CN104462980A

CN104462980A - Authority management method, device and system of application programs and mobile terminal

Info

Publication number: CN104462980A
Application number: CN201410843695.XA
Authority: CN
Inventors: 刘新; 张越
Original assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Current assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Priority date: 2014-12-30
Filing date: 2014-12-30
Publication date: 2015-03-25

Abstract

The invention provides an authority management method, device and system of application programs and a mobile terminal. The authority management method comprises the steps that a self-starting request for the second application program of the first application program in a service mode is received; an application program authorization authority list is obtained; the self-starting request contains a packet identifier of the first application program and a packet identifier of the second application program, whether the self-starting request for the second application program of the first application program in the service mode is intercepted is judged according to the two packet identifiers, and if the packet identifier of the first application program and the packet identifier of the second application program are consistent with an intercepting strategy stored in the application program authorization authority list, the self-starting request for the second application program of the first application program in the service mode is intercepted. By means of the authority management method, device and system of the application programs and the mobile terminal, terminal resources occupied by some useless self-starting application programs can be reduced as much as possible.

Description

A kind of method of application program rights management, device, system and mobile terminal

Technical field

The present invention relates to technical field of network security, in particular to a kind of method of application program rights management, device, system and mobile terminal.

Background technology

At present, in terminal, the mode of each software self-starting mainly comprises three kinds: the first is by registering some broadcast (Broadcast) in systems in which, has been adjusted the mode of specified application by these broadcast; The second is the mode having been adjusted specified application by service (Service); The third is the mode having been adjusted specified application by content provider (Content Provider).

System is not or other application programs run necessary condition by the application program of above-mentioned three kinds of mode self-startings, in terminal some application program operation and do not rely on the operation of other application program, and some self-starting application program in terminal also and non-user is desired starts, therefore, some not only can take unnecessary system resource to other application programs and concerning the self-starting of application program useless user, reduce the travelling speed of system, but also can expend more electricity.

For the problems referred to above, existingly forbid that the method for application program self-starting in terminal forbids the self-starting of Broadcast mode to specified application by the PM disable function in direct calling system API.At present, the method calling this PM disable function cannot the application program of no thoroughfare Service mode and the self-starting of ContentProvider mode.

Summary of the invention

In view of this, the technical matters that the present invention will solve is to provide a kind of method of application program rights management, to reduce some useless self-starting application program taking terminal resource as far as possible.

A method for application program rights management, comprising:

Receive the first application program by the self-starting request of method of service to the second application program;

Obtain the list of application program authorization privilege;

Judge whether that described first application program of interception is by the self-starting request of method of service to described second application program according to the bag mark of described first application program of carrying in described self-starting request and the bag mark of described second application program, if the bag mark of described first application program is consistent with the interception strategy stored in the list of described application program authorization privilege with the bag mark of described second application program, then tackle described first application program by the self-starting request of method of service to described second application program.

According to one embodiment of the method for the invention, further, before the list of described acquisition application program authorization privilege, also comprise:

From local policy database, retrieval obtains and identify with the bag of described first application program and the bag of described second application program identifies corresponding interception strategy, by the interception policy store of acquisition in the list of described application program authorization privilege.

According to one embodiment of the method for the invention, further, described by obtain interception policy store in the list of described application program authorization privilege before, also comprise:

By remote policy interface to cloud server send request and obtain feedback identify with the bag of described first application program and the bag of described second application program identifies corresponding interception strategy.

According to one embodiment of the method for the invention, further, described method also comprises:

Judge whether described second application program is system application;

As being system application, and the number of times of described first application program to described second application program self-starting meets or exceeds setting threshold value in setting-up time, then do not tackle described first application program by the self-starting request of method of service to described second application program.

If the number of times of described first application program to described second application program self-starting meets or exceeds setting threshold value in setting-up time, then do not tackle described first application program by the self-starting request of method of service to described second application program.

Receive described first application program by content provider's mode to the self-starting request of described second application program after, record described self-starting request, content provider identification, described first application program bag mark and described second application program bag mark;

By the bag of recorded described self-starting request, described content provider identification, described first application program mark and the bag identification feedback of described second application program to user;

To the alarm of user interface bullet window, receive user instruction to obtain processing policy.

According to one embodiment of the method for the invention, further, the described interception strategy bag comprised based on described first application program identify, the bag mark of described second application program and cloud server be that the level of security that each application program is arranged determines whether to tackle.

Obtain the information of the informing entry of intercept process, the information of described informing entry comprises the display view of described informing entry and the operation behavior response of described informing entry;

Represent the display view of described informing entry;

If get the operation behavior of user to this informing entry, according to the click respondent behavior of described informing entry, to the operation behavior of user to described informing entry, in the mode of memory cache or database caches, carry out response process.

Obtain the program listing of set up applications in mobile terminal;

For each application program in program listing, in the power saving database of this locality, search the power saving strategy whether storing this application program;

Statistics has the power consumption information of each application program of power saving strategy, and sorts to each application program according to power consumption information;

When there being power consumption information to exceed the application requests self-starting of setting power consumption rank, trigger intercept process.

Obtain the number of times of described first application program to described second application program self-starting;

Obtain the total degree of described second application program self-starting;

According to the total degree of described first application program to the number of times of described second application program self-starting and described second application program self-starting, obtain ratio value;

When proportional value meets or exceeds the application requests self-starting of setting threshold value, trigger intercept process.

According to one embodiment of the method for the invention, further,

Described first application program is relevant application program to described second application program; Or

Described first application program and described second application program are incoherent application program.

