CN114036501A - APP detection method, system, device, equipment and storage medium - Google Patents
APP detection method, system, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114036501A CN114036501A CN202111355572.8A CN202111355572A CN114036501A CN 114036501 A CN114036501 A CN 114036501A CN 202111355572 A CN202111355572 A CN 202111355572A CN 114036501 A CN114036501 A CN 114036501A
- Authority
- CN
- China
- Prior art keywords
- app
- detection
- mobile phone
- detected
- current detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
- G06F9/452—Remote windowing, e.g. X-Window System, desktop virtualisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Human Computer Interaction (AREA)
- Telephone Function (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
The present disclosure provides a detection method, system, apparatus, device and storage medium for APP, which relate to the field of artificial intelligence, and in particular to the technical field of big data and application program detection. The specific implementation scheme is as follows: the method comprises the steps of operating to-be-detected APP in the cloud mobile phone, carrying out analog operation on the to-be-detected APP in the cloud mobile phone based on a current detection project, simultaneously obtaining data generated by the APP in the analog operation, obtaining detection data required by the current detection project from the data, and then detecting the current detection data based on a target detection algorithm preset by the current detection project, so that a detection result of the current detection project is obtained. By applying the embodiment of the disclosure, the APP is to be detected through operation in the cloud mobile phone, the APP detection is not required to be completed by using a plurality of devices, the APP detection convenience is improved, meanwhile, simulation operation is carried out on the APP to be detected, the dynamic operation code of the APP to be detected can be acquired to carry out corresponding detection, so that the detection is more comprehensive, and the effect is better.
Description
Technical Field
The present disclosure relates to the field of artificial intelligence technology, and more particularly, to the field of big data and application detection technology.
Background
Generally, a large number of Applications (APPs) are installed in an electronic device of a user, and the applications need to be detected in order to ensure data security of the user.
Disclosure of Invention
The present disclosure provides a method, system, apparatus, device, and storage medium for APP detection without cross-device requirements.
According to an aspect of the present disclosure, there is provided an APP detection method, including:
running an APP to be detected in the cloud mobile phone;
based on the current detection item, carrying out simulation operation on the APP to be detected in the cloud mobile phone;
obtaining current detection data required by a current detection project from operation data generated in the process of carrying out simulation operation on the cloud mobile phone;
and detecting the current detection data based on a target detection algorithm preset by the current detection item to obtain a detection result of the current detection item.
According to another aspect of the present disclosure, there is provided a detection system for APP, the system comprising: the system comprises a cloud mobile phone, an APP detection platform, a data monitoring module and a data analysis module;
the cloud mobile phone is used for operating the APP to be detected;
the APP detection platform is used for carrying out simulation operation on the APP to be detected in the cloud mobile phone based on the current detection project;
the data monitoring module is used for acquiring current detection data required by a current detection project from running data generated in the process of carrying out simulation operation on the cloud mobile phone;
and the data analysis module is used for detecting the current detection data based on a target detection algorithm preset by the current detection item to obtain a detection result of the current detection item.
According to an aspect of the present disclosure, there is provided an APP detection apparatus, including:
the APP operation module to be detected is used for operating the APP to be detected in the cloud mobile phone;
the simulation operation module is used for carrying out simulation operation on the APP to be detected in the cloud mobile phone based on the current detection item;
the detection data acquisition module is used for acquiring current detection data required by a current detection project from running data generated in the process of carrying out simulation operation on the cloud mobile phone;
and the detection result acquisition module is used for detecting the current detection data based on a target detection algorithm preset by the current detection item to obtain a detection result of the current detection item.
According to an aspect of the present disclosure, there is provided an electronic device including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform any of the above methods of APP detection.
According to an aspect of the present disclosure, there is provided a non-transitory computer readable storage medium storing computer instructions for causing the computer to execute any one of the above methods for detecting an APP.
According to an aspect of the present disclosure, there is provided a computer program product comprising a computer program which, when executed by a processor, implements any of the above-described methods of detection of an APP.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
fig. 1 is a schematic diagram of a first embodiment of a method of detection of APP provided in accordance with the present disclosure;
FIG. 2 is a schematic diagram of a second embodiment of a method of detection of APP provided in accordance with the present disclosure;
FIG. 3 is a schematic diagram of a first embodiment of an APP detection page provided in accordance with the present disclosure;
FIG. 4 is a schematic diagram of a second embodiment of an APP detection page provided in accordance with the present disclosure;
FIG. 5 is a schematic diagram of one specific example of a method of detection of APP provided in accordance with the present disclosure;
FIG. 6 is a schematic diagram of a third embodiment of a method of detection of APP provided in accordance with the present disclosure;
FIG. 7 is a schematic illustration of a detection report for a method of detection of APP provided in accordance with the present disclosure;
FIG. 8 is a schematic illustration of yet another detection report for a detection method of APP provided in accordance with the present disclosure;
FIG. 9 is a schematic diagram of a first embodiment of a detection system for APP provided in accordance with the present disclosure;
FIG. 10 is a schematic diagram of a second embodiment of an APP detection system provided in accordance with the present disclosure;
fig. 11 is a schematic view of a first embodiment of an APP detection apparatus provided in accordance with the present disclosure;
fig. 12 is a block diagram of an electronic device for implementing the APP detection method according to the embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
At present, most APP detection all need the detection personnel to cross equipment with artificial mode and carry out data acquisition and detection, not only increased use cost, require to be higher to detection personnel's professional knowledge moreover.
Therefore, the present disclosure provides a method, a system, an apparatus, a device and a storage medium for detecting an APP without crossing devices, and first introduces the method for detecting an APP provided by the present disclosure.
Referring to fig. 1, fig. 1 is a schematic diagram of a first embodiment of a method for detecting APP provided according to the present disclosure, which may include the steps of:
and step S110, running the APP to be detected in the cloud mobile phone.
