, IL,USA.[S.l.:s.n.], 2011: 627-638.
[20]	AU K W Y , ZHOU Y F , HUANG Z , et al. 2012. PScout:analyzing the Android permission specification[C]// The 19th ACM Conference on Computer and Communications Security （CCS'12）, Oct 16-18,2012, Raleigh,NC,USA. New York:ACM Press, 2012: 217-228.
[21]	CHIN E , FELT A P , GREENWOOD K , et al. Analyzing inter-application communication inAndroid[C]// The 9th International Conference on Mobile Systems, Applications, and Services（MobiSys'11）, June 29-July 1,2011, Washington, DC, USA.[S.l.:s.n.], 2011: 239-252.
[22]	LU L , LI Z , WU Z , et al. Chex: statically vetting Android apps for component hijacking vulnerabilities[C]// The 19th ACM Conference on Computer and Communications Security（CCS 2012）, Oct 16-18,2012, Raleigh, NC, USA. New York:ACM Press, 2012: 219-240.
[23]	CHAN P P F , HUI L C K , YIU S M , et al. Droidchecker: analyzing Android applications for capability leak[C]// The 15th ACM Conf.on Security and Privacy in Wireless and Mobile Networks（WiSec 2012）, April 16-18,2012, Tucson, Arizona, USA. New York:ACM Press, 2012: 125-136.
[24]	BLASING T , BATYUK L , SCHMIDT A D , et al. An android application sandbox system for suspicious software detection[C]// The 5th International Conference on Malicious and Unwanted Software（MALWARE）, Oct 19-20,2010, Fajardo, USA. New Jersey:IEEE Press, 2010: 55-62.
[25]	SHABTAI A , KANONOV U , ELOVICI Y , et al. Andromaly: a behavioral malware detection framework for android devices[J]. Journal of Intelligent Information Systems, 2012,38(1): 161-160.
[26]	TAM K , KHAN S J , FATTORI A , et al. Copperdroid: automatic reconstruction of android malware behaviors[C]// The Symposium on Network and Distributed System Security（NDSS）, Aug 18,2015, San Diego,USA.[S.l.:s.n.], 2015.
[27]	BURGUERA I , ZURUTUZA U , NADJM-TEHRANI S . Crowdroid:behavior-based malware detection system for android[C]// The 1st ACM Workshop on Security and Privacy in Smart Phones and Mobile Devices, October 17,2011, New York, NY, USA. New York:ACM Press, 2011: 15-26.
[28]	DESNOS A , LANTZ P . DroidBox: an Android application sandboxfor dynamic analysis[EB/OL]. [2016-02-16]. .
[29]	ZHOU Y , WANG Z , ZHOU W , et al. Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets[C]// NDSS 2012, February 5-8,2012, San Diego,California,USA.[S.l.:s.n.], 2012.
[30]	YAN L K , YIN H . DroidScope: seamlessly reconstructing OS and Dalvik semantic views for dynamic Android malware analysis[C]// The 21st USENIX Conference on Security Symposium, August 8-10, Bellevue, WA, USA. New York:ACM Press, 2012: 29.
[31]	GRACE M , ZHOU Y , ZHANG Q , et al. RiskRanker: scalableand accurate zero -day android malware detection[C]// The 10th International Conference on Mobile Systems, Applications and Services, June 26-29, 2012 Low Wood Bay, The Lake District, UK. New York:ACM Press, 2012: 281-294.
[32]	ZHANG Y , YANG M , XU B , et al. Vetting undesirable behaviors in Android apps with permissionuse analysis[C]// The 2013 ACM SIGSAC Conference on Computer ＆ Communications Security, November 4-8,2013 Berlin, Germany. New York:ACM Press, 2013: 611-622.

操作系统	2015年第4季度/千台	2015年第4季度市场占有率	2014年第4季度/千台	2014年第4季度市场占有率
Android	325 394.4	80.7%	279 057.5	76.0%
iOS	71 525.9	17.7%	74 831.7	20.4%
Windows	4 395.0	1.1%	10 424.5	2.8%
黑莓	906.9	0.2%	1 733.9	0.5%
其他	887.3	0.2%	1 286.9	0.4%
合计	403 109.4	100.0%	367 334.4	100.0%

版本代码	版本号	首次发行日期	API 级别
无	1.0	2008年9月23日	1
	1.1	2009年2月9日	2
Cupcake（纸杯蛋糕）	1.5	2009年4月27日	3
Donut（甜甜圈）	1.6	2009年9月15日	4
Eclair（松饼）	2.0～2.1	2009年10月26日	5～7
Froyo（冻酸奶）	2.2～2.2.3	2010年5月20日	8
Gingerbread（姜饼）	2.3～2.3.7	2010年12月6日	9、10
Honeycomb（蜂巢）	3.0～3.2.6	2011年2月22日	11～13
Ice Cream Sandwich（冰淇淋三明治）	4.0～4.0.4	2011年10月18日	14、15
Jelly Bean（果冻豆）	4.1～4.3.1	2012年7月9日	16～18
KitKat（奇巧巧克力）	4.4～4.4.4,4.4W～4.4W.2	2013年10月31日	19、20
Lollipop（棒棒糖）	5.0～5.1.1	2014年11月12日	21、22
Marshmallow（棉花糖）	6.0～6.0.1	2015年10月5日	23
Nougat（牛轧糖）	7.0	2016年8-9月	24（可能）

名称	分类	电话信息	位置	Internet	读/写短信	类加载	反射	回调	类继承	JNI
Facebook	社交	×	×	○		√	√	√	√	√
Flurry	分析	×	○	○		√	√		√
Paypal	记账	×	×	○		√			√
InMobi	广告		△	○	×	√	√	√	√
Chartboost	广告	×		○		√	√		√	√

特征	恶意App
数据泄露	AckPosts, Aks, Ancsa, jSmsHider, Saiva, Vidro, Gonca, RootSmart, RATC,JSExploit-DynSrc, Xsider, Ssmsp, Mobsquz, FakeTimer,DroidKungFu,Spy.GoneSixty,Kmin,GGTrack,MobileTx,Dougalek,FakeDoc,Loozfon,Placms
滥用短信服务	MobileTx,Iconosys,UpdtKiller,Pirater,Mania,FakeInstaller,FakePlayer,Foncy
反射和动态类加载	Mobsquz,FakeDoc,FaceNiff,BaseBridge,DroidDream
本地代码	Ancsa,Qicsom,RATC,DroidKungFu,Xsider,DroidSheep,Gmuse,FakeDoc,FaceNiff

静态分析方法	目的	分析特征
SCanDroid	App保密性与完整性保护校验	基于语言的安全模型的App推理
FlowDroid	敏感信息泄露检测	静态污点分析
Amandroid	组件间数据流分析	ICC调用相关性和数据依赖性分析
Stowaway	App最大权限集推导	API调用识别；权限分析
PScout	生成权限映射图	反向可达性分析
ComDroid	基于ICC的漏洞检测	基于Intent的数据流分析
Chex	基于ICC的漏洞检测	调用图分析；数据依赖图的可达性分析
DroidChecker	敏感信息泄露检测	控制流图搜索；脏数据分析