CN116956272A - Authority calling monitoring method and device and electronic equipment - Google Patents

Authority calling monitoring method and device and electronic equipment Download PDF

Info

Publication number
CN116956272A
CN116956272A CN202210973599.1A CN202210973599A CN116956272A CN 116956272 A CN116956272 A CN 116956272A CN 202210973599 A CN202210973599 A CN 202210973599A CN 116956272 A CN116956272 A CN 116956272A
Authority
CN
China
Prior art keywords
class
sensitive
operating system
reflection
software development
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210973599.1A
Other languages
Chinese (zh)
Inventor
翁海涛
王继春
赵巍
章海峰
赵爽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Zhejiang Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Zhejiang Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Zhejiang Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202210973599.1A priority Critical patent/CN116956272A/en
Publication of CN116956272A publication Critical patent/CN116956272A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)

Abstract

The embodiment of the application relates to the technical field of data security, and discloses a method for monitoring permission invoking, which comprises the following steps: generating a system reflection class corresponding to a reflection system of the operating system; reflecting the sensitive class of the operating system according to the system reflection class so as to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class; and recording the calling information of each third-party software development kit corresponding to the application program on the sensitive class. Through the mode, the embodiment of the application realizes effective monitoring of the rights information acquired by the third party development kit.

Description

Authority calling monitoring method and device and electronic equipment
Technical Field
The embodiment of the application relates to the technical field of data security, in particular to a method and a device for monitoring permission call, electronic equipment and a computer readable storage medium.
Background
At present, with the development of application programs, management and control of data security such as personal information and data authority of the application programs are increasingly important. In the prior art, the detection of the application program for acquiring the sensitive information is generally to intercept the call through a virtual sand table environment; or customizing the mobile phone, monitoring the system method, and further monitoring the calling method of the app on the sensitive permission.
The inventor of the application finds that in the process of implementing the embodiment of the application, a monitoring method for acquiring the sensitive information by the application program in the prior art is complex, has poor compatibility and has lower efficiency of data security monitoring.
Disclosure of Invention
In view of the above problems, embodiments of the present application provide a method, an apparatus, an electronic device, and a computer readable storage medium for monitoring permission call, which are used to solve the problems in the prior art that a monitoring method for acquiring sensitive information by an application program is complex, has poor compatibility, and has low efficiency of data security monitoring.
According to an aspect of an embodiment of the present application, there is provided a rights call monitoring method, including:
generating a system reflection class corresponding to a reflection system of the operating system;
reflecting the sensitive class of the operating system according to the system reflection class so as to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class;
and recording the calling information of each third-party software development kit corresponding to the application program on the sensitive class.
In an optional manner, the generating a system reflection class corresponding to a reflection system of an operating system includes: determining whether the operating system prohibits the reflective method call to the sensitive class; if forbidden, a reflection system reflecting the operating system generates a system reflection class.
In an alternative manner, the determining whether the operating system prohibits the reflective method call to the sensitive class includes: determining a system version of the operating system; and determining whether the operating system prohibits the reflection method call of the sensitive class when the system version of the operating system.
In an optional manner, the reflecting the sensitive class of the operating system according to the system reflection class to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class includes: reflecting sensitive classes of the operating system according to the system reflection class to perform message hook injection so as to obtain SDK management classes; and message hooking is carried out on requests of each third party software development kit to the authority request class and the authority operation class of the operating system through the SDK management class.
In an optional manner, after the recording the application program and the call information of each third party software development kit corresponding to the application program for the sensitive class, the method further includes: determining whether illegal calling behaviors exist in the third-party software development kit according to the calling information; and when illegal calling behaviors exist, intercepting the calling behaviors of the third-party software development kit.
In an optional manner, the reflecting the sensitive class of the operating system according to the system reflection class to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class includes: performing authority filtering on each third party software development kit according to a preset blacklist package; and intercepting authority requests or sensitive operation requests of the third-party software development kit in the blacklist package.
According to another aspect of the embodiment of the present application, there is provided a rights call monitoring device including:
the generating module is used for generating a system reflection class corresponding to a reflection system of the operating system;
the monitoring module is used for reflecting the sensitive class of the operating system according to the system reflection class so as to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class;
and the recording module is used for recording the application program and the calling information of each third-party software development kit corresponding to the application program on the sensitive class.
In an alternative manner, the monitoring module is further configured to: reflecting sensitive classes of the operating system according to the system reflection class to perform message hook injection so as to obtain SDK management classes; and message hooking is carried out on requests of each third party software development kit to the authority request class and the authority operation class of the operating system through the SDK management class.
According to another aspect of an embodiment of the present application, there is provided an electronic apparatus including: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation of the permission calling monitoring method.
