Android安全的研究现状与展望

doi:10.11959/j.issn.1000-0801.2016256

Abstract

Abstract:

Currently, Android is the most popular operating system for smartphones. At the same time, its security situation is becoming increasingly serious. The following topics: the development course of Android version updates, the features of Android system, Android security mechanism, analysis of Android security risks, Android malware and attack, and the analysis and defense measures were covered. Finally, the current research status and progress, and the future research directions regarding Android security were addressed.

Key words: Android system, security mechanism, security ris, malware, analysis and defense

Sihan QING. Research status and outlook of Android security[J]. Telecommunications Science, 2016, 32(10): 2-14.

Figures/Tables 9

References 32

[1]	Gartner . Gartner report[EB/OL]. [2016-02-16] .
[2]	ENCK W , ONGTANG M , MCDANIEL P . Understanding Android security[J]. IEEE Security ＆ Privacy, 2009,7(1): 50-57.
[3]	ENCK W , OCTEAU D , MCDANIEL P , et al. A study of Android application security[J]. British Medical Journal, 2015,2(3859): 1175.
[4]	卿斯汉 . Android 安全研究进展[J]. 软件学报， 2016,27(1):45-71. QING S H . Research progress on Android security[J]. Journal of Software, 2016,27(1):45-71.
[5]	ELISH K O , SHU X , YAO D , et al. Profiling user-trigger dependence for Android malware detection[J]. Computers ＆Security, 2015,49(C): 255-273.
[6]	FANG Z , HAN W , LI Y . Permission-based Android security:issues and counter measures[J]. Computers ＆ Security, 2014(43): 205-218.
[7]	SHABTAI A , KANONOV U , ELOVICI Y , et al. Andromaly: a behavioral malware detection framework for android devices[J]. Journal of Intelligent Information Systems, 2012,38(1): 161-190.
[8]	ZHANG X , YING K , AAFER Y , et al. Life after app uninstallation: are the data still alive data residue attacks on Android[C]// The 23rd Network and Distributed System Security Symposium（NDSS 2016） , February 21-24,2016, San Diego, California, USA .[S.l.:s.n.], 2016.
[9]	XING L , PAN X , WANG R , et al. Upgrading your android, elevating my malware: privilege escalation through mobile os updating[C]// The 2014 IEEE Symposium on Security and Privacy （SP 2014）, May 18-21,2014, San Jose, California, USA. New Jersey:IEEE Press, 2014: 393-408.
[10]	SEO J , KIM D , CHO D , et al. FLEXDROID: enforcing in-app privilege separation in Android[C]// The 23rd Network and Distributed System Security Symp（NDSS 2016）, February 21-24,2016, San Diego, California, USA.[S.l.:s.n.], 2016.
[11]	ARP D , SPREITZENBARTH M , HUBNER M D , et al. Drebin:effective and explainable detection of Android malware in your pocket[C]// The 21st Network and Distributed System Security Symp（NDSS 2014）, February 23-26,2014, San Diego, California, USA.[S.l.:s.n.], 2014.
[12]	CHECK POINT HummingBad: a persistent mobile chain attack[EB/OL]. [2016-02-16]. .
[13]	Ded: decompiling Android applications[EB/OL]. [2016-02-16]. .
[14]	Android decompiling with Dex2jar[EB/OL]. [2016-02-16]. .
[15]	ENCK W , GILBERT P , CHUN B G , et al. TaintDroid: an information flow tracking system for real- time privacy monitoringon smartphones[J]. Communications of the ACM, 2014,57(3): 99-106.
[16]	FUCHS A P , CHAUDHURI A , FOSTER J S . SCanDroid:automated security certification of Android Applications[R/OL]. (2015-0203) [2016-02-16]..
[17]	ARZT S , RASTHOFER S , FRITZ C , et al. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps[J]. ACM Sigplan Notices, 2014,49(6): 259-269.