The cloud mobile phone (cloud phone) is a virtual cloud service based on a virtualization technology and a cloud server, wherein the virtual cloud mobile phone has a native mobile phone operating system (such as an android system) and a virtual mobile phone function, and a user can remotely control the cloud mobile phone in real time to realize cloud operation of an APP. As a specific implementation manner, the cloud mobile phone may be customized and developed based on AOSP (Android Open-Source Project) Open Source code. Generally, the cloud mobile phone can include the operation backstage in the cloud and the display interface that shows in the front end webpage, and the operation backstage can be operated each APP in the cloud mobile phone, and the front end display interface can then show each picture etc. that produce in the APP operation process to supply the user to carry out long-range real time control.
In the embodiment of the disclosure, a user can upload an installation package of an APP to be detected to a cloud mobile phone, and the cloud mobile phone can install and operate the installation package uploaded by the user.
And S120, performing simulation operation on the APP to be detected in the cloud mobile phone based on the current detection item.
In the embodiment of the disclosure, a plurality of detection items can be provided for a user, and the user can select the current detection item according to the own needs. The detection items may include privacy compliance detection, content compliance detection, application vulnerability detection, deep forgery detection, and AI data desensitization, among others.
Step S130, current detection data required by a current detection project are obtained from the running data generated in the simulation operation process of the cloud mobile phone.
In the embodiment of the disclosure, the cloud mobile phone can actively traverse each interface of the to-be-detected APP to run each function of the to-be-detected APP, that is, the to-be-detected APP is subjected to operation of simulating a real machine, so that the use cost of a user is reduced. Of course, as another implementation manner of the embodiment of the present disclosure, the user may also perform the operation of simulating the real machine on the APP to be detected in the cloud mobile phone, or both the above two manners may be used simultaneously, that is, after the traversal is completed, the user performs the simulation operation to additionally supplement the detection data. In this case, if the current task does not require user participation, a corresponding prompt may appear in the cloud mobile phone, for example, a cover layer may also appear in the installed application, so that the user cannot perform manual operation, thereby prompting the user that information such as detection is currently performed automatically.
As a specific implementation manner of the embodiment of the present disclosure, a data monitoring module may be embedded in a cloud mobile phone, and the data monitoring module acquires all data generated by an APP to be detected in the simulation operation process. The data can include static codes and dynamic codes of the APP to be detected, and specifically, the data can include authority called in the APP running process, behavior of acquiring personal information by the APP, behavior of transmitting equipment information by the APP and other behavior data. And then the detection data required by the current detection item can be obtained from the data. In this way, the required detection data can be collected more conveniently.
And step S140, detecting the current detection data based on a target detection algorithm preset by the current detection item to obtain a detection result of the current detection item.
In the embodiment of the disclosure, after the detection result of the current detection item is obtained, the user can also select to generate a detection report of the current detection item of the APP to be detected.
The APP detection method provided by the embodiment of the disclosure runs to-be-detected APPs in a cloud mobile phone, based on a current detection item, performs simulation operation on the to-be-detected APPs in the cloud mobile phone, simultaneously acquires data generated by the APPs in the simulation operation, acquires detection data required by the current detection item, and then detects the current detection data based on a target detection algorithm preset by the current detection item, so as to obtain a detection result of the current detection item. By applying the embodiment of the disclosure, the APP to be detected is detected by running in the cloud mobile phone, the detection can be completed in any equipment in the cloud, the APP detection can be completed without using a plurality of equipment, the APP detection convenience is improved, and the use cost is reduced. Meanwhile, in the detection process, the APP detection data does not need to be judged manually, and the requirement on the professional knowledge of detection personnel is reduced. And, through treating to detect APP and carry out analog operation, can acquire to detect the dynamic operation code of APP and carry out corresponding detection for it is more comprehensive to detect, and the effect is better.
In one embodiment of the present disclosure, referring to fig. 2, step S120 in fig. 1 may be subdivided into:
step S121, displaying an APP detection page to a user, wherein the APP detection page comprises: the current detection item and the cloud mobile phone display interface image are displayed; the cloud mobile phone display interface image is used for displaying each interface displayed in the process that the cloud mobile phone operates the APP to be detected.
In the embodiment of the present disclosure, the APP detection page may be a web page (web), and the cloud mobile phone interface image may be displayed in the web page.
In the embodiment of the disclosure, the cloud mobile phone interface image may be displayed in a form of video stream. As a specific implementation manner, the cloud mobile phone runs the background to run the APP to be detected, and based on a picture generated in the running process of the APP to be detected, a cloud mobile phone display interface video stream is generated and sent to the APP detection page, and the APP detection page may display the video stream at a preset cloud mobile phone display position (as shown in fig. 3). In this embodiment, the video stream may be generated in real time and displayed in real time, that is, the cloud mobile phone display interface is displayed in an instant video manner. Therefore, the cloud mobile phone display is more convenient and smooth.
As shown in fig. 3, the APP detection page may include a plurality of detection items, which may specifically include privacy compliance detection, content compliance detection, application vulnerability detection, deep forgery detection, AI data desensitization, and the like, and the user may select the detection items according to his/her needs. After the user selects the current detection item, the APP detection page can display all the detection items of the current detection item. Meanwhile, cloud mobile phone display interface images can be displayed in the APP detection page, so that the APP to be detected can display each interface in the detection process to a user.
As a specific implementation manner, the APP detection page may further include: and detecting task information and/or detection state information of the task contained in the project at present.
The task contained in the current detection item is preset, so that when APP detection is carried out, task information and/or detection state information of the task can be displayed in an APP detection page.
The task information of the current detection item may include: the user operation task information executed by the user to-be-detected APP is required in the current detection project; and enabling a user to operate in the cloud mobile phone display interface image based on the user operation task information.
