KR20130116409A - Method and apparatus to evaluate required permissions for application - Google Patents
Method and apparatus to evaluate required permissions for application Download PDFInfo
- Publication number
- KR20130116409A KR20130116409A KR1020120025228A KR20120025228A KR20130116409A KR 20130116409 A KR20130116409 A KR 20130116409A KR 1020120025228 A KR1020120025228 A KR 1020120025228A KR 20120025228 A KR20120025228 A KR 20120025228A KR 20130116409 A KR20130116409 A KR 20130116409A
- Authority
- KR
- South Korea
- Prior art keywords
- application
- authority
- determined
- function
- source code
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/75—Structural analysis for program understanding
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
Abstract
Description
The present invention relates to a method and apparatus for diagnosing a permission required by an application for a smart device, and to a method for diagnosing what permission is required when an application is executed on a smartphone through static analysis even if the application is not executed directly. .
The use of smart devices, such as smart phones, tablets, smart TVs, and electronic readers, is becoming common. Accordingly, the type and number of applications used in smart devices are rapidly increasing. Such applications use resources such as location information of the user (or device) to provide a more convenient and useful service to the user.
An application needs access to access device resources such as location information. In general, smart device applications can be classified into three types of platforms: Google's Android, Apple's iOS, and Microsoft's Windows. have. The following describes an application running on the Android platform as an example.
1 is a conceptual diagram showing an application running on the Android platform. Referring to Figure 1, in Android, the application runs in the Dalvik virtual machine. In general, one application is identified using one user ID and runs in one sandbox. In other words, two or more different applications cannot, in principle, run in one sandbox unless they share the same user ID.
By default, applications run inside their sandbox process without specifying any permissions, so they do not have access to systems or resources. However, if the permissions are properly declared through the application's manifest file, it becomes possible to access the resources.
That is, the application identified by the user ID 12345 is executed in the
2A shows the structure of an application file and FIG. 2B shows a portion of an example manifest file. Referring to FIG. 2A, the application package includes source code files of resources.arcs and additional information such as AndroidManifest.xml. The resource.arsc file contains the source code of the application, and the AndroidManifest.xml file contains additional information such as authorization information and active process information. classes.dex is a file whose class files are converted to bytecode that can be run on the Dalvik virtual machine. The res folder contains uncompiled resource files. The META-INF folder contains application signature information.
2B is an example of an AndroidManifest.xml file. The manifest file may include various additional information such as Android version information, source code start position information, and authority information. In the <use-permission> section, the permission that the application wants to use is requested. That is, an application can use the authority requested in the manifest file included in the application or access a resource corresponding to the authority. In the application shown in the example of FIG. 2B, since the Internet access authority and the external storage write authority are requested (declared) in the manifest file, it is possible to write to the Internet access and the external storage medium.
3 illustrates an operation in which a user installs and executes an
The developer must explicitly request and list the permissions that the application requires in order for the application to work for its intended purpose. If an application attempts to perform an unauthorized operation, it will be rejected by the system, which may lead to an unexpected operation by the developer, an error / termination of the application, or a system crash. Therefore, the developer must request all the permissions required by the application.
However, it is not easy for a developer to know all the permissions required to run an application when developing the application. In many cases, for the sake of convenience at the time of development, you may exaggerate requests that are not necessary to run the application, or develop the application with all the privileges requested, and then delete the permissions that you do not need later. Even if the developer knows exactly what permissions are required to run the application, it is cumbersome to declare them in the manifest file.
In addition, on the Android platform, during the installation phase of the application, the screen displays the necessary permissions for the application to run, and the user confirms it. However, with the increasing number of applications requiring excessive rights, users frequently habitually agree or check the list of permissions displayed on the screen, instead of carefully checking them. In addition, the list of permissions displayed on the screen often does not match the permissions that the application has access to, so it is difficult for the user to know exactly what permissions the application actually uses. These problems may cause malfunctions of smart devices by malicious applications or leak sensitive information by applications.
In addition, to accurately determine the permissions used by an application, it is necessary to repeat the compilation or run time of the application during development.
The present invention is to solve the above problems by providing a method and apparatus for automatically diagnosing and informing the authority required by the application through static analysis of the application.
According to an embodiment of the present invention, a method for checking a permission required by an application running on a device includes: obtaining source code from the application; Generating a function list including at least one function included in the source code; And determining the permissions required by the function list when the application is run on the device.
