Tongxin xuebao (Jun 2021)
Android application privacy protection mechanism based on virtual machine bytecode injection
Abstract
To solve the abuse of the Android application permission mechanism, a method of Android application access control based on virtual machine bytecode injection technology was proposed.The security policy in the form of virtual machine bytecode was generated according to the user’s security requirement and usage scenario, and injected into the coding unit of Android application that involves dangerous permission request and sensitive data access, to realize dynamic application behavior control.Tests on applications crawled from four mainstream domestic App stores show that the method can effectively intercept sensitive API calls and dangerous permission requests of legitimate App programs and implement control according to pre-specified security policies.Also, after injecting virtual machine bytecode, most of the App program operation is not affected by the injected code, and the robustness is guaranteed.The proposed method has a good universality.