In the embodiment of the present disclosure, the user operation task may be preset by a developer for different detection items.
As shown in fig. 3, the current detection item may include a plurality of detection items, and each detection item may further include each operation task that needs to be completed by the user, for example, the operation task may be "complete APP login on the left mobile phone," and the user may perform corresponding operation of simulating a real phone in the display interface image of the cloud mobile phone according to the operation task. The data monitoring module can correspondingly acquire the running data generated by the APP to be detected in the user simulation operation.
The detection state information may be used to display the completion condition of the operation task included in the current detection item.
As shown in fig. 3, the "detection item triggering progress" in fig. 3 may display the detection status of the current detection item to the user, where the status may include the detection items included in the current detection item and the completion of the operation tasks, that is, several detection items/operation tasks are completed, and there are several incomplete detection items/operation tasks.
As a specific implementation manner of the embodiment of the present disclosure, as shown in fig. 3, a progress bar may be additionally displayed beside each of the displayed detection items and operation tasks, so as to more intuitively show to the user which detection item or operation task the current detection specifically proceeds to. Meanwhile, an icon of the APP to be detected can be displayed to prompt the user what APP is detected currently.
Therefore, the APP detection process can be displayed to the user more visually, and the detection experience of the user is improved. Meanwhile, the cloud mobile phone is subjected to simulation operation by the user according to the displayed task, so that the detection is more comprehensive.
As shown in fig. 2, in step S122, obtaining an operation of a user in the display interface image of the cloud mobile phone based on a current detection item, and generating a simulation operation instruction of an APP to be detected, so that the cloud mobile phone executes the simulation operation instruction.
As described above, the APP detection page may be a web page, in the embodiment of the present disclosure, an operation control module may be embedded in the web page, and the operation control module may receive a simulation operation of a user on the cloud mobile phone, generate a corresponding simulation operation instruction, and transmit the simulation operation instruction to the operation background of the cloud mobile phone.
Correspondingly, as a specific implementation manner of the embodiment of the present disclosure, a corresponding control module may be embedded in an operation background of the cloud mobile phone, and the corresponding control module may receive the simulation operation instruction sent by the operation control module, perform a corresponding operation on the APP according to the simulation operation instruction (e.g., login of the APP, etc.), return a corresponding operation result to the webpage for display, for example, it may be displayed that the operation task is completed, the detection item triggers an increase in progress, and the like, and simultaneously display the corresponding operation result on a display interface of the cloud mobile phone (e.g., login is successful, etc.). The operation result can be transmitted to the APP detection page in a video stream mode for displaying.
Therefore, the cloud mobile phone display interface image is displayed, and the user can perform simulation operation on the cloud mobile phone display interface, so that the real-machine simulation experience of the user is better.
In an embodiment of the present disclosure, as shown in fig. 4, the detection page may further include: and in the process of executing a preset target task in the current detection project, multiple screenshots of the interface of the APP to be detected.
As a specific implementation manner of this embodiment, the user operation task set for the current detection item may include a user screenshot task. For example, the target task may be "privacy protocol express", and then the user may find the privacy protocol name of the APP to be detected and perform screenshot operation based on the cloud mobile phone. The operation control module can generate a corresponding screenshot operation instruction to be sent to a response control module of the cloud mobile phone after receiving the screenshot operation of the user, the response control module can perform screenshot on a current cloud mobile phone display interface after receiving the screenshot operation instruction, an operation result is sent to a webpage, the webpage can display the screenshot in a preset display position, and the cloud mobile phone can display prompt information such as 'screenshot is successful and is stored in a folder'.
As another implementation manner of the embodiment of the present disclosure, the cloud mobile phone background may capture a screenshot of related content according to a preset task, and display the screenshot at a preset display position.
And through treating to detect the relevant interface screenshot of APP and show, can be more audio-visual show APP testing process to the user, improve user detection experience.
In the embodiment of the disclosure, the APP detection page can also display the detection result, so that the detection condition of the APP to be detected is visually displayed for the user, and the user detection experience is improved.
Next, a method for detecting APP provided by the present disclosure will be described by taking privacy compliance detection as an example.
As a specific example of the present disclosure, if the current detection item selected by the user is privacy compliance detection. Then, the current detection data required by the current detection item may include privacy policy text content and APP behavior monitoring data, where the APP behavior monitoring data may include APP call authority, third-party SDK information and call authority, APP acquisition personal information, and APP transmission device information. The data can be acquired by the data monitoring module in the operation process of the APP to be detected.
As shown in fig. 5, in the present embodiment, the detection items of the privacy compliance detection may include a privacy policy protocol detection, a personal information collection and use detection, and a user right assurance detection.
The detection item of the privacy policy protocol detection can comprise three tasks, wherein the first task can be to find the privacy policy, click to open, and record the number of clicks required for finding the privacy policy. In this embodiment, the number of clicks required for finding the privacy policy may be recorded by the user.
The first task may include two subtasks, the first subtask being explicit to the privacy protocol. When the task is executed, the user can perform manual screenshot operation on the privacy protocol of the APP to be detected in the cloud mobile phone, and the acquired screenshot can be displayed at a preset screenshot display position.
The second subtask that task one includes is privacy protocol text.
When the task is completed, the cloud mobile phone can automatically scan the APP to be detected, and the privacy protocol text of the APP to be detected is automatically identified. The user may also find the tag in the cloud mobile phone by himself for manual triggering, for example, the user may find the privacy protocol text in "my-account-setup-protocol and declaration or about or privacy", where "about" in "may refer to the name of the APP to be detected.
As shown in fig. 5, the task two included in the detection of this detection item by the privacy policy protocol is: if the user needs to finish APP login in the left mobile phone, the user can finish APP login in a displayed cloud mobile phone display interface when the user detects that the task is performed.
And a third task is to complete filling of auxiliary information, the auxiliary information can comprise the number of times that the user needs to click to find the privacy policy recorded by himself, and since the privacy policy cannot be found by clicking 4 times according to relevant regulation rules, the number of times that the user fills in can be compared with 4 in detection, so that whether the APP to be detected meets the rule or not can be obtained.
As shown in fig. 5, when performing privacy compliance detection, automatic page detection may also be performed, that is, the above-mentioned traversal is performed on each interface of the APP to be detected to run each function thereof.
Accordingly, as shown in fig. 6, the step S140 in fig. 1 may include:
and step S141, performing natural language processing on the privacy policy text, and acquiring the preset calling authority of the to-be-detected APP contained in the privacy policy text and the preset function capable of calling the preset authority.
In the embodiment of the disclosure, a natural language processing model can be pre-trained, natural language processing is performed on a privacy text of an APP to be detected by the model, a preset authority which can be invoked by the APP to be detected and contained in the privacy policy text is obtained, and a function which is executed by the APP to be detected when the authority is invoked, namely the authority which is invoked by a statement in the privacy policy text of the APP to be detected and a use scene are obtained. For example, if the APP to be detected is a shopping APP, and the privacy policy text thereof includes a function of "search by taking a picture", the APP may call a mobile phone camera or read a mobile phone album.
And S142, performing behavior recognition on the APP behavior monitoring data, and acquiring authority called in the running process of the APP to be detected and functions of the authority.
In the embodiment of the disclosure, the behavior recognition model may be trained in advance, and the behavior recognition model performs behavior classification on the detection data to obtain a function corresponding to each detection data, specifically, a specific authority, a calling time, a calling scene, and the like of the to-be-detected APP call may be obtained based on the detection data.
In the embodiment of the disclosure, the data can be compositely judged by using a multi-dimensional data acquisition model such as an application service type identification model and an equipment state identification model, so as to judge whether the to-be-detected APP is in compliance or not.
And S143, comparing the authority and the function of the calling authority which are called in the running process of the APP to be detected with the preset calling authority and the preset function which can call the preset authority of the APP to be detected, which are contained in the privacy policy text.
After steps S141 and S142, the authority declared and invoked in the APP privacy policy text to be detected, the function that can invoke the corresponding authority, the authority invoked in the actual running process of the APP to be detected, and the function executed when invoking the authority can be obtained. In this step, the authority declared and called in the privacy policy text and the function that can call the corresponding authority can be compared with the authority called in the actual operation process of the APP to be detected and the function executed when the authority is called, so as to obtain the compliance result of the authority usage. By the method, privacy compliance detection is performed on the APP to be detected, the original code of the APP to be detected does not need to be analyzed, detection can be achieved conveniently, and meanwhile coverage of detection items is complete.
As a specific implementation manner of the embodiment of the present disclosure, when detecting an APP to be detected, the APP to be detected may also be detected based on a preset rule. The preset rules can comprise APP related laws and regulations, and the detection capability is further enhanced.
Step S144, based on the result of the comparison, obtains a detection result.
As described above, after the detection result is obtained, the detection result may be displayed on the APP detection page. As shown in fig. 5, a "generate detection report button" may be displayed in the APP detection page, and a user may generate a detection report by clicking the button.
In the embodiment of the disclosure, detection reports in different forms can be output for professional persons or non-professional persons.
For non-professionals, based on the comparison result, the content in the privacy policy text, which is consistent with the APP behavior monitoring data of the APP to be detected, and the content in the privacy policy text, which is inconsistent with the APP behavior monitoring data generated by the APP to be detected, are acquired and displayed as the detection result.
Referring to fig. 7, fig. 7 shows a schematic diagram of a detection report output to a user. As shown in fig. 7, the detection report may display a detection result, a detection summary, and specific problems, and the detection result may display whether there is a problem in the APP to be detected, and the detection summary may display which detection item has a problem detected.
As shown in fig. 7, the detection report shows that the problem is detected in the illegal violation problem in the text aspect of the privacy policy (detecting the notification manner of the APP privacy policy, whether the text content has illegal violation) and the personal information collection and use detection (detecting which personal information is actually collected by the APP in the use process and the collected legal compliance), and the problem is not detected in the illegal violation behavior in the user right assurance aspect (detecting the legal compliance of the APP in the user right assurance aspect, including user account logout, personal information query, correction, deletion, feedback processing, and the like). Further, the detection report may also show that several problems occur in each detection item, as shown in fig. 7, the privacy policy detection includes 10 detection tasks, 2 problems occur, the personal information collection and use detection includes 15 tasks, and 3 problems occur.
In the embodiment of the present disclosure, a user may check specific detection conditions of each detection item, as shown in fig. 7, the user selects to check specific detection conditions in personal information collection and usage detection, and problems detected in the detection item include: when applying for collecting personal sensitive information of a user, the purpose of unsynchronized informing or the purpose is not clear and difficult to understand; collecting personal information or opening the right to collect personal information before the privacy policy agrees; the actual collected personal information or the collectible personal information right opened by the application is beyond the user authorization scope.
Further, for each specific question, its detection criteria and corresponding improvement suggestions, detection details, and the like may also be displayed.
As shown in fig. 8, in fig. 7, the problem of collecting personal information or opening the right to collect personal information before the privacy policy agrees is solved, the detection criterion may be APP-related rules, and the improvement suggestion may include that when the APP is first run, the user is prompted to read the collection usage rules such as the privacy policy in an obvious manner such as pop-up window. The user can start to collect the personal information of the user or open the authority for collecting the personal information after voluntarily making an agreement expression by actively filling, clicking, checking and the like. When a user first uses APP, the collectible personal information authority should not be opened or collected before the user agrees to the privacy policy. The details of detection may include a specific question and detection data used by the question, such as a specific right invocation time, where the above-mentioned question may be that when the APP runs, although the APP runs, the user is explicitly indicated and the current running APP process is read, the personal information collection (reading of the current running APP process) occurs before the user agrees. Specific time information may include 10:50:47.904 start detection; starting the application at a ratio of 10:50: 49.607; reading the currently running application process at a ratio of 10:50: 52.674; reading the currently running application process at a ratio of 10:50: 53.949; 10:50:54.279 pops up privacy policy, and when APP runs can be obtained from the data, although the APP runs clearly to the user and is subject to the user's consent, the personal information collection (reading the currently running application process) occurs before the user agrees.
As another implementation manner of the embodiment of the present disclosure, for a professional, the comparison result can be directly used as the detection result. As shown in the following table:
as shown in the above table, the professional can check the specific situation of the APP to be detected calling permission, including the application state, the use time, and the like of the APP to be detected for permission, and can also check the corresponding code.
And the detection result is displayed in different modes, so that the detection requirements of various users on the APP can be met.
In the prior art, the detection of APP generally includes the following three ways:
the first method is as follows: in the method, only behavior records of the application can be identified by monitoring the system level of the built-in application of the mobile phone, behavior scenes such as specific authority and SDK (software development kit) and flow information content cannot be embodied, problems related to privacy policy agreements cannot be identified, and the app still needs to be opened manually for checking and manually judging. Not only can the related content of the privacy compliance not be comprehensively identified, but also a detector needs to have certain professional knowledge.
The second method comprises the following steps: through grabbing a package software in the computer, configuring mobile phone access, monitoring network demand, flow information and other contents in the mobile phone, in this way, the original data collection of detection needs to be completed across equipment manually, and the original data is analyzed through personal knowledge reserve and experience of privacy experts, so that the current APP privacy compliance condition can be obtained. This solution requires a high level of expertise on the examiner and also increases the cost of use across devices.
The third method comprises the following steps: and performing static detection on the APP installation package by using computer side detection software, installing and running the APP in a real machine through the detection software, and synchronously capturing network requests and flow information. In the method, the detection capabilities in different aspects are integrated into one piece of software, so that a user can conveniently perform automatic code analysis, enumerate the authority of application calling and the risk condition corresponding to the authority, but for the part of the dynamic code, the mobile phone entity and the computer end still need to be manually bound and connected, and the operation behavior is performed in the mobile phone to assist the software to acquire the dynamic code for further analysis.
Compared with the prior art, the APP detection method provided by the disclosure is applied, the APP is detected by using the cloud mobile phone to simulate the operation of the real machine, detection data collection and APP detection can be completed in any equipment in the cloud, APP detection is not required to be completed by using a plurality of devices, the problem that equipment needs to be crossed in the existing APP detection mode is solved, the APP detection convenience is improved, equipment does not need to be crossed, the dynamic code of the APP to be detected can be obtained without manual intervention, and the convenience for obtaining the dynamic code of the APP to be detected is improved. By applying the APP detection method provided by the disclosure, the detection result can be automatically obtained by using the detection algorithm preset by each detection item based on the detection data, and the detection result is displayed in the form of a detection report. In the APP detection method provided by the disclosure, the detection algorithms are preset, and the user operation can be prompted by displaying each operation task to be completed by the user in the detection process, so that the user does not need to have higher professional knowledge. In addition, in the embodiment of the APP detection method provided by the disclosure, the page traversal can be performed by using an intelligent algorithm in the cloud mobile phone, so that the use cost of a user is further reduced.
According to another aspect of the embodiments of the present disclosure, the present disclosure also provides a system for APP detection. As shown in fig. 9, the system may include: the system comprises a cloud mobile phone 910, an APP detection platform 920, a data monitoring module 930 and a data analysis module 940;
the cloud mobile phone 910 is used for running an APP to be detected;
the APP detection platform 920 is used for performing simulation operation on the APP to be detected based on the current detection project;
the data monitoring module 930 is configured to obtain current detection data required by a current detection item from operation data generated in a process of performing a simulation operation on the cloud mobile phone;
as shown in fig. 9, the data monitoring module 930 may be disposed in the cloud phone 910.
The data analysis module 940 is configured to detect the current detection data based on a target detection algorithm preset in the current detection item, so as to obtain a detection result of the current detection item.
In an embodiment of the disclosure, after the data analysis module 940 obtains the detection result, the detection result may be sent to the APP detection platform for displaying.
The APP detection system provided by the embodiment of the disclosure, a cloud mobile phone operates to detect an APP, and based on a current detection item, analog operation is performed on the APP to be detected, meanwhile, a data monitoring module acquires data generated by the APP in the analog operation, and acquires detection data required by the current detection item, and then a data analysis module detects the current detection data based on a target detection algorithm preset by the current detection item, so that a detection result of the current detection item is obtained. By applying the embodiment of the disclosure, the APP to be detected is detected by running in the cloud mobile phone, the detection can be completed in any equipment in the cloud, the APP detection can be completed without using a plurality of equipment, and the APP detection convenience is improved. Simultaneously, through treating the APP that detects and carry out analog operation, can acquire to treat the dynamic operation code of APP that detects and carry out corresponding detection for it is more comprehensive to detect, and the effect is better.
As shown in fig. 10, in an embodiment of the present disclosure, the APP detection platform 920 may be configured to show an APP detection page (i.e., a front end webpage 922) to a user, where the APP detection page includes: a current detection item and cloud mobile phone display interface image 923; the cloud mobile phone display interface image 923 is used for displaying each interface displayed in the process that the cloud mobile phone runs the APP to be detected;
and obtaining the operation of a user in the display interface image of the cloud mobile phone based on the current detection item, and generating a simulation operation instruction of the APP to be detected so as to enable the cloud mobile phone to execute the simulation operation instruction.
As shown in fig. 10, in the embodiment of the present disclosure, an operation control module 921 may be added to the APP detection platform 920, the operation control module 921 generates an operation instruction based on an operation of a user and sends the operation instruction to the cloud mobile phone 910, and correspondingly, a response control module 911 may be added to the cloud mobile phone to receive the operation instruction sent by the operation control module 921 and send an operation result to the operation control module, and after receiving the operation result, the APP detection platform 920 displays the operation result through an APP detection page.
As shown in fig. 10, in an embodiment of the present disclosure, a plurality of APPs 914 may be installed in the cloud mobile phone 910, and the cloud mobile phone 910 may employ an ARM processor 912 and use an Android 8.1 operating system 913 to run and operate the APP to be detected.
In an embodiment of the present disclosure, the APP detection page may further include: task information and/or detection state information of a task contained in a current detection project;
the task information of the current detection project comprises: the user operation task information executed by the user to-be-detected APP is required in the current detection project; enabling a user to operate in the cloud mobile phone display interface image based on the user operation task information;
and the detection state information is used for displaying the completion condition of the task contained in the current detection item.
In an embodiment of the present disclosure, the APP detection page further includes: and in the process of executing a preset target task in the current detection project, multiple screenshots of the interface of the APP to be detected.
In an embodiment of the present disclosure, the APP detection platform may be further configured to display the detection result on an APP detection page where the APP detection platform is located.
In an embodiment of the disclosure, the cloud mobile phone may also be configured to generate a cloud mobile phone display interface video stream based on an interface image displayed in an operation process of the to-be-detected APP;
and sending the video stream of the cloud mobile phone display interface to the APP detection page for display.
As shown in fig. 10, the cloud mobile phone may send the cloud mobile phone display interface to the APP detection platform in a video transmission manner, and the front-end webpage 922 in the APP detection platform displays the video stream of the cloud mobile phone display interface.
In an embodiment of the present disclosure, the data monitoring module 930 may be specifically configured to acquire operation data generated in a process of performing a simulation operation on the cloud mobile phone;
and obtaining current detection data required by the current detection item from the obtained operation data.
In an embodiment of the present disclosure, if the current detection item is privacy compliance detection; the current detection data required by the current project comprises: privacy policy text and APP behavior monitoring data;
the data analysis module is used for performing natural language processing on the privacy policy text to acquire preset calling authority of the APP to be detected and a preset function capable of calling the preset authority, wherein the preset calling authority is contained in the privacy policy text;
performing behavior recognition on the APP behavior monitoring data to acquire authority called in the running process of the APP to be detected and the function of the authority;
comparing the authority and the function of the calling authority which are called in the running process of the APP to be detected with the preset calling authority and the preset function which can call the preset authority of the APP to be detected which are contained in the privacy policy text;
and acquiring a detection result based on the comparison result.
In an embodiment of the disclosure, the data analysis module, based on the comparison result, acquiring the detection result includes:
based on the comparison result, acquiring the content in the privacy policy text, which is consistent with the APP behavior monitoring data of the APP to be detected, and the content in the privacy policy text, which is inconsistent with the APP behavior monitoring data generated by the APP to be detected, as a detection result;
or
And taking the comparison result as a detection result.
According to an embodiment of the present disclosure, the present disclosure further provides a detection apparatus of APP, as shown in fig. 11, the detection apparatus may include:
the to-be-detected APP operation module 1110 is used for operating the to-be-detected APP in the cloud mobile phone;
the simulation operation module 1120 is used for performing simulation operation on the APP to be detected in the cloud mobile phone based on the current detection item;
a detection data obtaining module 1130, configured to obtain current detection data required by a current detection item from operation data generated in a process of performing a simulation operation on the cloud mobile phone;
a detection result obtaining module 1140, configured to detect the current detection data based on a target detection algorithm preset in the current detection item, so as to obtain a detection result of the current detection item.
The APP detection device provided by the embodiment of the disclosure operates in a cloud mobile phone to detect an APP, and based on a current detection item, performs simulation operation on the APP to be detected in the cloud mobile phone, and simultaneously acquires data generated by the APP in the simulation operation, and acquires detection data required by the current detection item, and then based on a target detection algorithm preset by the current detection item, detects the current detection data, so as to obtain a detection result of the current detection item. By applying the embodiment of the disclosure, the APP to be detected is detected by running in the cloud mobile phone, the detection can be completed in any equipment in the cloud, the APP detection can be completed without using a plurality of equipment, and the APP detection convenience is improved. Simultaneously, through treating the APP that detects and carry out analog operation, can acquire to treat the dynamic operation code of APP that detects and carry out corresponding detection for it is more comprehensive to detect, and the effect is better.
In the technical scheme of the disclosure, the collection, storage, use, processing, transmission, provision, disclosure and other processing of the personal information of the related user are all in accordance with the regulations of related laws and regulations and do not violate the good customs of the public order.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.
FIG. 12 shows a schematic block diagram of an example electronic device 1200, which can be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 12, the apparatus 1200 includes a computing unit 1201 which can perform various appropriate actions and processes in accordance with a computer program stored in a Read Only Memory (ROM)1202 or a computer program loaded from a storage unit 1208 into a Random Access Memory (RAM) 1203. In the RAM 1203, various programs and data required for the operation of the device 1200 may also be stored. The computing unit 1201, the ROM 1202, and the RAM 1203 are connected to each other by a bus 1204. An input/output (I/O) interface 1205 is also connected to bus 1204.
Various components in the device 1200 are connected to the I/O interface 1205 including: an input unit 1206 such as a keyboard, a mouse, or the like; an output unit 1207 such as various types of displays, speakers, and the like; a storage unit 1208, such as a magnetic disk, optical disk, or the like; and a communication unit 1209 such as a network card, modem, wireless communication transceiver, etc. The communication unit 1209 allows the device 1200 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The computing unit 1201 may be a variety of general purpose and/or special purpose processing components having processing and computing capabilities. Some examples of the computing unit 1201 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The calculation unit 1201 performs the respective methods and processes described above, such as the detection method of APP. For example, in some embodiments, the detection method of APP may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 1208. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 1200 via the ROM 1202 and/or the communication unit 1209. When the computer program is loaded into the RAM 1203 and executed by the computing unit 1201, one or more steps of the detection method of APP described above may be performed. Alternatively, in other embodiments, the computing unit 1201 may be configured by any other suitable means (e.g. by means of firmware) to perform the detection method of the APP.
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server with a combined blockchain.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present disclosure may be executed in parallel or sequentially or in different orders, and are not limited herein as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.
Claims (20)
1. A detection method of APP comprises the following steps:
running an APP to be detected in the cloud mobile phone;
based on the current detection item, carrying out simulation operation on the APP to be detected in the cloud mobile phone;
obtaining current detection data required by a current detection project from operation data generated in the process of carrying out simulation operation on the cloud mobile phone;
and detecting the current detection data based on a target detection algorithm preset by the current detection item to obtain a detection result of the current detection item.
2. The method of claim 1, wherein,
based on the current detection project, the method for carrying out simulation operation on the APP to be detected in the cloud mobile phone comprises the following steps:
displaying an APP detection page to a user, wherein the APP detection page comprises: the current detection item and the cloud mobile phone display interface image are displayed; the cloud mobile phone displays interface images, and is used for displaying each interface displayed in the process of running the APP to be detected by the cloud mobile phone;
and obtaining the operation of a user in the display interface image of the cloud mobile phone based on the current detection item, and generating a simulation operation instruction of the APP to be detected so as to enable the cloud mobile phone to execute the simulation operation instruction.
3. The method of claim 2, wherein,
in the APP detection page, the method further comprises: task information and/or detection state information of a task contained in a current detection project;
the task information of the current detection project comprises: the user operation task information executed by the user to-be-detected APP is required in the current detection project; enabling a user to operate in the cloud mobile phone display interface image based on the user operation task information;
and the detection state information is used for displaying the completion condition of the task contained in the current detection item.
4. The method of claim 3, wherein,
in the APP detection page, the method further comprises: the method comprises the steps that in the process of executing a preset target task in a current detection project, multiple screenshots of an interface of an APP to be detected are taken; and/or the presence of a gas in the gas,
and displaying the detection result on the APP detection page.
5. The method of claim 2, wherein,
the cloud mobile phone display interface image is displayed through the following steps:
generating a cloud mobile phone display interface video stream based on an interface image displayed in the running process of the APP to be detected;
and sending the video stream of the cloud mobile phone display interface to the APP detection page for display.
6. The method of claim 1, wherein,
the step of obtaining current detection data required by a current detection item from operation data generated in the process of carrying out simulation operation on the cloud mobile phone comprises the following steps:
acquiring running data generated in the process of carrying out simulation operation on the cloud mobile phone through a data monitoring module arranged in the cloud mobile phone;
and obtaining current detection data required by the current detection item from the obtained operation data.
7. The method of claim 6, wherein if the current detection item is a privacy compliance detection; the current detection data required by the current project comprises: privacy policy text and APP behavior monitoring data;
the step of detecting the current detection data based on the target detection algorithm preset by the current detection item to obtain the detection result of the current detection item includes:
performing natural language processing on the privacy policy text to acquire preset calling permission of the APP to be detected and a preset function capable of calling the preset permission, wherein the preset calling permission of the APP to be detected is contained in the privacy policy text;
performing behavior recognition on the APP behavior monitoring data to acquire authority called in the running process of the APP to be detected and the function of the authority;
comparing the authority and the function of the calling authority which are called in the running process of the APP to be detected with the preset calling authority and the preset function which can call the preset authority of the APP to be detected which are contained in the privacy policy text;
and acquiring a detection result based on the comparison result.
8. The method of claim 7, wherein the step of obtaining a detection result based on the result of the comparison comprises:
based on the comparison result, acquiring the content in the privacy policy text, which is consistent with the APP behavior monitoring data of the APP to be detected, and the content in the privacy policy text, which is inconsistent with the APP behavior monitoring data generated by the APP to be detected, as a detection result;
or
And taking the comparison result as a detection result.
9. A detection system for APP, the system comprising: the system comprises a cloud mobile phone, an APP detection platform, a data monitoring module and a data analysis module;
the cloud mobile phone is used for operating the APP to be detected;
the APP detection platform is used for carrying out simulation operation on the APP to be detected in the cloud mobile phone based on the current detection project;
the data monitoring module is used for acquiring current detection data required by a current detection project from running data generated in the process of carrying out simulation operation on the cloud mobile phone;
and the data analysis module is used for detecting the current detection data based on a target detection algorithm preset by the current detection item to obtain a detection result of the current detection item.
10. The system of claim 9, wherein,
the APP detection platform is used for displaying an APP detection page to a user, and the APP detection page comprises: the current detection item and the cloud mobile phone display interface image are displayed; the cloud mobile phone displays interface images, and is used for displaying each interface displayed in the process of running the APP to be detected by the cloud mobile phone;
and obtaining the operation of a user in the display interface image of the cloud mobile phone based on the current detection item, and generating a simulation operation instruction of the APP to be detected so as to enable the cloud mobile phone to execute the simulation operation instruction.
11. The system of claim 10, wherein the APP detect page further comprises: task information and/or detection state information of a task contained in a current detection project;
the task information of the current detection project comprises: the user operation task information executed by the user to-be-detected APP is required in the current detection project; enabling a user to operate in the cloud mobile phone display interface image based on the user operation task information;
and the detection state information is used for displaying the completion condition of the task contained in the current detection item.
12. The system of claim 11, wherein,
in the APP detection page, the method further comprises: the method comprises the steps that in the process of executing a preset target task in a current detection project, multiple screenshots of an interface of an APP to be detected are taken; and/or
The APP detection platform is further used for displaying the detection result on the APP detection page where the APP detection platform is located.
13. The system of claim 10, wherein,
the cloud mobile phone is also used for generating a cloud mobile phone display interface video stream based on an interface image displayed in the operation process of the APP to be detected;
and sending the video stream of the cloud mobile phone display interface to the APP detection page for display.
14. The system of claim 9, wherein,
the data monitoring module is arranged in the cloud mobile phone and used for acquiring operation data generated in the process of carrying out simulation operation on the cloud mobile phone;
and obtaining current detection data required by the current detection item from the obtained operation data.
15. The system of claim 14, wherein if the current detection item is a privacy compliance detection; the current detection data required by the current project comprises: privacy policy text and APP behavior monitoring data;
the data analysis module is used for performing natural language processing on the privacy policy text to acquire preset calling authority of the APP to be detected and a preset function capable of calling the preset authority, wherein the preset calling authority is contained in the privacy policy text;
performing behavior recognition on the APP behavior monitoring data to acquire authority called in the running process of the APP to be detected and the function of the authority;
comparing the authority and the function of the calling authority which are called in the running process of the APP to be detected with the preset calling authority and the preset function which can call the preset authority of the APP to be detected which are contained in the privacy policy text;
and acquiring a detection result based on the comparison result.
16. The system of claim 15, wherein,
the data analysis module, based on the result of the comparison, obtains a detection result including: based on the comparison result, acquiring the content in the privacy policy text, which is consistent with the APP behavior monitoring data of the APP to be detected, and the content in the privacy policy text, which is inconsistent with the APP behavior monitoring data generated by the APP to be detected, as a detection result;
or
And taking the comparison result as a detection result.
17. Detection apparatus for APP, comprising:
the APP operation module to be detected is used for operating the APP to be detected in the cloud mobile phone;
the simulation operation module is used for carrying out simulation operation on the APP to be detected in the cloud mobile phone based on the current detection item;
the detection data acquisition module is used for acquiring current detection data required by a current detection project from running data generated in the process of carrying out simulation operation on the cloud mobile phone;
and the detection result acquisition module is used for detecting the current detection data based on a target detection algorithm preset by the current detection item to obtain a detection result of the current detection item.
18. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-8.
19. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-8.
20. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111355572.8A CN114036501A (en) | 2021-11-16 | 2021-11-16 | APP detection method, system, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111355572.8A CN114036501A (en) | 2021-11-16 | 2021-11-16 | APP detection method, system, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114036501A true CN114036501A (en) | 2022-02-11 |
Family
ID=80144641
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111355572.8A Pending CN114036501A (en) | 2021-11-16 | 2021-11-16 | APP detection method, system, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114036501A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114676432A (en) * | 2022-05-26 | 2022-06-28 | 河北兰科网络工程集团有限公司 | APP privacy compliance checking method, terminal and system |
| CN115587352A (en) * | 2022-10-10 | 2023-01-10 | 奇安信科技集团股份有限公司 | Privacy security monitoring method and device, electronic equipment and storage medium |
-
2021
- 2021-11-16 CN CN202111355572.8A patent/CN114036501A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114676432A (en) * | 2022-05-26 | 2022-06-28 | 河北兰科网络工程集团有限公司 | APP privacy compliance checking method, terminal and system |
| CN115587352A (en) * | 2022-10-10 | 2023-01-10 | 奇安信科技集团股份有限公司 | Privacy security monitoring method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111310934B (en) | Model generation method and device, electronic equipment and storage medium | |
| US11151024B2 (en) | Dynamic automation of DevOps pipeline vulnerability detecting and testing | |
| US9555544B2 (en) | Robotic process automation | |
| CA3018196C (en) | Visual regresssion testing tool | |
| US9015666B2 (en) | Updating product documentation using automated test scripts | |
| WO2021109928A1 (en) | Creation method, usage method and apparatus for machine learning scheme template | |
| US20170083495A1 (en) | Method for Modifying Webpage and Apparatus for Modifying Webpage | |
| CN114036501A (en) | APP detection method, system, device, equipment and storage medium | |
| CN108830383B (en) | Method and system for displaying machine learning modeling process | |
| US11954536B2 (en) | Data engine | |
| CN113568626B (en) | Dynamic packaging and application package opening method and device and electronic equipment | |
| CN110210225A (en) | A kind of intelligentized Docker container malicious file detection method and device | |
| CN114297700A (en) | Dynamic and static combined mobile application privacy protocol extraction method and related equipment | |
| CN107430590B (en) | System and method for data comparison | |
| US20180157828A1 (en) | Hypervisor enforcement of cryptographic policy | |
| US20170003861A1 (en) | Cognitively aware selectable controls | |
| US11062616B2 (en) | Interactive learning experience | |
| US10558550B2 (en) | Static program analysis of a partial software program | |
| CN113052174B (en) | License plate data sample generation method and device, electronic equipment and storage medium | |
| Bradley et al. | Assessing the inclusivity of digital interfaces-a proposed method | |
| CN115062304A (en) | Risk identification method and device, electronic equipment and readable storage medium | |
| EP3679475B1 (en) | Identifying functions prone to logic errors in binary software components | |
| CN110262856B (en) | Application program data acquisition method, device, terminal and storage medium | |
| CN114547252A (en) | Text recognition method and device, electronic equipment and medium | |
| WO2015200602A1 (en) | Command surface drill-in control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |