关键词: Android, 通信, 安全, 加密协议

Abstract: The Android application facilitates people’s life which provides some functions such as chat with your friends, pay for the bill, and so on. Unfortunately, some problems caused by rouge access point and misuse cryptographic protocol make Android apps vulnerable to man-in-the-middle attack. This paper presents SCBox（Secure Communication Box）, an efficient tool that can customize secure strategy for enhance Android apps network communications security. SCBox is based on application virtualization that can make encapsulated apps run in isolated sandboxing environment without install on stock Android. It can establish secure connection with relay server which retransmit the data to application server securely by intercepting network socket between the app and the system. Compared to other related work, SCBox combines the strong security guarantees of OS security extension with the deployability of application layer solution without modify OS and application. Meanwhile, SCBox can customize secure optimized strategy that it is optional for user whether the network communication of the app is to be protected and which relay server is to be selected. It can also limit the Internet permission of apps to prevent the malicious third-party library from uploading privacy data. The implementation and evaluation of SCBox on some vulnerable apps show that it can enhance network communications security of Android apps without much performance overhead.

Key words: Android, communication, security, cryptographic protocol