移动应用的飞速发展为不可信输入带来了黄金发展期——各类不可信输入层出不穷，严重威胁到用户的信息和财产安全。本项目将围绕移动应用中不可信输入的安全检测展开研究，重点对两类真实存在但又尚未得到充分研究的不可信输入进行深入探索：共享存储空间导致的不可信输入和应用推广中的不可信输入。对于共享存储空间导致的不可信输入，本项目将从静态代码分析和动态实时获取两种方式来对应用在使用共享存储空间中文件时的潜在不可信输入进行研究，并且利用存储空间动态分配的特点，探索如何通过共享存储空间对内部存储空间中的数据进行操作。对于应用推广中的不可信输入，本项目将以应用推广作为具体应用场景，探索网络数据篡改的庞大利益组织，利用多种不同的网络探测手段和方法进行数据采集，以便有效检测不可信输入，识别网络数据篡改方式，发现网络数据篡改背后的不法参与者。本项目的完成将为有效消除这两类不可信输入提供较为全面的技术和理论支持。

The rapid development of mobile applications (apps for short) has brought a golden period for the development of untrusted input - various untrusted input arises, which puts users’ privacy and property in danger. This research aims at detecting untrusted input in mobile apps, including two kinds of untrusted input that are real but not fully studied: untrusted input caused by shared storage and untrusted input in app promotion. For the untrusted input caused by shared storage, this research will fully study the potential untrusted input when apps use the files in shared storage. This study will be conducted in two ways: static code analysis and dynamic real-time acquisition. Meanwhile, this study will explore how to manipulate the data at internal storage through shared storage by using the characteristics of storage space dynamic allocation. For the untrusted input in app promotion, this research takes app promotion as a specific application scenario, explore the huge interest organization of network data tampering, and use a variety of network detection methods to collect data, so as to effectively detect the untrusted input, identify the way of network data tampering, and find the illegal participants who are responsible for network data tampering. The success of this research will provide more comprehensive technical and theoretical support for effectively eliminating these two kinds of untrusted input.