CN103839000B

CN103839000B - Application program installation method and device based on intelligent terminal equipment

Info

Publication number: CN103839000B
Application number: CN201410060681.0A
Authority: CN
Inventors: 姚彤; 丁祎
Original assignee: Beijing Fu Tong Tong Technology Co Ltd
Current assignee: Beijing Fu Tong Tong Technology Co., Ltd.
Priority date: 2014-02-21
Filing date: 2014-02-21
Publication date: 2017-04-26
Anticipated expiration: 2034-02-21
Also published as: CN103839000A

Abstract

The invention discloses an application program installation method and device based on intelligent terminal equipment. The application program installation method based on the intelligent terminal equipment comprises the steps that installation of an application program is conducted, and after it is monitored that the application program needs to read a configuration information file, an application program authorization permission list which is set for the application program to be installed by a user is loaded, wherein the application program authorization permission list contains one or more behavior permissions which are selectively authorized for the application program to be installed by the user; behavior permissions of the application program are configured according to the authorized behavior permissions contained in the loaded application program authorization permission list, and installation of the application program is completed. By the adoption of the application program installation method and device based on the intelligent terminal equipment, user safety can be improved.

Description

Method and apparatus based on intelligent terminal set up applications

Technical field

The present invention relates to ARIXTRA (Android) platform technology, and in particular to a kind of to install application based on intelligent terminal The method and apparatus of program.

Background technology

Android platform is the mobile phone operating system platform of increasing income based on Linux, by operating system, user interface and should Constituted with program, third party application is opened completely.Due to the opening of Android platform so that application development Person possesses bigger degree of freedom in development and application program, thus, attract many application developers, application development Person also develop and there is provided in a large number based on Android platform ARIXTRA application program, the installation kit of this application program be with One kind is referred to as the form of APK (Android Package) and is issued, and realizes application program by installing ARIXTRA installation kit Operation so that increasing application program can be carried in Android platform.Android platform is used as most flowing in the world Capable Mobile operating system platform, has covered billions of mobile terminals and numerous application programs.

Android platform is devised based on the secure access strategy for authorizing behavior authority at the beginning of design, is carried out in user When application program is installed, if application program is related to the operation to user security, for example, the behaviour for reading user privacy information Make, or the operation of customer charge loss may be caused, being required for user that behavior authorized party is carried out to application program can be carried out.Lift For example, if application program needs execution to send note, access contact data, reading storing card data etc. after mounting read When taking the operation of user privacy information, and increasing the operation of customer charge using network connection etc., need when mounted to Corresponding behavior authority is applied at family, that is, in application program installation process, will need what user authorized by mobile terminal Behavior rights statements show to user, so as to decide whether that authorizing the application program performs the visit that user security is operated by user Ask authority.

In application program installation process, due to the secure access strategy of Android platform, user is in set up applications When, the behavior authority of application program can only be authorized on the whole, i.e. intelligent terminal operating system is authorized on the whole Behavior authority.Thus, when application program is installed, show after the behavior rights service of application program to user, user Or receive all behavior rights services of application program to continue to install the application program, or, installation can only be cancelled The application program simultaneously exits application program installation.For example, when user installation KC the Internet telephony application program, due to needing The corelation behaviour authority obtained by user security information, secure access strategy of the Android platform according to Behavior-based control authority, The display interface of mobile terminal shows the safety-related behavior authority for needing user to authorize, for example, read mobile terminal state and ID, intercept exhalation, direct calling telephone number, editor SMS or MMS, send text message, recording and accurate GPS location letter Breath etc., if user authorizes the above-mentioned all safety operations of KC the Internet telephony application program performings, can show boundary by clicking on The next step control in face proceeds to install, so, after KC the Internet telephony application programs are installed, KC the Internet telephony application programs The user security informations such as the recorded message and accurate GPS position information of user are obtained by having permission；If user does not authorize KC The above-mentioned all safety operations of the Internet telephony application program performing, then can pass through to click on the cancellation control of display interface, exit and work as Front KC the Internet telephony applications program is installed.

In recent years, the characteristics of behavior authority can only be authorized on the whole to application program using Android platform, for The malicious application substantial increase of Android platform, malicious application increase in the behavior authority that application user authorizes Multiple behavior authorities for affecting user security, for example, transmission note, reading contact person, networking, recording, reading user are accurate Behavior authority needed for the behavior authority such as GPS position information, with the malicious application normally operation is bound, and with various Tempting name, function and application attract user installation, meanwhile, showing in the display interface of mobile terminal needs what user authorized During safety-related behavior authority, the behavior authority of increased impact user security is placed in where user less pays close attention to, from And the next step control for clicking on display interface by user proceeds to install, once and install and run the malicious application journey Sequence, it is meant that user is granted by all behavior authorities of the malicious application application so that the safety of user faces great wind Danger, and installation of the malicious application by user, realize and steal the purposes such as privacy of user, malice fee suction.Further, Even if user has doubt to some of them behavior authority of malicious application application, but in addition to abandoning installing does not have other Select.

In order to reduce the potential safety hazard that malicious application is brought to user, existing Android platform provides safety should With program, to provide Initiative Defense and behavior rights management function, i.e., by running security application, can be by user Select the behavior authority of each application program of needs disabling, that is to say, that by running security application, use can be supplied to The authority (i.e. root authority) of family super keepe so that user can be changed using super keepe authority and update each application The behavior authority of program, so that application program is operationally, no longer enjoys user and authorizes during the application program is installed Behavior authority, so as in subsequent applications, can avoid the application program to user security formed threaten.But the method, User can not be prevented effectively from after set up applications, the time period before prohibitive behavior authority is arranged by security application Safety risks that are interior, bringing to user when being run due to application program, the safety information of user still might be used within the time period Can be stolen or reveal, so that loss is brought to user so that user security is reduced.Further, in some application programs Preferably experience point is implicitly present in, but as user worries that the behavior authority of the application program may result in individual privacy The application program is not installed in the leakage of information, final choice, so, not only reduces the business experience of user, to applying journey yet Sequence developer brings great economic loss.

The content of the invention

In view of the above problems, it is proposed that the present invention so as to provide one kind overcome the problems referred to above or at least in part solve on State the method and apparatus based on intelligent terminal set up applications of problem.

According to one aspect of the present invention, there is provided the method based on intelligent terminal set up applications, the method Including：

Application program installation is carried out, after monitoring that application program needs to read configuration information file, loading user is advance For the application program authorization privilege list that the application program to be installed is arranged, include in the application program authorization privilege list One or more the behavior authorities of user for the application program selective authorization to be installed；

The behavior power of the act of authorization authority configuration application program that the application program authorization privilege list according to loading is included Limit, and complete the installation of application program.

