中文摘要：

Android应用程序的社交、支付等功能给人们的生活带来了很大的便利，但是WIFI热点攻击、应用程序加密协议误用等问题的不断出现导致Android应用的网络通信非常容易遭受中间人攻击。针对这种威胁，实现了一个高效的、可配置安全优化策略的、保护Android应用网络通信的安全工具SCBox（Secure Communication Box）。SCBox是运行在Android系统上的一个应用程序，它基于应用程序插件化，可以让第三方应用导入其中并正常运行在一个安全沙箱中。通过代理第三方应用程序的网络通信，SCBox与中继服务器建立安全连接，然后数据经过中继服务器的转发安全到达应用服务器，实现加密的安全通信。相比较于保护Android应用网络通信的其他方案，SCBox不用修改操作系统和第三方应用程序代码，解决了这种修改源代码方案面临的部署困难的问题。而且，SCBox还可以配置安全优化策略，在静态导入阶段选择是否保护此应用程序、与哪个中继服务器建立安全连接，在动态运行阶段根据应用程序的上下文选择是否授予相应权限，限制了应用程序中第三方库的恶意上传隐私数据行为。实验证明，SCBox可以有效抵御WIFI热点攻击和加密协议误用等问题造成的中间人攻击，而且不会带来太大的性能消耗。

英文摘要：

The Android application facilitates people’s life which provides some functions such as chat with your friends,pay for the bill,and so on.Unfortunately,some problems caused by rouge access point and misuse cryptographic protocolmake Android apps vulnerable to man-in-the-middle attack.This paper presents SCBox(Secure Communication Box),anefficient tool that can customize secure strategy for enhance Android apps network communications security.SCBox isbased on application virtualization that can make encapsulated apps run in isolated sandboxing environment without installon stock Android.It can establish secure connection with relay server which retransmit the data to application serversecurely by intercepting network socket between the app and the system.Compared to other related work,SCBox combinesthe strong security guarantees of OS security extension with the deployability of application layer solution withoutmodify OS and application.Meanwhile,SCBox can customize secure optimized strategy that it is optional for user whetherthe network communication of the app is to be protected and which relay server is to be selected.It can also limit the Internetpermission of apps to prevent the malicious third-party library from uploading privacy data.The implementation andevaluation of SCBox on some vulnerable apps show that it can enhance network communications security of Androidapps without much performance overhead.