How to protect mobile developer APK Security, implement Android encryption app protection!

Source: Internet
Author: User

According to information security researchers have discovered a new Android malware. This Trojan encrypts the photos, videos, and documents in the user's phone and asks the user to pay the ransom to recover. Insiders believe that this malware integrates social engineering, cryptography and the Internet architecture, and may become a more serious and broader threat in the future. Earlier, the first SMS-sucking Android Trojan was also born in Eastern Europe.

This malware will scan the user's phoneSDcard with the following extensionJPEG,jpg,PNG,BMP,gif,PDF,Doc,docx,txt,avi,mkv,3gpand themp4files, which are then encrypted using the Advanced Encryption Standard. It is unclear whether the user will be able to ensure that the file is decrypted after paying the ransom. Esetusers are advised not to pay the ransom.

According to the report released by the Information Security Research Institute, Sophos , in Friday, users can reboot into Safe mode and then manually remove the malware, but malware-encrypted files will be permanently lost. Sophos says users can recover files by recovering the AES key in the malware , but this requires some technical capability.

One months ago, another Android malware reported by researchers could disable a user's phone and ask the user to pay a ransom for it. 8 months ago, a malware called Cryptolocker could permanently lock a PC 's hard drive unless the victim paid 300 USD fee. The app is not listed on the Google Play store, and is spread primarily through other channels. As a result,Android users should be cautious before choosing to install apps from other sources.

Unsafe mobile App brings us the following aspects of the hidden dangers:

       first of all, it is the Android app that is unsafe to cause personal information to flow out, and an attacker can take advantage of app vulnerability monitor and tamper with our information. This flaw is actually the Android developer did not carry on the Android encryption

Secondly, the problem of communication security, "suction software" is a typical example. These software, in order to secretly send text messages in the background without the user's consent, and the mobile operator reply to the confirmation of the deletion of the message secretly, each month to deduct the user 3 to 5 dollars of money to profit. Believe that more than 85% users will not find the issue of the charges, a few small amount of money is not so easy to detect, but in the long run, the loss is not to be belittled.

      

        How to help developers to Android app program encryption, effectively avoid the above hidden dangers? First of all, the need for developers to increase the importance of encryption of Android applications, and secondly, the need for developers to strengthen the technical means to their own app security protection, such as encryption through the third-party service platform love encryption protection. At the same time, the Android application market is also needed to increase the monitoring and crackdown on piracy and create a good industrial environment.

Love EncryptionBeijing Zhi-Travel Network Security Technology Co., Ltd. is a heavy launch of an APP to provide security services platform. Love encryption current proposed three layer encryption protection:dex Shell Protection,dex instruction dynamic load protection, advanced obfuscation protection, can guarantee the APP The dynamic security and static security, hackers will not have the opportunity to do any hack. Love encryption more than a year ago launched so Library protection,theC + + layer of code has been professionally protected, so that the APK package invulnerable.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.