Shulou(Shulou.com)05/31 Report--

This article shows you what Android application cracking and protection is like, the content is concise and easy to understand, it will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

I. Security risks of Mobile APP

With the continuous development of mobile development technology, mobile phone APP has become an inseparable part of people's life. However, the current security situation of APP development is not optimistic, such as pirated APP, malicious cracking, APP hijacking, data leakage, mobile business attacks and so on. All kinds of situations emerge one after another.

Therefore, for the majority of developers and enterprises, the security problem of mobile APP needs to be solved urgently. Common security risks include counterfeiting, repackaging, cracking / data disclosure, and login security risks.

Copycat danger

The problem of counterfeiting APP has been going on for a long time. In fact, most APP have had the experience of being copied. According to statistics, there are an average of 27 copycat APP in popular applications, seriously endangering the interests of legitimate applications and users. As shown in the following figure, shanzhai applications can be put on the shelves through simple unpacking, reverse analysis, code copying, simple development and packaging. Under the profiteering industry chain, more developers are flocking to it, and there are various forms of phishing.

Search for "grab red packets" in any app store, and a large list of "clones" results will appear.

Repackaging risk

The risk of repackaging mainly refers to the second packaging, which is uploaded to the application mall by cracking the genuine APP. This form of counterfeiting is cheap and easy to operate. "packing parties" insert advertising codes and related configurations into the application through decompilation tools, and then release them in third-party application markets and forums. Common means of operation such as inserting their own ads or deleting the original ads, malicious deductions through malicious code or inserting Trojans, modifying the original payment logic, and so on.

Repackaging not only seriously harms the interests of products and users, but also has an extremely bad impact on the company's reputation. As shown in the following picture, Temple Run was packaged twice by the packing party.

Cracking, data leakage

Financial and payment App have always been the hardest hit areas of data leakage, and up to 88% of them have memory-sensitive data leakage problems. As shown below, it is a common financial and payment type of local storage data leakage.

Data capture package, disclosure of user names and passwords is also one of the common situations.

Login security risk

Login security is also one of the security risks that can not be ignored, including interface hijacking risk and keylogger risk.

Second, mobile security is advanced

Be re-packaged, maliciously exploited; cracked, sensitive information leaked; game plug-in, affecting income. Such malicious means are extremely destructive to the interests of enterprises, in order to protect intellectual property rights and to respond to the Cyber Security Law.

With the requirements of regulatory departments, it is particularly important to improve the level of protection and achieve advanced safety.

Generally speaking, the improvement of mobile security includes four steps: security monitoring, data protection, code protection and multi-terminal linkage.

Safety inspection

Security detection is the first step of mobile development security, which usually needs to detect client program security, sensitive information security, password soft keyboard security, security policy settings, gesture password security, communication security, business function testing, configuration files, denial of service, local SQL injection and so on.

Under various threat types, there are also a variety of complex subcategories that need to be detected.

In safety testing, the most important thing is to help products avoid safety risks. According to statistics, some of the known mobile development vulnerabilities in 2018 include ZipperDown security vulnerabilities, Janus signature vulnerabilities, application cloning vulnerabilities, RCE vulnerabilities and Google Android buffer overflow vulnerabilities. Developers should pay attention to these vulnerabilities and find ways to avoid these risks.

Data protection

As shown in the following figure, packet grabbing is a frequently used means of data interception. So developers need to encrypt accounts and passwords. However, this is far from enough, there will still be communication risks, giving intruders an opportunity.

As shown below, it demonstrates that you can still break through the protection layer to steal data even though the account and password are encrypted.

The sensitive information in the login process of an APP has been encrypted. Intercepting A login device request RO can obtain the encrypted data, intercept login request R1 on another device B, fill RO data into R1, and B device can show that the login is successful.

In this case, to do a good job of HTTPS two-way authentication is a very important step, at least one-way authentication, that is, the client verifies the server's legal certificate. First of all, the server verifies the time stamp, device information and IP; encryption on the client side, including sensitive information encryption, time stamp, device information and serial number, and then securely stores the information in the local storage. In the transmission between the server and the client, it should be noted that the client should verify the server certificate to prevent the middleman from hijacking attacks.

Input protection is also an important part of data protection, developers can develop a custom password input keyboard. In order to prevent screenshots and screenshots, it is recommended that you do not use the input method that comes with your phone to enter your password to prevent keyboard recording.

Generally speaking, data protection can be said to be the most important step in security protection, communication data, storage data and other important sensitive data need to be encrypted and added to check information. In addition, there are some security suggestions: HTTPS is not as secure as you think, so it is recommended not to use custom encryption algorithms; data stored locally is encrypted and copied to other phones that cannot be used; try to log in with one machine, one secret and common devices.

Code protection

The basic code protection approach includes the following five aspects:

1. Writing Proguard code is confusing, and so is SDK.

2. Native the code, transfer Java to C++ and Dex to so

3. White-box encryption, key encryption, but don't simply write the key in the code

4. De-logging, because the log will expose a lot of code logic

5. Signature verification to prevent repackaging.

In addition to these basic levels, in the face of more and more complex intrusion methods, some advanced measures are also necessary, including VMP, resource encryption, dynamic anti-debugging, anti-simulator, anti-DUMP, anti-hijacking, anti-injection. This requires more comprehensive APP professional reinforcement services.

Multi-terminal linkage

Users and APP are interactive and feedback relationship, therefore, multi-terminal linkage can bring better security protection effect.

For APP, the background, and the risk control center, APP obtains data through interaction with users, the background makes a security request to the risk control center through mobile phone data, the risk control center feedback the results to the background through equipment fingerprints, blacklists, behavior analysis and business model, and the background controls APP business through business adjustment, and finally presents it to users.

Last step

Of course, among them, the issue of human security is also relatively neglected. In security protection, people are the most uncontrollable risk factor, so it is necessary to strengthen personnel safety training and safety management.

The above is what Android application cracking and protection is like. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.