Another technical matters that the present invention will solve is to provide a kind of device of application program rights management, to reduce some useless self-starting application program taking terminal resource as far as possible.

A device for application program rights management, comprising:

Self-starting request reception unit, for receiving the first application program by the self-starting request of method of service to the second application program;

Strategy acquiring unit, for obtaining the list of application program authorization privilege;

Intercept process unit, for judging whether that described first application program of interception is by the self-starting request of method of service to described second application program according to the bag mark of described first application program of carrying in described self-starting request and the bag mark of described second application program, if the bag mark of described first application program is consistent with the interception strategy stored in the list of described application program authorization privilege with the bag mark of described second application program, then tackle described first application program by the self-starting request of method of service to described second application program.

According to one embodiment of the method for the invention, further, described tactful acquiring unit, also for

According to one embodiment of the method for the invention, further, described device also comprises:

Application Type judging unit, for judging whether described second application program is system application, as being system application, and the number of times of described first application program to described second application program self-starting meets or exceeds setting threshold value in setting-up time, then do not tackle described first application program by the self-starting request of method of service to described second application program.

Self-starting frequency judging unit, if meet or exceed setting threshold value for the number of times of the first application program described in setting-up time to described second application program self-starting, then do not tackle described first application program by the self-starting request of method of service to described second application program.

Interactive unit, is registered as system service, and shell application program is communicated with this interactive unit by its built-in interactive interface, realizes man-machine interaction by this interactive unit to user interface bullet window.

According to one embodiment of the method for the invention, further,

Described device also comprises:

Logging unit, for receive described first application program by content provider's mode to the self-starting request of described second application program after, record described self-starting request, content provider identification, described first application program bag mark and described second application program bag mark;

Daily record feedback unit, for by the bag of recorded described self-starting request, described content provider identification, described first application program mark and the bag identification feedback of described second application program to user;

Described interactive unit, for the alarm of user interface bullet window, receives user instruction to obtain processing policy.

Response unit, for obtaining the information of the informing entry of intercept process, the information of described informing entry comprises the display view of described informing entry and the operation behavior response of described informing entry, represent the display view of described informing entry, if get the operation behavior of user to this informing entry, according to the click respondent behavior of described informing entry, to the operation behavior of user to described informing entry, in the mode of memory cache or database caches, carry out response process.

Power consumption statistic unit, for obtaining the program listing of set up applications in mobile terminal, for each application program in program listing, the power saving strategy whether storing this application program is searched in the power saving database of this locality, statistics has the power consumption information of each application program of power saving strategy, and according to power consumption information, each application program is sorted, when there being power consumption information to exceed the application requests self-starting of setting power consumption rank, trigger intercept process.

Number of starts statistic unit, for obtaining the number of times of described first application program to described second application program self-starting, obtain the total degree of described second application program self-starting, according to the total degree of described first application program to the number of times of described second application program self-starting and described second application program self-starting, obtain ratio value, when proportional value meets or exceeds the application requests self-starting of setting threshold value, trigger intercept process.

According to one embodiment of the method for the invention, further,

Another technical matters that the present invention will solve is to provide a kind of mobile terminal, to reduce some useless self-starting application program taking terminal resource as far as possible.

A kind of mobile terminal, comprising: the device of the application program rights management of broadcast reception thermomechanical components, serviced component and previous embodiment.

According to an embodiment of mobile terminal of the present invention, further, described mobile terminal also comprises content provider's assembly.

Another technical matters that the present invention will solve is to provide a kind of system of application program rights management, to reduce some useless self-starting application program taking terminal resource as far as possible.

A system for application program rights management, comprises the mobile terminal of cloud server and previous embodiment.

The method of application program rights management of the present invention, device, system and mobile terminal, due to can according to the bag mark i.e. bag mark of the second application program of the bag of the application program the called mark i.e. bag mark of the first application program and invoked application program tackle to user useless and/or to the startup of other application programs application program without any help, therefore, not only can improve the travelling speed of terminal but also electricity can be saved for terminal.

Description of the invention provides in order to example with for the purpose of describing, and is not exhaustively or limit the invention to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.Selecting and describing embodiment is in order to principle of the present invention and real-life program are better described, and enables those of ordinary skill in the art understand the present invention thus design the various embodiments with various amendment being suitable for special-purpose.

Accompanying drawing explanation

By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:

Fig. 1 is the schematic flow sheet of the method for application program rights management according to an embodiment of the invention.

Fig. 2 is the structural representation of the device of application program rights management according to an embodiment of the invention.

Fig. 3 is the structural representation of mobile terminal according to an embodiment of the invention.

Fig. 4 is the structural representation of mobile terminal according to another embodiment of the present invention.

Fig. 5 is the structural representation of the system of application program rights management according to an embodiment of the invention.

Embodiment

With reference to the accompanying drawings the present invention is described more fully, exemplary embodiment of the present invention is wherein described.Be clearly and completely described the technical scheme in the embodiment of the present invention below in conjunction with the accompanying drawing in the embodiment of the present invention, obviously, described embodiment is only a part of embodiment of the present invention, instead of whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art obtain under the prerequisite not making creative work all belongs to the scope of protection of the invention.

Android system has four large assemblies: Activity assembly, Service assembly, Broadcast Receiver assembly and Content Provider assembly, this four large assembly all can manage by ActivityManagerService.Can be performed by ActivityManagerService by during self-starting in application program.

The environment of method institute of the present invention application program comprises the mobile terminal that can communicate with remote server or high in the clouds, and this mobile terminal can be provided with Android operation system, and this system is in without ROOT mandate or the state having obtained ROOT authority.

As everyone knows, Root authority refers to system manager's authority of Unix type operating system (comprising Linux, Android), is similar to Administrator (keeper) authority in Windows (form) system; File (android system file and user file, do not comprise ROM) nearly all in the mobile device of user can be accessed and revise to Root authority.But, because current mobile terminal system is strict for the management of Root authority, most application program or program do not possess Root authority under normal circumstances, therefore need the operation possessing Root authority just cannot perform for some, such as, install or unload the operations such as application program; , all need to system application Root authority when this type of operation calls process performs corresponding operating at every turn meanwhile, if but now other program process using Root authority to carry out associative operation, then the Root authority application of this calling process just cannot be successful; What is more, if user is provided with the operation of forbidding Root authority in systems in which, then relevant calling process just cannot carry out associative operation.

As shown in Figure 1, this embodiment can comprise the following steps:

102, receive the first application program by the self-starting request of method of service to the second application program;

104, obtain the list of application program authorization privilege;

106, judge whether that described first application program of interception is by the self-starting request of method of service to described second application program according to the bag mark of described first application program of carrying in described self-starting request and the bag mark of described second application program, if the bag mark of described first application program is consistent with the interception strategy stored in the list of described application program authorization privilege with the bag mark of described second application program, then tackle described first application program by the self-starting request of method of service to described second application program.

Alternatively, described first application program is relevant application program to described second application program.Such as, the first application program and the second application program can be the application program that Taobao and this two Ali of Alipay are; Or more such as, the first application program and the second application program can to search for the application program that this Liang Ge Baidu is with Baidu for Baidu is audio-visual; Or, more such as, the first application program and the second application program can be 360 virus killings and these two 360 application programs being of 360 assistants, etc., the present embodiment is not particularly limited this.

Alternatively, described first application program and described second application program are incoherent application program.Such as, the application program of audio-visual these two the not homologys of the Baidu that is of the first application program and the second application program Taobao that can be for Ali and Baidu; Or, more such as, the application program of the first application program and the second application program Alipay these two that can be the 360 mobile phone assistants being and Ali be not homology, etc., the present embodiment is not particularly limited this.

Usually, operating system can comprise application layer (app layer) and system framework layer (framework layer).A kind of preferably implementation of the present invention improves app layer and framework layer, thus the coordinated utilizing this two-layer realizes starting communication fast on intelligent terminal.Concrete, a monitoring unit can be increased at app layer, wake assembly up for monitoring framework layer thus realize application program from the operation of opening, thus can in application program before opening, get the relevant information of responsible application program from the assembly opened, and analyze the type of this assembly and the bag mark of related application, according to obtained interception strategy, determine whether that described first application program of interception is by the self-starting request of method of service to described second application program.

For android system, before startup application program, can first go out to need the component Name of startup at framework layer analysis, framework layer can record the information relevant to this application program launching simultaneously, the component Name be such as activated, the type (being Activity assembly, Service assembly, Broadcast Receiver assembly or Content Provider assembly) etc. of this assembly.By injecting and javahook, just can the interface that framework layer records this information be monitored, and this information is returned to the monitoring unit (such as, mobile phone virus killing client) of app layer, then determine by this virus killing client the startup behavior whether allowing this application program.Therefore, behavior of in fact monitoring is that app layer is realized by the interface interchange monitoring framework layer.Because this interface inherently provides the relevant information being waken up assembly, can obtain so only need to carry out a small amount of parsing to the data obtained from framework layer.

Particularly, interrupt mechanism can be adopted to realize monitoring the interface transferring assembly.Concrete, hook (hook or hook) mechanism can be adopted to realize monitoring for the interface transferring assembly in framework layer.Those skilled in the art understand, and hook mechanism allows application program to intercept and capture message or the particular event of process operating system.Hook is actually the program segment of a processing messages, by system call, it is linked into system.Whenever specific message sends, before not arriving object window, hook program just first catches this message, that is Hook Function first obtains control.At this moment namely Hook Function can process process (change) this message, also can not deal with and continue to transmit this message, can also force the transmission of end.In embodiments of the present invention, adopt hook mechanism to interrupt transferring the process of assembly corresponding to application program, realize before opening, obtaining its module information in application program.

Below these four kinds of component type are briefly described.

(1) Activity assembly

In application program, activity assembly is exactly an independent screen usually, can show some controls and also can monitor and the event processing user makes response above it.

(2) Broadcast Receiver assembly

Application program can use Broadcast Receiver assembly to filter external event, thus only to interested external event as when phone incoming call, or when data network is available, carry out receiving and making response.Broadcast Receiver assembly does not have user interface.But they can start the information that an Activity assembly or Service assembly receive to respond them, or notify user with status bar manager (NotificationManager).Notice can attract the notice of user by a variety of mode, as flashed back of the body lamp, shaking, playing sound.In general be on status bar, put a lasting icon, user can open it and also obtain message.

