Research on non-authorized privilege escalation detection of android applications

This paper briefly analyzes the security mechanism of android platform and describes permission statement and request of android application. According to android permission mechanism and its shortcoming, the android privilege escalation detection technology and attacking principle is mainly analyzed, and privilege escalation attacking model and architecture of application is put forward. Penetration testing tool Drozer is used to detect application permission. Application package and Manifest file is analyzed to obtain privilege elevation vulnerability. At the same time, sensitive combination permission is distinguished to avoid and exclude the use of malicious code.