CN102426639B - Information safety monitoring method and device - Google Patents
Information safety monitoring method and device Download PDFInfo
- Publication number
- CN102426639B CN102426639B CN201110288510.XA CN201110288510A CN102426639B CN 102426639 B CN102426639 B CN 102426639B CN 201110288510 A CN201110288510 A CN 201110288510A CN 102426639 B CN102426639 B CN 102426639B
- Authority
- CN
- China
- Prior art keywords
- security
- application program
- configuration table
- program
- permission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Stored Programmes (AREA)
Abstract
The invention discloses an information safety monitoring method and device and belongs to the field of a mobile terminal. The method and device are designed for solving the problem of the prior art that the private information of a user in the mobile terminal is revealed by an application program. The information safety monitoring method comprises the following steps of: decompressing an installing file of the application program, thereby acquiring an overall configuration file of the program; judging whether all the operation rights in the overall configuration file of the program meet the corresponding safety rights in a safety configuration table; if yes, installing the application program through an application program main file; and if not, stopping installing the application program and displaying the operation rights which do not meet the safety rights.
Description
Technical field
The present invention relates to information security field, particularly relate to a kind of Android system information safety monitoring method and device.
Background technology
Along with people are to the lifting of the functional requirement of mobile device, the operating system of mobile device have also been obtained very large development, has engendered the complicated and diversified smart mobile phone of function; Corresponding with operating system, also comprise a large amount of application programs and make the use of smart mobile phone more convenient.
Android system range of application in smart mobile phone is wider, under Android system, carry out application program installation file issue with APK form (Android Package), this APK form is compressed format, in this application program installation file, comprise application program subject matter and program global configuration file; The authority of this application program operating handset sensitive information is stored in this program global configuration file.
There is the application program of malice in the application, this application program can operate by opponent's machine sensitive information, makes the publisher of malicious application obtain the personal information of mobile device user, thus reduces the security of the information of mobile device.
Summary of the invention
Embodiments of the invention provide a kind of information safety monitoring method and device.
For achieving the above object, embodiments of the invention adopt following technical scheme:
A kind of information safety monitoring method, comprising:
Application programs installation file carries out decompress(ion), obtains program global configuration file;
Judge in global configuration file, whether all operations authority meets security permission corresponding in security configuration table;
If all operations authority meets security permission corresponding in security configuration table in global configuration file, then executive utility subject matter application programs is installed;
If all operations authority does not meet security permission corresponding in security configuration table in global configuration file, then stop this application program is installed, and display does not meet the operating right of security permission.
A kind of information security monitoring device, comprising:
Program global configuration file acquisition module: carry out decompress(ion) for application programs installation file, obtains program global configuration file;
First judge module: for judging in global configuration file, whether all operations authority meets security permission corresponding in security configuration table;
First application program is installed and is started module: if the first judge module judges that in global configuration file, all operations authority meets security permission corresponding in security configuration table, then executive utility subject matter application programs is installed;
Super authority reminding module: if the first judge module judges that in global configuration file, all operations authority does not meet security permission corresponding in security configuration table, then stop installing this application program, and display does not meet the operating right of security permission.
A kind of information safety monitoring method that the embodiment of the present invention provides and device, compared by the operating right in the program global configuration file that obtains in the security permission in security configuration table set in mobile terminal and application program installation file, the application program exceeding security permission is pointed out, prevents the personal information revealed by application program in mobile terminal.
Accompanying drawing explanation
Fig. 1 is the process flow diagram of the embodiment of the present invention 1 one kinds of information safety monitoring methods;
Fig. 2 is the process flow diagram that second time judgement is carried out in the installation of the embodiment of the present invention 2 one kinds of information safety monitoring method application programs;
Fig. 3 is the process flow diagram that the embodiment of the present invention 3 one kinds of information safety monitoring methods arrange security configuration table;
Fig. 4 is the process flow diagram that the operation of the embodiment of the present invention 3 one kinds of information safety monitoring method application programs is carried out monitoring;
Fig. 5 is the structural representation of a kind of information security monitoring device of the embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing, a kind of information safety monitoring method of the embodiment of the present invention and device are described in detail.
Should be clear and definite, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
A kind of information safety monitoring method, as shown in Figure 1, comprising:
Step 100, application programs installation file carry out decompress(ion), obtain program global configuration file
In step 101, determining program global configuration file, whether all operations authority meets security permission corresponding in security configuration table
If all operations authority meets security permission corresponding in security configuration table in step 102 program global configuration file, then executive utility subject matter application programs is installed
If all operations authority does not meet security permission corresponding in security configuration table in step 103 program global configuration file, then stop this application program is installed, and display does not meet the operating right of security permission
A kind of information safety monitoring method that the embodiment of the present invention provides and device, preferably, obtain authority required for application program based on the omnidistance configuration file (i.e. androidmanifest.xml file) of the program in the application program installation file of Android system, compared by the operating right in the program global configuration file that obtains in the security permission in security configuration table set in mobile terminal and application program installation file, the application program exceeding security permission is pointed out, prevent the personal information revealed by application program in mobile terminal.