(3) Service assembly

A Service assembly is the program not having user interface of segment length's life cycle, can be used for exploitation as monitoring class method.Such as, the media player of played songs from playlist.For example, in the application program of a media player, multiple activity assembly should be had, allow user can select song and played songs.But the activity assembly that this function of music playback is not corresponding, because user can think that music should also in broadcasting when navigating to other screen certainly.In this example, this activity assembly of media player can use Context.startService () to start a service assembly, thus can keep the broadcasting of music on backstage.Meanwhile, system also will keep this service assembly to perform always, until this service assembly operating terminates.In addition, by using Context.bindService () method, can also be connected to (if this service assembly does not also run will start it) on a service assembly.After being connected to a service assembly, can also communicate with it by the interface that provides of service assembly.With this example of media player, can also carry out suspending, the operation such as replay.

(4) Content Provider assembly

Android system platform provides Content Provider assembly, makes the specific data collection of an application program be supplied to other application programs.These data can be stored in file system, at a SQLite database or with any other reasonable manner, other application programs can be obtained by ContentResolver class or stored in data, only have and need just to need content provider when multiple application program data sharing from this content provider.Such as, address list data are used by multiple application program, and must be stored in a content provider.Its benefit is the access mode having unified data.

Particularly, before 104, can also in advance from local policy database retrieval obtain and identify with the bag of described first application program and the bag of described second application program identifies corresponding interception strategy, by the interception policy store of acquisition in the list of described application program authorization privilege.

Further, will obtain interception policy store in the list of described application program authorization privilege before, can also further by remote policy interface to cloud server send request and obtains feed back identify with the bag of described first application program and the bag of described second application program identifies corresponding interception strategy.Like this, then by the interception strategy obtained from local policy database with from the interception strategy that cloud server obtains, can be stored in the lump in the list of described application program authorization privilege.

Described interception strategy, when setting, can follow at least one rule in following rule for each assembly:

Activity assembly is visualization component, and its startup behavior caused can not be blocked, because this behavior is triggered by user mostly, and the not self-starting of proper application program;

Waking up of Broadcast Receiver assembly is the behavior of operating system, therefore, does not generally tackle the self-starting request that this assembly causes; And

The self-starting request that Content Provider assembly causes, just authority can give user, and therefore, each user can arrange personalized filtration or interception strategy according to self-demand.

Like this, by the application to these rules above, the self-starting request of the first application program to the second application program can be judged more accurately, whether should be blocked, puzzlement not caused to the normal use of user again simultaneously.

It is to be noted, can arrange the blacklist of the second application program be blocked for Service assembly in the list of application program authorization privilege, namely, if this second application program is by the self-starting of Service mode, as long as the bag mark of the bag mark of the first application program and the second application program is present in the list of application program authorization privilege, be all blocked.Such as, only no thoroughfare the Service mode self-starting of some second application program, if this second application program is by other mode self-startings such as Broadcast modes, does not then forbid.

Equally, only no thoroughfare the Service mode self-starting of some application program, if this application program is by the self-starting of Broadcast mode, does not then forbid.Above-mentioned different set-up mode can application program in different application scenarios.

In addition, in the application program authorization privilege list storehouse pre-set, some application program is to there being an application program authorization privilege list, and the list of application program authorization privilege is mark with application program identification (that is, aforesaid bag mark).In each application program authorization privilege list, storing user is the behavior authority of this application program mandate in advance.If there is no the behavior authority corresponding to this application program in this list, then do not have concrete power limit to advise, but user still to all permission grant or can forbid.

The statement form of behavior authority in AndroidManifest.xml file of application program is as follows:

Filename: AndroidManifest.xml

<uses-permission android:name=" rights of using "/>

Extend markup language (the XML in Java can be used, Extensible Markup Language) document parser, the authority of resolving in AndroidManifest.xml file describes part, to obtain the behavior permissions list of application program.Certainly, also other XML parser can be used, or, use other programming languages, such as, the programming language exploitation XML parser such as C/C++, python, AndroidManifest.xml file is resolved, to obtain the behavior permissions list that corresponding application program is applied for.

Wherein, AndroidManifest.xml file is the global configuration file of outbalance in installation kit, and it is responsible for four large assemblies of system registry android system and to system application authority etc.Adding in shell installation kit, it can be used as the important internal file needing to add shell installation kit to consider, with involved to adding in shell installation kit with the on all four copy of former installation kit.Because the AndroidManifest.xml file added in shell installation kit is the file of the same name of former installation kit, its bag name is identical, therefore add shell installation kit in systems in which after installation and operation host application, with AndroidManifest.xml to each assembly of system registry and application system authority, just the entrance of each assembly is established with this, each assembly through reflecting the destination application called all can be called by ActivityManagerService, and for described each component structure ActivityThread and corresponding LoadedApk object need not be provided, save the program realization link running context environmental.In like manner, the problem of caused PackageManagerService to each large assembly whether lawful registration is called in reflection, also the registration because of AndroidManifest.xml is overcome.

Particularly, receive Service first application program to the self-starting request of the second application program after, ActivityManagerService learns that this self-starting request is from Service, performing before the calling of the second application program, first identifying according to the bag mark of first application program of carrying in self-starting request and the bag of the second application program and judge.Such as, bag in the bag mark of the bag of the first application program received mark and the second application program and the application program authorization privilege list that prestores can be identified and compare, to identify with the bag of the first application program and the bag of the second application program identifies identical bag and identifies, then ActivityManagerService interception calling by Broadcast mode application programs if existed in the list of application program authorization privilege.

In this embodiment, due to can according to the bag mark i.e. bag mark of the second application program of the bag of the application program the called mark i.e. bag mark of the first application program and invoked application program tackle to user useless and/or to the startup of other application programs application program without any help, therefore, not only can improve the travelling speed of terminal but also electricity can be saved for terminal.

