The APP needs to be launched recently, but it needs to apply for some qualifications. As a technician, I really don’t understand these things. I just give the boss whatever he wants, pack it up and hand it over to the testing platform.
After waiting for two days, the test platform gave a test report and required the revision of high-risk vulnerabilities.
1.WebView remote code execution
2. Decompile the program
3. The Activity was hijacked
4. Dynamic debugging and detection
5.SO injection detection
At first glance, my APP has so many bugs, but I don’t know these things. Can ask Baidu only, Baidu still is that Baidu ah, seek out the advertisement that is each big consolidate platform completely, dot went in to try, discover consolidate platform divides free edition and enterprise edition again. With the mentality of trying (in fact, it is lazy to find again), I made an APK with 360 reinforcement and threw it to the test platform again.
Wait 2 days, another report:
Yeah, there’s only two high-risk vulnerabilities left, so it looks like the reinforcement worked. So I want to apply for an enterprise version, but I have no choice but to pay the price. Every major platform charges by time, which is basically 8W per APP per year. How can I afford this price as an 18-line programmer?
Baidu can only continue, but baidu this aspect of the experience of the people really very few, fortunately, the best or to solve.
Solution: Check the ptrace mode. If the process is attached to the debug state, the procID check is performed in /etc/$(procID)/status. If the process ID is not zero, the process is killed and exits. If the process is attached to the debugging state, check the process ID following TracerPid in /etc/self_status. If the process ID is not zero, kill the process and exit.
In conclusion, the above scheme is actually used to solve the problem of dynamic debugging, but after I use this scheme, the detection platform reports that there are no two high-risk vulnerabilities, which is very nice.