[18]	WEI F , ROY S , FRITZ C , et al. Amandroid: a precise and general inter-component data flow analysisframework for security vetting of Android apps[C]// The 21st ACM Conference on Computerand Communications Security （CCS'14）, November 3-7,2014, Scottsdale,Arizona,USA.[S.l.:s.n.], 2014: 1329-1341.
[19]	FELT A P , CHIN E , HANNA S , et al. Android permissions demystied[C]// The 18th ACM Conference on Computer and Communications Security（CCS'11）, Oct 17-21,2011, Chicago, IL,USA.[S.l.:s.n.], 2011: 627-638.
[20]	AU K W Y , ZHOU Y F , HUANG Z , et al. 2012. PScout:analyzing the Android permission specification[C]// The 19th ACM Conference on Computer and Communications Security （CCS'12）, Oct 16-18,2012, Raleigh,NC,USA. New York:ACM Press, 2012: 217-228.
[21]	CHIN E , FELT A P , GREENWOOD K , et al. Analyzing inter-application communication inAndroid[C]// The 9th International Conference on Mobile Systems, Applications, and Services（MobiSys'11）, June 29-July 1,2011, Washington, DC, USA.[S.l.:s.n.], 2011: 239-252.
[22]	LU L , LI Z , WU Z , et al. Chex: statically vetting Android apps for component hijacking vulnerabilities[C]// The 19th ACM Conference on Computer and Communications Security（CCS 2012）, Oct 16-18,2012, Raleigh, NC, USA. New York:ACM Press, 2012: 219-240.
[23]	CHAN P P F , HUI L C K , YIU S M , et al. Droidchecker: analyzing Android applications for capability leak[C]// The 15th ACM Conf.on Security and Privacy in Wireless and Mobile Networks（WiSec 2012）, April 16-18,2012, Tucson, Arizona, USA. New York:ACM Press, 2012: 125-136.
[24]	BLASING T , BATYUK L , SCHMIDT A D , et al. An android application sandbox system for suspicious software detection[C]// The 5th International Conference on Malicious and Unwanted Software（MALWARE）, Oct 19-20,2010, Fajardo, USA. New Jersey:IEEE Press, 2010: 55-62.
[25]	SHABTAI A , KANONOV U , ELOVICI Y , et al. Andromaly: a behavioral malware detection framework for android devices[J]. Journal of Intelligent Information Systems, 2012,38(1): 161-160.
[26]	TAM K , KHAN S J , FATTORI A , et al. Copperdroid: automatic reconstruction of android malware behaviors[C]// The Symposium on Network and Distributed System Security（NDSS）, Aug 18,2015, San Diego,USA.[S.l.:s.n.], 2015.
[27]	BURGUERA I , ZURUTUZA U , NADJM-TEHRANI S . Crowdroid:behavior-based malware detection system for android[C]// The 1st ACM Workshop on Security and Privacy in Smart Phones and Mobile Devices, October 17,2011, New York, NY, USA. New York:ACM Press, 2011: 15-26.
[28]	DESNOS A , LANTZ P . DroidBox: an Android application sandboxfor dynamic analysis[EB/OL]. [2016-02-16]. .
[29]	ZHOU Y , WANG Z , ZHOU W , et al. Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets[C]// NDSS 2012, February 5-8,2012, San Diego,California,USA.[S.l.:s.n.], 2012.
[30]	YAN L K , YIN H . DroidScope: seamlessly reconstructing OS and Dalvik semantic views for dynamic Android malware analysis[C]// The 21st USENIX Conference on Security Symposium, August 8-10, Bellevue, WA, USA. New York:ACM Press, 2012: 29.
[31]	GRACE M , ZHOU Y , ZHANG Q , et al. RiskRanker: scalableand accurate zero -day android malware detection[C]// The 10th International Conference on Mobile Systems, Applications and Services, June 26-29, 2012 Low Wood Bay, The Lake District, UK. New York:ACM Press, 2012: 281-294.
[32]	ZHANG Y , YANG M , XU B , et al. Vetting undesirable behaviors in Android apps with permissionuse analysis[C]// The 2013 ACM SIGSAC Conference on Computer ＆ Communications Security, November 4-8,2013 Berlin, Germany. New York:ACM Press, 2013: 611-622.