Preferably, the application program authorization privilege list bag that the loading user is arranged for the application program to be installed in advance Include：

The application file bag for set up applications is parsed, the application program mark in application file bag is obtained Know；

According to the application program identification for obtaining, the application program authorization privilege list storehouse for pre-setting is inquired about, obtaining this should With the corresponding application program authorization privilege list of program identification；

In the application program authorization privilege list that installation interface loading is obtained.

Preferably, arranging the application program authorization privilege list storehouse includes：

To each application program, in application program installation process, application program reading configuration information file is being monitored Afterwards, gather and obtain application program to weigh for the behavior of intelligent terminal operating system application in the configuration information file Limit；

According to the behavior authority that user is authorized from the authority of the application program for obtaining, generation is stored in application program Application program authorization privilege list in authorization privilege list storehouse.

Preferably, the acquisition application program is directed to intelligent terminal operating system Shen in the configuration information file Behavior authority please includes：

Application file bag is obtained by application program official download site；

Configuration information file in parsing application file bag, obtaining the application program needs the behavior authority of application.

Preferably, the configuration information file in the parsing application file bag includes：

Application file of the decompression based on intelligent terminal, obtains the complete of encryption from the application file of decompression Office variable description configuration information file, and to encrypt configuration information file be decrypted, obtain decryption original configuration letter Breath file, scans the behavior authority description section in the original configuration message file of decryption.

Preferably, using the extensible markup language document resolver in Java, parse the original configuration letter of the decryption Behavior authority description section in breath file.

Preferably, application program authorization privilege list described in each application program correspondence one, multiple application programs are awarded Power permissions list composition application program authorization privilege list storehouse, the act of authorization included in the application program authorization privilege list Authority is a part for the behavior authority that the intelligent terminal operating system is authorized.

Preferably, before the behavior authority authorized from the authority of the application program for obtaining according to user, Methods described is further included：

The behavior authority of the application program of acquisition is shown.

Preferably, after the behavior authority for obtaining application program, methods described is further included：

By the behavior authority of the application program of acquisition be categorized as remind the privacy authority that user pays close attention to And other authorities directly authorized according to application program.

Preferably, methods described is further included：

By privacy authority be divided into required authority necessary to operation application program and operation application program it is optional it is non-must Authority is needed, and in the information for authorizing setting circle's user oriented to show the nonessential authority.

Preferably, methods described is further included：

Using isolation sandbox, and/or, static code analysis, and/or, automatic code mark scanning method, to application program The described required authority of application carries out legitimacy and rational checking, whether all to determine each authority in required authority Requisite authority for needed for when application program runs, if it is not, then the authority is deleted from required authority, and makees Show to user for nonessential authority.

Preferably, methods described is further included：

The security application that operation pre-sets, is updated to the act of authorization authority of application program, so that application Program is accessed according to the act of authorization authority for updating accordingly in follow-up operation.

Preferably, methods described is further included：

When monitoring that application program access needs the application programming interfaces of behavior authority, Android platform according to user is should Whether record in the application program authorization privilege list that application program is arranged, judge the behavior authority of access application interface It is disabled, if the behavior authority of access application interface is disabled, prompt the user whether to select modification by man-machine interface； If user selects act of revision authority, Android platform to allow the application program to access the application programming interfaces, otherwise, ARIXTRA Platform notifies that the application program exits access.

Preferably, it is described carry out application program installation before, methods described is further included：

Security sweep is carried out to the corresponding application file bag of application program to be installed, if application journey to be installed Preface part bag performs the flow process for carrying out application program installation by security sweep, otherwise, end flow process.

Preferably, the security sweep includes but is not limited to trojan horse scanning, ad plug-in scanning, vulnerability scanning.

The installation interface provided by intelligent terminal operating system is redirected by hook and point to application program mandate The corresponding interface of permissions list, and after confirming or completing application program authorization privilege list modification, terminate to the intelligence eventually The installation interface that end equipment operating system is provided is redirected.

Preferably, the intelligent terminal operating system is Android system.

In the source code of intelligent terminal operation platform ccf layer, need in the configuration information file for finding application program The class and interface inserted by hook, the class and interface are the class and interface for being related to privacy of user authority；

Analyze and change the source code of the class and interface so that need to read the hook inserted during configuration information file The class and interface point to the application program authorization privilege list for arranging for the application program to be installed in advance；

The program code segments that operation pre-sets, application program authorization privilege list are loaded into and are currently installed on interface.

In corresponding interface after the behavior authority of the application program authorization privilege list configuration application program according to loading, The class and interface sensing that next step control need to correspondingly insert hook is set, and the sensing and the application program read configuration information The next step control that file is shown after carrying out the behavior authority configuration of application program need to correspondingly insert the finger of the class and interface of hook To identical.

Preferably, the behavior authority of the application program of configuration meets the corresponding boundary of the use program authorization permissions list The display in face.

Preferably, include in the configuration information file application program is authorized by intelligent terminal operating system Behavior authority.

Preferably, the operation platform of the intelligent terminal includes but is not limited to Android platform.

A kind of device based on intelligent terminal set up applications is provided according to another aspect of the present invention, should Device includes：Monitoring modular, load-on module and permission configuration module, wherein,

Monitoring modular, for carrying out application program installation, after monitoring that application program needs to read configuration information file, Notify load-on module；

Load-on module, for according to the notice for receiving, the application for loading user in advance for application program setting to be installed Program authorization permissions list, includes user and selects for the application program to be installed in the application program authorization privilege list One or more behavior authorities of property mandate；

Permission configuration module, for the act of authorization authority configuration included according to the application program authorization privilege list of loading The behavior authority of application program, and complete the installation of application program.

Preferably, the load-on module includes：Resolution unit, query unit and loading unit, wherein,

Resolution unit, parses the application file bag for set up applications, obtains in application file bag Application program identification；

Query unit, for according to the application program identification for obtaining, inquiring about the application program authorization privilege row for pre-setting Table storehouse, obtains the corresponding application program authorization privilege list of the application program identification；

Loading unit, for the application program authorization privilege list obtained in installation interface loading.

Preferably, the load-on module is further included：

First taxon, for the behavior authority of the application program of acquisition is categorized as reminding user's emphasis The privacy authority of concern and other authorities directly authorized according to application program.

