More theoretical foundation
The app is often used to do some illegal things, such as high wool, black and gray, and even to destroy and modify the app's functions. Therefore, multiple openings are harmful in actual app applications, so it is very important to identify multiple opening environments. Identifying multiple opening environments is conducive to making apps safer.
The principles of multi-opening apps on the market are similar. They all run multi-opened apps in a new process and hook various system functions to make multi-opened apps think they are a normal app running.
In terms of form, there are two forms of multi-opening apps. One is to directly load multi-opening apps from multi-opening apps, such as parallel spaces, Virtual Apps, etc. The other is to allow users to install a new app, but this app is essentially a shell to load multi-opening apps. The principle is the same as the previous one. The multi-opening app on the market uses this form. Each app of the user needs to install a new app named App.
Analysis of the principle of multi-open implementation
There are many types of multi-opening implementation principles for apps, such as using multi-user method (mumu simulator implementation) and running by creating different process names (multi-opening clones, dual-opening assistants).
We know that each app has its own private directory, generally "/data/data/package name/" or "/data/user/user/package name". The multiple opening methods are also processed based on these, so we can read the information directory under the private directory by calling the system getFilesDir() method. In a multi-opening environment, the directory you get will become "/data/data/multi-opening package name/xxxxxxxxx" or "/data/user/user/user/multi-opening app package name".
Based on the above principle analysis, the following code can be used to determine and identify the multi-open environment.
Code implementation: Multiple package names
// Used to collect app package names that can be used to multi-open, and most of the multi-open apps on the market have been collected.private String[] packagename = {
"",//Open more bag name of the clone itself "",//chaos engine "",//parallel space "",//Double-opening assistant "",//VirtualXposed,VirtualApp
"",//360 clone master "", //DualGenius/Double-opening elf "" //GO Multiple/Go Double Open};
Comparison by reading the file package
public boolean checkPrivateFilePath(Context context)
{
String path = ().getPath();
for(String vtpkg: packagename)
{
if((vtpkg))
{
return true;
}
}
return false;
}
Comparison by reading the file package
public boolean checkPrivateFilePath(Context context)
{
String path = ().getPath();
for(String vtpkg: packagename)
{
if((vtpkg))
{
return true;
}
}
return false;
}
Code implementation: Multi-user
private String GetMulData()
{
//Implemented by reading the command line. String filter = exec("cat /proc/self/cgroup");
if(null == filter || (() == 0))
{
return null;
}
int uidStartIndex = ("uid");
int uidEndIndex = ("/pid");
if(0 > uidStartIndex)
{
return null;
}
if( 0 >= uidEndIndex)
{
uidEndIndex = ();
}
filter = (uidStartIndex + 4, uidEndIndex);
try {
String strUid = ("\n", "");
if(isNumeriToUid(strUid))
{
int uid = (strUid);
filter = ("u0_a%d", uid -10000);
return filter;
}
}catch (Exception e)
{
return null;
}
return null;
}
Summarize
This is the end of this article about the analysis and detection implementation of Android multi-opener. For more related contents of Android multi-opener analysis and detection, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!