CA3166981A1 - Permission abnormality detection method, device, computer equipment and storage medium - Google Patents

Permission abnormality detection method, device, computer equipment and storage medium

Info

Publication number
CA3166981A1
CA3166981A1 CA3166981A CA3166981A CA3166981A1 CA 3166981 A1 CA3166981 A1 CA 3166981A1 CA 3166981 A CA3166981 A CA 3166981A CA 3166981 A CA3166981 A CA 3166981A CA 3166981 A1 CA3166981 A1 CA 3166981A1
Authority
CA
Canada
Prior art keywords
permission
source code
obtaining
target
detected
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CA3166981A
Other languages
French (fr)
Inventor
Boqun LI
Hang Xu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
10353744 Canada Ltd
Original Assignee
10353744 Canada Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 10353744 Canada Ltd filed Critical 10353744 Canada Ltd
Publication of CA3166981A1 publication Critical patent/CA3166981A1/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present application relates to a permission abnormality detection method and apparatus, a computer device, and a storage medium. The method comprises: acquiring source code to undergo detection; performing detection, according to an association relationship, on the source code to determine whether or not a matching target analysis keyword is present therein; if so, acquiring a target permission corresponding to the target analysis keyword; detecting whether or not a target use-permission node corresponding to the target permission is present in an original application manifest configuration file; and if not, determining that a permission corresponding to the source code is used in an abnormal manner. The method can be used to quickly detect abnormally used permissions.

Description

PERMISSION ABNORMALITY DETECTING METHOD, DEVICE, COMPUTER
EQUIPMENT AND STORAGE MEDIUM
BACKGROUND OF THE INVENTION
Technical Field [0001] The present application relates to the field of computer technology, and more particularly to a permission abnormality detecting method, and corresponding device, computer equipment and storage medium.
Description of Related Art
[0002] With the development of the computer technology, mobile intelligent platforms have been vigorously progressing in both the aspects of hardware and software, the types of various sensors applicable to intelligent equipment are even more abundant and advanced, being capable of acquiring various user data and other information, the Android system is much favored by manufacturers and users alike by virtue of its open-source and free of charge qualities, and has become now the No.1 operating system of intelligent equipment, but the ensuing hidden risks to safety have also been becoming gradually prominent, as a great deal of events occurred over the recent years in which privacy data of users was leaked. However, currently available detections on the leakage of users' privacy data put complicated configuration requirements on operations, and the operation times are unduly long, so the detection efficiency is rendered low.
SUMMARY OF THE INVENTION
[0003] In view of the aforementioned technical problems, there is an urgent need to provide a permission abnormality detecting method, and corresponding device, computer Date Regue/Date Received 2022-07-05 equipment and storage medium enabling quick detection of any anormal use permission.
[0004] There is provided a permission abnormality detecting method that comprises:
[0005] obtaining a source code to be detected;
[0006] detecting whether the source code to be detected has any matching target analysis keyword according to an association relation;
[0007] obtaining, when a matching target analysis keyword is present in the source code to be detected, a target permission that corresponds to the target analysis keyword;
[0008] detecting whether an original application manifest configuration file has any target use permission node that corresponds to the target permission; and
[0009] determining, when there is no target use permission node corresponding to the target permission, a permission to which the source code to be detected corresponds as an abnormal use permission.
[0010] In one of the embodiments, the method further comprises: obtaining an original application manifest configuration file to which an engineering project to be detected corresponds, wherein the original application manifest configuration file includes use permission nodes to which the engineering project to be detected corresponds;
extracting the use permission nodes from the original application manifest configuration file, and obtaining a permission node list file, wherein the permission node list includes a first use permission; deleting permission content to which the use permission nodes correspond in the original application manifest configuration file, and obtaining an intermediate application manifest configuration file; detecting the intermediate application manifest configuration file, and obtaining a permission detection result list, wherein the permission detection result includes a second use permission; determining any abnormal use permission according to the permission node list file and the permission detection result list; and generating a permission abnormality detection report according to the abnormal use permission.

Date Regue/Date Received 2022-07-05
[0011] In one of the embodiments, the step of obtaining an original application manifest configuration file to which an engineering project to be detected corresponds includes:
obtaining a system operation instruction; obtaining, when the system operation instruction is operative for the first time, a system source code to which a system in which the engineering project to be detected resides corresponds; analyzing the system source code, and obtaining a development environment to which the system source code corresponds; and obtaining, when the development environment is determined as a development environment supported by the system, an original application manifest configuration file to which the engineering project to be detected corresponds.
[0012] In one of the embodiments, the step of determining any abnormal use permission according to the permission node list file and the permission detection result list includes:
obtaining a current use permission; and determining the current use permission as an abnormal use permission if the current use permission is only present in the permission node list file or only present in the permission detection result list.
[0013] In one of the embodiments, the permission abnormality detecting method further comprises: obtaining a system source code to which the system in which the engineering project to be detected resides corresponds; analyzing the system source code, and obtaining a target permission in the system source code; obtaining an analysis keyword to which the target permission corresponds, and searching for matching source code content in the system source code according to the analysis keyword; and creating a corresponding association relation of the analysis keyword with the corresponding source code content.
[0014] In one of the embodiments, the step of obtaining an analysis keyword to which the target permission corresponds, and searching for matching source code content in the system source code according to the analysis keyword includes: traversing each row of source codes of the system source code; obtaining a current row of source codes, and judging Date Regue/Date Received 2022-07-05 whether the current row of source codes contains the analysis keyword; and determining, when the current row of source codes contains the analysis keyword, the current row of source codes as the source code content to which the analysis keyword corresponds.
[0015] There is provided a permission abnormality detecting device that comprises:
[0016] a first obtaining module, for obtaining a source code to be detected;
[0017] an analysis keyword matching module, for detecting whether the source code to be detected has any matching target analysis keyword according to an association relation;
[0018] a second obtaining module, for obtaining, when a matching target analysis keyword is present in the source code to be detected, a target permission that corresponds to the target analysis keyword;
[0019] a permission node detecting module, for detecting whether an original application manifest configuration file has any target use permission node that corresponds to the target permission; and
[0020] an abnormal use permission determining module, for determining, when there is no target use permission node corresponding to the target permission, a permission to which the source code to be detected corresponds as an abnormal use permission.
[0021] There is provided a computer equipment that comprises a memory, a processor and a computer program stored on the memory and operable on the processor, and the following steps are realized when the processor executes the computer program:
[0022] obtaining a source code to be detected;
[0023] detecting whether the source code to be detected has any matching target analysis keyword according to an association relation;
[0024] obtaining, when a matching target analysis keyword is present in the source code to be detected, a target permission that corresponds to the target analysis keyword;
[0025] detecting whether an original application manifest configuration file has any target use permission node that corresponds to the target permission; and
[0026] determining, when there is no target use permission node corresponding to the target Date Regue/Date Received 2022-07-05 permission, a permission to which the source code to be detected corresponds as an abnormal use permission.
[0027] There is provided a computer-readable storage medium storing a computer program thereon, and the following steps are realized when the computer program is executed by a processor:
[0028] obtaining a source code to be detected;
[0029] detecting whether the source code to be detected has any matching target analysis keyword according to an association relation;
[0030] obtaining, when a matching target analysis keyword is present in the source code to be detected, a target permission that corresponds to the target analysis keyword;
[0031] detecting whether an original application manifest configuration file has any target use permission node that corresponds to the target permission; and
[0032] determining, when there is no target use permission node corresponding to the target permission, a permission to which the source code to be detected corresponds as an abnormal use permission.
[0033] In the aforementioned permission abnormality detecting method, corresponding device, computer equipment and storage medium, a source code to be detected is obtained, it is detected whether the source code to be detected has any matching target analysis keyword according to an association relation, when a matching target analysis keyword is present in the source code to be detected, a target permission that corresponds to the target analysis keyword is obtained, it is detected whether an original application manifest configuration file has any target use permission node that corresponds to the target permission, and when there is no target use permission node corresponding to the target permission, it is determined that a permission to which the source code to be detected corresponds is an abnormal use permission. By means of this method, through the association relation an analysis keyword that corresponds to the source code to be detected can be obtained, an original application manifest configuration file can be Date Regue/Date Received 2022-07-05 obtained, and it can be determined whether the permission to which the source code to be detected corresponds is an abnormal use permission by detecting whether the original application manifest configuration file has any target use permission node that corresponds to the target permission, not any configuration is required, and the efficiency in detecting abnormal use permissions is enhanced.
BRIEF DESCRIPTION OF THE DRAWINGS
[0034] Fig. 1 is a view illustrating the application environment for a permission abnormality detecting method in an embodiment;
[0035] Fig. 2 is a flowchart schematically illustrating a permission abnormality detecting method in an embodiment;
[0036] Fig. 3 is a flowchart schematically illustrating a permission abnormality detecting method in another embodiment;
[0037] Fig. 4 is a flowchart schematically illustrating a step of obtaining an original application manifest configuration file in an embodiment;
[0038] Fig. 5 is a flowchart schematically illustrating a step of determining an abnormal use permission in an embodiment;
[0039] Fig. 6 is a flowchart schematically illustrating a permission abnormality detecting method in another embodiment;
[0040] Fig. 7 is a flowchart schematically illustrating a step of searching for source code content in an embodiment;