The method may further include obtaining additional information including previously requested authority information, and comparing the previously requested authority information with the determined authority and outputting a comparison result.
The additional information may further include starting position information of the source code, and the function list may include a function determined to be executable based on a control flow of the source code from the starting position.
In addition, the function list is a function list that filters a function that is determined not to be called when the application is executed by determining a condition included in the function among functions determined to be executable, or virtually when the application is executed by determining the function type. It may be a list of functions that filter functions determined to not be called by a virtual call.
In addition, if the authority information requested in advance is included in the manifest file and the authority information requested in advance and the determined authority do not match, the method may further include generating a modified manifest file based on the determined authority. .
In addition, the authority diagnosis apparatus for checking the authority required by the application running on the device according to an embodiment of the present invention includes an application acquisition unit for obtaining a source code (source code) of the application from the application; A control flow analysis unit generating a function list including at least one function included in the source code; And an authority diagnosis unit that determines an authority required by the function list when the application is executed on the device.
According to another embodiment of the present invention, a method of checking an authority required by an application in a server includes: receiving an application from a developer device; Obtaining additional information including a source code of the application and authorization information requested in advance from the application; Generating a function list including at least one function included in the source code; Determining the authority required by the function list when the application is executed; And compares the requested authority information with the determined authority, and if the determined authority and the requested authority information match, register an application on the server, and if the determined authority and the requested authority information do not match, compare with the developer device. And notifying the result.
The method may further include modifying additional information based on the determined authority when the determined authority does not coincide with the previously requested authority information.
In addition, the server for confirming the authority required by the application according to another embodiment of the present invention includes an application receiving unit for receiving the application from the developer device; An application obtaining unit which obtains additional information including an application source code and authorization information requested in advance from the application; A control flow analysis unit generating a function list including at least one function included in the source code; Authorization diagnosis unit for determining the authority required by the function list when the application is executed; And an application registration unit that registers an application to the server, wherein the authority diagnosis unit notifies the developer device of the comparison result when the determined authority does not match the previously requested authority information, and the application registration unit requests the determined authority and the request in advance. If the credentials match, the application can be registered on the server.
According to another embodiment of the present invention, a method for checking a permission required by an application in a smart device includes calling at least one application installed in the smart device; Receiving a selection of at least one application among called applications; Obtaining additional information including a source code of the application and authorization information requested in advance from at least one selected application; Generating a function list including at least one function included in the source code; Determining the authority required by the function list when the application is executed; And comparing the requested authority information with the determined authority and displaying the comparison result on the screen of the smart device.
The method may further include transmitting the comparison result to the developer device or the application providing server.
In addition, the smart device for checking the authority required by the application according to another embodiment of the present invention calls the at least one application installed in the smart device, the application caller for receiving a selection of at least one application from the called application ; An application obtaining unit which obtains additional information including source code of the application and authorization information requested in advance from at least one selected application; A control flow analysis unit generating a function list including at least one function included in the source code; An authority diagnosis unit for determining an authority required by the function list when the application is executed and comparing the authority information with the authority requested in advance; And a display unit displaying the comparison result on the screen of the smart device.
The apparatus may further include a transmission unit transmitting the comparison result to the developer device or the application providing server.
In addition, the above-described problem solving means of the present invention can be implemented as a computer-readable recording medium recording a program for execution in a computer.
According to one embodiment of the present invention, it is possible to easily grasp the authority required when the application is executed through static analysis of the source code without actually executing the application. This enables application developers to develop applications by requesting only the necessary permissions, thereby preventing the leakage of sensitive information such as personal information and location information.
According to another embodiment of the present invention, the developer may request only the authority necessary for the execution of the application in the process of registering with the server providing the application, even if the developer extensively requests the necessary authority in the application development. Can be easily modified, or it can be automatically fixed on the server. In addition, the application providing server can provide the user with an application that has only the required permissions required to run the application, and the user can trust the content and download and use the application.
According to another embodiment of the present invention, the user can easily call the application installed on his smart device to effectively determine what permissions the application can use and what resources can be accessed. It also solves the problem of not being able to see the permissions required by the application only at installation, and not know what permissions or resources are actually accessed when running. In addition, by feeding back the diagnosis result to the developer or the application providing server or deleting the application according to the diagnosis result, excessive setting of unnecessary permissions for the execution of the application can be weakened.
1 is a conceptual diagram showing an application running on the Android platform.
