An Android Vulnerability Detection System

Android system versions update and iterate frequently with severe fragmentation. The distribution of the various Android versions’ market share is scattered, making system-level vulnerabilities’ risk extensive and serious. For the limitations of the present research, we design and implement a new comprehensive system-level vulnerability detection system VScanner. For the first time VScanner is based on Lua script engine as the core. It gives priority to dynamic detection by exploiting, and static detection by feature matching is complementary. Vulnerability trigger is developed by the form of plugins, and it bases on vulnerability taxonomy by POCAS, which shows good scalability. For system-level vulnerabilities, we have implemented 18 plugins, which all are system-level vulnerabilities in high risk. By experimental evaluation, VScanner has high efficiency, low false alarm rate, and good effects on vulnerability detection.