According to yet another aspect of an embodiment of the present application, there is provided a computer readable storage medium having stored therein at least one executable instruction that, when executed on an electronic device, causes the electronic device to perform the operations of the rights invocation monitoring method.
The embodiment of the application generates the system reflection class corresponding to the reflection system of the operating system; reflecting the sensitive class of the operating system according to the system reflection class so as to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class; and recording the application program and the calling information of each third-party software development kit corresponding to the application program for the sensitive class, and realizing the effective monitoring of the behavior of the third-party development kit for acquiring the authority information. Meanwhile, the detection report of the privacy detection party to the third party development kit does not need to be passively waited, so that time can be effectively saved, and efficiency is improved.
The foregoing description is only an overview of the technical solutions of the embodiments of the present application, and may be implemented according to the content of the specification, so that the technical means of the embodiments of the present application can be more clearly understood, and the following specific embodiments of the present application are given for clarity and understanding.
Drawings
The drawings are only for purposes of illustrating embodiments and are not to be construed as limiting the application. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
FIG. 1 shows a flowchart of a method for monitoring authority call according to an embodiment of the present application;
FIG. 2 is a schematic flow chart of a reflection sensitive class in the authority call monitoring method according to the embodiment of the present application;
fig. 3 is a schematic flow chart of hook injection in the rights calling monitoring method according to the embodiment of the present application;
fig. 4 is a schematic structural diagram of a rights calling monitoring device according to an embodiment of the present application;
fig. 5 shows a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Exemplary embodiments of the present application will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present application are shown in the drawings, it should be understood that the present application may be embodied in various forms and should not be limited to the embodiments set forth herein.
1. First, the prior art will be further described. With the development of application programs, it is more and more important to manage and control the security of data such as personal information and data authority acquired by application programs. The application needs to be subjected to authority examination and authority modification. In the prior art, the evaluation of the authority identification method of an application program (APP) is mainly carried out according to the rules and requirements of some policy regulations, and a detection report can be sent by a third party detection party. The authority of the application program is relatively easy to examine and modify, and only global searching and modifying are needed. However, for some applications, which integrate some external SDKs, some operations or functional modules of the application rely on the external SDKs. For applications that call more third party Software Development Kits (SDKs), it is necessary to perform both permission review and modification on the application itself (the host itself) and on the third party Software Development Kits (SDKs) that are called by the application. However, for applications integrated with more third party software development kits, inspection and modification of the third party SDK is very difficult relative to inspection and modification of the application itself (the host itself), such as the need to self-check the usage of the third party SDK for file storage rights, and temporary rights limitation modification of the unattended SDK. The detection method of each reinforcement manufacturer is generally as follows: 1. intercepting the call of the APP to the sensitive authority by creating a virtual sandbox and a hook of the virtual sandbox environment; 2. by customizing the mobile phone, monitoring is added to the system method, and then the calling method of the APP for the sensitive permission is monitored. However, these detection methods have the following drawbacks: 1. by creating a virtual sandbox, a certain threshold is needed for intercepting the call of the APP to the sensitive authority in a hook of the virtual sandbox environment, such as setting up the sandbox, customizing ROM and the like. The establishment of sand box needs to solve APP to sand box's compatibility problem. The difficulty of customizing ROM is higher, and the capability of customizing an operating system of a mobile phone is needed. The above is a significant threshold and challenge for developers of upper layer application APP development. 2. By customizing the mobile phone, a monitoring mode is added to the system method, so that detection can be only performed, and some third-party SDKs cannot be limited. When some SDKs detect non-compliant content, the most compliant method is to inform a third party of the modification of the non-compliant content, and the host integrates a new SDK after the modification is completed. However, for some old SDKs, when the SDKs on the old cannot be contacted temporarily, only the whole SDKs or replacement can be decided to be removed, and the service function stability of the whole APP is a new hidden trouble.
Based on the above, the embodiment of the application provides a right calling monitoring method. As shown in fig. 1, a flowchart of a rights calling monitoring method according to an embodiment of the present application is provided, where the method is executed by an electronic device, and specifically, by an application system in the electronic device, where multiple third party software development kits (software development kits SDKs external to the application system) are integrated in the application system. The electronic device is an electronic device capable of installing application programs, such as a terminal, a tablet computer, a computer device and the like. As shown in fig. 1, the method comprises the steps of:
step 110: and generating a system reflection class corresponding to the reflection system of the operating system.