Preferably, the load-on module is further included：

Second taxon, for privacy authority is divided into necessary to operation application program, required authority and operation should With the optional nonessential authority of program, and authorizing the information that arranges that boundary's user oriented shows the nonessential authority.

Preferably, the load-on module is further included：

Authentication unit, for utilize isolation sandbox, and/or, static code analysis, and/or, automatic code mark scanning side Method, carries out legitimacy and rational checking to the described required authority of application program, to determine in required authority Each authority whether requisite authority all for needed for when application program runs, if it is not, then by the authority from required Delete in authority, and show to user as nonessential authority.

Preferably, further include：

Display module, for the behavior authority of the application program of acquisition is shown.

Preferably, further include：

Authority update module, for running the security application for pre-setting, the act of authorization authority to application program It is updated, so that application program is in follow-up operation, is accessed according to the act of authorization authority for updating accordingly.

Preferably, further include：

Security sweep module, for carrying out security sweep to the corresponding application file bag of application program to be installed, If application file bag to be installed performs the flow process that the application program is installed by security sweep, otherwise, terminate stream Journey.

Preferably, the loading unit includes：Inquire about subelement, reconfigure subelement and interface generation subelement, its In,

Inquiry subelement, for, in the source code of intelligent terminal operation platform ccf layer, finding application program Need to insert the class and interface of hook in configuration information file, the class and interface are to be related to the class of privacy of user authority and connect Mouthful；

Subelement is reconfigured, for analyzing and changing the source code of the class and interface so that need to read configuration information The class of the hook inserted during file and interface point to the application program mandate power for arranging for the application program to be installed in advance Limit list；

Interface generates subelement, runs the program code segments for pre-setting, application program authorization privilege list is loaded into It is currently installed on interface.

Method and apparatus based on intelligent terminal set up applications of the invention, can be by installing application Before program, select and determine the authority that can authorize the application program and forbid the authority authorized, install in application program When, configure authorization privilege of the user in advance for the application program.Thus solve before set up applications, you can forbid application Program obtains mandate of the user to sensitive permission so that application program is carried out using the authorization privilege that user pre-sets after installing The corresponding technical problem for accessing, achieves the business function that both can ensure that user is normally provided using the application program, again may be used The beneficial effect of effective guarantee user security.

Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And can be practiced according to the content of description, and in order to allow the above and other objects of the present invention, feature and advantage can Become apparent, below especially exemplified by the specific embodiment of the present invention.

Description of the drawings

By the detailed description for reading hereafter preferred implementation, various other advantages and benefit are common for this area Technical staff will be clear from understanding.Accompanying drawing is only used for the purpose for illustrating preferred implementation, and is not considered as to the present invention Restriction.And in whole accompanying drawing, it is denoted by the same reference numerals identical part.In the accompanying drawings：

Fig. 1 shows method flow of the embodiment of the present invention based on intelligent terminal set up applications；And,

Fig. 2 shows apparatus structure of the embodiment of the present invention based on intelligent terminal set up applications.

Specific embodiment

The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in accompanying drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure and should not be by embodiments set forth here Limited.On the contrary, there is provided these embodiments are able to be best understood from the disclosure, and can be by the scope of the present disclosure Complete conveys to those skilled in the art.

During the existing set up applications based on intelligent terminal, application program Shen can only be authorized on the whole due to having The characteristics of behavior authority please, user such as can not need to install application according to the demand housing choice behavior rights service of oneself safety Program, in the behavior rights service for needing user's mandate of the display interface displaying of mobile terminal, can only be forced to receive application All behavior authorities of program application are weighed with proceeding the behavior of application program installation, i.e. default user to application program Limit carries out whole mandates, so as to the next step control that display interface is clicked on by user proceeds to install, once and install simultaneously Operation application program, it is meant that user is granted by all behavior authorities of the application program so that user's is safe by face Face material risk.And the Initiative Defense and rights management function of security application offer, still can not be prevented effectively from user After set up applications, arranged before prohibitive behavior authority, to user when being run due to application program by security application The safety risks for bringing so that user security is reduced.

Existing application program, the behavior authority to user's application and the configuration information to application program are carried in application In the configuration information file of program, as configuration information file is generated by signing by application developer, thus, it is impossible to it is logical Parsing configuration information file is crossed, and the behavior that the configuration information file to parsing is modified and changes application program is weighed Limit.In the embodiment of the present invention, a kind of method based on intelligent terminal set up applications is proposed, respectively should by obtaining in advance With the behavior authority of program application, and before application program is installed, the behavior authority of application program is selected by user The mandate of selecting property, allows function of the user according to oneself to application program to need and security consideration, in application program institute Shen Accordingly selected and authorized in behavior authority please, generated application program authorization privilege list, and installed in application program Cheng Zhong, triggers the behavior power that the application program authorization privilege list of generation is had as after application program installation by application program Limit, so as to both can ensure that business function that user is normally provided using the application program, again can effective guarantee user security.

Fig. 1 shows method flow of the embodiment of the present invention based on intelligent terminal set up applications.Referring to Fig. 1, The flow process includes：

Step 101, carries out application program installation, after monitoring that application program needs to read configuration information file, loading The application program authorization privilege list that user is arranged for the application program to be installed in advance, the application program authorization privilege list In include user be the application program selective authorization to be installed one or more behavior authorities；

In this step, the application program authorization privilege list bag for loading user in advance for application program setting to be installed Include：

A11, parses the application file bag for set up applications, obtains the application journey in application file bag Sequence is identified；

In this step, by parsing application file bag, can obtain for carrying out uniquely tagged to application program Application program identification.

A12, according to the application program identification for obtaining, inquires about the application program authorization privilege list storehouse for pre-setting, obtains The corresponding application program authorization privilege list of the application program identification；

In this step, in the application program authorization privilege list storehouse for pre-setting, some application programs are answered to having one Program authorization permissions list is used, application program authorization privilege list is with application program identification as labelling.Award in each application program In power permissions list, the behavior authority for being stored with user in advance for the application program mandate.If in the list without corresponding to The behavior authority of the application program, then no concrete power limit suggestion, but user still to all permissions mandate or can be forbidden.