2A shows the structure of an application file and FIG. 2B shows a portion of an example manifest file.
3 illustrates an operation in which a user installs and executes an application on a smart device.
4 is a diagram illustrating an apparatus for diagnosing a permission required by an application according to an embodiment of the present invention.
5 is a conceptual diagram illustrating a process of an authority diagnosis unit according to an embodiment of the present invention.
6 is a conceptual diagram illustrating an inclusion relationship of rights according to an embodiment of the present invention.
7 is a flowchart illustrating a method of diagnosing an authority required by an application according to an embodiment of the present invention.
8 is a block diagram of a server for statically diagnosing an authority required by an application according to another exemplary embodiment of the present invention.
9 is a flowchart illustrating a method for statically diagnosing an authority required by an application in a server according to another exemplary embodiment of the present invention.
10 is a diagram illustrating a smart device according to another embodiment of the present invention.
11 is a diagram illustrating an example of diagnosing an authority actually used by an application installed on a smart device according to another embodiment of the present invention.
12 is a flowchart illustrating a method of diagnosing a permission of an application installed in a smart device according to another embodiment of the present invention.
Hereinafter, with reference to the drawings will be described embodiments of the present invention;
4 is a diagram illustrating an
In general, an application is provided in a package form that includes program source code of the application and additional information including the signature information, authentication information, and authorization information of the application. The
The
The
The
The
The control flow allows you to determine the order of execution between the functions that make up the source code and whether the function is called when the application is run. In addition, the control
In addition, since it is difficult to accurately grasp the function executed without actually executing the application, the control
The source code can also include a function whose function is determined at runtime of the application. For example, if child classes B, C, and D inheriting class A with method M respectively redefine Method M, the code to which the method called AM () is transcribed is BM (), CM Which function () or DM () is determined at run time. The
The
5 is a conceptual diagram illustrating a process of the
The
In FIG. 5, all the
6 is a conceptual diagram illustrating an inclusion relationship of rights according to an embodiment of the present invention. FIG. 6 illustrates the actual execution of the application derived through all
In the example of FIG. 6, the developer requests the telephone call (CALL_PHONE) and the emergency call (CALL_PRIVILEGED) permission at the time of development of the application line, but does not use the emergency call in the actual application. Also, the user has requested calendar, address book, call status, synchronization status, and log information read permission (READ_CALENDAR, READ_CONTACTS, READ_PHONE_STATE, READ_SYNC_STATE, READ_LOGS), but the permissions actually used are limited to the read log information. In addition, the request for reboot (REBOOT) and boot completion (RECEIVE_BOOT_COMPLETED) permission, but does not require any permission to run the actual application. The
7 is a flowchart illustrating a method of diagnosing an authority required by an application according to an embodiment of the present invention.
In
According to the embodiment of the present invention described above, it is possible to easily grasp the authority required when the application is executed through static analysis of the source code without actually executing the application. Through this, the application developer can develop an application by requesting only necessary permissions, thereby preventing the leakage of sensitive information such as personal information.
8 is a diagram of a
The
In the present embodiment, the
In addition, those skilled in the art can understand that if the permission is required for the execution of the application but the permission is not requested in the additional information, the
9 is a flowchart illustrating a method for statically diagnosing an authority required by an application in a server according to another exemplary embodiment of the present invention.
9, in operation 910, an application package is received from an application developer device. In
According to another embodiment of the present invention described above, the developer may request only the authority necessary for the execution of the application in the process of registering with the server providing the application, even when the developer does not request the necessary authority in the application development extensively. You can easily modify the additional information or have it corrected automatically on the server. In addition, the application providing server can provide the user with an application that has only the required permissions required to run the application, and the user can trust the content and download and use the application.
10 is a diagram illustrating a
Referring to FIG. 10, the
For at least one called application, the
FIG. 11 is a diagram illustrating an example of diagnosing an authority actually used by an application installed in the
Although not shown, a person of ordinary skill in the art may perform an authority diagnosis on all or a plurality of called
12 is a flowchart illustrating a method of diagnosing a permission of an application installed in the
According to another embodiment of the present invention, the user can easily call the application installed on his smart device to effectively determine what permissions the application can use and what resources can be accessed. It also solves the problem of not being able to see the permissions required by the application only at installation, and not know what permissions or resources are actually accessed when running. In addition, by feeding back the diagnosis result to the developer or the application providing server or deleting the application according to the diagnosis result, excessive setting of unnecessary permissions for the execution of the application can be weakened.
