Research Article
A Security Sandbox Approach of Android Based on Hook Mechanism
Table 1
APIs and risk levels defined by authors.
| | Evaluation Project | Danger level | Evaluation Project | Danger level |
| | Virus scanning | high | Apply data to any backup | medium | | Sensitive word Information | medium | Apply Signature Not verified | medium | | Advertising SDK Detection | low | Sensitive function calls | medium | | Third-party SDK detection | low | Java Layer Dynamic debugging | low | | Java Code decompile | high | Load Dex from SDcard | low | | So file crack | high | Implicit invocation of intent components | low | | Tampering and two-time packaging | high | WebView Remote Code | high | | Dynamic injection attack | high | Database injection | high | | Interface Hijacking | high | ContentProvider Data Disclosure | high | | Input listening | high | Encryption method not safe to use | high | | HTTP Transport data | high | HTTPS not verified | medium | | WebView PlainText Store password | high | Download any apk | medium | | PlainText digital certificate | high | Global writable Internal files | medium | | Debug Log functions | high | DDoS | medium | | Resource File Disclosure | medium | Residual test information | low | | Dynamic Debug Attacks | medium | WebView Bypass Certificate validation | low | | Activity Component Export | medium | Unsafe use of random numbers | low | | Service component Export | medium | Intent Scheme URL | low | | Broadcast receiver Component Export | medium | Fragment injection attack | low | | Content Provider Component Export | medium | ā | ā |
|
|
