Safety Detection Method of Android App Based on Drozer

Abstract

Drozer is the interactive Android security testing framework developed by MWR Labs. According to this framework, the dynamic analysis can be executed the actual equipment, and agent can be installed in the equipment or the simulator, the user-input commands are send to the agent program of Android device from server, the tool is extended by modifying local Python files or installing modules, and then more sophisticated, in-depth attacks on Android components are launched. First of all, a Drozer based Android APP security detection scanning plug-in is designed. Secondly, the software is tested by using the attack mode, detecting whether there is SQL injection vulnerability, rejection vulnerability, data backup vulnerability. Finally, the interaction information between the detecting software and Drozer is utilized, and the authoritative software security test report is automatically generated by one key, which provides a new intelligent method for the detection of Android software vulnerability.