Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Android application vulnerability detection method and Android application vulnerability detection system

A vulnerability detection and vulnerability technology, applied in the direction of instruments, electrical digital data processing, platform integrity maintenance, etc., can solve the problems of attack, time-consuming and labor-intensive, increase the false positive rate of vulnerability detection, and achieve the effect of avoiding false positives

Inactive Publication Date: 2014-08-13
南京赛宁信息技术有限公司 +1
View PDF6 Cites 46 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The static taint analysis and data flow analysis techniques adopted by the existing static analysis methods cannot consider the dynamic feature of polymorphism in Java, and will also increase the false positive rate of vulnerability detection to a certain extent.
In addition, the suspected vulnerabilities detected by the existing static analysis technology cannot really achieve effective attacks and need to be further verified by manual methods. Faced with a large number of Android applications, manual verification is time-consuming and labor-intensive

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android application vulnerability detection method and Android application vulnerability detection system
  • Android application vulnerability detection method and Android application vulnerability detection system
  • Android application vulnerability detection method and Android application vulnerability detection system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0028] Definition of Terms:

[0029] English terms / abbreviations

Chinese

Accessible URIs Problem

Public URI Access Vulnerability

Uniform Resource Identifier (URI)

Uniform Resource Identifier

Passive Content Leaks

Passive Content Leakage

Content Pollution

content pollution

Content Leak

content leak

SQL Injection Problem

SQL injection vulnerability

Traversal Problem

path traversal vulnerability

[0030] The inventor found through research that: precisely because of the openness of the Content Provider, it is easy to pas...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an Android application vulnerability detection method which comprises the following steps: 1, judging whether a privacy leakage vulnerability possibly exists or not by virtue of analyzing Content Provider interface characteristics of a to-be-detected Android application; 2, if the privacy leakage vulnerability possibly exists, performing an SQL (Structured Query Lanaguge) injection vulnerability test and a path traversal vulnerability test on a public accessible URI (Uniform Resource Identifier) of the to-be-detected Android application which possibly has the privacy leakage vulnerability by virtue of monitoring a related API (Application Program Interface) function in an Android system, and then detecting passive data leakage safety risks. The invention also provides an Android application vulnerability detection system. The method and the system can be used for rapidly discovering privacy leakage and data pollution vulnerabilities possibly existing in the Android application, avoiding misdeclaration, and providing a powerful support for discovering the privacy leakage and data pollution vulnerabilities in the Android application on a large scale.

Description

technical field [0001] The invention relates to a computer program loophole detection technology, in particular to an application loophole detection method and system on an Android (Android operating system). Background technique [0002] At present, with the increasing popularity of the Internet and smart phones in human society, mobile security issues and security risks are becoming more and more serious. Malicious programs such as viruses and Trojan horses targeting smartphones are developing rapidly, and the incidents of implanting malicious codes on mobile terminals for cybercrime are on the rise, and users of mobile terminals are facing unprecedented security risks. The Android platform is currently the most popular smart mobile terminal platform, and the security risks in it attract the most attention. [0003] Content Provider is a set of structured local data components (usually in the form of SQLite database) encapsulated in the Android operating system, and then ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033
Inventor 李康诸葛建伟魏克杨坤段海新
Owner 南京赛宁信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products