The embodiment of the application reflects the sensitive class of the operating system through the reflection frame so as to realize the function of monitoring when the third party software development kit calls the sensitive class of the operating system. The sensitive class of the operating system comprises a permission API of the operating system and a sensitive operation API of the operating system, the sensitive operation API can comprise a personal information acquisition API and the like, and the permission API can comprise a telephone state permission request API, a text read-write permission request API, a microphone permission request API, a positioning permission request API and the like. The limitations of different versions of the operating system in the electronic device on the reflection method of the system class API are considered to be different. Therefore, when the embodiment of the application is used for carrying out sensitive type reflection, the system reflection type corresponding to the whole reflection system of the operating system is generated, and then the sensitive type of the operating system is reflected according to the mode of reflecting the sensitive type of the operating system by the system reflection type. Therefore, the embodiment of the application preferably determines whether the operating system prohibits the reflection method call to the sensitive class; if forbidden, a reflection system reflecting the operating system generates a system reflection class. Specifically, determining a system version of the operating system; and determining whether the operating system prohibits the reflection method call of the sensitive class when the system version of the operating system.
For example, since android Q begins, the android operating system prohibits all calls to sensitive system class API reflection methods, the system class API may be reflected only after system signing or whitelisting. Due to this limitation, direct HOOK (HOOK injection) cannot be performed on sensitive classes of the system. Therefore, the embodiment of the application bypasses the white list reflection limit of the system by generating a system reflection class of the whole reflection system of the android Q in advance and reflecting the sensitive class (including authority API) of the system by the system reflection class. As shown in fig. 2, when the version is greater than 8.0 (i.e., android Q), it is determined that the system prohibits the call of the sensitive system class API reflection method by performing the version judgment in advance, and therefore, the system reflection class is generated by reflecting the reflection system of the system.
Step 120: and reflecting the sensitive class of the operating system according to the system reflection class so as to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class.
In the embodiment of the application, the process of reflecting the sensitive class of the operating system according to the system reflection class is as follows: reflecting sensitive classes of the operating system according to the system reflection class to perform message hook injection so as to obtain SDK management classes; and message hooking is carried out on the application program and the request of each third-party software development kit integrated or called by the application program through the SDK management class, wherein the request of each third-party software development kit integrated or called by the application program is a request of the authority request class and the authority operation class of the operating system. As shown in FIG. 3, the sensitive class of the operating system is reflected according to the system reflection class, so that the Hook restriction of the operating system can be bypassed, the sensitive class (including the authority request class and part of sensitive operation class) of the operating system is subjected to Hook, and all operations of the application program APP need to execute own codes through the SDK management class of the Hook, so that monitoring when the application program and each third party software development kit call each sensitive class of the operating system can be realized. When the third-party software development kit is initialized, the sensitive information of the information such as the user information, the device information and the like may be acquired, that is, when the third-party software development kit is initialized, the sensitive class of the operating system may be called.
Step 130: and recording the calling information of each third-party software development kit corresponding to the application program on the sensitive class.
In the embodiment of the application, the calling information of the application program and each third party software development kit to the sensitive class is recorded through a preset format. The call information includes the name of the function module, the service path or operation path, the corresponding authority request information, and the like. The permission request information comprises called sensitive class information and the like, and the function module is a function module of an application program and can be realized by calling a third-party software development kit. The preset format may be a format including a name of the function module, a service path or an operation path, and a corresponding authority request information field. The record may be a log, through which all non-compliant calling actions of the APP are made when the user does not agree. In the embodiment of the application, by initiating an http request to the current recorded log, a tester can grasp the current operation log in real time in a packet capturing mode to acquire the calling information of each module of the application program and each third-party software development kit to the authority API of the operating system.
Wherein the method further comprises: determining whether illegal calling behaviors exist in the third-party software development kit according to the calling information; and when illegal calling behaviors exist, intercepting the calling behaviors of the third-party software development kit. According to the service type or API authority application information corresponding to the third-party software development kit, whether the calling information of the third-party software development kit has the non-compliant calling behavior when the user does not agree or not can be determined. And directly intercepting callback for some methods which are not in compliance, so that the SDK cannot trigger a system sensitive API.
In the embodiment of the application, a blacklist package is preset, and the blacklist package is the name of an illegal third-party software development kit or a third-party software development kit without certain sensitive API rights. Performing authority filtering on each third party software development kit according to a preset blacklist package; and intercepting authority requests or sensitive operation requests of the third-party software development kit in the blacklist package. By filtering the currently configured blacklist packet name, the SDK directly returns an error callback, so that the error callback cannot truly contact the system API, and therefore the operation related to the privacy protocol is not triggered. And when the call behavior of the third party software development kit is intercepted when illegal call behavior exists, the error prompt is sent to the SDK by packaging the error prompt.
The embodiment of the application generates the system reflection class corresponding to the reflection system of the operating system; reflecting the sensitive class of the operating system according to the system reflection class so as to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class; and recording the application program and the calling information of each third-party software development kit corresponding to the application program for the sensitive class, and realizing the effective monitoring of the behavior of the third-party development kit for acquiring the authority information. Meanwhile, the detection report of the privacy detection party to the third party development kit does not need to be passively waited, so that time can be effectively saved, and efficiency is improved.
