Root Equipment operation risk

su yes Linux Issue the command to switch users , It is used without parameters , Switch to super user . Usually we get it root jurisdiction , Is the use of su Command to achieve , So you can check whether this command exists

1） Check whether it exists in the common directory su

public static boolean checkRootPathSU() {
    
        File f = null;
        final String kSuSearchPaths[] = {
    "/system/bin/", "/system/xbin/", "/system/sbin/", "/sbin/", "/vendor/bin/"};
        try {
    
            for (int i = 0; i < kSuSearchPaths.length; i++) {
    
                f = new File(kSuSearchPaths[i] + "su");
                if (f != null && f.exists()) {
    
                    //Log.i(LOG_TAG, "find su in : " + kSuSearchPaths[i]);
                    return true;
                }
            }
        } catch (Exception e) {
    
            e.printStackTrace();
        }
        return false;
    }

When CheckRootPathSU The return value is true when , Prohibit apps from starting apps

This method is to detect common directories , Then it is possible to omit the infrequently used directories . So there is a second method , Use it directly shell To find

2） Use which Command to see if there is su

which yes linux An order was given , It can be in the system PATH Search the location of a system command in the path specified by the variable and return the first search result , here , We use it to find su

 // Use which Command to see if there is su
    public static boolean checkRootWhichSU() {
    
        String[] strCmd = new String[] {
    "/system/xbin/which","su"};
        ArrayList<String> execResult = executeCommand(strCmd);
        if (execResult != null){
    
            //Log.i(LOG_TAG,"execResult="+execResult.toString());
            return true;
        }else{
    
            //Log.i(LOG_TAG,"execResult=null");
            return false;
        }
    }

    public static ArrayList<String> executeCommand(String[] shellCmd){
    
        String line = null;
        ArrayList<String> fullResponse = new ArrayList<String>();
        Process localProcess = null;
        try {
    
            //Log.i(LOG_TAG,"to shell exec which for find su :");
            localProcess = Runtime.getRuntime().exec(shellCmd);
        } catch (Exception e) {
    
            return null;
        }
        BufferedWriter out = new BufferedWriter(new OutputStreamWriter(localProcess.getOutputStream()));
        BufferedReader in = new BufferedReader(new InputStreamReader(localProcess.getInputStream()));
        try {
    
            while ((line = in.readLine()) != null) {
    
                //Log.i(LOG_TAG,"–> Line received: " + line);
                fullResponse.add(line);
            }
        } catch (Exception e) {
    
            e.printStackTrace();
        }
        //Log.i(LOG_TAG,"–> Full response was: " + fullResponse);
        return fullResponse;
    }

CheckRootWhichSU The return value is true when , Disable app startup

So synthesis 1 and 2, We can judge that

	// Determine whether the equipment is root
    public static boolean isDeviceRooted() {
    
        //find su in some path
        if (checkRootPathSU()) {
    
            return true;
        }
        //find su use 'which'
        if (checkRootWhichSU()) {
    
            return true;
        }
        return false;
    }

stay SplashActivity.java Of onCreate when , Judge , If it is root The device pops up a prompt

		//Root The equipment cannot operate 
    if(Utils.isDeviceRooted()){
    
    	showNormalDialog();
        return;
    }
        
	private void showNormalDialog() {
    
        AlertDialog.Builder builder = new AlertDialog.Builder(this);
        builder.setTitle(" Operation tips ");
        builder.setMessage(" Security risks are detected in the current operating environment , Can't use .");

        builder.setPositiveButton(" determine ", (dialogInterface, i) -> finish());
        builder.setCancelable(false);
        AlertDialog alertDialog = builder.create();
        alertDialog.show();
	}

The effect is as follows ：

Reference resources ：Android root Summary of detection methods

Janus Signature mechanism vulnerability

Evaluation purpose ： testing App Does the program exist Janus Signature mechanism vulnerability
dangerous ：Google Disclosed a report called “Janus” Android vulnerability （ Hole number ：CVE-2017-13156）, This vulnerability can allow an attacker to bypass the security of Android Signature scheme V1 Signature mechanism , With tampered APK Cover the original application , And can access all the data of the original application , Direct pair App To tamper with . Because other security mechanisms of Android system are also based on signature and verification , So it can be said that this vulnerability is equivalent to bypassing the entire security mechanism of Android system .
The scope of the vulnerability ： Android 5.0-8.0 Various versions of the system ; Using Android Signaturescheme V1 The signature of the App APK file .
The harm of this vulnerability ： Read the data stored on the original mobile phone ; Monitor the input of users 、 Intercept 、 cheat , Guide the user to enter the password , Transfer accounts ; to update Android The system of APP, Get higher system permissions from , even to the extent that root/ Prison break , Prepare for other attacks

terms of settlement ： Use simultaneously for applications Signature scheme V1 and Signature scheme V2 Signature mechanism

Test Item 9 ： Real name authentication page
Software involves collecting personal sensitive information , Without individual consent .

3.5.7.4 Broadcast Receiver Component export risk
If export permission is set , May be directly called out and used by the system or third-party applications . Component export may cause local denial of service 、 Ultra vires 、 Malicious calls and other risks .

a. Active settings android:exported by true
b. Components exist IntentFilter, There is IntentFilter when android:exported The default value of the property is true
c. When the component is ContentProvider also minSdkVersion perhaps targetSdkVersion Less than or equal to 16 when ,android:exported The default is true , When it is greater than or equal to 17 when ,android:exported The default is false

stay app The specific performance is ： For example, when the game logs in, it calls wechat Activity Login component , The WeChat Activity Login components can be exported . Simply put, the exported components can be exported by third parties app call （ Wake up the ）

https://blog.csdn.net/qq_35993502/article/details/118102715

3.5.7.2 Activity Component export

3.5.4.3 Interface hijacking risk
Third party support ： Use a third-party professional anti hijacking interface SDK, Prevent the application interface from being hijacked

3.5.3.26 Dynamic debugging attack risk
Third party support ： Use a third-party professional reinforcement scheme with anti dynamic debugging function , Prevent applications from being dynamically debugged .

3.5.3.22 Code residue URL Information detection
Developer self check ： 1、 Check and evaluate all URL Information , Judge whether there is any information related to internal business and other sensitive information
URL Address , To delete ; 2、 Try not to put the client business-related URL The information is hard coded in
In the application client , It is suggested to generate the required request in a dynamic way UR

The App There is leakage of sensitive information of the shear board
Try not to use shear plates . If you have to use a shear board , Ensure that sensitive information is not stored .

The App The application data in is at risk of being backed up by external calls .
AllowBackup Is in Android 2.2 A system backup function introduced in . Allows users to back up system applications and third-party applications apk Installation package and application data , In order to restore the application after a brush or data loss , Users can go through adb backup and adb restore To backup and restore application data . Third party application developers need to be in the application AndroidManifest.xml Configuration in file allowBackup sign ( The default is true ) To set whether application data can be backed up or restored .

https://blog.csdn.net/mysimplelove/article/details/84073013

3.5.2.13 Root Equipment operation risk
The App Can be used in Root On your phone

3.5.2.8 Technical risks of not using compiler stack protection
https://www.cnblogs.com/zhouyong0330/p/14277980.html

3.5.1.5 Risk of resource document disclosure
Third party support ： Use a third-party professional reinforcement scheme with resource file protection function , Prevent resource file leakage .

3.5.1.4 Janus Signature mechanism vulnerability

Developer self check ： 1. Check in time App APK The beginning byte of the file , In order to ensure that App Not tampered with ; 2. Application to
Use at the same time Signature scheme V1 and Signature

3.5.1.3 So File cracking risk
Third party support ： Use with so Third party professional reinforcement scheme for file protection function , prevent so The file was cracked .

It can protect the application from malicious cracking 、 Decompile 、 Second packing , Memory crawling and other threats
1 month 3000,12 Months 5 fold 1w8

3.4.5.1 Activity Component export risk