Metrics

Recommended 0

No Suggested Reading articles found!

操作系统	2015年第4季度/千台	2015年第4季度市场占有率	2014年第4季度/千台	2014年第4季度市场占有率
Android	325 394.4	80.7%	279 057.5	76.0%
iOS	71 525.9	17.7%	74 831.7	20.4%
Windows	4 395.0	1.1%	10 424.5	2.8%
黑莓	906.9	0.2%	1 733.9	0.5%
其他	887.3	0.2%	1 286.9	0.4%
合计	403 109.4	100.0%	367 334.4	100.0%

版本代码	版本号	首次发行日期	API 级别
无	1.0	2008年9月23日	1
	1.1	2009年2月9日	2
Cupcake（纸杯蛋糕）	1.5	2009年4月27日	3
Donut（甜甜圈）	1.6	2009年9月15日	4
Eclair（松饼）	2.0～2.1	2009年10月26日	5～7
Froyo（冻酸奶）	2.2～2.2.3	2010年5月20日	8
Gingerbread（姜饼）	2.3～2.3.7	2010年12月6日	9、10
Honeycomb（蜂巢）	3.0～3.2.6	2011年2月22日	11～13
Ice Cream Sandwich（冰淇淋三明治）	4.0～4.0.4	2011年10月18日	14、15
Jelly Bean（果冻豆）	4.1～4.3.1	2012年7月9日	16～18
KitKat（奇巧巧克力）	4.4～4.4.4,4.4W～4.4W.2	2013年10月31日	19、20
Lollipop（棒棒糖）	5.0～5.1.1	2014年11月12日	21、22
Marshmallow（棉花糖）	6.0～6.0.1	2015年10月5日	23
Nougat（牛轧糖）	7.0	2016年8-9月	24（可能）

名称	分类	电话信息	位置	Internet	读/写短信	类加载	反射	回调	类继承	JNI
Facebook	社交	×	×	○		√	√	√	√	√
Flurry	分析	×	○	○		√	√		√
Paypal	记账	×	×	○		√			√
InMobi	广告		△	○	×	√	√	√	√
Chartboost	广告	×		○		√	√		√	√

特征	恶意App
数据泄露	AckPosts, Aks, Ancsa, jSmsHider, Saiva, Vidro, Gonca, RootSmart, RATC,JSExploit-DynSrc, Xsider, Ssmsp, Mobsquz, FakeTimer,DroidKungFu,Spy.GoneSixty,Kmin,GGTrack,MobileTx,Dougalek,FakeDoc,Loozfon,Placms
滥用短信服务	MobileTx,Iconosys,UpdtKiller,Pirater,Mania,FakeInstaller,FakePlayer,Foncy
反射和动态类加载	Mobsquz,FakeDoc,FaceNiff,BaseBridge,DroidDream
本地代码	Ancsa,Qicsom,RATC,DroidKungFu,Xsider,DroidSheep,Gmuse,FakeDoc,FaceNiff

静态分析方法	目的	分析特征
SCanDroid	App保密性与完整性保护校验	基于语言的安全模型的App推理
FlowDroid	敏感信息泄露检测	静态污点分析
Amandroid	组件间数据流分析	ICC调用相关性和数据依赖性分析
Stowaway	App最大权限集推导	API调用识别；权限分析
PScout	生成权限映射图	反向可达性分析
ComDroid	基于ICC的漏洞检测	基于Intent的数据流分析
Chex	基于ICC的漏洞检测	调用图分析；数据依赖图的可达性分析
DroidChecker	敏感信息泄露检测	控制流图搜索；脏数据分析