In an embodiment of the inventive method, the number of times of described first application program to described second application program self-starting can be added up, and then, then according to the number of times of obtained described first application program to described second application program self-starting, can determine whether that described first application program of interception is by the self-starting request of method of service to described second application program.

Further, if the number of times of described first application program to described second application program self-starting meets or exceeds setting threshold value in setting-up time, then do not tackle described first application program by the self-starting request of method of service to described second application program.

Can prevent from being like this absorbed in killing the second application program continually, then the first application program has fallen this vicious cycle of self-starting continually again of the second application program, not only consume a large amount of system resource, waste electricity, but also reduce the travelling speed of terminal.

In another embodiment of the inventive method, the cleanUpRemovedTaskLocked function of AS can be called, to obtain current all processes and according to the process of bag name of application program comprising request self-starting in the interception UID of tactful Ergodic judgement suspicious process and process the package list, this process to be added and can kill process list.

Further, because application program at least comprises system application and user application, for system application, if when passing through the self-starting of Service mode, can process as follows:

Judge whether the second application program is system application;

Can prevent from being absorbed in like this killing system application continually, then system application this vicious cycle of self-starting continually again, not only consumes a large amount of system resource, wastes electricity, but also reduce the travelling speed of terminal.

In real-life program, the self-starting mode of an application program is not limited in above-mentioned Service mode, can also be realized the self-starting of application program by Content Provider mode.Owing to there being a large amount of application programs called by Content Provider mode, and the number of Content Provider is also very many, therefore, the interception strategy set in the list of application program authorization privilege in advance for ContentProvider mode is not easy to.In the case, can forbid that the authority of application program self-starting gives user by by Content Provider mode, therefore, each user can arrange personalized filtration or interception strategy according to self-demand.

Particularly, receive described first application program by content provider's mode to the self-starting request of described second application program after, recording described self-starting request, content provider identification, the bag mark of described first application program and the bag mark of described second application program, these recorded informations can being stored into obstinate from opening in daily record.

Namely, ActivityManagerService receive the first application program by Content Provider mode to the call request of the second application program after, first judge this call request by which kind of mode is initiated, if initiated by Content Provider mode, then first record is carried out to the relevant information of self-starting request, so that user determines to tackle strategy accordingly according to the information that these record.

Further, while ActivityManagerService recording-related information, can by mode from interface to user that eject by the bag identification feedback of the bag of recorded described self-starting request, described content provider identification, described first application program mark and described second application program to user; And to the alarm of user interface bullet window.After user receives these information, according to self-demand input interception strategy, such as, adjust the self-starting of some the second application program to tackle to some first application program, allow some first application program to adjust the self-starting etc. of some the second application program.Then, then can receive user instruction to obtain processing policy, such as, the self-starting to the second application program be tackled or performed in corresponding self-starting.So just the call relation between the first application program and this two methods program of the second application program can be cut off.Wherein, the common self-starting mode of application program comprises Bind Service mode or ContentProvider mode.

Such as, by after the blocking module be injected in system service process intercepts the risky operation information of the second application program in advance, corresponding inquiry message can be sent to the second application program; Second application program ejects corresponding prompting frame according to inquiry message, and receive user input whether carry out the confirmation of corresponding operating after return to blocking module; Blocking module is according to the confirmation received, and permission or blocking system service processes are to the risky operation of the second application program; Can accomplish so effectively to tackle the second application behavior, after interception, suspend and operate accordingly, and notify this operation of user, after only obtaining the confirmation of user, just perform corresponding operation.

In addition, if user allows certain first application program to carry out self-starting by Content Provider mode to certain second application program, also can by this policy store in the list of application program authorization privilege, once receive this first application program by the self-starting request of Content Provider mode to this second application program, then no longer record and not to this information of user feedback, but directly self-starting is carried out to this second application program.

Similarly, if user forbids that certain first application program carries out self-starting by Content Provider mode to certain second application program, also can by this policy store in the list of application program authorization privilege, once receive this first application program by Content Provider mode to the self-starting of this second application program, also no longer record and not to this information of user feedback, but directly kill the process to this second application program self-starting.

In other words, ActivityManagerService does not clearly indicate whether to forbid or allow the first application program to adjust the second application program of self-starting by Content Provider mode by recording those users, so not only treatment effeciency can be improved, the experience of user can also be promoted simultaneously, avoid ejecting acknowledgement window to user continually.

In the above-described embodiments, interception strategy can include but not limited to based on the first application program bag mark and the second application program bag mark and cloud server be each application program setting level of security determine whether tackle.

Further, described cloud server is that the level of security that each application program is arranged comprises black, grey and white three ranks, and whether correspondence forbids installing, being selected to install and the installation of footpath row by user respectively.

For preparing or carrying out for the application program of installing, the present invention by the form by register itself being default installation device, can obtain the installation broadcast message of this application program.Then, using this new clothes application program as destination application, the characteristic information of its installation kit or signature and so on is sent in cloud server by remote layout bank interface, by cloud server, security is made to it and judge.In a kind of embodiment, cloud server is black, grey, the white three kinds of ranks of level of security setting of application program, represents different hazard level respectively, and the processing rule that setting is corresponding.Such as, black application program forbids installing, and grey application program is selected voluntarily by user, and white application program then can be installed by footpath row.Certainly, can be reduced to further ash, white two kinds, or be reduced to black, white two kinds.Those skilled in the art are familiar with this high in the clouds control technology of server, will disclose in follow-up further summary.In any case the present invention obtains the feedback of cloud server about the processing rule of these application programs by from the machine remote layout bank interface, feedback result is utilized to make corresponding subsequent treatment.Specifically, when returning black application program identification for current goal application program, the installation of this destination application can be stopped immediately; When being designated white application program identification or grey application program identification, then installation of can letting pass.For the consideration of interactivity, after completing long-range judgement, the present invention is by the relevant judged result of user interface bullet window reminding user, and show corresponding treatment advice, whether inquiry user determines current new clothes application program construction Initiative Defense environment, namely user determines this destination application after therefrom determining to carry out the mark of Initiative Defense to current new clothes destination application.

