Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to monitor network performance in Android. The content of the article is of high quality, so the editor shares it for you as a reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

1: analysis of current situation of mobile application security

According to the data of the Ministry of Industry and Information Technology, by 2019, the number of mobile applications in China has reached 4.5 million, of which games, life services and e-commerce App ranked in the top three.

Market segment, let's take a look at the financial industry. According to the data of the Institute of Information Technology, in 2019, an observation of 22777 domestic financial industry App found that only 17.08% of the financial industry App completed reinforcement, while more than 80% of the financial industry App "streaked" in the application market without any security reinforcement. Looking at the whole industry through the subdivision of the financial industry, other industries also have similar problems.

Let's look at the regulatory policy:

For the financial industry, the people's Bank of China issued the security management specification of mobile financial client application software, which clearly standardizes the security reinforcement requirements of mobile App.

With regard to the "opinions on guiding and standardizing the orderly and healthy Development of Mobile Internet applications in Education" issued by the Ministry of Education, and the "Special Action Plan for the treatment of Mobile Internet applications in Management Service Education in Colleges and Universities", the article clearly states that education App should go online only after security assessment, and repair security risks through security reinforcement in a timely manner.

Through the regulatory requirements of the financial and education industries and the background of the country's increasing attention to the mobile Internet, other industries may also issue relevant security policy requirements one after another.

2: new security protection strategy for mobile applications

The following describes the iterative process of upgrading Ali's internal mobile security protection policy.

In the first-generation and second-generation reinforcement scheme, it mainly aims at the shell protection of APK, hides the dex, encrypts the dex at the same time, dynamically loads the encrypted dex at run time and does the shell operation. The advantage of shell reinforcement is that it does not increase the volume of the application, while the dex is hidden to counter the static analysis of dex.

With the continuous upgrading of the means of attack, Ali Mobile Security reinforcement has carried out a new capability upgrade. At present, it has developed to the third generation of reinforcement: Java bytecode conversion to Native binary code.

The principle and goal of Ali's internal reinforcement is not only to fully improve its own security capability, increase the opponent's cracking difficulty and attack cost, but also to reduce the access cost of the business side as far as possible, but also take into account the operational efficiency and volume.

Main risk points to deal with:

Java/Smali bytecode is decompiled into Java source code by the tool

The Java/Smali bytecode is read directly

The native assembly code is decompiled into C source code by the tool

Due to the limitation of format and instruction, the security capacity of Java bytecode is limited. However, the difficulty of cracking native binary codes is much higher than that of Java bytecodes. So we convert the bytecode into native binary code, and the code logic is transferred to so, which turned out to be a Java function call and now becomes a JNI call. The attacker's Java inverse-related skills fail directly and are forced to reverse native binaries, which is much more difficult than inverse bytecode.

3:mPaaS Mobile Security reinforces heavyweight online

Combined with the upgrade of the security reinforcement capability of Ali's internal mobile application, we have officially launched the security reinforcement capability of the mobile application in mPaaS.

In view of various security risks commonly existing in mobile applications in the market, such as cracking, tampering, piracy, phishing fraud, memory debugging, data theft, etc., mPaaS mobile security reinforcement provides stable, simple and effective security protection for App, improves the overall security level of App, and protects App from cracking and attacks.

While dealing with common Android attacks, such as decompilation, secondary packaging, dynamic debugging, etc., we also focus on performance and compatibility.

The reinforcement ability has experienced the practice of hundreds of millions of businesses such as Taobao and Cainiao, and it is guaranteed in terms of security.

In terms of compatibility, we support versions 4.2 to Android Q

Can support arm, x86, x64 system architecture, stable operation in complex environment, low collapse rate

In addition, through the confusion protection of the class, it makes it more difficult for the attacker to reverse App, making it impossible for the attack to start.

Product core value

Through the previous introduction, I believe you have a preliminary understanding of mPaaS mobile application reinforcement. The following summarizes the advantages of mPaaS mobile application security reinforcement.

Easy to operate, upload the reinforcement package on the console and use it out of the box. Developers, project managers, etc., can all use

High stability and high compatibility, extremely low collapse rate

Verified by Taobao and other Ali App, it is guaranteed in terms of security.

It also supports Android 4.2 to Android Q systems and arm, x86, x64 system architectures.

In addition, it supports Javabytecode-level confusion protection, increases the cost of the attacker's reverse App, and maximizes the security of App.

Mobile Security reinforcement capability list

We have made security protection from decompilation protection, tamper protection, anti-debugging protection and other dimensions. We have made corresponding security policies for dex files, so files and various hook frameworks. The capabilities are listed below:

At the same time, mPaaS Mobile Security reinforcement is also perfectly compatible with the hot repair capability of mPaaS. Through the hot repair capability, you can quickly fix online version problems without the need for distribution to ensure business continuity. You can go to the mPaaS console to experience hot repair capabilities.

Performance performance

On how to monitor network performance in Android to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.