Research status and outlook of Android security

RichHTML

PDF下载

Knowledge

Cited

Abstract

Cite this article

share this article

Figures/Tables 9

References 32

Related Articles 15

Metrics

Recommended 0

动态分析方法	目的	分析特征
AASandbox	通过系统调用追踪监控行为	系统调用
Andromaly	通过系统资源使用检测恶意软件	低层设备特征（如电池使用、CP负载）
CopperDroid	通过系统调用追踪监控行为	系统调用
Crowdroid	通过系统调用追踪监控行为	系统调用
DroidBox	监控外部访问的沙盒	污点利用点 API方法
DroidRanger	通过预先设定的行为脚印检测恶意软件	API方法调用序列
DroidScope	API追踪、指令追踪和污点追踪的插件	污点源/污点利用点API方法
RiskRanker	通过已知的漏洞签名检测恶意软件	API方法调用序列
TaintDroid	检测敏感信息泄露	污点源/污点利用点API方法
VetDroid	通过权限使用行为检测恶意软件	可以映射到API方法的权限请求

[1]	Xiaojian ZHANG, Jiaxuan FEI, Haitao JIANG, Qigui YAO. Security risk analysis of power 5G hybrid networking [J]. Telecommunications Science, 2022, 38(1): 132-139.
[2]	Xiaotong YE, Wenfei SUN, Shigen SHEN. Availability evaluation method for extended epidemic model and Markov chain based IoT [J]. Telecommunications Science, 2021, 37(4): 37-45.
[3]	Wei DING. Network security threat prevention and control system of electric power monitoring systems for wind farm [J]. Telecommunications Science, 2020, 36(5): 138-144.
[4]	ZHANG Hong,SHEN Shigen,WU Xiaojun,CAO Qiying. WSN malware infection model based on cellular automaton and static Bayesian game [J]. Telecommunications Science, 2019, 35(6): 60-69.
[5]	Tieming CHEN, Binbin XIANG, Mingqi LV, Bo CHEN, Xie JIANG. Android malware detection method based on byte-code image and deep learning [J]. Telecommunications Science, 2019, 35(1): 9-17.
[6]	Shigen SHEN,Sheng FENG,Haiping ZHOU,Longjun HUANG,Keli HU,Qiying CAO. Optimal approach of suppressing WSN malware propagation based on cloud computing and dynamic Bayesian game [J]. Telecommunications Science, 2018, 34(9): 78-86.
[7]	Fujuan LI,Qun WANG. Mechanism and implementation of Rootkit attack and defense [J]. Telecommunications Science, 2018, 34(12): 33-45.
[8]	Haiping ZHOU,Shigen SHEN,Longjun HUANG,Sheng FENG. Game theory-based malware propagation model for wireless sensor network [J]. Telecommunications Science, 2018, 34(11): 67-76.
[9]	Yaling LUO,Wenwei LI,Xin SU. HTTP behavior characteristics generation and extraction approach for Android malware [J]. Telecommunications Science, 2016, 32(8): 136-145.
[10]	Ying XU,Zhao WU,Zhiqi LI. Perception technology of virtual threat for large enterprise's information security construction [J]. Telecommunications Science, 2016, 32(12): 149-156.
[11]	Hao CHEN,Sihan QING. Android malware detection method based on combined algorithm [J]. Telecommunications Science, 2016, 32(10): 15-21.
[12]	Sihan QING. Research on Android security of broadcasting mechanism [J]. Telecommunications Science, 2016, 32(10): 27-35.
[13]	Jian LI,Yun LIU,Chunyan AN,Jianwei REN. Security technologies in 4G network for power grid [J]. Telecommunications Science, 2015, 31(Z1): 63-73.
[14]	Shigen Shen,Longjun Huang,Keli Hu,Hongjie Li,Risheng Han,Qiying Cao. Differential Game-Based Optimal Control Method for Preventing Malware Propagation in Online Social Network [J]. Telecommunications Science, 2015, 31(10): 66-73.
[15]	Yi Zhou,Jia Liu,Minrui Shi. Research of eMBMS's Security Mechanism and Content Protection [J]. Telecommunications Science, 2014, 30(12): 28-33.