Embodiment 1
Start mobile terminal, described mobile terminal can be mobile phone, panel computer and PDA (PersonalDigital Assistant personal digital assistant); The application program installation file of required installation is stored to the memory block of mobile terminal, this application program is installed; This application program installation file is the discernible APK form of Android system.
Step 100, application programs installation file carry out decompress(ion), obtain program global configuration file
In mobile terminal, decompress(ion) is carried out to described application program installation file, this application program installation file, comprise application program subject matter and program global configuration file; Store the operating right that described application program needs to use in this program global configuration file, such as, send note, read associated person information, read store in SD card (Secure Digital Memory Card) file, call, the file read in mobile phone state and identity, installation and unloading mobile terminal, startup camera and microphone.
Such as, this operating right is read the file in associated person information, transmission note and installation and unloading mobile terminal.
In step 101, determining program global configuration file, whether all operations authority meets security permission corresponding in security configuration table
Store security permission in described security configuration table, this security configuration table can carry out default setting by mobile terminal producer when dispatching from the factory, and mates with the operating right in global configuration file according to this security permission.
If all operations authority meets security permission corresponding in security configuration table in step 102 program global configuration file, then executive utility subject matter application programs is installed
When described security permission comprises the file read in associated person information, transmission note and installation and unloading mobile terminal, mate with described operating right according to this security permission, determine to allow in security permission to carry out the respective operations in this operating right, then notify that mobile terminal can be installed this application program.Now, read the application program subject matter in described application program installation file, this application program is mounted in mobile terminal.
If all operations authority does not meet security permission corresponding in security configuration table in step 103 program global configuration file, then stop this application program is installed, and display does not meet the operating right of security permission
Read associated person information when described security permission comprises and send note, and when not comprising the file installed and unload in mobile terminal, then stop this application program is installed, and the operating right of this application program of pop-up window prompting user does not meet the security permission of the file installed and in unloading mobile terminal, the installation of this application program can not be completed, thus prevent the software developer of malice to steal the personal information of mobile phone users, improve the security of user's personal information in mobile terminal.
Embodiment 2
Information safety monitoring method according to embodiment 1, when user needs the application program of installing to exceed the security permission of default setting, then cannot install this application program.
For solving the problem, further, described information safety monitoring method, as shown in Figure 2, if all operations authority does not meet security permission corresponding in security configuration table in described global configuration file, then stop install this application program, and display do not meet the operating right of security permission after, also comprise:
Step 200, judge whether be intended to not meet the security permission in described security configuration table when application program installation
When mobile terminal monitor in the operating right of application program exceed set security permission time, first by the form reminding user of pop-up window, the security permission that the application program of installing exceeds, such as this security permission is the file installed and unload in mobile terminal.Now, prompting selects user whether to agree to that this security permission continues to make the installation of application program.
If step 201 is with being intended to the installation carrying out application program when not meeting the security permission in described security configuration table, then executive utility subject matter, installs described application program;
When user agrees to that ignoring this security permission continuation application programs installs, then skip the monitoring of this security permission, the application program subject matter obtained when performing application programs decompress(ion), this application program is installed, thus avoid when described operating right does not meet described security permission, application programs cannot carry out the problem of installing.
Embodiment 3
Information safety monitoring method according to embodiment 1 and embodiment 2, security permission in security configuration table in described mobile terminal carries out default setting by mobile terminal manufacturer, when the application program of installing required for user often exceeds security permission, then the carrying out needing user to repeat has operated the installation of application program; And when the application program that user installs meets set security permission, may occur that this application program is when operating without when interface prompt, makes the personal information of user reveal.
Further, described security configuration table, also comprises audit entry; This audit entry, such as, send more than 5 notes, start camera and microphone and put through phone without interface during note interface.
Further, described information safety monitoring method, as shown in Figure 3, also comprises:
Step 300, required security permission and audit entry to be selected
Load all security permissions of mobile terminal and audit entry arranging in interface of security configuration table, user can arrange in interface and selects required security permission and audit entry at this.
Step 301, selected security permission and audit entry are stored to security configuration table
According to user-selected security permission and audit entry, this security permission and audit entry are stored to security configuration table; Mobile terminal can judge according to the operating right of user-selected security permission and audit entry application programs, to determine whether to need application programs to install, thus avoid repeating identical prompting in the installation process of application program, decrease user for install multiple application program process repeat carry out same operation.
If all operations authority does not meet security permission corresponding in security configuration table in described program global configuration file, then, after display does not meet the operating right of security permission, as shown in Figure 4, also comprise:
Whether step 400, the operation judged in mobile terminal meet the audit entry in described security configuration table
After application program installation, judge affected in mobile terminal according to audit entry set in security configuration table, such as described audit entry comprises to be forbidden when without transmission more than 5 notes when note interface.
If the operation in step 401 mobile terminal does not meet the audit entry in described security configuration table, then the application program of this operation is carried out in display, and judges whether to agree to delete this application program
In the use procedure of mobile terminal, when acquisition for mobile terminal is to when without when outwards have sent 5 notes when note interface, then according to described audit entry, determine the application program sending note more than 5 notes, the title notifying this application program of user with the form of pop-up window and the audit entry violated, and make user judge whether to need to delete this application program.
If step 402 is agreed to delete this application program, then this application program is deleted from mobile terminal
If user agrees to delete this application program, then this application program is deleted from mobile terminal, to avoid this application program, user is resulted in greater loss.
Corresponding with above-mentioned a kind of information safety monitoring method, present invention also offers a kind of information security monitoring device, as shown in Figure 5, comprising:
Program global configuration file acquisition module: carry out decompress(ion) for application programs installation file, obtains program global configuration file;
First judge module: whether meet security permission corresponding in security configuration table for all operations authority in determining program global configuration file;
First application program is installed and is started module: if all operations authority meets security permission corresponding in security configuration table in the first judge module determining program global configuration file, then executive utility subject matter application programs is installed;
Super authority reminding module: if all operations authority does not meet security permission corresponding in security configuration table in the first judge module determining program global configuration file, then stop installing this application program, and display does not meet the operating right of security permission.
Described security configuration table, also comprises audit entry.
Described information security monitoring device, also comprises:
Security permission and audit entry select module: for security permission and audit entry select;
Security configuration table generation module: for selected security permission and audit entry are stored to security configuration table.
Described information security monitoring device, also comprises:
Second judge module: for judging whether the installation with application program when being intended to not meet the security permission in described security configuration table;
Second application program installation module: if the second judge module judges that then executive utility subject matter, installs described application program with being intended to the installation carrying out application program when not meeting the security permission in described security configuration table;
Install and stop module: if the second judge module judges that difference is intended to the installation carrying out application program when not meeting the security permission in described security configuration table, then stop the installation of application program.
Described information security monitoring device, also comprises:
Audit entry judge module: whether the operation for judging in mobile terminal meets the audit entry in described security configuration table;
Delete judge module: if the operation that audit entry judge module judges in mobile terminal does not meet the audit entry in described security configuration table, then the application program of this operation is carried out in display, and judges whether to agree to this application program of deletion;
Application program removing module: judge to agree to delete this application program if delete judge module, then this application program is deleted from mobile terminal.
A kind of information safety monitoring method that the embodiment of the present invention provides and device, compared by the operating right in the program global configuration file that obtains in the security permission in security configuration table set in mobile terminal and application program installation file, the application program exceeding security permission is pointed out, prevents the personal information revealed by application program in mobile terminal.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; change can be expected easily or replace, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should described be as the criterion with the protection domain of claim.
Claims (6)
1. an information safety monitoring method, is characterized in that, comprising:
Load all security permissions of mobile terminal and audit entry arranging in interface of security configuration table, user arranges in interface select required security permission and audit entry at this;
Selected security permission and audit entry are stored to described security configuration table;
Application programs installation file carries out decompress(ion), obtains program global configuration file;
In determining program global configuration file, whether all operations authority meets security permission corresponding in security configuration table;
If all operations authority meets security permission corresponding in security configuration table in program global configuration file, then executive utility subject matter application programs is installed;
If all operations authority does not meet security permission corresponding in security configuration table in program global configuration file, then stop this application program is installed, and display does not meet the operating right of security permission.
2. information safety monitoring method according to claim 1, it is characterized in that, if all operations authority does not meet security permission corresponding in security configuration table in described program global configuration file, then, after display does not meet the operating right of security permission, also comprise:
Judge whether the installation with application program when being intended to not meet the security permission in described security configuration table;
If with being intended to the installation carrying out application program when not meeting the security permission in described security configuration table, then executive utility subject matter, installs described application program;
If difference is intended to the installation carrying out application program when not meeting the security permission in described security configuration table, then stop the installation of application program.
3. information safety monitoring method according to claim 1, it is characterized in that, if all operations authority meets security permission corresponding in security configuration table in described program global configuration file, then, after executive utility subject matter application programs is installed, also comprise:
Whether the operation judging in mobile terminal meets the audit entry in described security configuration table;
If the operation in mobile terminal does not meet the audit entry in described security configuration table, then the application program of this operation is carried out in display, and judges whether to agree to delete this application program;
If agree to delete this application program, then this application program is deleted from mobile terminal.