In like manner, after user determines this destination application, the installation kit of this destination application can be deposited in described assigned catalogue by the present invention.In addition, follow-up by the consideration for this fixed destination application construction Initiative Defense environment for the present invention, the present invention can stop the installation of this destination application immediately, after stopping the operation of installing both can occur in also can occurring in before user determines this destination application.

In addition, can by main anti-program income to the multiple points in system, to assist to realize the above-mentioned self-starting forbidding application program.

Particularly, can the characteristic information of the characteristic information of Unknown Applications installation kit or signature and so on or request self-starting application program be sent in cloud server by remote layout bank interface, by cloud server, security be made to it and judge.

As previously mentioned, be sent to the characteristic information of cloud server by client by remote layout bank interface, comprise: the bag name of Android installation kit, and/or, version number, and/or, digital signature, and/or, the feature of Android assembly receiver, and/or, the feature of Android assembly service, and/or, the feature of Android assembly activity, and/or, the instruction in executable file or character string, and/or, the MD5 value (signature) of each file under Android installation kit catalogue.

Achieve the client of method of the present invention or device, the characteristic information of specifying is uploaded to cloud server, search in the rule base that server is preset beyond the clouds and combine with the single characteristic information of specifying or its feature record matched; Wherein, comprise feature record and level of security corresponding to feature record in the rule base that cloud server is preset, in every bar feature record, comprise the combination of single characteristic information or characteristic information;

Thousands of feature records are prefixed in cloud server rule base, wherein, Article 1, the Android listing certain virus in feature record installs handbag name, the Android installation kit version number of certain normal application and the MD5 value of digital signature thereof is listed in Article 2 feature record, the Android listing certain normal application in Article 3 feature record installs handbag name and receiver feature thereof, the specific character string in the Android installation handbag name of certain wooden horse, version number and ELF file thereof is listed in Article 4 feature record, etc.

About the mark of safe class, namely black, white (safety) or ash (unknown, suspicious) three kinds of marks, can further be expressed as:

Safety: this application program is a normal application program, without any the behavior threatening user mobile phone safety;

Dangerous: this application program exists security risk, likely this application program inherently Malware; Also likely this application program was the normal software that regular company issues originally, but because there are security breaches, caused the privacy of user, mobile phone safe is on the hazard;

Careful: this application program is a normal application program, but there are some problems, user such as can be allowed to be deducted fees because of carelessness, or have disagreeableness advertisement to be complained; After this kind of application program of discovery, the careful use of user can be pointed out and inform the behavior that this application program is possible, but deciding whether remove this application program in its sole discretion by user;

Wooden horse: this application program is virus, wooden horse or other Malwares, herein in order to simply be referred to as wooden horse, but does not represent that this application program is only wooden horse.

In an embodiment of the inventive method, can also obtain the information of the informing entry of intercept process further, the information of described informing entry comprises the display view of described informing entry and the operation behavior response of described informing entry.And then, then can represent the display view of described informing entry.If get the operation behavior of user to this informing entry, then can according to the click respondent behavior of described informing entry, to the operation behavior of user to described informing entry, in the mode of memory cache or database caches, carry out response process.

Particularly, when the second application program sends informing entry, a Notification entity class can be constructed, for representing an informing entry being about to display.All information of this informing entry can be comprised in Notification entity class, important, the display view of described informing entry and the operation behavior response of described informing entry.

The display view of described informing entry can be specifically by RemoteViews object implementatio8.Wherein, RemoteViews object sequence, to the object liking a serializability, can be turned to byte stream and be stored in the physical files such as disk by RemoteViews.When informing entry checked by needs, corresponding byte stream can be read out from the physical files such as disk, then, be deserialized as RemoteViews object, View object can constructed by apply method, like this, the object of the display view representing described informing entry can just be realized.

It should be noted that, described physical file, can store in the mode of memory cache, have the feature of response fast, mobile terminal can disappear after restarting, or can also store in the mode of database caches, have the feature of persistence, mobile terminal can not disappear after restarting, and can be re-loaded in internal memory, etc., the present embodiment is not particularly limited this.

The operation behavior response of described informing entry, refers to that the operation behavior of informing entry is as the respondent behavior after clicking.Respondent behavior can be specifically realized by PendingIntent.And PendingIntent is a not serializability, it is the event handler safeguarded with android ActvityManagerService.This event handler is an in fact corresponding Intent object, this Intent to as if the object of a serializability, Intent object sequence can be turned to byte stream and be stored in the physical files such as disk.When needing to respond the operation behavior of user to described informing entry, corresponding byte stream can be read out from the physical files such as disk, then, being deserialized as Intent object.Like this, by Intent object, PendingIntent can be replaced to realize operation behavior event as click event.

Particularly, specifically can pass through code injection mode, detect that the application programming interfaces (Application Programming Interface, API) that the second application program transmission informing entry adopts call, and then, therefrom take out the image parameter of informing entry.