Fig. 4 is a schematic structural diagram of a rights calling monitoring device according to an embodiment of the present application. As shown in fig. 4, the apparatus 300 includes: a generation module 310, a monitoring module 320 and a recording module 330.
The generating module 310 is configured to generate a system reflection class corresponding to a reflection system of the operating system.
And the monitoring module 320 is configured to reflect the sensitive class of the operating system according to the system reflection class, so as to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class.
And the recording module 330 is configured to record the application program and call information of each third party software development kit corresponding to the application program on the sensitive class.
In an optional manner, the generating a system reflection class corresponding to a reflection system of an operating system includes: determining whether the operating system prohibits the reflective method call to the sensitive class; if forbidden, a reflection system reflecting the operating system generates a system reflection class.
In an alternative manner, the determining whether the operating system prohibits the reflective method call to the sensitive class includes: determining a system version of the operating system; and determining whether the operating system prohibits the reflection method call of the sensitive class when the system version of the operating system.
In an optional manner, the reflecting the sensitive class of the operating system according to the system reflection class to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class includes: reflecting sensitive classes of the operating system according to the system reflection class to perform message hook injection so as to obtain SDK management classes; and message hooking is carried out on requests of each third party software development kit to the authority request class and the authority operation class of the operating system through the SDK management class.
In an optional manner, after the recording the application program and the call information of each third party software development kit corresponding to the application program for the sensitive class, the method further includes: determining whether illegal calling behaviors exist in the third-party software development kit according to the calling information; and when illegal calling behaviors exist, intercepting the calling behaviors of the third-party software development kit.
In an optional manner, the reflecting the sensitive class of the operating system according to the system reflection class to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class includes: performing authority filtering on each third party software development kit according to a preset blacklist package; and intercepting authority requests or sensitive operation requests of the third-party software development kit in the blacklist package.
The embodiment of the application generates the system reflection class corresponding to the reflection system of the operating system; reflecting the sensitive class of the operating system according to the system reflection class so as to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class; and recording the application program and the calling information of each third-party software development kit corresponding to the application program for the sensitive class, and realizing the effective monitoring of the behavior of the third-party development kit for acquiring the authority information. Meanwhile, the detection report of the privacy detection party to the third party development kit does not need to be passively waited, so that time can be effectively saved, and efficiency is improved.
Fig. 5 shows a schematic structural diagram of an electronic device according to an embodiment of the present application, which is not limited to a specific implementation of the electronic device.
As shown in fig. 5, the electronic device may include: a processor 402, a communication interface (Communications Interface) 404, a memory 406, and a communication bus 408.
Wherein: processor 402, communication interface 404, and memory 406 communicate with each other via communication bus 408. A communication interface 404 for communicating with network elements of other devices, such as clients or other servers. Processor 402 is configured to execute program 410 and may specifically perform the relevant steps described above for the embodiments of the rights call monitoring method.
In particular, program 410 may include program code including computer-executable instructions.
The processor 402 may be a central processing unit CPU, or a specific integrated circuit ASIC (Application Specific Integrated Circuit), or one or more integrated circuits configured to implement embodiments of the present application. The one or more processors included in the electronic device may be the same type of processor, such as one or more CPUs; but may also be different types of processors such as one or more CPUs and one or more ASICs.
Memory 406 for storing programs 410. Memory 406 may comprise high-speed RAM memory or may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
Program 410 may be specifically invoked by processor 402 to cause an electronic device to:
generating a system reflection class corresponding to a reflection system of the operating system;
reflecting the sensitive class of the operating system according to the system reflection class so as to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class;
and recording the calling information of each third-party software development kit corresponding to the application program on the sensitive class.
In an optional manner, the generating a system reflection class corresponding to a reflection system of an operating system includes: determining whether the operating system prohibits the reflective method call to the sensitive class; if forbidden, a reflection system reflecting the operating system generates a system reflection class.
In an alternative manner, the determining whether the operating system prohibits the reflective method call to the sensitive class includes: determining a system version of the operating system; and determining whether the operating system prohibits the reflection method call of the sensitive class when the system version of the operating system.
In an optional manner, the reflecting the sensitive class of the operating system according to the system reflection class to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class includes: reflecting sensitive classes of the operating system according to the system reflection class to perform message hook injection so as to obtain SDK management classes; and message hooking is carried out on requests of each third party software development kit to the authority request class and the authority operation class of the operating system through the SDK management class.
In an optional manner, after the recording the application program and the call information of each third party software development kit corresponding to the application program for the sensitive class, the method further includes: determining whether illegal calling behaviors exist in the third-party software development kit according to the calling information; and when illegal calling behaviors exist, intercepting the calling behaviors of the third-party software development kit.
In an optional manner, the reflecting the sensitive class of the operating system according to the system reflection class to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class includes: performing authority filtering on each third party software development kit according to a preset blacklist package; and intercepting authority requests or sensitive operation requests of the third-party software development kit in the blacklist package.
The embodiment of the application generates the system reflection class corresponding to the reflection system of the operating system; reflecting the sensitive class of the operating system according to the system reflection class so as to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class; and recording the application program and the calling information of each third-party software development kit corresponding to the application program for the sensitive class, and realizing the effective monitoring of the behavior of the third-party development kit for acquiring the authority information. Meanwhile, the detection report of the privacy detection party to the third party development kit does not need to be passively waited, so that time can be effectively saved, and efficiency is improved.
The embodiment of the application provides a computer readable storage medium, which stores at least one executable instruction, and when the executable instruction runs on electronic equipment, the electronic equipment executes the authority calling monitoring method in any of the method embodiments.
The executable instructions may be particularly useful for causing an electronic device to:
generating a system reflection class corresponding to a reflection system of the operating system;
reflecting the sensitive class of the operating system according to the system reflection class so as to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class;
and recording the calling information of each third-party software development kit corresponding to the application program on the sensitive class.
In an optional manner, the generating a system reflection class corresponding to a reflection system of an operating system includes: determining whether the operating system prohibits the reflective method call to the sensitive class; if forbidden, a reflection system reflecting the operating system generates a system reflection class.
In an alternative manner, the determining whether the operating system prohibits the reflective method call to the sensitive class includes: determining a system version of the operating system; and determining whether the operating system prohibits the reflection method call of the sensitive class when the system version of the operating system.
In an optional manner, the reflecting the sensitive class of the operating system according to the system reflection class to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class includes: reflecting sensitive classes of the operating system according to the system reflection class to perform message hook injection so as to obtain SDK management classes; and message hooking is carried out on requests of each third party software development kit to the authority request class and the authority operation class of the operating system through the SDK management class.
In an optional manner, after the recording the application program and the call information of each third party software development kit corresponding to the application program for the sensitive class, the method further includes: determining whether illegal calling behaviors exist in the third-party software development kit according to the calling information; and when illegal calling behaviors exist, intercepting the calling behaviors of the third-party software development kit.
In an optional manner, the reflecting the sensitive class of the operating system according to the system reflection class to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class includes: performing authority filtering on each third party software development kit according to a preset blacklist package; and intercepting authority requests or sensitive operation requests of the third-party software development kit in the blacklist package.
The embodiment of the application generates the system reflection class corresponding to the reflection system of the operating system; reflecting the sensitive class of the operating system according to the system reflection class so as to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class; and recording the application program and the calling information of each third-party software development kit corresponding to the application program for the sensitive class, and realizing the effective monitoring of the behavior of the third-party development kit for acquiring the authority information. Meanwhile, the detection report of the privacy detection party to the third party development kit does not need to be passively waited, so that time can be effectively saved, and efficiency is improved.
The embodiment of the application provides a permission calling monitoring device which is used for executing the permission calling monitoring method.
An embodiment of the present application provides a computer program that can be invoked by a processor to cause an electronic device to perform the rights invocation monitoring method in any of the method embodiments described above.
An embodiment of the present application provides a computer program product comprising a computer program stored on a computer readable storage medium, the computer program comprising program instructions which, when run on a computer, cause the computer to perform the rights call monitoring method in any of the method embodiments described above.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general-purpose systems may also be used with the teachings herein. The required structure for a construction of such a system is apparent from the description above. In addition, embodiments of the present application are not directed to any particular programming language. It will be appreciated that the teachings of the present application described herein may be implemented in a variety of programming languages, and the above description of specific languages is provided for disclosure of enablement and best mode of the present application.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the application may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the above description of exemplary embodiments of the application, various features of the embodiments of the application are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be construed as reflecting the intention that: i.e., the claimed application requires more features than are expressly recited in each claim.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component, and they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
It should be noted that the above-mentioned embodiments illustrate rather than limit the application, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The application may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specifically stated.

