Abstract: The number of Android terminals and applications has been increasing in recent years with the rapid     development of mobile Internet, which greatly changes people's life. However, mobile applications are complicated to interact, difficult to debug, and their versions update frequently. Many applications have been published without adequate testing, which makes failures caused by various vulnerabilities in Android applications occur frequently. SQL (structured query language) injection is a kind of common security vulnerability, which can cause user information leakage and database to be tampered maliciously. However, general static analysis tools cannot detect SQL injection vulnerabilities in Android applications effectively. Aiming at this problem, this paper analyzes the code and data characteristics of SQL injection vulnerabilities, and puts forward a static detection approach based on taint analysis. It extends the open source tools FindBugs, and implements the prototype tool SQLInj. The experimental results indicate that this approach can detect the SQL injection vulnerabilities in Android applications effectively.

Key words: SQL injection, static detection, taint analysis, legitimate check

摘要： 随着移动互联网的迅猛发展，基于Android平台的移动终端以及移动应用数量逐年攀升，极大地改变了人们的生活方式。然而，移动应用具有交互复杂、难于调试、版本更新迭代频繁等特点，很多应用没有经过充分检测就投入了使用，致使Android应用中各种漏洞导致的故障频发。其中，SQL注入漏洞是一类常见安全漏洞，会引发用户信息泄露、恶意篡改数据库等严重后果。但现有的通用静态分析工具大多无法有效检测  Android应用中的SQL注入漏洞。针对这一问题，分析了SQL注入漏洞的代码特征和数据特征，提出了一种基于污点分析的静态检测方法，并在开源工具FindBugs的基础上，实现了原型工具SQLInj。实验结果表明，该方法能有效检测出Android应用中存在的SQL注入漏洞。

关键词: SQL注入, 静态检测, 污点分析, 合法性检查