中文摘要：

结合信息流分析与控制流分析,获取Android应用函数调用图和敏感数据传播路径,提出一种基于静态分析的漏洞挖掘方法.通过使用多种逆向分析方法,该系统能够反编译成功大多数执行文件.根据Android应用反编译的中间代码,逐个分析与某些对象相关的漏洞,提高漏洞挖掘的准确性.分析了15种常见漏洞,并使用实际应用市场中的应用和样例应用进行了分析,验证了系统的准确性和可用性.

英文摘要：

By combining with the information flow analysis and control flow analysis, we get the function call graph and sensitive data propagation path of Android applications were obtained. A method was put forward based on static analysis to mine vulnerabilities of Android applications. By using multi methods of reverse analysis, the system can decompile most apps successfully. According to Android applications intermediate code, the system analyzed vulnerabilities about some objects one by one to improve the accuracy of results. 15 common vulnerabilities was analyzed, and the actual application market applications and sample applications were used to implement experiments to verify the system accuracy and availability. ? 2016, Editorial Board of Journal of Huazhong University of Science and Technology. All right reserved.