The block diagrams disclosed herein may be construed to those skilled in the art to conceptually represent circuitry for implementing the principles of the present invention. Likewise, any flow chart, flow diagram, state transitions, pseudo code, etc., may be substantially represented in a computer-readable medium to provide a variety of different ways in which a computer or processor, whether explicitly shown or not, It will be appreciated by those skilled in the art. Therefore, the above-described embodiments of the present invention can be realized in a general-purpose digital computer that can be created as a program that can be executed by a computer and operates the program using a computer-readable recording medium. The computer-readable recording medium may include a storage medium such as a magnetic storage medium (eg, a ROM, a floppy disk, a hard disk, etc.) and an optical reading medium (eg, a CD-ROM, a DVD, etc.).
The functions of the various elements shown in the figures may be provided through use of dedicated hardware as well as hardware capable of executing the software in association with the appropriate software. When provided by a processor, such functionality may be provided by a single dedicated processor, a single shared processor, or a plurality of individual processors, some of which may be shared. Also, the explicit use of the term " processor "or" control unit "should not be construed to refer exclusively to hardware capable of executing software and includes, without limitation, digital signal processor May implicitly include memory (ROM), random access memory (RAM), and non-volatile storage.
In the claims hereof, the elements depicted as means for performing a particular function encompass any way of performing a particular function, such elements being intended to encompass a combination of circuit elements that perform a particular function, Or any form of software, including firmware, microcode, etc., in combination with circuitry suitable for carrying out the software for the processor.
Reference throughout this specification to " one embodiment " of the principles of the invention and various modifications of such expression in connection with this embodiment means that a particular feature, structure, characteristic or the like is included in at least one embodiment of the principles of the invention it means. Thus, the appearances of the phrase " in one embodiment " and any other variation disclosed throughout this specification are not necessarily all referring to the same embodiment.
In this specification, the expression 'at least one of' in the case of 'at least one of A and B' means that only the selection of the first option (A) or only the selection of the second listed option (B) It is used to encompass the selection of options (A and B). As an additional example, in the case of 'at least one of A, B and C', only the selection of the first enumerated option (A) or only the selection of the second enumerated option (B) Only the selection of the first and second listed options A and B or only the selection of the second and third listed options B and C or the selection of all three options A, B, and C). Even if more items are listed, they can be clearly extended to those skilled in the art.
So far I looked at the center of the preferred embodiment for the present invention.
All embodiments and conditional examples disclosed throughout the specification are intended to help one of ordinary skill in the art to understand the principles and concepts of the present invention. It will be understood that modifications may be made without departing from the essential features of the invention. Therefore, the disclosed embodiments should be considered in an illustrative rather than a restrictive sense. The scope of the present invention is defined by the appended claims rather than by the foregoing description, and all differences within the scope of equivalents thereof should be construed as being included in the present invention.
Claims (21)
Obtaining source code of the application from the application;
Generating a function list including at least one function included in the source code; And
Determining the permissions required by the function list when the application is run on the device.
The acquiring step may further include additional information including previously requested authority information.
And comparing the requested authority information with the determined authority and outputting a comparison result.
The additional information further includes starting position information of the source code,
The function list includes a function determined to be executable based on a control flow of the source code from the start position.
The function list may be a function list of functions determined to be not called when the application is executed by determining a condition included in the function among the functions determined to be executable.
The function list may be a function list that is determined to be not called by a virtual call when the application is executed by determining the type of the function among the functions determined to be executable. How to.
The previously requested authority information is included in the manifest file,
And generating a modified manifest file based on the determined authority when the previously requested authority information and the determined authority do not match.
Receiving the application from a developer device;
Acquiring additional information from the application, the source code of the application and authorization information previously requested;
Generating a function list including at least one function included in the source code;
Determining the authority required by the function list when the application is executed; And
Comparing the previously requested authority information and the determined authority, if the determined authority and the previously requested authority information match, the application is registered in the server, and the determined authority and the previously requested authority information are If it does not match, notifying the developer device of the comparison result.
And when the determined authority does not match the previously requested authority information, modifying the additional information based on the determined authority.
Invoking at least one application installed on the smart device;
Receiving a selection of at least one application among the called applications;
Acquiring additional information including source code of the application and authorization information requested in advance from the at least one selected application;
Generating a function list including at least one function included in the source code;
Determining the authority required by the function list when the application is executed; And
And comparing the requested authority information with the determined authority and displaying the comparison result on the screen of the smart device.
Transmitting the result of the comparison to a developer device or an application providing server.
An application obtaining unit obtaining source code of the application from the application;
A control flow analysis unit generating a function list including at least one function included in the source code; And
And an authorization checker for determining a permission required by the function list when the application is executed on the device.
The application obtaining unit further obtains additional information including previously requested authority information,
And the authority diagnosis unit compares the previously requested authority information with the determined authority and outputs a comparison result.
The additional information further includes starting position information of the source code,
And the function list includes a function determined to be executable based on a control flow of the source code from the start position.
The function list may be a function list that filters a function that is determined not to be called when the application is executed by determining a condition included in the function among the functions that are determined to be executable.
The function list may be a function list that filters a function that is determined not to be called by a virtual call when the application is executed by determining the type of the function among the functions determined to be executable. Device.
The previously requested authority information is included in the manifest file,
The authority diagnosis unit generates a manifest file modified based on the determined authority when the previously requested authority information and the determined authority do not match.
An application receiving unit which receives the application from a developer device;
An application obtaining unit which obtains additional information including a source code of the application and authorization information requested in advance from the application;
A control flow analysis unit generating a function list including at least one function included in the source code; And
An authority diagnosis unit that determines an authority required by the function list when the application is executed; And
An application registration unit for registering the application with the server,
The authority diagnosis unit notifies the developer device of the comparison result when the determined authority and the previously requested authority information do not match.
And the application registration unit registers the application to the server if the determined authority matches the previously requested authority information.
And the authority diagnosis unit modifies the additional information based on the determined authority when the determined authority and the previously requested authority information do not match.
An application caller which calls at least one application installed in the smart device and receives a selection of at least one application from the called applications;
An application obtaining unit which obtains additional information including source code of the application and authorization information requested in advance from the at least one selected application;
A control flow analysis unit generating a function list including at least one function included in the source code;
An authority diagnosis unit that determines the authority required by the function list when the application is executed, and compares the previously requested authority information with the determined authority; And
Smart device including a display unit for displaying the comparison result on the screen of the smart device.
Smart device, characterized in that further comprising a transmission unit for transmitting the comparison result to a developer device or an application providing server.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020120025228A KR101900047B1 (en) | 2012-03-12 | 2012-03-12 | Method and Apparatus to Evaluate Required Permissions for Application |
PCT/KR2013/001969 WO2013137616A1 (en) | 2012-03-12 | 2013-03-12 | Method and apparatus for evaluating required permissions for application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020120025228A KR101900047B1 (en) | 2012-03-12 | 2012-03-12 | Method and Apparatus to Evaluate Required Permissions for Application |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20130116409A true KR20130116409A (en) | 2013-10-24 |
KR101900047B1 KR101900047B1 (en) | 2018-09-18 |
Family
ID=49161453
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020120025228A KR101900047B1 (en) | 2012-03-12 | 2012-03-12 | Method and Apparatus to Evaluate Required Permissions for Application |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR101900047B1 (en) |
WO (1) | WO2013137616A1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20210025885A (en) * | 2019-08-28 | 2021-03-10 | 한국과학기술원 | Apparatus for minimal permission analysis of applications in software defined network and the method thereof |
WO2022203349A1 (en) * | 2021-03-24 | 2022-09-29 | 삼성전자 주식회사 | Method for controlling rights of application and electronic device supporting same |
WO2023043052A1 (en) * | 2021-09-15 | 2023-03-23 | 삼성전자 주식회사 | Electronic device for analyzing permission regarding installation file and operation method thereof |
WO2023096107A1 (en) * | 2021-11-23 | 2023-06-01 | 삼성전자주식회사 | Method for application security, and electronic device for performing method |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9679162B2 (en) | 2014-02-24 | 2017-06-13 | Google Inc. | Application permission settings |
US10114973B2 (en) | 2014-05-22 | 2018-10-30 | Google Llc | Protecting user privacy from intrusive mobile applications |
KR102320149B1 (en) * | 2015-02-16 | 2021-11-01 | 삼성전자주식회사 | Electronic devcie for executing application and method for cotrolling thereof |
EP3748494A1 (en) * | 2019-06-06 | 2020-12-09 | BlackBerry Limited | A tool for analysing a software distribution package |
CN111259374B (en) * | 2020-01-08 | 2021-10-12 | 南京苏宁加电子商务有限公司 | Authority abnormity detection method and device, computer equipment and storage medium |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6981281B1 (en) | 2000-06-21 | 2005-12-27 | Microsoft Corporation | Filtering a permission set using permission requests associated with a code assembly |
US7099663B2 (en) * | 2001-05-31 | 2006-08-29 | Qualcomm Inc. | Safe application distribution and execution in a wireless environment |
CN1556959A (en) | 2001-08-13 | 2004-12-22 | �����ɷ� | Using permissions to allocate device resources to an application |
US20060141985A1 (en) * | 2004-12-23 | 2006-06-29 | Motorola, Inc. | Dynamic management for interface access permissions |
JP4274227B2 (en) * | 2006-10-26 | 2009-06-03 | コニカミノルタビジネステクノロジーズ株式会社 | Image processing apparatus and program |
US7967215B2 (en) * | 2008-04-18 | 2011-06-28 | Vivotech Inc. | Systems, methods, and computer program products for supporting multiple contactless applications using different security keys |
-
2012
- 2012-03-12 KR KR1020120025228A patent/KR101900047B1/en active IP Right Grant
-
2013
- 2013-03-12 WO PCT/KR2013/001969 patent/WO2013137616A1/en active Application Filing
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20210025885A (en) * | 2019-08-28 | 2021-03-10 | 한국과학기술원 | Apparatus for minimal permission analysis of applications in software defined network and the method thereof |
WO2022203349A1 (en) * | 2021-03-24 | 2022-09-29 | 삼성전자 주식회사 | Method for controlling rights of application and electronic device supporting same |
WO2023043052A1 (en) * | 2021-09-15 | 2023-03-23 | 삼성전자 주식회사 | Electronic device for analyzing permission regarding installation file and operation method thereof |
WO2023096107A1 (en) * | 2021-11-23 | 2023-06-01 | 삼성전자주식회사 | Method for application security, and electronic device for performing method |
Also Published As
Publication number | Publication date |
---|---|
WO2013137616A1 (en) | 2013-09-19 |
KR101900047B1 (en) | 2018-09-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101900047B1 (en) | Method and Apparatus to Evaluate Required Permissions for Application | |
KR102546601B1 (en) | Method and apparatus for protecting kernel control-flow integrity using static binary instrumentaiton | |
US10509644B2 (en) | Method and system for controlling integrated software components | |
EP2626803B1 (en) | Information processing device and method for preventing unauthorized application cooperation | |
KR101456489B1 (en) | Method and apparatus for managing access privileges in a CLDC OSGi environment | |
US9495543B2 (en) | Method and apparatus providing privacy benchmarking for mobile application development | |
CN109002297B (en) | Deployment method, device, equipment and storage medium of consensus mechanism | |
US20150332043A1 (en) | Application analysis system for electronic devices | |
US11281763B2 (en) | Integrated development environment information sharing for authentication provisioning | |
US20140137183A1 (en) | Security system and method for the android operating system | |
US20140245448A1 (en) | Apparatus and method for analyzing permission of application for mobile devices and detecting risk | |
AU2021206497B2 (en) | Method and apparatus for authority control, computer device and storage medium | |
US8671416B2 (en) | Dynamic service discovery | |
US8601439B2 (en) | Networked program dependency compatibility analysis | |
US10078580B2 (en) | Operations to avoid wrapped mobile application operational errors due to interference from wrapper logic components | |
US8959485B2 (en) | Security protection domain-based testing framework | |
BR112016016288B1 (en) | METHOD IMPLEMENTED BY COMPUTER, NON-TRANSITORY COMPUTER READABLE MEDIUM, AND COMPUTING DEVICE RELATED TO PRIVACY SETTING METADATA FOR APPLICATION DEVELOPERS | |
Xu | Techniques and tools for analyzing and understanding android applications | |
US20230315620A1 (en) | System and Method for Diagnosing a Computing Device in Safe Mode | |
Johnson et al. | Dazed droids: A longitudinal study of android inter-app vulnerabilities | |
Seghir et al. | Evicheck: Digital evidence for android | |
US10503929B2 (en) | Visually configurable privacy enforcement | |
GB2471482A (en) | Secure method of tracing software | |
JP5865180B2 (en) | Portable communication terminal, data communication detection device, data communication detection method, and program | |
Mao et al. | Automatic permission inference for hybrid mobile apps |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |