研究文章

面向功能的移动恶意软件分析急救

表5

可疑的API定义我们列表。

类别 方法

获取系统信息 TelephonyManager getDeviceId ()
getLine1Number ()
getNetworkOperator ()
getSimOperatorName ()
getSimSerialNumber ()
getSubscriberId ()
getCallState ()
UUID toString ()
WifiInfo getMacAddress ()
WifiManager getConnectionInfo ()
getWifiState ()

获取个人信息 LocationManager getLastKnownLocation ()
requestLocationUpdates ()
ContentResolver query()、删除()
Audio.Media getContentUriForPath ()
Images.Media getContentUri ()
Video.Media getContentUri ()
- - - - - - getContentResolver ()
Uri parse ()

发送或接收短信 SmsManager getDefault ()
sendTextMessage ()
createFromPdu ()
getDisplayMessageBody ()
getMessageBody ()
getOriginatingAddress ()
getUserData ()
gsm.SmsManager sendTextMessage ()
createFromPdu ()
getDisplayMessageBody ()

调用 telephony.ITelephony endCall ()

重新编码 AudioRecord startRecording ()
MediaRecorder 开始(),停止()

数据传输 HttpURLConnection getOutputStream ()
URLConnection getInputStream ()
getOutputStream ()
ssl.HttpsURLConnection getOutputStream ()
client.HttpClient execute ()

数据传输 client.DefaultHttpClient execute ()
JSONObject put ()
AQuery ajax ()

设备策略管理 DevicePolicyManager lockNow isAdminActive (), ()
DeviceAdminReceiver - - - - - -

动态加载 AssetManager getAssets ()
DexClassLoader loadClass ()
SecureClassLoader - - - - - -
URLClassLoader - - - - - -
运行时 exec (), getRuntime ()
VMRuntime getRuntime ()
系统 load (), loadLibrary ()

加密 crypto.Cipher doFinal ()
getInstance ()
crypto.KeyGenerator generateKey ()
SecretKeySpec - - - - - -

反射 getDeclaredMethod ()
reflect.AccessibleObject 种setAccessible ()

PendingIntent getBroadcast ()
- - - - - - abortBroadcast
FileOutputStream - - - - - -
ZipOutputStream close ()
PackageManager setComponentEnabledSetting ()
环境 getExternalStorageDirectory ()
getExternalStorageState ()
字符串 equalsIgnoreCase(),将()
ActivityManager restartPackage ()
AudioManager setVibrateSetting ()
setRingerMode ()
上下文 getSystemService ()