Date Regue/Date Received 2022-07-05
[0041] Fig. 8 is a block diagram illustrating the structure of a permission abnormality detecting device in an embodiment;
[0042] Fig. 9 is a block diagram illustrating the structure of a permission abnormality detecting device in another embodiment;
[0043] Fig. 10 is a block diagram illustrating the structure of a manifest configuration file obtaining module in an embodiment;
[0044] Fig. 11 is a block diagram illustrating the structure of a permission abnormality detecting device in another embodiment; and
[0045] Fig. 12 is a block diagram illustrating the internal structure of a computer equipment in an embodiment.
DETAILED DESCRIPTION OF THE INVENTION
[0046] To make more lucid and clear the objectives, technical solutions and advantages of the present application, the present application is described in greater detail below with reference to accompanying drawings and embodiments. As should be understood, the specific embodiments described here are merely meant to explain the present application, rather than to restrict the present application.
[0047] The permission abnormality detecting method provided by the present application is applicable to the application environment as shown in Fig. 1, in which terminal 102 communicates with server 104 through network. Terminal 102 can be, but is not limited to be, any of various personal computers, notebook computers, smart mobile phones, panel computers, and portable wearable devices, and server 104 can be embodied as an independent server or a server cluster consisting of a plurality of servers.

Date Regue/Date Received 2022-07-05
[0048] Specifically, terminal 102 can obtain a source code to be detected, and send the obtained source code to be detected to server 104; upon reception of the source code to be detected, server 104 detects whether the source code to be detected has any matching target analysis keyword according to an association relation, when a matching target analysis keyword is present in the source code to be detected, obtains a target permission that corresponds to the target analysis keyword, detects whether an original application manifest configuration file has any target use permission node that corresponds to the target permission, and, when there is no target use permission node corresponding to the target permission, determines that a permission to which the source code to be detected corresponds is an abnormal use permission. Further, server 104 can send the abnormal use permission to terminal 102 for check by the developer of terminal 102.
[0049] In one embodiment, as shown in Fig. 2, there is provided a permission abnormality detecting method, and the method is explained with an example of its being applied to the terminal or server in Fig. 1, to comprise the following steps.
[0050] Step 202 - obtaining a source code to be detected.
[0051] Step 204 - detecting whether the source code to be detected has any matching target analysis keyword according to an association relation.
[0052] Step 206 - obtaining, when a matching target analysis keyword is present in the source code to be detected, a target permission that corresponds to the target analysis keyword.
[0053] The source code to be detected here indicates a candidate source code for detection, it can be either a source code to which an engineering project to be detected corresponds, or a source code to which the system in which the engineering project resides corresponds.
Specifically, previously created association relations are obtained, since the association Date Regue/Date Received 2022-07-05 relations are relations between the source code content and analysis keywords, it is therefore possible to detect according to the association relations whether there is any matching target analysis keyword in the source code to be detected, namely to match and obtain a target analysis keyword to which the source code to be detected corresponds according to the association relations, and the process can specifically be to detect whether there is source code content identical with the source code to be detected in the association relations, if there is, to take the analysis keyword to which the source code content corresponds as an analysis keyword matching the source code to be detected, and to further obtain a target permission to which the target analysis keyword corresponds, if there is no, to discard the source code to be detected.
[0054] Step 208 ¨ detecting whether an original application manifest configuration file has any target use permission node that corresponds to the target permission.
[0055] Step 210¨ determining, when there is no target use permission node corresponding to the target permission, a permission to which the source code to be detected corresponds as an abnormal use permission.
[0056] Specifically, all use permission nodes in the original application manifest configuration file are obtained, the various use permission nodes include their respective corresponding use permissions, and it is detected whether the use permissions to which the use permission nodes correspond include a target permission, in other words, it is detected whether the original application manifest configuration file contains any target permission. When it is detected that the use permissions to which the use permission nodes correspond in the original application manifest configuration file include a target permission, this indicates that the target permission has been declared in the original application manifest configuration file, then it can be determined as a normal use permission. To the contrary, when it is detected that the use permissions to which the use permission nodes correspond in the original application manifest configuration file do not Date Regue/Date Received 2022-07-05 include any target permission, this indicates that no target permission has been declared in the original application manifest configuration file, then there might be the missing of use permission, and it is then determined that the permission to which the source code to be detected corresponds is an abnormal use permission.
[0057] In the aforementioned permission abnormality detecting method, a source code to be detected is obtained, it is detected whether the source code to be detected has any matching target analysis keyword according to an association relation, when a matching target analysis keyword is present in the source code to be detected, a target permission that corresponds to the target analysis keyword is obtained, it is detected whether an original application manifest configuration file has any target use permission node that corresponds to the target permission, and when there is no target use permission node corresponding to the target permission, it is determined that a permission to which the source code to be detected corresponds is an abnormal use permission. By means of this method, through the association relation an analysis keyword that corresponds to the source code to be detected can be obtained, an original application manifest configuration file can be obtained, and it can be determined whether the permission to which the source code to be detected corresponds is an abnormal use permission by detecting whether the original application manifest configuration file has any target use permission node that corresponds to the target permission, not any configuration is required, and the efficiency in detecting abnormal use permissions is enhanced.
[0058] In one embodiment, as shown in Fig. 3, the permission abnormality detecting method further comprises the following steps.
[0059] Step 302 - obtaining an original application manifest configuration file to which an engineering project to be detected corresponds, wherein the original application manifest configuration file includes use permission nodes to which the engineering project to be detected corresponds.
Date Regue/Date Received 2022-07-05
[0060] The application manifest configuration file is an information description file of the engineering project, the application manifest configuration file includes, but is not limited to include, various pieces of component information to which the engineering project to be detected corresponds, and the various components can be Activity, Service, Content provider, and BroadcastReceiver. The application manifest configuration file can be AndroidManifest.xml that defines the information of the components Activity, Service, Content provider, and BroadcastReceiver contained in the engineering project to be detected. Each engineering project must contain an AndroidManifest.xml file under the root directory, and the filename thereof cannot be modified.
[0061] The application manifest configuration file includes use permission nodes to which the engineering project to be detected corresponds, the use permission nodes here are employed to declare permissions of the engineering project to be detected, the use permission nodes can be use-permission nodes that are employed to declare corresponding permissions of the engineering project to be detected, and all use permission nodes have corresponding permission contents. The original application manifest configuration file to which the engineering project corresponds includes at least one use permission node.
[0062] Step 304 - extracting the use permission nodes from the original application manifest configuration file, and obtaining a permission node list file, wherein the permission node list includes a first use permission.
[0063] The first use permission here is a use permission declared by the various use permission nodes in the permission node list. The original application manifest configuration file to which the engineering project corresponds includes at least one use permission node, all use permission nodes in the original application manifest configuration file are entirely extracted out to form a permission node list file. Since the permission node is employed Date Regue/Date Received 2022-07-05 to declare the corresponding permission, the extracted permission nodes include corresponding use permissions, then the permission node list includes the first use permission. That is, the permission node list file only includes the use permission nodes in the original application manifest configuration file, while the use permission nodes are employed to declare corresponding permissions, so the permission node list further includes the first use permission to which the use permission nodes correspond.
[0064] In one embodiment, for instance, the original application manifest configuration file AndroidManifest.xml in the engineering project to be detected is marked as file A. All use permission nodes <use-permission> in file A are saved in a list file C. A
is the original application manifest configuration file, and C is the permission node list file.
[0065] Step 306 - deleting permission content to which the use permission nodes correspond in the original application manifest configuration file, and obtaining an intermediate application manifest configuration file.
[0066] Specifically, after the permission node list file has been obtained, permission contents to which the use permission nodes correspond in the original application manifest configuration file are deleted, and a new intermediate application manifest configuration file is obtained. The process can specifically be to obtain permission contents to which the various use permission nodes correspond in the original application manifest configuration file, to delete the permission contents to which the various use permission nodes correspond, and to obtain the intermediate application manifest configuration file;
the intermediate application manifest configuration file does not include the permission contents to which the use permission nodes correspond at this time, but the intermediate application manifest configuration file still includes permission contents to which other nodes correspond.
[0067] In one embodiment, for instance, the original application manifest configuration file Date Regue/Date Received 2022-07-05 AndroidManifest.xml in the engineering project to be detected is marked as file A. All use permission nodes <use-permission> in file A are saved in a list file C. A
is the original application manifest configuration file, and C is the permission node list file. Further, permission contents to which permission nodes <use-permission> in file A
correspond are entirely deleted, and a new application manifest configuration file D is obtained.
[0068] Step 308 - detecting the intermediate application manifest configuration file, and obtaining a permission detection result list, wherein the permission detection result includes a second use permission.
[0069] Specifically, after the intermediate application manifest configuration file has been obtained, the intermediate application manifest configuration file is detected, a DroidPrivacyChecker detecting system can be specifically employed to automatically detect the intermediate application manifest configuration file, the DroidPrivacyChecker detecting system is open-sourced, the detecting system can directly perform an analyzing process on the intermediate application manifest configuration file, and the detecting system abides by a certain rule to detect during the detecting process, so as to obtain a detection result, which is precisely the permission detection result list. The rule here can be self-defined, and such self-definition can be determined according to practical business requirement or specific application scenario.
[0070] The permission detection result here includes a second use permission, the second use permission here is a use permission to which the intermediate application manifest configuration file corresponds, although the intermediate application manifest configuration file does not include any use permission node, the intermediate application manifest configuration file still includes self-defined use permission nodes, and the second use permission here is a permission to which a self-defined use permission node corresponds. Use permission nodes and self-defined use permission nodes are different in meanings, as the use permission nodes are employed by the engineering project to be Date Regue/Date Received 2022-07-05 detected to declare corresponding permissions during installation, and can be use-permission, whereas the self-defined use permission nodes are employed by the engineering project to be detected to self-define to declare corresponding permissions according to practical requirement or the business scenario, and can be permission.
[0071] Step 310 - determining any abnormal use permission according to the permission node list file and the permission detection result list.
[0072] Specifically, after the permission detection result list has been obtained, any abnormal use permission can be determined according to the permission node list file and the permission detection result list. Determination of any abnormal use permission can be to take the permission node list file as a standard, to compare the permission node list file with the permission detection result list, and to determine any missing use permission and redundant use permission in the permission detection result list as abnormal use permissions. Specifically, a current use permission is obtained, the current use permission can be a use permission randomly determined in the permission node list file to serve as the current use permission, it is alternatively also possible to base on priorities of various use permissions in the permission node list file to sequentially take the various use permissions to serve as the current use permission according to the priorities, when the current use permission is only present in the permission node list file or only present in the permission detection result list, the current use permission is determined as an abnormal use permission.
[0073] When the current use permission is only present in the permission node list file, this indicates that a redundant permission declaration on the current use permission is present in the engineering project to be detected, this current use permission is not required in the engineering project to be detected, but it has been declared in the application manifest configuration file, so it might be illegally used by other malicious application programs in the future, thereby causing leakage of users' privacy data.

