1. Technical Field
The present invention relates generally to an apparatus and method for manifesting an event to verify the security of a mobile application and, more particularly, to an apparatus and method for manifesting an event to verify the security of a mobile application in order to verify the security of the mobile application before the mobile application is delivered to a user.
2. Description of the Related Art
With the recent explosive spread of smart devices, a large number of mobile applications for providing various types of services including Internet banking have been developed. As existing PC-based attacks have spread into smart devices in line with the above-described change, cases where mobile applications are forged or falsified and disguised as normal applications, users are induced to install the disguised applications and then the installed applications attach smart devices have rapidly increased.
Such types of attacks based on mobile applications are characterized in that specific system events, such as a short message service (SMS) reception event, are received when mobile applications operate and malicious actions are automatically generated or are generated a specific time after the mobile applications have been executed.
Furthermore, recently, there are cases where a malicious action is manifested only when user input, such as clicking on a button, is performed after an application has been executed. An app-in-app type attack, which is a representative one of the above cases, corresponds to a case where after a normal application has been installed, a malicious application disguised as the normal application is also installed, which requires user input. These types of attacks are not detected by a security system if a tester does not actually operate after applications to be tested have been installed.
In Korea, research into a behavior automatic manifestation technique for testing the security of a mobile application has not been reported yet. As disclosed in Korean Patent No. 10-0932603, a method of manifesting a GUI to test the reliability of a mobile application has been chiefly researched. An application function automation technique is applied to such a GUI manifest method under the condition that an application verifier is previously aware of the configuration of a GUI and a basic operation scenario. If the function of an application is not known, the scenario of the application is checked using software reverse-engineering technology and then a GUI test is performed.
The conventional methods are problematic in that they cannot be applied to situations in which the scenario of an application is not known in advance and the security of a large number of applications needs to be rapidly tested.