안드로이드 오픈마켓_보안이슈
-
Upload
jieun-lee -
Category
Technology
-
view
1.733 -
download
4
description
Transcript of 안드로이드 오픈마켓_보안이슈
Good News(1/2)
• More Apps, More Downloads
• More Revenue
– Android Market 매출 800% 향상(2010/2009)
Good News(2/2)
• Tstore – 1400만 사용자
– 월 100억 거래
– 누적 거래 1천억
– 일 다운로드 100만건
– 게임매출: 75~80%
• Samsung/Pantech/Nstore…
Bad News!(2/2)
• More Problems
– 무단복제(Copy Right)
– 권한도용(Payment Issues)
– Malicious Code
• Send SMS
• Collect IMEI numbers
Why Android?(1/3)
• Open Source/Open Market – Open : ‘mkdir android ; cd android ; repo init -u
git://android.git.kernel.org/platform/manifest.git ; repo sync ; make’
– Rooting: 시스템의 모든 권한을 갖는다 • One Click Rooting
– Custom ROM • 온라인뱅킹이 지원될 정도로 대중화 -_-;
• 폰의 모든 정보를 믿을수 없다 – IP/MDN/IMEI/MAC
Why Android?(2/3)
• Java
– Bytecode: easy to understand
– Cost(disassembly) >> Cost(decompile)
– 전통적인 자바의 특징
• Mocha(1996)
– For android
• dex2jar : dex jar java (JD-GUI)
• smali/baksmali: dex smali dex
Why Android?(3/3)
• Android System itself
– Dalvik VM executes dex files
– Odex File: optimized dex file
Dalvik Virtual
Machine (JIT Compiler)
dex file
Storage odex file
(reuse)
decompile hijacking
In-app Billing
• Items could be faked by Bytecode Modification
– Apple: IAP Cracker
Secure
Preview제거 Item 획득 Level Up
How To Defense?
• Use Obfuscator
• Use Native Code
• Use Your own item server
• Sorry, Find your own solutions!
– 2011 Google I/O Evading Pirates and Stopping
Vampires using License Verification Library, In-App Billing, and App Engine
– 2012.4 Code Obfuscation for the Amazon In-App