In an embodiment again of the inventive method, power saving strategy can also be set according to the bag name of application program; Cloud server is according to the Program Generating power saving database being provided with power saving strategy.If cloud server receives the power saving strategy of newly-increased program and this application program, be then updated in power saving database.That is, the corresponding power saving strategy recording program and this application program in power saving database.

The power saving strategy recorded in power saving database can comprise: unloading, forbidding from opening; Power saving strategy can also comprise: terminate to run, keep present situation or applicable long-time running etc.

Such as, technician can keep present situation power saving strategy for healthy class method or clock weather class method are arranged; And be that the synchronous supervisor setting of account is forbidden from opening power saving strategy.

Preferably, in order to mobile terminal can obtain power saving database more targetedly, and reduce the space shared by power saving database obtained, cloud server is that a kind of concrete grammar that the mobile terminal of different type of machines customizes power saving database respectively comprises: multiple mobile terminal being provided with monitoring software, if monitoring software finds to have installed unacquainted program in this mobile terminal, the model information of the program information of this application program and this mobile terminal can be uploaded in the lump the server in high in the clouds by networks such as internets; By the programming power saving strategy that technical professional is cloud server reception, such as, power saving strategy is set according to model information model; Cloud server, for each model information, is arranged with the program of power saving strategy according to this model information name, generate should the power saving database of model information.

Cloud server generates and safeguards power saving database, and mobile terminal can be downloaded power saving database from server and be stored in this locality, for carrying out power saving suggestion to user.

It can be that the model information of this mobile terminal is reported to server by network by mobile terminal that mobile terminal downloads from server a kind of concrete grammar obtaining power saving database; Such as, UNICOM version Huawei honor 3C smart mobile phone of 2G internal memory, after judging this mobile phone connected network, is extracted the model U30-H10 of this mobile phone, is reported as model information by network to server from the system information prestored.

After server receives the model information of mobile terminal reporting, from each model information distinguish corresponding power saving database, find the power saving database corresponding with the model information received, and turned back to the mobile terminal reporting model information by network.

The power saving database that mobile terminal reception server returns stores.

The mobile terminal of the embodiment of the present invention, based on the power saving database downloaded, carries out power saving suggestion according to following flow process, specifically can comprise the steps:

Step one, obtains the program listing of set up applications in mobile terminal.

Particularly, mobile terminal, from the system information that the operating system of this mobile terminal records, obtains the program listing of mounted application program.Program listing can comprise: the title of application program and installation path; Program listing can also comprise: the shared space size of application program, the process of current operation and quantity of service, and accumulative operation duration etc.

Step 2, for each application program in program listing, searches the power saving strategy whether storing this application program in the power saving database of this locality.

Particularly, mobile terminal, for each application program in program listing, judges whether to find this application program in the power saving database downloaded: the power saving strategy of this application program if so, then found out in power saving database; Otherwise, do not search the power saving strategy of this application program.

Step 3, statistics has the power consumption information of each application program of power saving strategy, and sorts to each application program according to power consumption information.

Particularly, mobile terminal, for each application program finding out power saving strategy, detects the power consumption information of this application program; According to detecting the power consumption information obtained, count the unit interval power consumption of this application program; And then count each unit interval power consumption accounting finding out the application program of power saving strategy; Unit interval power consumption accounting according to counting sorts to each application program.The power consumption information of application program comprises: the wake-up times of this application program and working time etc.

Preferably, mobile terminal, for each application program finding out power saving strategy, according to the unit interval power consumption accounting of this application program, can determine the power consumption rank of this application program; There is the application program that power consumption rank exceedes setting rank if judge, then there is power consumption program in prompting, and show the number of program that power consumption rank exceedes setting rank.

Step 4, when there being power consumption information to exceed the application requests self-starting of setting power consumption rank, triggers intercept process.

In an embodiment again of the inventive method, the number of times of described second application program self-starting can also be added up, and then, then can according to the number of times of the second added up application program self-starting, carry out power saving suggestion according to following flow process, specifically can comprise the steps:

Step one, obtains the number of times of described first application program to described second application program self-starting;

Step 2, obtains the total degree of described second application program self-starting;

Step 3, according to the total degree of described first application program to the number of times of described second application program self-starting and described second application program self-starting, obtains ratio value;

Step 4, when proportional value meets or exceeds the application requests self-starting of setting threshold value, triggers intercept process.

As shown in Figure 2, the device 20 in this embodiment can comprise and blocks self-starting request reception unit 202, tactful acquiring unit 204 and intercept process unit 206.Wherein,

Self-starting request reception unit 202, for receiving the first application program by the self-starting request of method of service to the second application program;

Strategy acquiring unit 204, for obtaining the list of application program authorization privilege;

Intercept process unit 206, for judging whether that described first application program of interception is by the self-starting request of method of service to described second application program according to the bag mark of described first application program of carrying in described self-starting request and the bag mark of described second application program, if the bag mark of described first application program is consistent with the interception strategy stored in the list of described application program authorization privilege with the bag mark of described second application program, then tackle described first application program by the self-starting request of method of service to described second application program.

In this embodiment, due to can according to the bag mark of the bag of invoked first application program mark and the second application program tackle to user useless and/or to the startup of other application programs application program without any help, therefore, not only can improve the travelling speed of terminal but also electricity can be saved for terminal.