Date Regue/Date Received 2022-07-05
[0074] When the current use permission is only present in the permission detection result list, this indicates that the current use permission may be present in the engineering project to be detected, while a crash of application program generated by the engineering project to be detected would be caused when the engineering project to be detected runs to the point of requiring the current use permission. Accordingly, when the current use permission is only present in the permission node list file or only present in the permission detection result list, the current use permission is determined as an abnormal use permission.
[0075] Step 312 - generating a permission abnormality detection report according to the abnormal use permission.
[0076] Specifically, after the abnormal use permission has been obtained, the abnormal use permission can be presented to the developing personnel for check thereby in the form of a permission abnormality detection report. The developing personnel may make modification according to the permission abnormality detection report, to avoid leakage of users' privacy data, to thereby avoid unnecessary financial loss to the company and the users.
[0077] In one embodiment, for instance, the original application manifest configuration file AndroidManifest.xml in the engineering project to be detected is marked as file A, which is simultaneously backed up and marked as file B. All use permission nodes <use-permission> in file A are saved in a list file C. A is the original application manifest configuration file, and C is the permission node list file.
[0078] Moreover, the permission contents to which the permission nodes <use-permission> in file A are entirely deleted, and a new application manifest configuration file a is obtained.
It is stored and completely placed back in the directory in which the original application manifest configuration file AndroidManifest.xml resides in the corresponding directory Date Regue/Date Received 2022-07-05 of the engineering project to be detected, under the condition the filename of file A is not modified, to cover the original file, and the DroidPrivacyChecker detecting system automatically invokes a lint command "lint¨check MissingPermission myproject"
to perform dedicated detection of the abnormal use permission Missing-Permission on the engineering project to be detected, in which my project is the name of the engineering project to be detected.
[0079] Furthermore, after the command has been executed to completion, the detection is parsed to generate and obtain a permission detection result list result.xml, namely to obtain the permission detection result list D. Thereafter, each use permission is compared in the permission detection result list D and the permission node list file C, if a certain use permission (marked as E) is only present in C, this indicates that a redundant permission declaration on E is present in the engineering project to be detected, this permission is not required in the engineering project to be detected but declared for use, so it would be much possibly illegally used by other malicious application programs, thereby causing leakage of users' information. If a certain use permission (marked as F) is only present in D, this indicates that declaration on permission F may be present in the engineering project to be detected, while a crash of application program generated by the engineering project to be detected would be caused when the program runs to the point of requiring permission F.
[0080] Finally, a permission abnormality detection report is generated according to the abnormal use permission generated above, after generation the backed-up file B is placed back to cover file A to restore to the original file status of the engineering project to be detected, and to prevent the detecting procedure from affecting the engineering project to be detected.
[0081] In the aforementioned permission abnormality detecting method, an original application manifest configuration file to which the engineering project to be detected corresponds is Date Regue/Date Received 2022-07-05 obtained, the original application manifest configuration file includes use permission nodes and a corresponding first use permission, and the permission contents to which the use permission nodes correspond in the original application manifest configuration file are then deleted to obtain an intermediate application manifest configuration file. The intermediate application manifest configuration file is then detected to obtain a permission detection result list that includes a second use permission, and the abnormal use permission is finally determined according to the permission node list file and the permission detection result list, to thereby generate a permission abnormality detection report. Through this method, the abnormal use permission can be detected only by obtaining the original application manifest configuration file of the engineering project to be detected, not any configuration is required, and the efficiency in detecting abnormal use permissions is enhanced.
[0082] In one embodiment, as shown in Fig. 4, the step of obtaining an original application manifest configuration file to which an engineering project to be detected corresponds includes the following.
[0083] Step 402 - obtaining a system operation instruction.
[0084] Step 404 - obtaining, when the system operation instruction is operative for the first time, a system source code to which a system in which the engineering project to be detected resides corresponds.
[0085] The system operation instruction is used to instruct operation of the system in which the project to be detected resides, if a terminal serves as the executing subject, the terminal is installed with an application relevant to permission abnormality detection, the system operation instruction can be generated by triggering through the application, and it is specifically possible to trigger to generate the system operation instruction through a clicking operation or a voicing operation acting on a presentation interface of the Date Regue/Date Received 2022-07-05 application. In one embodiment, if a server serves as the executing subject, after the terminal has triggered to generate the system operation instruction, the system operation instruction is sent to the server through network connection. Alternatively, the server can directly obtain the system operation instruction, and it is not required to obtain the system operation instruction through the terminal, for instance, the system operation instruction is triggered through a timed event.
[0086] Specifically, after the system operation instruction has been obtained, it is required to detect whether the system operation instruction is operative for the first time, when it is detected that the system operation instruction is operative for the first time, the system source code to which the system in which the engineering project to be detected resides corresponds is obtained. The so-called system source code is a source code related to the system, for instance, the Android system source code can be the system source code.
[0087] Step 406 - analyzing the system source code, and obtaining a development environment to which the system source code corresponds.
[0088] Step 408 - obtaining, when the development environment is determined as a development environment supported by the system, an original application manifest configuration file to which the engineering project to be detected corresponds.
[0089] Specifically, after the system source code to which the system in which the engineering project to be detected resides corresponds has been obtained, the system source code is analyzed, and the development environment in which the engineering project to be detected resides can be obtained from the system source code. It is specifically possible to analyze the system source code with the help of the DroidPrivacyChecker detecting system, and to analyze the meaning to which each row of codes in the system source code corresponds to obtain the corresponding development environment. Further, it is then detected whether the development environment obtained by analysis is a development Date Regue/Date Received 2022-07-05 environment supported by the system in which the engineering project to be detected resides, and it is specifically possible to obtain a development environment supported by the system, and to detect whether the development environment supported by the system matches the development environment to which the system source code corresponds, when the two match, it can then be determined that the development environment to which the system source code corresponds is a development environment supported by the system, to the contrary, if the two do not match, it can then be determined that the development environment to which the system source code corresponds is not a development environment supported by the system.
[0090] Finally, after the development environment to which the system source code corresponds has been determined to be a development environment supported by the system, the original application manifest configuration file to which the engineering project to be detected corresponds is obtained.
[0091] In one embodiment, as shown in Fig. 5, the step of determining any abnormal use permission according to the permission node list file and the permission detection result list includes:
[0092] Step 502 - obtaining a current use permission; and
[0093] Step 504 - determining the current use permission as an abnormal use permission if the current use permission is only present in the permission node list file or only present in the permission detection result list.
[0094] The current use permission here is a use permission currently being used for processing, it is possible to randomly select a use permission from the first use permissions in the permission node list file to serve as the current use permission, or to sequentially take the first use permissions according to their priorities in the permission node list file to serve as the current use permission. The current use permission can also be selected from the use permissions in the permission detection result list to serve as the current use Date Regue/Date Received 2022-07-05 permission, likewise, it is possible to randomly select a use permission from the second use permissions in the permission detection result list to serve as the current use permission, or to sequentially take the second use permissions according to their priorities in the permission detection result list to serve as the current use permission.
[0095] Moreover, it is detected whether the current use permission is simultaneously present in the permission node list file and the permission detection result list, when it is detected that the current use permission is only present in the permission node list file or only present in the permission detection result list, the current use permission is determined as an abnormal use permission. The circumstance in which the current use permission is only present in the permission node list file or only present in the permission detection result list can be that the current use permission is present in the permission node list file and is not present in the permission detection result list, or that the current use permission is present in the permission detection result list and is not present in the permission node list file.
[0096] When the current use permission is only present in the permission node list file, this indicates that a redundant permission declaration on the current use permission is present in the engineering project to be detected, this current use permission is not required in the engineering project to be detected, but it has been declared in the application manifest configuration file, so it might be illegally used by other malicious application programs in the future, thereby causing leakage of users' privacy data.
[0097] When the current use permission is only present in the permission detection result list, this indicates that the current use permission may be present in the engineering project to be detected, while a crash of application program generated by the engineering project to be detected would be caused when the engineering project to be detected runs to the point of requiring the current use permission.
Date Regue/Date Received 2022-07-05
[0098] Accordingly, to sum it up, when the current use permission is only present in the permission node list file or only present in the permission detection result list, the current use permission can be determined as an abnormal use permission.
[0099] In one embodiment, as shown in Fig. 6, the permission abnormality detecting method further comprises the following steps.
[0100] Step 602 - obtaining a system source code to which the system in which the engineering project to be detected resides corresponds.
[0101] Step 604 - analyzing the system source code, and obtaining a target permission in the system source code.
[0102] The system source code here is a source code related to the system, for instance, the Android system source code can be the system source code. Specifically, the system source code to which the system in which the engineering project to be detected resides corresponds is obtained, because the permission of the system can be declared via the system source code, the system source code can be again analyzed to obtain a target permission in the system source code. The target permission here indicates a use permission that conforms to a preset condition, the preset condition can be self-defined, such self-definition can be determined and obtained according to the levels of the use permissions, or determined and obtained according to the meanings of the use permissions.
[0103] In one embodiment, for instance, levels of the use permissions are classified as normal permission and danger permission, the target permission can be a danger permission, because it is almost impossible for a normal permission to get in touch with user privacy data, for example, a permission to set the time zone is a normal permission.
Of course, if a user considers time zone data as his privacy data, the "normal permission"
can still get Date Regue/Date Received 2022-07-05 in touch with such data. If it is declared in the system source code that it requires a "normal permission", such permission will be automatically granted to the engineering project to be detected. The danger permission subsumes all privacy data of the user possibly got in touch with. For instance, the capability to obtain short message content pertains to a danger permission. If it is declared in the system source code that it requires a certain danger permission or some certain danger permissions, the engineering project to be detected will pop up a window to remind the user during operation, enquiring whether the user grants the currently requested permission to the engineering project to be detected, and the permission can be used by the application only after the user clicks to confirm authorization. The behavior modes of many permissions are different from both normal permissions and danger permissions. Some such permissions as system floating window permission and permission to modify system setup, etc. also pertain to danger permissions, and are also extremely sensitive to the system in which the engineering project to be detected resides, so most engineering projects to be detected should not use such permissions. If a certain engineering project to be detected requires a certain permission therefrom, the permission should be declared in the system source code.
[0104] Step 606 ¨ obtaining an analysis keyword to which the target permission corresponds, and searching for matching source code content in the system source code according to the analysis keyword.
[0105] Step 608 ¨creating a corresponding association relation of the analysis keyword with the corresponding source code content.
[0106] The analysis keyword here is used to identify the corresponding target permission, and the corresponding target permission can be identified with preset fields.
Specifically, after the target permission in the system source code has been obtained, the analysis keyword to which the target permission corresponds can be obtained, for instance, Date Regue/Date Received 2022-07-05 READ CALENDAR, WRITE CALENDAR can both serve as analysis keywords to which the target permission corresponds. Moreover, searching for matching source code content in the system source code according to the analysis keyword can specifically be to base on the analysis keyword to search for the corresponding location of the analysis keyword in the system source code, then determine the corresponding source code content according to the location, and hence create an association relation of the source code content with the corresponding analysis keyword. For instance, each row of codes of the system source code is traversed to detect whether the analysis keyword appears in any row of codes of the system source code, after it has been detected that the analysis keyword appears in a certain row of codes, a corresponding association relation of the code content to which this row of codes corresponds can be created with the analysis keyword.
[0107] In one embodiment, for instance, the target permission is a danger permission, and all danger permissions can be set as corresponding analysis keywords, for instance, android.Manifest.permission is an application manifest configuration file, that is to say, analysis keywords are used in the application manifest configuration file to identify corresponding use permissions:
[0108] android.Manifest.permission#READ CALENDAR
[0109] android.Manifest.permission#WRITE CALENDAR
[0110] android.Manifest.permission#CAMERA
[0111] android.Manifest.permission#READ CONTACTS
[0112] android.Manifest.permission#WRITE CONTACTS
[0113] android.Manifest.permission#GET ACCOUNTS
[0114] android.Manifest.permission#ACCESS FINE LOCATION
[0115] android.Manifest.permission#ACCESS COARSE LOCATION
[0116] android.Manifest.permission#RECORD AUDIO
[0117] android.Manifest.permission#READ PHONE STATE
[0118] android.Manifest.permission#CALL PHONE

Date Regue/Date Received 2022-07-05
[0119] android.Manifest.permission#READ CALL LOG
[0120] android.Manifest.permission#WRITE CALL LOG
[0121] android.Manifest.permission#ADD VOICEMAIL
[0122] android.Manifest.permission#USE SIP
[0123] android.Manifest.permission#PROCESS OUTGOING CALLS
[0124] android.Manifest.permission#BODY SENSORS
[0125] android.Manifest.permission#SEND SMS
[0126] android.Manifest.permission#RECEIVE SMS
[0127] android.Manifest.permission#READ SMS
[0128] android.Manifest.permission#RECEIVE WAP PUSH
[0129] android.Manifest.permission#RECEIVE MMS
[0130] Subsequently, each row of codes of the system source code is traversed to detect whether any analysis keyword appears in any row of codes of the system source code, after it has been detected that an analysis keyword appears in a certain row of codes, a corresponding association relation of the code content to which this row of codes corresponds can be created with the analysis keyword, for instance, the source code content to which the analysis keyword READ CALENDAR corresponds is the content of the one-thousandth row in the system source code, an association relation of READ CALENDAR is then created with the content of the one-thousandth row in the system source code.
[0131] In one embodiment, as shown in Fig. 7, the step of obtaining an analysis keyword to which the target permission corresponds, and searching for matching source code content in the system source code according to the analysis keyword includes:
[0132] Step 702 - traversing each row of source codes of the system source code;
[0133] Step 704 - obtaining a current row of source codes, and judging whether the current row of source codes contains the analysis keyword; and
[0134] Step 706 - determining, when the current row of source codes contains the analysis keyword, the current row of source codes as the source code content to which the analysis Date Regue/Date Received 2022-07-05 keyword corresponds.
[0135] The system source code includes at least one row of source codes, each row of source codes includes corresponding source code content, and searching for matching source code content in the system source code according to the analysis keyword can specifically be to traverse each row of source codes of the system source code, and obtain a current row of source codes, the current row of source codes indicates source codes currently being used for processing, it is possible to randomly determine a row of source codes from the system source code to serve as the current row of source codes, and it is also possible to sequentially take each row in the system source code to serve as the current row of source codes. Moreover, judging whether the current row of source codes contains the analysis keyword can specifically be to detect whether the analysis keyword is present in the current row of source codes, if the analysis keyword is present in the current row of source codes, the current row of source codes is determined as the source code content to which the analysis keyword corresponds, otherwise, the next row of source codes is obtained, the next row of source codes is taken to serve as the current row of source codes, and the step is returned to judge whether the current row of source codes contains the analysis keyword, so on and so forth, until the source code contents to which all analysis keywords correspond are obtained.
[0136] In one embodiment, for instance, the target permission is a danger permission, and all danger permissions can be set as corresponding analysis keywords, for instance, android.Manifest.permission is an application manifest configuration file, that is to say, analysis keywords are used in the application manifest configuration file to identify corresponding use permissions:
[0137] android.Manifest.permission#READ CALENDAR
[0138] android.Manifest.permission#WRITE CALENDAR
[0139] an dro i d.Man i fest.permi s si on#CAMERA
[0140] android.Manifest.permission#READ CONTACTS
Date Regue/Date Received 2022-07-05
[0141] Thereafter, each row of codes of the system source code is again traversed to detect whether any analysis keyword appears in any row of codes of the system source code, after it has been detected that an analysis keyword appears in a certain row of codes, a corresponding association relation of the code content to which this row of codes corresponds can be created with the analysis keyword, for instance, the source code content to which the analysis keyword READ CALENDAR corresponds is the content of the one-thousandth row in the system source code, the one-thousandth row of source code content is then determined to be the source code content to which the analysis keyword READ CALENDAR corresponds.
[0142] In a specific embodiment, there is provided a permission abnormality detecting method that specifically comprises the following steps:
[0143] 1. obtaining an original application manifest configuration file to which an engineering project to be detected corresponds, wherein the original application manifest configuration file includes use permission nodes to which the engineering project to be detected corresponds;
[0144] 1-1, obtaining a system operation instruction;
[0145] 1-2, obtaining, when the system operation instruction is operative for the first time, a system source code to which a system in which the engineering project to be detected resides corresponds;
[0146] 1-3, analyzing the system source code, and obtaining a development environment to which the system source code corresponds;
[0147] 1-4, obtaining, when the development environment is determined as a development environment supported by the system, an original application manifest configuration file to which the engineering project to be detected corresponds;
[0148] 2. extracting the use permission nodes from the original application manifest configuration file, and obtaining a permission node list file, wherein the permission node list includes a first use permission;

Date Regue/Date Received 2022-07-05
[0149] 3. deleting permission content to which the use permission nodes correspond in the original application manifest configuration file, and obtaining an intermediate application manifest configuration file;
[0150] 4. detecting the intermediate application manifest configuration file, and obtaining a permission detection result list, wherein the permission detection result includes a second use permission;
[0151] 5. determining any abnormal use permission according to the permission node list file and the permission detection result list;
[0152] 5-1. obtaining a current use permission;
[0153] 5-2. determining the current use permission as an abnormal use permission if the current use permission is only present in the permission node list file or only present in the permission detection result list;
[0154] 6. generating a permission abnormality detection report according to the abnormal use permission;
[0155] 7. obtaining a system source code to which the system in which the engineering project to be detected resides corresponds;
[0156] 8. analyzing the system source code, and obtaining a target permission in the system source code;
[0157] 9. obtaining an analysis keyword to which the target permission corresponds, and searching for matching source code content in the system source code according to the analysis keyword;
[0158] 9-1. traversing each row of source codes of the system source code;
[0159] 9-2. obtaining a current row of source codes, and judging whether the current row of source codes contains the analysis keyword;
[0160] 9-3. determining, when the current row of source codes contains the analysis keyword, the current row of source codes as the source code content to which the analysis keyword corresponds;
[0161] 10. creating a corresponding association relation of the analysis keyword with the corresponding source code content;

Date Regue/Date Received 2022-07-05
[0162] 11. obtaining a source code to be detected;
[0163] 12. detecting whether the source code to be detected has any matching target analysis keyword according to the association relation;
[0164] 13. obtaining, when a matching target analysis keyword is present in the source code to be detected, a target permission that corresponds to the target analysis keyword;
[0165] 14. detecting whether an original application manifest configuration file has any use permission node to which the target permission corresponds; and
[0166] 15. determining, when there is no use permission node corresponding to the target permission, a permission to which the source code to be detected corresponds as an abnormal use permission.
[0167] As should be understood, although the various steps in the aforementioned flowcharts are sequentially displayed as indicated by arrows, these steps are not necessarily executed in the sequences indicated by arrows. Unless otherwise explicitly noted in this paper, execution of these steps is not restricted by any sequence, as these steps can also be executed in other sequences (than those indicated in the drawings). Moreover, at least partial steps in the flowcharts may include plural sub-steps or multi-phases, these sub-steps or phases are not necessarily completed at the same timing, but can be executed at different timings, and these sub-steps or phases are also not necessarily sequentially performed, but can be performed in turns or alternately with other steps or with at least some of sub-steps or phases of other steps.
[0168] In one embodiment, as shown in Fig. 8, there is provided a permission abnormality detecting device 800 that comprises a first obtaining module 802, an analysis keyword matching module 804, a second obtaining module 806, a permission node detecting module 808, and an abnormal use permission determining module 810, of which
[0169] the first obtaining module 802 is employed for obtaining a source code to be detected;
[0170] the analysis keyword matching module 804 is employed for detecting whether the source code to be detected has any matching target analysis keyword according to an association Date Regue/Date Received 2022-07-05 relation;
[0171] the second obtaining module 806 is employed for obtaining, when a matching target analysis keyword is present in the source code to be detected, a target permission that corresponds to the target analysis keyword;
[0172] the permission node detecting module 808 is employed for detecting whether an original application manifest configuration file has any target use permission node that corresponds to the target permission; and
[0173] the abnormal use permission determining module 810 is employed for determining, when there is no target use permission node corresponding to the target permission, a permission to which the source code to be detected corresponds as an abnormal use permission.
[0174] In one embodiment, as shown in Fig. 9, the permission abnormality detecting device 800 further comprises:
[0175] a manifest configuration file obtaining module 902, for obtaining an original application manifest configuration file to which an engineering project to be detected corresponds, wherein the original application manifest configuration file includes use permission nodes to which the engineering project to be detected corresponds;
[0176] a use permission node extracting module 904, for extracting the use permission nodes from the original application manifest configuration file, and obtaining a permission node list file, wherein the permission node list includes a first use permission;
[0177] a use permission node processing module 906, for deleting permission content to which the use permission nodes correspond in the original application manifest configuration file, and obtaining an intermediate application manifest configuration file;
[0178] a manifest configuration file detecting module 908, for detecting the intermediate application manifest configuration file, and obtaining a permission detection result list, wherein the permission detection result includes a second use permission;
[0179] an abnormal use permission determining module 910, for determining any abnormal use permission according to the permission node list file and the permission detection result Date Regue/Date Received 2022-07-05 list; and
[0180] a permission abnormality detection report generating module 912, for generating a permission abnormality detection report according to the abnormal use permission.
[0181] In one embodiment, as shown in Fig. 10, the manifest configuration file obtaining module 902 includes:
[0182] an operation instruction obtaining unit 902a, for obtaining a system operation instruction;
[0183] an operation instruction detecting unit 902b, for obtaining, when the system operation instruction is operative for the first time, a system source code to which a system in which the engineering project to be detected resides corresponds;
[0184] a system source code analyzing unit 902c, for analyzing the system source code, and obtaining a development environment to which the system source code corresponds; and
[0185] a development environment detecting unit 902d, for obtaining, when the development environment is determined as a development environment supported by the system, an original application manifest configuration file to which the engineering project to be detected corresponds.
[0186] In one embodiment, the abnormal use permission determining module 910 is further employed for obtaining a current use permission; and determining the current use permission as an abnormal use permission if the current use permission is only present in the permission node list file or only present in the permission detection result list.
[0187] In one embodiment, as shown in Fig. 11, the permission abnormality detecting device 800 further comprises:
[0188] a system source code obtaining module 1102, for obtaining a system source code to which the system in which the engineering project to be detected resides corresponds;
[0189] a system source code analyzing module 1104, for analyzing the system source code, and obtaining a target permission in the system source code;
[0190] a source code content searching module 1106, for obtaining an analysis keyword to which Date Regue/Date Received 2022-07-05 the target permission corresponds, and searching for matching source code content in the system source code according to the analysis keyword; and
[0191] an association relation creating module 1108, for creating a corresponding association relation of the analysis keyword with the corresponding source code content.
[0192] In one embodiment, the source code content searching module 1106 is further employed for traversing each row of source codes of the system source code; obtaining a current row of source codes, and judging whether the current row of source codes contains the analysis keyword; and determining, when the current row of source codes contains the analysis keyword, the current row of source codes as the source code content to which the analysis keyword corresponds.
[0193] Specific definitions relevant to the permission abnormality detecting device may be inferred from the aforementioned definitions to the permission abnormality detecting method, while no repetition is made in this context. The various modules in the aforementioned permission abnormality detecting device can be wholly or partly realized via software, hardware, and a combination of software with hardware. The various modules can be embedded in the form of hardware in a processor in a computer equipment or independent of any computer equipment, and can also be stored in the form of software in a memory in a computer equipment, so as to facilitate the processor to invoke and perform operations corresponding to the aforementioned various modules.
[0194] Fig. 12 is a view illustrating the internal structure of a computer equipment in an embodiment. The computer equipment can specifically be terminal 102 or server 104 in Fig. 1. As shown in Fig. 12, the computer equipment comprises a processor, a memory, a network interface, an input means and a display screen connected to each other via a system bus. The memory includes a nonvolatile storage medium and an internal memory.
The nonvolatile storage medium of the computer equipment stores therein an operating system, and can further store therein a computer program that enables a processor to Date Regue/Date Received 2022-07-05 realize a permission abnormality detecting method when it is executed by the processor.
The internal memory can also store therein a computer program that enables a processor to realize a permission abnormality detecting method when it is executed by the processor.
The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, the input means of the computer equipment can be a touch layer covering on the display screen, can also be a press button, a track ball or a touch control board disposed on the housing of the computer equipment, and can further be an externally connected keyboard, touch control board or mouse, etc.
[0195] As understandable to persons skilled in the art, the structure illustrated in Fig. 12 is merely a block diagram of partial structure relevant to the solution of the present application, and does not constitute any restriction to the computer equipment on which the solution of the present application is applied, as the specific computer equipment may comprise component parts that are more than or less than those illustrated in Fig. 12, or may combine certain component parts, or may have different layout of component parts.
[0196] In one embodiment, there is provided a computer equipment that comprises a memory, a processor and a computer program stored on the memory and operable on the processor, and the following steps are realized when the processor executes the computer program:
obtaining a source code to be detected; detecting whether the source code to be detected has any matching target analysis keyword according to an association relation;
obtaining, when a matching target analysis keyword is present in the source code to be detected, a target permission that corresponds to the target analysis keyword; detecting whether an original application manifest configuration file has any target use permission node that corresponds to the target permission; and determining, when there is no target use permission node corresponding to the target permission, a permission to which the source code to be detected corresponds as an abnormal use permission.
[0197] In one embodiment, when the processor executes the computer program, the following Date Regue/Date Received 2022-07-05 steps are further realized: obtaining an original application manifest configuration file to which an engineering project to be detected corresponds, wherein the original application manifest configuration file includes use permission nodes to which the engineering project to be detected corresponds; extracting the use permission nodes from the original application manifest configuration file, and obtaining a permission node list file, wherein the permission node list includes a first use permission; deleting permission content to which the use permission nodes correspond in the original application manifest configuration file, and obtaining an intermediate application manifest configuration file;
detecting the intermediate application manifest configuration file, and obtaining a permission detection result list, wherein the permission detection result includes a second use permission; determining any abnormal use permission according to the permission node list file and the permission detection result list; and generating a permission abnormality detection report according to the abnormal use permission.
[0198] In one embodiment, when the processor executes the computer program, the following steps are further realized: obtaining a system operation instruction;
obtaining, when the system operation instruction is operative for the first time, a system source code to which a system in which the engineering project to be detected resides corresponds;
analyzing the system source code, and obtaining a development environment to which the system source code corresponds; and obtaining, when the development environment is determined as a development environment supported by the system, an original application manifest configuration file to which the engineering project to be detected corresponds.
[0199] In one embodiment, when the processor executes the computer program, the following steps are further realized: obtaining a current use permission; and determining the current use permission as an abnormal use permission if the current use permission is only present in the permission node list file or only present in the permission detection result list.

Date Regue/Date Received 2022-07-05
[0200] In one embodiment, when the processor executes the computer program, the following steps are further realized: obtaining a system source code to which the system in which the engineering project to be detected resides corresponds; analyzing the system source code, and obtaining a target permission in the system source code; obtaining an analysis keyword to which the target permission corresponds, and searching for matching source code content in the system source code according to the analysis keyword; and creating a corresponding association relation of the analysis keyword with the corresponding source code content.
[0201] In one embodiment, when the processor executes the computer program, the following steps are further realized: traversing each row of source codes of the system source code;
obtaining a current row of source codes, and judging whether the current row of source codes contains the analysis keyword; and determining, when the current row of source codes contains the analysis keyword, the current row of source codes as the source code content to which the analysis keyword corresponds.
[0202] In one embodiment, there is provided a computer-readable storage medium storing thereon a computer program, and the following steps are realized when the computer program is executed by a processor: obtaining a source code to be detected;
detecting whether the source code to be detected has any matching target analysis keyword according to an association relation; obtaining, when a matching target analysis keyword is present in the source code to be detected, a target permission that corresponds to the target analysis keyword; detecting whether an original application manifest configuration file has any target use permission node that corresponds to the target permission; and determining, when there is no target use permission node corresponding to the target permission, a permission to which the source code to be detected corresponds as an abnormal use permission.
[0203] In one embodiment, when the processor executes the computer program, the following Date Regue/Date Received 2022-07-05 steps are further realized: obtaining an original application manifest configuration file to which an engineering project to be detected corresponds, wherein the original application manifest configuration file includes use permission nodes to which the engineering project to be detected corresponds; extracting the use permission nodes from the original application manifest configuration file, and obtaining a permission node list file, wherein the permission node list includes a first use permission; deleting permission content to which the use permission nodes correspond in the original application manifest configuration file, and obtaining an intermediate application manifest configuration file;
detecting the intermediate application manifest configuration file, and obtaining a permission detection result list, wherein the permission detection result includes a second use permission; determining any abnormal use permission according to the permission node list file and the permission detection result list; and generating a permission abnormality detection report according to the abnormal use permission.
[0204] In one embodiment, when the processor executes the computer program, the following steps are further realized: obtaining a system operation instruction;
obtaining, when the system operation instruction is operative for the first time, a system source code to which a system in which the engineering project to be detected resides corresponds;
analyzing the system source code, and obtaining a development environment to which the system source code corresponds; and obtaining, when the development environment is determined as a development environment supported by the system, an original application manifest configuration file to which the engineering project to be detected corresponds.
[0205] In one embodiment, when the processor executes the computer program, the following steps are further realized: obtaining a current use permission; and determining the current use permission as an abnormal use permission if the current use permission is only present in the permission node list file or only present in the permission detection result list.
Date Regue/Date Received 2022-07-05
[0206] In one embodiment, when the processor executes the computer program, the following steps are further realized: obtaining a system source code to which the system in which the engineering project to be detected resides corresponds; analyzing the system source code, and obtaining a target permission in the system source code; obtaining an analysis keyword to which the target permission corresponds, and searching for matching source code content in the system source code according to the analysis keyword; and creating a corresponding association relation of the analysis keyword with the corresponding source code content.
[0207] In one embodiment, when the processor executes the computer program, the following steps are further realized: traversing each row of source codes of the system source code;
obtaining a current row of source codes, and judging whether the current row of source codes contains the analysis keyword; and determining, when the current row of source codes contains the analysis keyword, the current row of source codes as the source code content to which the analysis keyword corresponds.
[0208] As comprehensible to persons ordinarily skilled in the art, the entire or partial flows in the methods according to the aforementioned embodiments can be completed via a computer program instructing relevant hardware, the computer program can be stored in a nonvolatile computer-readable storage medium, and the computer program can include the flows as embodied in the aforementioned various methods when executed. Any reference to the memory, storage, database or other media used in the various embodiments provided by the present application can all include nonvolatile and/or volatile memory/memories. The nonvolatile memory can include a read-only memory (ROM), a programmable ROM (PROM), an electrically programmable ROM (EPROM), an electrically erasable and programmable ROM (EEPROM) or a flash memory. The volatile memory can include a random access memory (RAM) or an external cache memory. To serve as explanation rather than restriction, the RAM is obtainable in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM

Date Regue/Date Received 2022-07-05 (SDRAM), dual data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM
(RDRAM), direct Rambus dynamic RAM (DRDRAM), and Rambus dynamic RAM
(RDRAM), etc.
[0209] Technical features of the aforementioned embodiments are randomly combinable, while all possible combinations of the technical features in the aforementioned embodiments are not exhausted for the sake of brevity, but all these should be considered to fall within the scope recorded in the Description as long as such combinations of the technical features are not mutually contradictory.
[0210] The foregoing embodiments are merely directed to several modes of execution of the present application, and their descriptions are relatively specific and detailed, but they should not be hence misunderstood as restrictions to the inventive patent scope. As should be pointed out, persons with ordinary skill in the art may further make various modifications and improvements without departing from the conception of the present application, and all these should pertain to the protection scope of the present application.
Accordingly, the patent protection scope of the present application shall be based on the attached Claims.

Date Regue/Date Received 2022-07-05

Claims (10)

CA 03166981 2022-07-05What is claimed is:
1. A permission abnormality detecting method, characterized in comprising:
obtaining a source code to be detected;
detecting whether the source code to be detected has any matching target analysis keyword according to an association relation;
obtaining, when a matching target analysis keyword is present in the source code to be detected, a target permission that corresponds to the target analysis keyword;
detecting whether an original application manifest configuration file has any target use permission node that corresponds to the target permission; and determining, when there is no target use permission node corresponding to the target permission, a permission to which the source code to be detected corresponds as an abnormal use permission.
2. The method according to Claim 1, characterized in further comprising:
obtaining an original application manifest configuration file to which an engineering project to be detected corresponds, wherein the original application manifest configuration file includes use permission nodes to which the engineering project to be detected corresponds;
extracting the use permission nodes from the original application manifest configuration file, and obtaining a permission node list file, wherein the permission node list includes a first use permission;
deleting permission content to which the use permission nodes correspond in the original application manifest configuration file, and obtaining an intermediate application manifest configuration file;
detecting the intermediate application manifest configuration file, and obtaining a permission detection result list, wherein the permission detection result includes a second use permission;
determining any abnormal use permission according to the permission node list file and the permission detection result list; and Date Regue/Date Received 2022-07-05 generating a permission abnormality detection report according to the abnormal use permission.
3. The method according to Claim 2, characterized in that the step of obtaining an original application manifest configuration file to which an engineering project to be detected corresponds includes:
obtaining a system operation instruction;
obtaining, when the system operation instruction is operative for the first time, a system source code to which a system in which the engineering project to be detected resides corresponds;
analyzing the system source code, and obtaining a development environment to which the system source code corresponds; and obtaining, when the development environment is determined as a development environment supported by the system, an original application manifest configuration file to which the engineering project to be detected corresponds.
4. The method according to Claim 2, characterized in that the step of determining any abnormal use permission according to the permission node list file and the permission detection result list includes:
obtaining a current use permission; and determining the current use permission as an abnormal use permission if the current use permission is only present in the permission node list file or only present in the permission detection result list.
5. The method according to Claim 1, characterized in that a step of creating the association relation includes:
obtaining a system source code to which the system in which the engineering project to be detected resides corresponds;
analyzing the system source code, and obtaining a target permission in the system source code;
obtaining an analysis keyword to which the target permission corresponds, and searching for matching source code content in the system source code according to the analysis keyword; and Date Regue/Date Received 2022-07-05 creating a corresponding association relation of the analysis keyword with the corresponding source code content.
6. The method according to Claim 5, characterized in that the step of obtaining an analysis keyword to which the target permission corresponds, and searching for matching source code content in the system source code according to the analysis keyword includes:
traversing each row of source codes of the system source code;
obtaining a current row of source codes, and judging whether the current row of source codes contains the analysis keyword; and determining, when the current row of source codes contains the analysis keyword, the current row of source codes as the source code content to which the analysis keyword corresponds.
7. A permission abnormality detecting device, characterized in comprising:
a first obtaining module, for obtaining a source code to be detected;
an analysis keyword matching module, for detecting whether the source code to be detected has any matching target analysis keyword according to an association relation;
a second obtaining module, for obtaining, when a matching target analysis keyword is present in the source code to be detected, a target permission that corresponds to the target analysis keyword;
a permission node detecting module, for detecting whether an original application manifest configuration file has any target use permission node that corresponds to the target permission;
and an abnormal use permission determining module, for determining, when there is no target use permission node corresponding to the target permission, a permission to which the source code to be detected corresponds as an abnormal use permission.
8. The device according to Claim 7, characterized in further comprising:
a manifest configuration file obtaining module, for obtaining an original application manifest configuration file to which an engineering project to be detected corresponds, wherein the original application manifest configuration file includes use permission nodes to which the Date Regue/Date Received 2022-07-05 engineering project to be detected corresponds;
a use permission node extracting module, for extracting the use permission nodes from the original application manifest configuration file, and obtaining a permission node list file, wherein the permission node list includes a first use permission;
a use permission node processing module, for deleting permission content to which the use permission nodes correspond in the original application manifest configuration file, and obtaining an intermediate application manifest configuration file;
a manifest configuration file detecting module, for detecting the intermediate application manifest configuration file, and obtaining a permission detection result list, wherein the permission detection result includes a second use permission;
an abnormal use permission determining module, for determining any abnormal use permission according to the permission node list file and the permission detection result list; and a permission abnormality detection report generating module, for generating a permission abnormality detection report according to the abnormal use permission.
9. A computer equipment, comprising a memory, a processor and a computer program stored on the memory and operable on the processor, characterized in that steps of the method according to anyone of Claims 1 to 6 are realized when the processor executes the computer program.
10. A computer-readable storage medium, storing a computer program thereon, characterized in that steps of the method according to anyone of Claims 1 to 6 are realized when the computer program is executed by a processor.

Date Regue/Date Received 2022-07-05
CA3166981A 2020-01-08 2020-07-30 Permission abnormality detection method, device, computer equipment and storage medium Pending CA3166981A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN202010017976.5A CN111259374B (en) 2020-01-08 2020-01-08 Authority abnormity detection method and device, computer equipment and storage medium
CN202010017976.5 2020-01-08
PCT/CN2020/105999 WO2021139139A1 (en) 2020-01-08 2020-07-30 Permission abnormality detection method and apparatus, computer device, and storage medium

Publications (1)

Publication Number Publication Date
CA3166981A1 true CA3166981A1 (en) 2021-07-15

Family

ID=70952535

Family Applications (1)

Application Number Title Priority Date Filing Date
CA3166981A Pending CA3166981A1 (en) 2020-01-08 2020-07-30 Permission abnormality detection method, device, computer equipment and storage medium

Country Status (3)

Country Link
CN (1) CN111259374B (en)
CA (1) CA3166981A1 (en)
WO (1) WO2021139139A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111259374B (en) * 2020-01-08 2021-10-12 南京苏宁加电子商务有限公司 Authority abnormity detection method and device, computer equipment and storage medium
CN113836540B (en) * 2021-09-02 2024-07-02 青岛海信移动通信技术有限公司 Method, apparatus, storage medium and program product for managing application rights

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101900047B1 (en) * 2012-03-12 2018-09-18 삼성전자주식회사 Method and Apparatus to Evaluate Required Permissions for Application
CN104778409B (en) * 2015-04-16 2018-01-12 电子科技大学 A kind of detection method and device of Android application software similitude
CN106557687A (en) * 2015-09-30 2017-04-05 北京奇虎科技有限公司 A kind of authority control method and device of application program installation process
CN107798238A (en) * 2016-09-07 2018-03-13 武汉安天信息技术有限责任公司 The detection method and device of malicious application
CN106951786A (en) * 2017-03-30 2017-07-14 国网江苏省电力公司电力科学研究院 Towards the Mobile solution legal power safety analysis method of Android platform
CN108804912B (en) * 2018-06-15 2021-09-28 北京大学 Application program override detection method based on permission set difference
CN111259374B (en) * 2020-01-08 2021-10-12 南京苏宁加电子商务有限公司 Authority abnormity detection method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
WO2021139139A1 (en) 2021-07-15
CN111259374B (en) 2021-10-12
CN111259374A (en) 2020-06-09

Similar Documents

Publication Publication Date Title
CN109344616B (en) Method and device for monitoring dynamic loading behavior of mobile application program
US20060010337A1 (en) Management system and management method
CN105956474A (en) Abnormal behavior detection system of Android platform software
US20160283357A1 (en) Call stack relationship acquiring method and apparatus
TW201610735A (en) Point-wise protection of application using runtime agent and dynamic security analysis
CN108763951B (en) Data protection method and device
CA3166981A1 (en) Permission abnormality detection method, device, computer equipment and storage medium
CN110213357A (en) Business datum backing method, device, computer equipment and storage medium
CN112035354A (en) Method, device and equipment for positioning risk code and storage medium
CN112637185B (en) Webpage protection method and device and browser
CN110879781A (en) Program debugging method and device, electronic equipment and computer readable storage medium
CN112083851A (en) Interface positioning method and device for BIOS (basic input output System) configuration options, server and computer readable storage medium
CN110727941A (en) Private data protection method and device, terminal equipment and storage medium
CN113467981A (en) Exception handling method and device
CN116450533B (en) Security detection method and device for application program, electronic equipment and medium
CN106203148B (en) Unauthorized data access blocking method and computing device with unauthorized data access blocking function
CN111131208B (en) Third-party service application login method and device, computer equipment and storage medium
CN110569167B (en) Webpage alarm monitoring method, script error reporting method, device and computer equipment
CN115048645A (en) Detection method, device, equipment and medium for collecting privacy information beyond range
CN116010940A (en) Method, device, equipment and storage medium for monitoring system security
CN113872919B (en) Vulnerability scanning method and device
CN111427623B (en) Program exit method, device, computer equipment and storage medium
CN112214703B (en) Webpage loading method, webpage loading device, computer readable storage medium and computer equipment
Neth et al. Digital forensics triage app for android
CN111625784B (en) Anti-debugging method of application, related device and storage medium

Legal Events

Date Code Title Description
EEER Examination request

Effective date: 20220705

EEER Examination request

Effective date: 20220705

EEER Examination request

Effective date: 20220705

EEER Examination request

Effective date: 20220705

EEER Examination request

Effective date: 20220705

EEER Examination request

Effective date: 20220705

EEER Examination request

Effective date: 20220705

EEER Examination request

Effective date: 20220705

EEER Examination request

Effective date: 20220705