Android operating system is an open source operating system developed by Google and the Open Handset Alliance, which is mainly applied in intelligent mobile terminals (e.g. smart phones, tablets, etc.). The open nature of the Android system renders it getting the favor of many cell phone manufacturers and users, and also causes more and more developers joining in the development of Android system applications.
Developers compile the codes of Android system applications, and then package the compiled source codes into a file that can be recognized, installed, and operated by Android operating system. The format of such a file is APK (android application package) format. Users upload the file in the apk format to an Android device such as an Android simulator or Android mobile phones and the like to operate it, and the installation is completed.
However, also due to the open nature of the Android system, virus writers can directly insert virus codes into the source codes of Android system applications, to achieve the purposes of charging the phone bill, consuming cell phone traffic, and stealing users' privacy. For example, some virus creators decompile Android system applications, get corresponding program codes, and insert the virus codes into the program codes which are originally security, then repackage the program codes containing virus codes, and finally send the apk carrying virus codes to cell phone users via various channels.
In the prior art, by means of hash algorithm, the hash values of a large number of virus-infected apk files are extracted, a virus signature database containing a plurality of hash values is constructed, and the target apk file is detected. If the hash value of the target apk file is identical to any one of the hash values in the virus signature database, then it is determined that the target file contains viruses.
However, if virus writers modify one character of the target apk file containing viruses, the hash value of the modified target apk file will change, thus bypassing the detection of the method in the prior art.