Some user can run un-installed app in VM APP.
you can search on Google play,such as
O__O "…,Android run on sandbox process, CS model,and android in client model .
about Android VM implement,can view at https://github.com/DroidPluginTeam/DroidPlugin/blob/master/DOC/hejunlin/%E6%8F%92%E4%BB%B6%E5%BC%80%E5%8F%91%E4%B9%8B360%20DroidPlugin%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%89%EF%BC%89Binder%E4%BB%A3%E7%90%86.md.
VM hook many binder,in normal App,binder is not a proxy,but VM hook binder by proxy,so we can detect binder status.
such as PackageManger class should in system,if detect PackageManger.class in app file path,your app has been hooked
没有评论:
发表评论