验证的Android APK尚未重新包装? [英] Verify Android apk has not been repackaged?
问题描述
遥望我的Android应用程序提高到标志的安全性,如果.apk文件已被提取,修改,重新包装并辞职。下面是来自ZDNet的一篇文章指出的问题<一href="http://www.zdnet.com/android-malwares-dirty-secret-repackaging-of-legit-apps-7000000886/">link1.
Looking to improved the security of my Android app to flag if the .apk has been extracted, modified, repacked and resigned. Here's article from Zdnet noting the issue link1.
令人担忧的是,如果应用程序是由黑客们的目标,他们可以添加恶意code,并上传到另一个应用程序商店,并欺骗用户来下载。
The concern is if the app is targeted by hackers they could add malicious code and upload to an alternate app store and dupe users in to downloading it.
所以,我想code验证APK或签名证书的校验?
So I'm thinking code to verify a checksum of the apk or signing certificate?
我AP preciate应用程序code可以重新包装和任何安全code删除,但它确实增加了重新包装,也许足以让他们尝试另一种应用程序的难度。
I appreciate the app code could be repacked and any security code removed, but it does increase the difficulty of repacking it, maybe enough for them to try another app.
[更新]我知道,谷歌Play商店的许可模块可提供类似的东西,但我在找东西给非付费应用等/非交易市场。
[update]I know the Google Play store licensing module offers something similar but I'm looking for something for non paid apps and other/non marketplaces.
推荐答案
我结束了使用 Dexgaurd (支付混淆器Android版)提供了preforms APK验证的模块。主要表现为容易实现,并提供更好的平均保护。
I ended up using Dexgaurd (paid obfuscator for Android) offers a module that preforms apk verification. Mainly as simple to implement and offers better the average protection.
这里的code做检查:
Here's the code to do the check:
dexguard.util.TamperDetection.checkApk(context)
的主要问题是在哪里存储APK验证针对给定的,它可能要被替换的校验和。该dexguard的办法就是在本地,但使用其他功能,如类/字符串加密和API躲在阴暗此调用检查。
The main issue is where to store the checksum of the apk to verify against given that it could to be replaced. The dexguard way is to check it locally but using other features like class/string encryption and api hiding obscure this call.
这篇关于验证的Android APK尚未重新包装?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