Claims (10)

1. A rights invocation monitoring method, the method comprising:
generating a system reflection class corresponding to a reflection system of the operating system;
reflecting the sensitive class of the operating system according to the system reflection class so as to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class;
and recording the calling information of each third-party software development kit corresponding to the application program on the sensitive class.
2. The method of claim 1, wherein generating the system reflection class corresponding to the reflection system of the operating system comprises:
determining whether the operating system prohibits the reflective method call to the sensitive class;
if forbidden, a reflection system reflecting the operating system generates a system reflection class.
3. The method of claim 2, wherein determining whether the operating system inhibits reflective method calls to sensitive classes comprises:
determining a system version of the operating system;
and determining whether the operating system prohibits the reflection method call of the sensitive class when the system version of the operating system.
4. A method according to any one of claims 1-3, wherein reflecting the sensitive class of the operating system according to the system reflection class to monitor calls to the sensitive class by an application and respective third party software development kits corresponding to the application comprises:
reflecting sensitive classes of the operating system according to the system reflection class to perform message hook injection so as to obtain SDK management classes;
and message hooking is carried out on requests of each third party software development kit to the authority request class and the authority operation class of the operating system through the SDK management class.
5. The method according to any one of claims 1-4, wherein after the recording of call information of the application program and each third party software development kit corresponding to the application program for the sensitive class, the method further comprises:
determining whether illegal calling behaviors exist in the third-party software development kit according to the calling information;
and when illegal calling behaviors exist, intercepting the calling behaviors of the third-party software development kit.
6. The method of any of claims 1-4, wherein reflecting the sensitive class of the operating system according to the system reflection class to monitor calls to the sensitive class by applications and respective third party software development kits corresponding to applications comprises:
performing authority filtering on each third party software development kit according to a preset blacklist package;
and intercepting authority requests or sensitive operation requests of the third-party software development kit in the blacklist package.
7. A rights invocation monitoring device, the device comprising:
the generating module is used for generating a system reflection class corresponding to a reflection system of the operating system;
the monitoring module is used for reflecting the sensitive class of the operating system according to the system reflection class so as to monitor the application program and the call of each third party software development kit corresponding to the application program to the sensitive class;
and the recording module is used for recording the application program and the calling information of each third-party software development kit corresponding to the application program on the sensitive class.
8. The apparatus of claim 7, wherein the monitoring module is further to:
reflecting sensitive classes of the operating system according to the system reflection class to perform message hook injection so as to obtain SDK management classes;
and message hooking is carried out on requests of each third party software development kit to the authority request class and the authority operation class of the operating system through the SDK management class.
9. An electronic device, comprising: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
the memory is configured to store at least one executable instruction that causes the processor to perform the operations of the rights invocation monitoring method as claimed in any one of claims 1 to 6.
10. A computer readable storage medium, wherein at least one executable instruction is stored in the storage medium, which when executed on an electronic device, causes the electronic device to perform the operations of the rights invocation monitoring method as claimed in any of claims 1-6.
CN202210973599.1A 2022-08-15 2022-08-15 Authority calling monitoring method and device and electronic equipment Pending CN116956272A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210973599.1A CN116956272A (en) 2022-08-15 2022-08-15 Authority calling monitoring method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210973599.1A CN116956272A (en) 2022-08-15 2022-08-15 Authority calling monitoring method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN116956272A true CN116956272A (en) 2023-10-27

Family

ID=88449983

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210973599.1A Pending CN116956272A (en) 2022-08-15 2022-08-15 Authority calling monitoring method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN116956272A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117473556A (en) * 2023-12-15 2024-01-30 荣耀终端有限公司 SDK management method, device and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117473556A (en) * 2023-12-15 2024-01-30 荣耀终端有限公司 SDK management method, device and storage medium

Similar Documents

Publication Publication Date Title
US8271608B2 (en) System and method for a mobile cross-platform software system
US8893222B2 (en) Security system and method for the android operating system
WO2019072008A1 (en) Security scanning method and apparatus for mini program, and electronic device
KR20130135952A (en) Processing method and device in application running
JP2005327239A (en) Security-related programming interface
CN103971056B (en) A kind ofly prevent the unloaded method and apparatus of application program in operating system
CN115378735B (en) Data processing method and device, storage medium and electronic equipment
CN107450909B (en) Processing method and device for software development kit integration validity check
Feng et al. Understanding and defending the binder attack surface in android
CN114579194B (en) Exception handling method and system based on Spring remote call
CN116956272A (en) Authority calling monitoring method and device and electronic equipment
CN113987468A (en) Security check method and security check device
CN110704131B (en) Method and device for calling native application by HTML5 application
CN117056904A (en) Application privacy compliance judging method, device, computer equipment and medium
CN109784054B (en) Behavior stack information acquisition method and device
Possemato et al. Preventing and Detecting State Inference Attacks on Android.
Zhang et al. Design and implementation of efficient integrity protection for open mobile platforms
CN115758353A (en) Application program protection method, device, equipment and storage medium
CN115495777A (en) Data protection method and device, storage medium and electronic equipment
CN115185847A (en) Fault testing method and device, storage medium and electronic equipment
CN111259392B (en) Kernel module-based malicious software interception method and device
CN112632534A (en) Malicious behavior detection method and device
Zhang et al. SEIP: simple and efficient integrity protection for open mobile platforms
CN111177726A (en) System vulnerability detection method, device, equipment and medium
CN114706662B (en) Method and system for realizing dynamic simulation of business operation and data based on JVM sandbox

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination