一种易部署的Android应用程序动态监测方案

Android应用程序动态监测方案通常有3种实现形式:1)定制ROM镜像;2)在获取设备Root权限的情况下,修改系统文件或者利用ptrace技术对目标进程注入代码;3)重打包APK。这3种方式都是以侵入式方式实现,依赖于系统环境,难以部署到不同的设备上。针对上述问题,文中提出了一种基于插件化技术的非侵入式动态监测方案。该方案将监测系统以宿主App形式发布并安装到目标设备上;将待监测应用以插件形式加载到宿主App环境中运行,同时由宿主App加载相应的监控模块,完成对待监测App应用行为的动态监测。在待监测应用作为插件运行前,预先启动一个进程,通过动态代理方式对该进程中的Binder服务代理对象进行替换,将Binder服务请求重定向到虚拟服务进程中的虚拟服务进行处理,从而使待监测应用中的四大组件能在预先启动的进程中运行。然后,在待监测应用Application的初始化过程中加载Java层和Native层监控模块,完成监控。根据该思想,在VirtualApp沙箱基础上实现了原型系统AndroidMonitor,并在Nexus5设备上对其进行测试。实验结果表明,与其他方案相比,该方案虽然会使...

Easy-to-deploy Dynamic Monitoring Scheme for Android Applications

Android application dynamic monitoring scheme is usually implemented in three ways:1)custom ROM;2)after obtaining the device root permission,modify the system file or use ptrace technology to inject code into the target process;3)repackage APK to add monitoring code.All three methods are implemented in an intrusive manner,which depends on the system environment and is difficult to deploy to different devices.In order to solve the above problems,a non-intrusive dynamic monitoring scheme based on plug-in technology was proposed.The scheme releases the monitoring system in the form of host App and installs it on the target device.The application to be monitored is loaded by host App environment in the form of a plug-in for opera-tion,and the host App loads the corresponding monitoring module when loading the plug-in,so the App is monited.Start a process ahead of time before the application to be monitored runs as a plugin.The Binder proxy object in the process is replaced by a dynamic proxy method,and the Binder service request in the process is redirected to the virtual service in the virtual service process for processing,so that the components in the application to be monitored can run in the pre-started process.When the Application object in the application to be monitored is initialized,the Java layer and the Native layer monitoring module are loaded to complete the monitoring.According to this scheme,the prototype system AndroidMonitor is implemented on the VirtualApp sandbox and tested on the Nexus5 device.The experimental results show that compared with other schemes,although the startup time of the application to be monitored is increased by about 1.4 s,the scheme does not need to acquire the root authority of the device system,and can simultaneously monitor the Java layer and the native layer sensitive API.The system introduces a device information protection module to prevent device information from leaking when monitoring applications.The system is distributed in the form of an app,which is easy to deploy to different devices and has multiple application scenarios.