关键词：移动应用；安全性；应用程序；安卓
摘 要：Android provides tools to enable rich interaction, but if developers do not know how to use them correctly, they will not use them securely. In this dissertation, we examine how mobile applications interact with each other and their environment. We uncover threats to application security due to developer confusion and general misuse of the features provided by the mobile platform. Specifically, we perform an in-depth analysis of how Android applications interact with each other through inter-process communication mechanisms, how they interact with system resources through Android permissions, and how they interact with web content through WebViews. We build static analysis tools to identify vulnerable applications and measure the prevalence of the vulnerabilities. Through automated and manual analysis, we identify patterns that illustrate how developers misuse these features and make their application vulnerable to attack. We further provide platform-level, API-level, and design-leve solutions to help developers and platform designers build secure applications and systems.