In the embodiment of the present invention, the application program authorization privilege list storehouse for pre-setting can be obtained by following methods：

To each application program, following steps B11 and B12 are performed：

B11, in application program installation process, after monitoring that application program reads configuration information file, gathers and obtains Take behavior authority of the application program for intelligent terminal operating system application in the configuration information file；

In this step, before a certain application program is installed, need to carry out permission grant for the application program in advance.As Alternative embodiment, can obtain application file bag by application program official download site, it is also possible to obtain from other approach Take the application file bag that regular application program provider is provided.For example, obtain from application program carrier web site and apply Program file bag.That is, application file bag can be application developer uploading, or application program What operator uploaded, the application file bag of the legal copy uploaded by other channels is can also be, as long as legal copy can be obtained Application file bag.So, application file bag is obtained by regular approach, it is ensured that the application program Shen Please authority legitimacy and reasonability, it is to avoid application file bag is carried out after illegal modifications by additive method so that non- The amended application program malice of method applies for more behavior authorities for being related to user security.

After download is applied program file bag, by parsing the configuration information file in application file bag, can The behavior authority of application is needed to obtain the application program.

In the embodiment of the present invention, under Android platform, application file bag is APK file, each APK file In contain the binary code information of application program, resource information, configuration information file etc..Configuration information file is APK AndroidManifest.xml files in file, each application program must all be defined and be included, and it describes application The information such as the name of program, version, authority, the library file quoted.In practical application, the configuration in application file bag is parsed Message file includes：Application file of the decompression based on Android platform, obtains encryption from the application file of decompression Global variable description configuration information file, i.e. AndroidManifest.xml files, and the configuration information file to encrypting It is decrypted, obtains the original configuration message file of decryption：AndroiManifest.xml files；Scanning Authority description section in AndroidManifest.xml files, you can obtain the apllied behavior permissions list of application program, The behavior authority included in behavior permissions list is the behavior authority of application program.

Statement form of the behavior authority of application program in AndroidManifest.xml files is as follows：

Filename：AndroidManifest.xml

<uses-permission android:Name=" access right "/>

As alternative embodiment, in above-mentioned process of analysis, it is possible to use extensible markup language in Java (XML, Extensible Markup Language) document parser, parse the authority description in AndroidManifest.xml files Part, to obtain the behavior permissions list of application program.It is of course also possible to other XML parsers are used, or, use The programming languages such as other programming languages, such as C/C++, python develop XML parser, literary to AndroidManifest.xml Part is parsed, to obtain the apllied behavior permissions list of corresponding application program.

B12, the behavior authority of the mandate chosen from the behavior authority of the application program for obtaining according to user are generated The application program authorization privilege list being stored in application program authorization privilege list storehouse.

In this step, user from the behavior authority of each application program, according to itself business demand and peace Full property considers that respectively each application program carries out permission grant, according to the act of authorization authority chosen for each application program, Generate to should application program application program authorization privilege list.Each application program correspondence one application program authorization privilege row Table, application program authorization privilege list are marked with application program identification.In the embodiment of the present invention, multiple application program mandates Permissions list constitutes application program authorization privilege list storehouse, in application program authorization privilege list, not only includes user to answer With one or more behavior authorities of program authorization, also include user for application program and forbid one or more behaviors for authorizing Authority, that is to say, that the behavior authority in application program authorization privilege list, its attribute are authorized to authorize or forbidding, if Shen In application program authorization privilege list, its attribute allows the row applied by application program to behavior authority please to authorize, then Access for authority；If the behavior authority of application is in application program authorization privilege list, its attribute is then refused to forbid authorizing The behavior authority applied by application program is accessed.

As alternative embodiment, for the ease of mandate selection operation of the user to behavior authority, according to user from acquisition Application program behavior authority in choose authorization privilege before, the method can further include：

The behavior authority of the application program of acquisition is shown.

In this step, provide the user mandate and interface is set, the row for showing application program on interface is set authorizing For authority, user carries out mandate selection authorizing the behavior authority arranged on interface to showing.So, user can be by visual Mandate arrange interface, easily choose needed for behavior authority authorized.

As another alternative embodiment, in order to improve understanding of the user to the behavior authority of application program, the method Can further include：

The behavior authority of the application program to obtaining is classified.

In this step, each application program can be directed to, the behavior authority of acquisition is categorized as into privacy authority and other power Limit, wherein, for privacy authority, the privacy due to being related to user, need to remind user to pay close attention to, and for other power Limit, user can authorize its authority according to the application of application program without the need for excessively paying close attention to.

In the embodiment of the present invention, privacy authority includes but is not limited to following information：Send short message (andr Oid.permission.SEND_SMS), access the Internet (android.permission.INTERNET), read SMS message (android.permission.READ_SMS), write short message (android.permission.WRITE_SMS), read address list (android.permission.READ_CONTACTS), report record (android.permission.WRITE_ CONTACTS), call (android.permiss ion.CALL_PHONE), write system setting (android.permission.WRITE_SYNC_SETTI NGS), reading position information, recorded and read recording letter Breath.To there is a function, for example, for transmission short message authority, corresponding function is each privacy authority SmsManager.sendText Message、SmsManager.sendDataMessage、 SmsManager.sendMultipartTextMess age etc..

For privacy authority, required authority and nonessential authority can be further divided into again.Wherein, it is necessary to which authority is operation Application program is necessary, behavior authority that is being authorized by user, lacks the behavior authority of the mandate, then application program cannot be normal Operation, user installs the application program if desired, then must carry out whole mandates to the required authority of application program, no Cannot then install.Nonessential authority is the behavior authority that the user that application program needs authorizes, but is option, and not interfering with should With the operation of program, if behavior authority does not obtain user's mandate, the installation and operation of application program is not affected.For example, it is necessary to Authority can include：Report record, call, nonessential authority can include：Reading position information, access the Internet, Read recorded message etc..

As alternative embodiment, for nonessential authority, further setting circle's user oriented is being authorized to show that this is nonessential The information of authority.Information can be：Nonessential authority suggestion is cancelled, or authority is optional grant item, please according to certainly Body security strategy is authorized etc..Advise user when nonessential authority is authorized, based on the consideration of oneself personal secrets, cautiously The behavior authority of application program is authorized in selection.

As another alternative embodiment, for required authority, can also be verified, to determine that all of required authority is It is no be all it is necessary when application program runs, i.e., legitimacy and rational is carried out to the required authority of application program Checking.The method of checking can using include isolation sandbox, and/or, static code analysis, and/or, automatic code mark scanning Requisite row etc. method, needed for when determining whether each behavior authority that must be in authority is all run as application program For authority, if it is not, then behavior authority is deleted from required authority, and show to user as nonessential authority.Its In, using static code analysis, can quickly and accurately search, position the required authority presence of each application program Security risk and leak.And isolate sandbox utilize virtual machine technique, by virtual machine clone Android platform in hard disk it is a certain Subregion or all subregions, and form a shadow, referred to as shadow mode.Shadow mode has phase with Android platform system With framework and function, user can run application program under shadow mode, and any operation to application program for example, is revised File, the various application programs of installation test (including rogue application, virus applications program), are all isolated sandbox and are wrapped up, Intercepting of the malicious application to user privacy information, is all limited in isolation sandbox, as long as isolation sandbox is closed, so that it may So that the operation of harm Android platform disappears.Thus, by isolating sandbox method, monitoring application program is to user data Access behavior, it may be determined that whether the required authority of application program is related to privilege abuse, i.e., application program is for various Purpose, if applied for originally the behavior authority of not this application to user.If application program application by way of required authority Extra behavior authority, may cause user privacy information to be revealed, it is then desired to by the behavior authority of the extra application from must Reject in needing authority.For example, if a single-play game application program reads the behavior authority of subscriber phone sheet, the reading Take family phone directory and may belong to the single-play game application program originally not behavior authority of this application, so as to lift privacy of user Safety.With regard to utilize isolation sandbox, static code analysis, the method such as automatic code mark scanning to application program must Need authority to carry out legitimacy and rational checking, be known technology, detailed description is omitted here.

So, by the behavior authority of application program is categorized as privacy authority and other authorities so that user Privacy authority to being directed to is paid close attention to, and so as to consider whether to need to authorize application program the authority, has ensured user Personal secrets；Further, by privacy authority is divided into required authority and nonessential authority so that user is for nonessential Authority, based on the security strategy of itself, avoids authorizing which, so as to lift privacy of user safety as far as possible；And, for required Authority, carries out legitimacy and rational checking, can reject the behavior authority that malicious application is additionally applied, User security is ensured to greatest extent.

A13, in the application program authorization privilege list that installation interface loading is obtained.

In this step, intelligent terminal operating system is Android system.Loading user is the application journey to be installed in advance The application program authorization privilege list that sequence is arranged includes：Installation circle that will be provided by intelligent terminal operating system by hook Face redirects and points to the corresponding interface of application program authorization privilege list, and is confirming or completing application program authorization privilege list After modification, terminate redirecting for the installation interface to intelligent terminal operating system offer.Specifically, Ke Yi Find in the source code of Android platform ccf layer and insert the class and interface of hook, these Class and interface are the class and interface for being related to user privacy information, by the source code for analyzing and changing class and interface so that needed The application program that the class read by the hook inserted during configuration information file and the interface sensing embodiment of the present invention pre-set is awarded Power permissions list, rather than the configuration information file in application file bag is pointed to, the program code segments for pre-setting are run, will Application program authorization privilege list is loaded into and is currently installed on interface, and after completing to be loaded into and being currently installed on interface, points to and read Operation after the configuration information file of the application program so that the operation after the application program authorization privilege list is completed with it is existing There is the operation after the configuration information file for reading application program identical.I.e. in the application program authorization privilege list bag according to loading In interface after the behavior authority of the act of authorization authority configuration application program for containing, next step control is set and need to correspondingly insert hook Class and interface point to, the sensing is read configuration information file with the application program and carries out the behavior authority of application program and matches somebody with somebody Postpone display next step control correspondingly need to insert hook class it is identical with the sensing of interface.With regard to retouching according to the embodiment of the present invention The modification of the functional realiey source code stated, is known technology, and detailed description is omitted here.In practical application, by changing source code Mode replaces the application program erector of the former acquiescence of Android platform, so as to realize the application program mandate of the embodiment of the present invention Permissions list is loaded, wherein, the method for replacing Android platform original erector is including but not limited to following several：Selected by user If selecting new erector for the erector of Android platform acquiescence, on the mobile terminal that Root is crossed, directly can replace Android platform original application program mount scheme, and in the ROM of mobile terminal, replace Android platform original application program Mount scheme.

Step 102, according to the act of authorization authority configuration application program that the application program authorization privilege list of loading is included Behavior authority, and complete the installation of application program.

In this step, in application program erector according to the good application program of application program authorization privilege list configuration for loading Behavior authority after, subsequent installation flow process be known technology, detailed description is omitted here.

The embodiment of the present invention is in application program installation process, for example, to the application program mandate power that user shows The corresponding interface of limit list can show that often row is sequentially specific as follows in lines：11 authorities of the application program, if install This application program(the first row)；3 privacy authorities (nonessential authority, it is proposed that cancel) (the second row)；Reading position information (the Three rows, are provided with optional frame control before reading position information)；(fourth line is provided with optional frame control before sending note to send note Part)；Call (fifth line is provided with optional frame control before calling)；8 other authorities (the 6th row) etc.；At interface Lowermost end, be provided with cancellation control, install control.So, after loading application programs authorization privilege list, can be according to peace The overall delegated strategy of Zhuo Pingtai carries out the installation of application program, and except for the difference that, the application program authorization privilege list is user The authorization privilege that arranges for the application program in advance and forbid authority, rather than the configuration information text that application file bag is carried The authority of the application in part so that the behavior authority of the application program of configuration meets described uses program authorization permissions list.

As alternative embodiment, in follow-up process, user is adjusted if necessary to the authorization privilege to application program, The method can further include：

Step 103, runs the security application for pre-setting, the authorization privilege of application program is updated, so that Application program is accessed according to the authorization privilege for updating accordingly in follow-up operation.

In this step, after user installation well corresponding application program, if necessary to some functions to application program or The authorization privilege for authorizing application program is updated, can be corresponding in security application by running security application Interface is updated, the behavior authority for selecting to need disabling or each application program for authorizing by user, with the corresponding work(to application program Can and authorization privilege modify, so as to when application program reruns again, support the amended corresponding function of user and The access of authorization privilege.For example, if having disabled a certain authorization privilege, when application program is run again, no longer enjoy use The authorization privilege that family have disabled.

Certainly, in practical application, it is also possible to application program attempt to access that need authority application programming interfaces (API, Application Program Interface) when, the application journey that Android platform is arranged for the application program according to user Record in sequence authorization privilege list, judges whether the authority for accessing API is disabled, if the authority for accessing API is disabled, should Application program can prompt the user whether to select modification by man-machine interface；If user selects modification authority, Android platform The application program is allowed to access the API, otherwise, Android platform notifies that the application program exits access.

As another alternative embodiment, can be with before set up applications file bag, to the application journey to be installed Preface part bag carries out security sweep, to guarantee the safety of application file bag to be installed, reduces installing malicious application Probability.So, the method is further included：

Security sweep is carried out to the corresponding application file bag of application program to be installed, if application journey to be installed Preface part bag performs the flow process of the set up applications file bag by security sweep, otherwise, terminates flow process.

In this step, before set up applications file bag, swept by carrying out depth to the application file bag safely Retouch, depth security sweep includes but is not limited to trojan horse scanning, ad plug-in scanning, vulnerability scanning.For example, for wooden horse disease Poison scanning, can be matched by the feature in the rogue program storehouse by application file bag with pre-stored, when applying journey When feature in preface part bag and rogue program storehouse matches, point out the application file bag to be rogue program, and advise using Forbid the installation to the application program in family.So, before set up applications, carried out by treating set up applications file bag Depth security sweep, can identify malicious application, greatly reduce the probability that user installs malicious application by mistake.

From above-mentioned, the method based on Android platform set up applications of the embodiment of the present invention, user is installing Before application program, you can select and determine the behavior authority that can authorize the application program and the behavior for forbidding authorizing power Limit.So, for some sensitive behavior authorities, for example, send note, read the authorities such as contact person, user is installing the application Before program, you can forbid the application program to obtain mandate of the user to sensitive behavior authority, in application program installation process, adopt With selecting before the user installation application program and the authorization privilege that determines is to configuring using program authority.Thus, that is, use Malicious application is installed and run to family imprudence, as corresponding behavior authority is forbidden by user in a pre-installation, can So that potential safety hazard loss to be preferably minimized, the safety of Android platform is effectively improved.Specifically, embodiment of the present invention tool The rights management mechanism having before installing, i.e., before application program installation, user can authorize selection for application program to be installed Behavior authority；And, the rights management mechanism after installation, i.e., after application program installation, it is allowed to which user is to installing The behavior authority authorized of application program carry out authority modification, and the authorization privilege of modification is stored, for application program Operationally accessed according to the authority of modification accordingly.

Fig. 2 shows apparatus structure of the embodiment of the present invention based on intelligent terminal set up applications.Referring to Fig. 2, The device includes：Monitoring modular, load-on module and permission configuration module, wherein,

In the embodiment of the present invention, monitoring modular can also be further used for monitor application program access need behavior to weigh After the application programming interfaces of limit, in application program authorization privilege list of the Android platform according to user for application program setting Record, judges whether the authority of access application interface is disabled, if the authority of access application interface is disabled, leads to Cross man-machine interface to prompt the user whether to select modification；If user selects modification authority, Android platform to allow the application program to visit The application programming interfaces are asked, otherwise, Android platform notifies that the application program exits access.

In the embodiment of the present invention, load-on module includes：Resolution unit, query unit and loading unit (do not show in figure Go out), wherein,

In the embodiment of the present invention, the behavior authority for obtaining application program includes：By contained network under application program official Stand and obtain application file bag；Configuration information file in parsing application file bag, obtaining the application program needs Shen Behavior authority please.Wherein, the configuration information file parsed in application file bag includes：Decompression is based on intelligent terminal Application file, from decompression application file in obtain encryption global variable description configuration information file, and To encrypt configuration information file be decrypted, obtain decryption original configuration message file, using Java in expansible mark Authority description section in the original configuration message file of note language file resolver scanning decryption.

In the embodiment of the present invention, arranging application program authorization privilege list storehouse includes：To each application program, gather and obtain Take the behavior authority of application program；Chosen from the behavior authority of the application program for obtaining according to user and authorized Behavior authority, generation are stored in the application program authorization privilege list in application program authorization privilege list storehouse.Should described in each With application program authorization privilege list described in program correspondence one, multiple application program authorization privilege lists composition application program mandates Permissions list storehouse.

It is preferred that load-on module can further include：

In practical application, load-on module can further include：

Used as alternative embodiment, load-on module can further include：

Authentication unit, for utilize isolation sandbox, and/or, static code analysis, and/or, automatic code mark scanning side Method, carries out legitimacy and rational checking to the described required authority of application program, to determine in required authority Each behavior authority whether requisite behavior authority all for needed for when application program runs, if it is not, then by the row Delete from required authority for authority, and show to user as nonessential authority.

Used as alternative embodiment, loading unit includes：Inquire about subelement, reconfigure subelement and interface generation son list Unit, wherein,

Used as alternative embodiment, the device can further include：

Used as another alternative embodiment, the device can further include：

Used as yet another alternative embodiment, the device can further include：

Security sweep module, for carrying out security sweep to the corresponding application file bag of application program to be installed, If application file bag to be installed performs the flow process of the set up applications file bag by security sweep, otherwise, Terminate flow process.

In the embodiment of the present invention, security sweep including but not limited to trojan horse scanning, ad plug-in scanning, leak are swept Retouch.

Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein. Various general-purpose systems can also be used together based on teaching in this.As described above, construct required by this kind of system Structure be obvious.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to use it is various Programming language realizes the content of invention described herein, and the description done to language-specific above is to disclose this Bright preferred forms.

In description mentioned herein, a large amount of details are illustrated.It is to be appreciated, however, that the enforcement of the present invention Example can be put into practice in the case where not having these details.In some instances, known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this description.

Similarly, it will be appreciated that in order to simplify the disclosure and help understand one or more in each inventive aspect, exist Above to, in the description of the exemplary embodiment of the present invention, each feature of the present invention is grouped together into single enforcement sometimes In example, figure or descriptions thereof.However, should the method for the disclosure be construed to reflect following intention：I.e. required guarantor The more features of feature is expressly recited in each claim by the application claims ratio of shield.More precisely, such as following Claims it is reflected as, inventive aspect is less than all features of single embodiment disclosed above.Therefore, Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself All as the separate embodiments of the present invention.

Those skilled in the art are appreciated that can be carried out adaptively to the module in the equipment in embodiment Change and they are arranged in one or more different from embodiment equipment.Can be the module or list in embodiment Unit or component are combined into a module or unit or component, and can be divided in addition multiple submodule or subelement or Sub-component.In addition at least some in such feature and/or process or unit is excluded each other, can adopt any Combine to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (includes adjoint power Profit is required, summary and accompanying drawing) disclosed in each feature can it is identical by offers, be equal to or the alternative features of similar purpose carry out generation Replace.

Although additionally, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments In some included features rather than further feature, but the combination of the feature of different embodiments means in of the invention Within the scope of and form different embodiments.For example, in the following claims, embodiment required for protection appoint One of meaning can in any combination mode using.

The present invention all parts embodiment can be realized with hardware, or with one or more processor operation Software module realize, or with combinations thereof realize.It will be understood by those of skill in the art that can use in practice Microprocessor or digital signal processor (DSP) are realizing that according to embodiments of the present invention installation based on intelligent terminal should With some or all functions of some or all parts in the device of program.The present invention is also implemented as performing Some or all equipment of method as described herein or program of device (for example, computer program and computer journey Sequence product).It is such realize the present invention program can store on a computer-readable medium, or can have one or The form of multiple signals.Such signal can be downloaded from internet website and be obtained, or provide on carrier signal, or There is provided with any other form.

It should be noted that above-described embodiment the present invention will be described rather than limits the invention, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference markss between bracket should not be configured to limitations on claims.Word "comprising" is not excluded the presence of not Element listed in the claims or step.Word "a" or "an" before element does not exclude the presence of multiple such Element.The present invention can come real by means of the hardware for including some different elements and by means of properly programmed computer It is existing.If in the unit claim for listing equipment for drying, several in these devices can be by same hardware branch To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and be run after fame Claim.

The invention discloses, a kind of methods based on intelligent terminal set up applications of A1., including：

A2. the method according to A1, the application program that the loading user is arranged for the application program to be installed in advance Authorization privilege list includes：

A3. the method according to A2, arranging the application program authorization privilege list storehouse includes：

A4. the method according to A3, the acquisition application program are directed to intelligent terminal in the configuration information file The behavior authority of device operating system application includes：

A5. the method according to A4, the configuration information file in the parsing application file bag include：

A6. the method according to A5, using the extensible markup language document resolver in Java, parses the decryption Original configuration message file in behavior authority description section.

A7. the method according to A1, application program authorization privilege list described in each application program correspondence one are more Individual application program authorization privilege list constitutes application program authorization privilege list storehouse, wraps in the application program authorization privilege list The act of authorization authority for containing is a part for the behavior authority that the intelligent terminal operating system is authorized.

A8. the method according to A3, authorizes according to user from the authority of the application program for obtaining described Before behavior authority, methods described is further included：

The behavior authority of the application program of acquisition is shown.

A9. the method according to A3, after the behavior authority for obtaining application program, methods described enters one Step includes：

A10. the method according to A9, methods described are further included：

A11. the method according to A10, methods described are further included：

A12. the method according to A1, methods described are further included：

A13. the method according to A1, methods described are further included：

A14. the method according to A1, it is described carry out application program installation before, methods described is further included：

A15. the method according to A14, the security sweep include but is not limited to trojan horse scanning, ad plug-in and sweep Retouch, vulnerability scanning.

A16. the method according to A1, the application program that the loading user is arranged for the application program to be installed in advance Authorization privilege list includes：

A17. the method according to A1, the intelligent terminal operating system are Android system.

A18. the method according to A1, the application program that the loading user is arranged for the application program to be installed in advance Authorization privilege list includes：

A19. the method according to A1, it is described carry out application program installation before, methods described is further included：

A20. the method according to A1, the behavior authority of the application program of configuration meet the program authorization and weigh The display at the corresponding interface of limit list.

A21. the method according to A1, includes in the configuration information file and is awarded by intelligent terminal operating system Give the behavior authority of the application program.

A22. the method according to A1, the operation platform of the intelligent terminal include but is not limited to Android platform.

A23. a kind of device based on intelligent terminal set up applications, the device include：Monitoring modular, loading mould Block and permission configuration module, wherein,

A24. the device according to A23, the load-on module include：Resolution unit, query unit and loading unit, Wherein,

A25. the device according to A24, the load-on module are further included：

A26. the device according to A25, the load-on module are further included：

A27. the device according to A25, the load-on module are further included：

A28. the device according to A23, further includes：

A29. the device according to A23, further includes：

A30. the device according to A23, further includes：

A31. the device according to A24, the loading unit include：Inquire about subelement, reconfigure subelement and boundary Face generates subelement, wherein,

Claims

1. a kind of method based on intelligent terminal set up applications, including：

Application program installation is carried out, after monitoring that application program needs to read configuration information file, loading user is in advance should The application program authorization privilege list that application program to be installed is arranged, includes user in the application program authorization privilege list For one or more behavior authorities of the application program selective authorization to be installed, wherein it is possible to each application program, In application program installation process, after monitoring that application program reads configuration information file, application program is gathered and obtains in institute The behavior authority of intelligent terminal operating system application is directed in stating configuration information file, according to user from the application journey for obtaining The behavior authority authorized in the authority of sequence application, generation are stored in the application program mandate in application program authorization privilege list storehouse Permissions list；

The behavior authority of the act of authorization authority configuration application program that the application program authorization privilege list according to loading is included, and Complete the installation of application program.

2. the method for claim 1, the application program that the loading user is arranged for the application program to be installed in advance Authorization privilege list includes：

The application file bag for set up applications is parsed, the application program identification in application file bag is obtained；

According to the application program identification for obtaining, the application program authorization privilege list storehouse for pre-setting is inquired about, this is obtained and is applied journey Sequence identifies corresponding application program authorization privilege list；

3. the method for claim 1, the acquisition application program are directed to intelligent terminal in the configuration information file The behavior authority of device operating system application includes：

4. method as claimed in claim 3, the configuration information file in the parsing application file bag include：

Application file of the decompression based on intelligent terminal, obtains the global of encryption from the application file of decompression and becomes The configuration information file of description is measured, and the configuration information file to encrypting is decrypted, the original configuration information for obtaining decryption is literary Part, scans the behavior authority description section in the original configuration message file of decryption.

5. method as claimed in claim 4, using the extensible markup language document resolver in Java, parses the decryption Original configuration message file in behavior authority description section.

6. the method for claim 1, application program authorization privilege list described in each application program correspondence one are more Individual application program authorization privilege list constitutes application program authorization privilege list storehouse, wraps in the application program authorization privilege list The act of authorization authority for containing is a part for the behavior authority that the intelligent terminal operating system is authorized.

7. the method for claim 1, authorizes according to user from the authority of the application program for obtaining described Before behavior authority, methods described is further included：

The behavior authority of the application program of acquisition is shown.

8. the method for claim 1, whole for intelligence in the configuration information file in the acquisition application program After the behavior authority of end equipment operating system application, methods described is further included：

By the behavior authority of the application program of acquisition be categorized as remind privacy authority that user pays close attention to and by According to other authorities that application program is directly authorized.

9. method as claimed in claim 8, methods described are further included：

Privacy authority is divided into into required authority necessary to operation application program and the optional nonessential power of operation application program Limit, and in the information for authorizing setting circle's user oriented to show the nonessential authority.

10. method as claimed in claim 9, methods described are further included：

Using isolation sandbox, and/or, static code analysis, and/or, automatic code mark scanning method, to application program Described required authority carry out legitimacy and rational checking, to determine each authority in required authority whether all to answer Required requisite authority when being run with program, if it is not, then the authority is deleted from required authority, and as non- Required authority shows to user.

11. the method for claim 1, methods described are further included：

The security application that operation pre-sets, is updated to the act of authorization authority of application program, so that application program In follow-up operation, accessed according to the act of authorization authority for updating accordingly.

12. the method for claim 1, methods described are further included：

When monitoring that application program access needs the application programming interfaces of behavior authority, Android platform is the application according to user Record in the application program authorization privilege list that program is arranged, judges whether the behavior authority of access application interface is banned With, if the behavior authority of access application interface is disabled, by man-machine interface prompt the user whether select modification；If using Family selects act of revision authority, then Android platform allows the application program to access the application programming interfaces, otherwise, Android platform Notify that the application program exits access.

13. the method for claim 1, it is described carry out application program installation before, methods described is further included：

Security sweep is carried out to the corresponding application file bag of application program to be installed, if application program text to be installed Part bag performs the flow process for carrying out application program installation by security sweep, otherwise, end flow process.

14. methods as claimed in claim 13, the security sweep include but is not limited to trojan horse scanning, ad plug-in and sweep Retouch, vulnerability scanning.

15. the method for claim 1, the application program that the loading user is arranged for the application program to be installed in advance Authorization privilege list includes：

The installation interface provided by intelligent terminal operating system is redirected by hook and point to application program authorization privilege The corresponding interface of list, and after confirming or completing application program authorization privilege list modification, end is set to the intelligent terminal Installation interface that standby operating system is provided is redirected.

16. the method for claim 1, the intelligent terminal operating system are Android system.

17. the method for claim 1, the application program that the loading user is arranged for the application program to be installed in advance Authorization privilege list includes：

In the source code of intelligent terminal operation platform ccf layer, need to insert in the configuration information file for finding application program Enter the class and interface of hook, the class and interface are the class and interface for being related to privacy of user authority；

Analyze and change the source code of the class and interface so that need read configuration information file when insert hook it is described Class and interface point to the application program authorization privilege list for arranging for the application program to be installed in advance；

18. the method for claim 1, it is described carry out application program installation before, methods described is further included：

In corresponding interface after the behavior authority of the application program authorization privilege list configuration application program according to loading, arrange Next step control need to correspondingly insert the class of hook and interface is pointed to, and the sensing reads configuration information file with the application program The next step control shown after the behavior authority configuration for carrying out application program need to correspondingly insert the sensing phase of the class and interface of hook Together.

19. the method for claim 1, the behavior authority of the application program of configuration meet the program authorization and weigh The display at the corresponding interface of limit list.

20. the method for claim 1, include in the configuration information file and are awarded by intelligent terminal operating system Give the behavior authority of the application program.

21. the method for claim 1, the operation platform of the intelligent terminal include but is not limited to Android platform.

22. a kind of devices based on intelligent terminal set up applications, it is characterised in that the device includes：Monitoring modular, Load-on module and permission configuration module, wherein,

Monitoring modular, for carrying out application program installation, after monitoring that application program needs to read configuration information file, notifies Load-on module；

Load-on module, for according to the notice for receiving, the application program for loading user in advance for application program setting to be installed Authorization privilege list, includes user and awards for the application program selectivity to be installed in the application program authorization privilege list One or more behavior authorities of power, wherein it is possible to each application program, in application program installation process, monitor After application program reads configuration information file, gather and obtain application program and intelligent terminal is directed in the configuration information file The behavior authority of device operating system application, according to the behavior power that user is authorized from the authority of the application program for obtaining Limit, generation are stored in the application program authorization privilege list in application program authorization privilege list storehouse；

Permission configuration module, for the act of authorization authority configuration application included according to the application program authorization privilege list of loading The behavior authority of program, and complete the installation of application program.

23. devices as claimed in claim 22, it is characterised in that the load-on module includes：Resolution unit, query unit with And loading unit, wherein,

Resolution unit, parses the application file bag for set up applications, obtains the application in application file bag Program identification；

Query unit, for according to the application program identification for obtaining, inquiring about the application program authorization privilege list storehouse for pre-setting, Obtain the corresponding application program authorization privilege list of the application program identification；

24. devices as claimed in claim 23, it is characterised in that the load-on module is further included：

First taxon, for the behavior authority of the application program of acquisition is categorized as reminding user to pay close attention to Privacy authority and other authorities directly authorized according to application program.

25. devices as claimed in claim 24, it is characterised in that the load-on module is further included：

Second taxon, applies journey for privacy authority to be divided into required authority necessary to operation application program and run The optional nonessential authority of sequence, and in the information for authorizing setting circle's user oriented to show the nonessential authority.

26. devices as claimed in claim 24, it is characterised in that the load-on module is further included：

Authentication unit, for utilize isolation sandbox, and/or, static code analysis, and/or, automatic code mark scanning method, Legitimacy and rational checking are carried out to the described required authority of application program, it is each in required authority to determine The authority whether requisite authority all for needed for when application program runs, if it is not, then by the authority from required authority Middle deletion, and show to user as nonessential authority.

27. devices as claimed in claim 22, it is characterised in that further include：

28. devices as claimed in claim 22, it is characterised in that further include：

Authority update module, for running the security application for pre-setting, is carried out to the act of authorization authority of application program Update, so that application program is in follow-up operation, accessed according to the act of authorization authority for updating accordingly.

29. devices as claimed in claim 22, it is characterised in that further include：

Security sweep module, for carrying out security sweep to the corresponding application file bag of application program to be installed, if Application file bag to be installed performs the flow process that the application program is installed by security sweep, otherwise, terminates flow process.

30. devices as claimed in claim 23, it is characterised in that the loading unit includes：Inquire about subelement, reconfigure son Unit and interface generate subelement, wherein,

Inquiry subelement, for, in the source code of intelligent terminal operation platform ccf layer, finding the configuration of application program Need to insert the class and interface of hook in message file, the class and interface are the class and interface for being related to privacy of user authority；

Subelement is reconfigured, for analyzing and changing the source code of the class and interface so that need to read configuration information file When the class of hook inserted and interface point to the application program authorization privilege row for arranging for the application program to be installed in advance Table；

Interface generates subelement, runs the program code segments for pre-setting, application program authorization privilege list is loaded into currently Installation interface.