苹果公司对App Store上的每一款应用程序都进行了审核,包括是否存在访问用户敏感信息的私有API调用,但是仍有恶意应用通过了该项审查.针对iOS应用程序中私有API的调用问题,提出了一种动、静态相结合的检测技术PDiOS.通过反向分片和常量传播的静态分析方式来处理大部分API调用,基于强制执行的动态迭代分析来处理剩余API.静态分析包含了对二进制文件的全面分析以及对资源文件中隐式调用的处理,动态分析主要依赖于二进制动态分析框架进行迭代分析.最后通过对比公开头文件中的API来确定私有API的调用.在对官方商店的1012款应用程序的检测中,确认有82款应用程序存在共128个不同的私有API调用.在对企业证书签名的32款应用程序的检测中,确认有26款使用了私有API调用.%Apple has reviewed every application in App Store,including private application programming interface(API) calls,but some malicious applications still escape from the review.Aiming at the private API call in iOS application,a detection technique combining dynamic and static analysis was proposed.Most of the API call sites were processed by static analysis of backward slicing and constant propagation,and the remaining APIs are dealt with by dynamic iterative analysis based on enforcement.Static analysis includes a comprehensive analysis of the binary file and the implicit call analysis in the resource file processing.Dynamic analysis mainly depends on the binary dynamic analysis framework for iterative analysis.Finally,the existence of private API is determined by comparing the API in the public header file.There are 82 applications with 128 different private API calls during the testing of 1012 applications in App Store,and 26 applications are sure to use private API calls in the 32 applications signed by the enterprise certificate.
展开▼
