Research Article
A Security Sandbox Approach of Android Based on Hook Mechanism
Table 1
APIs and risk levels defined by authors.
| Evaluation Project | Danger level | Evaluation Project | Danger level |
| Virus scanning | high | Apply data to any backup | medium | Sensitive word Information | medium | Apply Signature Not verified | medium | Advertising SDK Detection | low | Sensitive function calls | medium | Third-party SDK detection | low | Java Layer Dynamic debugging | low | Java Code decompile | high | Load Dex from SDcard | low | So file crack | high | Implicit invocation of intent components | low | Tampering and two-time packaging | high | WebView Remote Code | high | Dynamic injection attack | high | Database injection | high | Interface Hijacking | high | ContentProvider Data Disclosure | high | Input listening | high | Encryption method not safe to use | high | HTTP Transport data | high | HTTPS not verified | medium | WebView PlainText Store password | high | Download any apk | medium | PlainText digital certificate | high | Global writable Internal files | medium | Debug Log functions | high | DDoS | medium | Resource File Disclosure | medium | Residual test information | low | Dynamic Debug Attacks | medium | WebView Bypass Certificate validation | low | Activity Component Export | medium | Unsafe use of random numbers | low | Service component Export | medium | Intent Scheme URL | low | Broadcast receiver Component Export | medium | Fragment injection attack | low | Content Provider Component Export | medium | ā | ā |
|
|