Further, in another embodiment of apparatus of the present invention, described tactful acquiring unit 204, also obtain for retrieval from local policy database and identify with the bag of described first application program and the bag of described second application program identifies corresponding interception strategy, by the interception policy store of acquisition in the list of described application program authorization privilege.

Further, described tactful acquiring unit 204, also for by remote policy interface to cloud server send request and obtain feedback identify with the bag of described first application program and the bag of described second application program identifies corresponding interception strategy.

Further, in the another embodiment of apparatus of the present invention, this device can also comprise:

Further, in an embodiment again of apparatus of the present invention, this device can also comprise:

Interactive unit, for the alarm of user interface bullet window, receives user instruction to obtain processing policy.

In addition, the interception strategy in above-described embodiment can include but not limited to based on application program bag mark and cloud server be each application program arrange level of security determine whether tackle.

Further, described cloud server is that the level of security that each application program is arranged comprises black, grey and white three ranks, and correspondence is forbidden, selected and directly perform by user respectively.

In an embodiment again of apparatus of the present invention, this device can also comprise:

In an embodiment again of apparatus of the present invention,

It is pointed out that the device of above-mentioned application program rights management can arrange separately or be arranged in Activity assembly.

As shown in Figure 3, the mobile terminal 30 in this embodiment can comprise: the device 306 of broadcast reception thermomechanical components 302, serviced component 304 and application program rights management.Wherein, the device 306 of application program rights management can be realized by previous embodiment.Further, broadcast reception thermomechanical components 302 and serviced component 304 be self-starting information mutual with the device 306 of application program rights management respectively.

As shown in Figure 4, compared with the embodiment in Fig. 3, the mobile terminal 40 in this embodiment can also comprise: content provider's assembly 402.Wherein, content provider's assembly 402 self-starting information of by Content Provider mode being initiated mutual with the device 306 of application program rights management.

As shown in Figure 5, the system 50 in this embodiment can comprise cloud server 502 and mobile terminal 504, and wherein, mobile terminal 504 can be realized by previous embodiment.Store the level of security for each application program is arranged in cloud server 502, can include but not limited to black, grey and white three ranks, these three ranks respectively correspondence are forbidden, are selected and directly perform by user.

Further, cloud server 502 can also be produced, stores and safeguard power saving database.

In real-life program, carry out useless when mutually calling between each application program of same interiors of products, such as, system of Tengxun or Ali are when calling mutually between inner product, method of the present invention can be utilized to forbid the self-starting of some useless application program, to save the system resource of terminal.Equally, the present invention also can block and wake up the rogue of some application program.

It should be noted that, HOOK framework has been made service platform by the present invention, in the mode linking up with plug-in unit for terminal configuration is monitored, therefore, its loading only needs to depend on corresponding configuration file, efficient administration and be easy to realize, for technical personnel, some simple function calls only need to write the configuration that configuration file can realize linking up with plug-in unit, and HOOK reentries, concurrency performance is high.

Adopt shell application program successively to realize the monitoring of program behavior and the loading of destination application, then by monitoring, monitoring is set up to the event behavior of destination application, the hook to Java function, Native function can be realized.

The present invention is not only applicable to Dalvik pattern, also ART pattern is applicable to, function performance is upper, and both are as good as, and user does not need to adapt to different mode and writes different codes, simplifies development (among a small circle build-in test Android version number 4.4.2,4.4.3,4.4.4).

Through actual measurement, following data are had to prove the superiority of example of the present invention:

(1) developing example of the present invention, on 16 mobile phones to 107 sections of mainstream applications program softwares (as QQ, micro-letter, microblogging, mobile phone bodyguard, pay class, multiplely purchase by group app, each video jukebox software etc.) carry out stability depth test, all can normally run.

(2) developing example of the present invention, test contains mobile phone A ndroid operating system version number from 2.3 to 4.4.3.Type comprises nexus4/5,7, Samsung, millet, Huawei, association, Sony, and HTC and part mountain vallage mobile phone all obtain comparatively excellent performance.

Method and system of the present invention may be realized in many ways.Such as, any combination by software, hardware, firmware or software, hardware, firmware realizes method and system of the present invention.Said sequence for the step of method is only to be described, and the step of method of the present invention is not limited to above specifically described order, unless specifically stated otherwise.In addition, in certain embodiments, can be also record program in the recording medium by the embodiment of the present invention, these programs comprise the machine readable instructions for realizing according to method of the present invention.Thus, the present invention also covers the recording medium stored for performing the program according to method of the present invention.

Claims

1. a method for application program rights management, is characterized in that, comprising:

Obtain the list of application program authorization privilege;

2. the method for application program rights management according to claim 1, is characterized in that, before the list of described acquisition application program authorization privilege, also comprises:

3. the method for application program rights management according to claim 2, is characterized in that, described by obtain interception policy store in the list of described application program authorization privilege before, also comprise:

4. the method for application program rights management according to claim 1, is characterized in that, described method also comprises:

5. the method for application program rights management according to claim 1, is characterized in that, described method also comprises:

Represent the display view of described informing entry;

6. the method for the application program rights management according to the arbitrary claim of Claims 1 to 5, is characterized in that, described method also comprises:

Obtain the total degree of described second application program self-starting;

7. the method for the application program rights management according to the arbitrary claim of Claims 1 to 5,

8. a device for application program rights management, is characterized in that, comprising:

9. a mobile terminal, is characterized in that, comprises the device of broadcast reception thermomechanical components, serviced component and application program rights management according to claim 8.

10. a system for application program rights management, is characterized in that, comprises cloud server and mobile terminal according to claim 9.