Computer Science ›› 2020, Vol. 47 ›› Issue (2): 262-268.doi: 10.11896/jsjkx.190100117

• Information Security • Previous Articles     Next Articles

Easy-to-deploy Dynamic Monitoring Scheme for Android Applications

SU Xiang,HU Jian-wei,CUI Yan-peng   

  1. (School of Cyber Engineering,Xidian University,Xi’an 710071,China)
  • Received:2019-01-15 Online:2020-02-15 Published:2020-03-18
  • About author:SU Xiang,Ph.D,is not member of China Computer Federation.His main research is Android security;HU Jian-wei,professor,is not member of China Computer Federation.His main research interests include cyber security and cyber confrontation.

Abstract: Android application dynamic monitoring scheme is usually implemented in three ways:1) custom ROM;2) after obtaining the device root permission,modify the system file or use ptrace technology to inject code into the target process;3) repackage APK to add monitoring code.All three methods are implemented in an intrusive manner,which depends on the system environment and is difficult to deploy to different devices.In order to solve the above problems,a non-intrusive dynamic monitoring scheme based on plug-in technology was proposed.The scheme releases the monitoring system in the form of host App and installs it on the target device.The application to be monitored is loaded by host App environment in the form of a plug-in for opera-tion,and the host App loads the corresponding monitoring module when loading the plug-in,so the App is monited.Start a process ahead of time before the application to be monitored runs as a plugin.The Binder proxy object in the process is replaced by a dynamic proxy method,and the Binder service request in the process is redirected to the virtual service in the virtual service process for processing,so that the components in the application to be monitored can run in the pre-started process.When the Application object in the application to be monitored is initialized,the Java layer and the Native layer monitoring module are loadedto complete the monitoring.According to this scheme,the prototype system AndroidMonitor is implemented on the VirtualApp sandbox and tested on the Nexus5 device.The experimental results show that compared with other schemes,although the startup time of the application to be monitored is increased by about 1.4s,the scheme does not need to acquire the root authority of the device system,and can simultaneously monitor the Java layer and the native layer sensitive API.The system introduces a device information protection module to prevent device information from leaking when monitoring applications.The system is distributed in the form of an app,which is easy to deploy to different devices and has multiple application scenarios.

Key words: Dynamic monitoring, Dynamic proxy, Hook, Non-root, Plug-in, Sandbox

CLC Number: 

  • TP311.5
[1]PAKW,CHA Y,YEO S.Detecting and tracing leaked private phone number data in Android smartphones[C]∥International Conference on Information Networking(ICOIN).IEEE,2015:503-508.
[2]ZHENG M,SUN M,LUI J C S.DroidTrace:A ptrace based Android dynamic analysis system with forward execution capability[C]∥Wireless Communications and Mobile Computing Confe-rence (IWCMC).IEEE,2014:128-133.
[3]SHEN K,YE X J,LIU X N,LI B.Android App behavior-intent inference based on API usage analysis[J].Journal of Tsinghua University,2017,57(11):1139-1144.
[4]ARZT S,RASTHOFER S,FRITZ C,et al.Flowdroid:Precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for android apps[J].Acm Sigplan Notices,2014,49(6):259-269.
[5]ENCK W,GILBERT P,HAN S,et al.TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones[J].ACM Transactions on Computer Systems (TOCS),2014,32(2):5-34.
[6]REINA A,FATTORI A,CAVALLARO L.A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors.EuroSec,April,2013.
[7]FAN W,SANG Y,ZHANG D,et al.DroidInjector:A process injection-based dynamic tracking system for runtime behaviors of Android applications[J].Computers & Security,2017,70:224-237.
[8]YANG C,XU Z Y,GU G F,et al.DroidMiner:Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications[C]∥European Symposium on Research in Computer Security.2014:163-182.
[9]SCHREIBER T.Android BinderAndroid Interprocess Communication∥Seminar thesis,Ruhr-Universität Bochum,2011.
[10]CONSTANTINESCU A S.Ensuring privacy in the android os by hooking methods in its api[J].Journal of Mobile,Embedded and Distributed Systems,2015,7(3):107-112.
[11]CHEN X Y,WANG D Q.Research and Implementation of Android Proxy Based on Dynamic Agent [J].Industrial Control Computer,2017(7):99-100.
[12]JI S B.Basic principles of VirtualApp[EB/OL].
[13]JIA P,HE X,LIU L,et al.A framework for privacy information protection on Android[C]∥2015 International Conference on Computing,Networking and Communications (ICNC).IEEE,2015:1127-1131.
[14]WIβFELD M.ArtHook:Callee-side Method Hook Injection on the New Android Runtime ART.Saarbrücken:Saarland University,2015.
[15]WEI S.AOP implementation on ART [EB/OL].
[16]JIANG X,ZHANG H X,MU D J A Method for Dynamically Monitoring Android Applications [J].Journal of Northwestern Polytechnical University,2016,34(6):1074-1081.
[17]vul_wish.Inspeckage-Android Package Inspector[EB/OL].
[1] DENG Zhao-kun, LU Yu-liang, ZHU Kai-long, HUANG Hui. Symbolic Execution Technology Based Defect Detection System for Network Programs [J]. Computer Science, 2018, 45(11A): 325-329.
[2] SUN Ya-jing, ZHAO Xu, YAN Xue-xiong and WANG Qing-xian. Data Leakage Oriented Testing Method for Web Sandbox [J]. Computer Science, 2017, 44(Z11): 322-328.
[3] DIAO Ming-zhi, ZHOU Yuan, LI Zhou-jun and ZHAO Yu-fei. Windows Security Mechanisms Simulation and Sandbox System Implementation Based on Wine [J]. Computer Science, 2017, 44(11): 246-252.
[4] SONG Dao-yuan and BEN Ke-rong. Research and Design of Java Exception Information Analysis Plugin [J]. Computer Science, 2014, 41(8): 106-108.
[5] BAO Ai-hua,YUAN Xiao-ping,CHEN Feng and MIAO Jia-jia. Secure Private Cloud Storage System Based on Virtual Isolation Mechanism [J]. Computer Science, 2014, 41(1): 202-207.
[6] . Malware Detection Model Based on the Sandbox [J]. Computer Science, 2012, 39(Z6): 12-14.
[7] . Research in Monitoring Performance of Disk in Windows NT System [J]. Computer Science, 2012, 39(Z11): 301-304.
[8] MENG Chen. Web Browser Vulnerability Exploitation Attack Test Technology Based on Code Overriding [J]. Computer Science, 2011, 38(Z10): 41-43.
[9] GONG Guang,LI Zhou-jun,HU Chao-jian,ZOU Yun-ke,LI Zhi-peng. Research on Stealth Technology of Windows Kernel-level Rootkits [J]. Computer Science, 2010, 37(4): 59-.
[10] MAO Fei-Qiao ,QI De-Yu (College of Computer Science & Engineering, South China Univ. of Tech., Guangzhou 510640). [J]. Computer Science, 2008, 35(4): 268-272.
[11] ZHANG Xin-Lin (Luoding Polytechnic, Luoding 527200). [J]. Computer Science, 2008, 35(3): 289-291.
[12] . [J]. Computer Science, 2008, 35(12): 229-233.
[13] HAN Hong , LU Xian-Liang,  REN Li-Yong , YANG-Ning (Computer Science Department of UESTC, Chengdu 610054). [J]. Computer Science, 2006, 33(3): 105-107.
Full text



No Suggested Reading articles found!