随着移动互联网的快速发展,智能手机特别是Android智能手机的用户日益增多,Android应用的安全缺陷层出不穷.将Android应用安全缺陷分为漏洞缺陷、组件缺陷和配置缺陷等三方面,针对这些安全缺陷,对字节码文件进行静态分析,将解析的Android字节码作为检查载体,采用访问者模式为每一种脆弱性检测设计检测器.最后给出了部分代码实现,实践证明能够满足Android应用安全缺陷的静态检测需求.%With the rapid development of mobile Internet,the number of smart phone users is increasing,especially Android smart phone users,and the security flaws of Android application security abound.Android application security flaws are divided into three,including vulnerabilities flaws,components flaws and configuration flaws.Focusing on these security flaws,first the bytecode file is static analysis,then the resolution Android bytecode as an inspection vehicle,it uses the visi-tor pattern to design detector for each species vulnerability.Finally,part of the code is achieved.Practice has proven able to meet the Android application security flaws static inspection requirements.
展开▼