4. an information security monitoring device, is characterized in that, comprising:
Security permission and audit entry select module: for loading all security permissions of mobile terminal and audit entry arranging in interface of security configuration table, and user arranges in interface select required security permission and audit entry at this;
Security configuration table generation module: for selected security permission and audit entry are stored to security configuration table;
Program global configuration file acquisition module: carry out decompress(ion) for application programs installation file, obtains program global configuration file;
First judge module: whether meet security permission corresponding in security configuration table for all operations authority in determining program global configuration file;
First application program is installed and is started module: if all operations authority meets security permission corresponding in security configuration table in the first judge module determining program global configuration file, then executive utility subject matter application programs is installed;
Super authority reminding module: if all operations authority does not meet security permission corresponding in security configuration table in the first judge module determining program global configuration file, then stop installing this application program, and display does not meet the operating right of security permission.
5. information security monitoring device according to claim 4, is characterized in that, also comprise:
Second judge module: for judging whether the installation with application program when being intended to not meet the security permission in described security configuration table;
Second application program installation module: if the second judge module judges that then executive utility subject matter, installs described application program with being intended to the installation carrying out application program when not meeting the security permission in described security configuration table;
Install and stop module: if the second judge module judges that difference is intended to the installation carrying out application program when not meeting the security permission in described security configuration table, then stop the installation of application program.
6. information security monitoring device according to claim 4, is characterized in that, also comprise:
Audit entry judge module: whether the operation for judging in mobile terminal meets the audit entry in described security configuration table;
Delete judge module: if the operation that audit entry judge module judges in mobile terminal does not meet the audit entry in described security configuration table, then the application program of this operation is carried out in display, and judges whether to agree to this application program of deletion;
Application program removing module: judge to agree to delete this application program if delete judge module, then this application program is deleted from mobile terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110288510.XA CN102426639B (en) | 2011-09-26 | 2011-09-26 | Information safety monitoring method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110288510.XA CN102426639B (en) | 2011-09-26 | 2011-09-26 | Information safety monitoring method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102426639A CN102426639A (en) | 2012-04-25 |
| CN102426639B true CN102426639B (en) | 2015-04-08 |
Family
ID=45960618
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110288510.XA Active CN102426639B (en) | 2011-09-26 | 2011-09-26 | Information safety monitoring method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102426639B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107704334A (en) * | 2017-10-13 | 2018-02-16 | 维沃移动通信有限公司 | A kind of SDK processing method and mobile terminal |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104346566A (en) * | 2013-07-31 | 2015-02-11 | 腾讯科技(深圳)有限公司 | Method, device, terminal, server and system for detecting privacy authority risks |
| CN103440456B (en) * | 2013-09-06 | 2017-09-08 | Tcl集团股份有限公司 | The method and device that a kind of application security is assessed |
| CN103761471A (en) * | 2014-02-21 | 2014-04-30 | 北京奇虎科技有限公司 | Application program installation method and device based on intelligent terminal |
| CN103761472B (en) * | 2014-02-21 | 2017-05-24 | 北京奇虎科技有限公司 | Application program accessing method and device based on intelligent terminal |
| CN103839000B (en) * | 2014-02-21 | 2017-04-26 | 北京奇付通科技有限公司 | Application program installation method and device based on intelligent terminal equipment |
| CN105809040A (en) * | 2014-12-29 | 2016-07-27 | 北京奇虎科技有限公司 | Method and apparatus for detecting application privacy security information |
| CN106557669A (en) * | 2015-09-30 | 2017-04-05 | 北京奇虎科技有限公司 | A kind of authority control method and device of application program installation process |
| CN106557687A (en) * | 2015-09-30 | 2017-04-05 | 北京奇虎科技有限公司 | A kind of authority control method and device of application program installation process |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4078313B2 (en) * | 2002-04-03 | 2008-04-23 | 株式会社エヌ・ティ・ティ・ドコモ | Distribution method and terminal device |
| CN101883123A (en) * | 2009-05-04 | 2010-11-10 | 华为技术有限公司 | Method, equipment and system for authenticating safe state of telecommunication equipment |
| CN101917682A (en) * | 2010-08-25 | 2010-12-15 | 宇龙计算机通信科技(深圳)有限公司 | Information transmitting method and system for mobile terminal and mobile terminal |
| CN102063299A (en) * | 2010-12-21 | 2011-05-18 | 东莞宇龙通信科技有限公司 | Method and device for assessing application running condition of mobile terminal, mobile terminal |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH078313B2 (en) * | 1990-08-04 | 1995-02-01 | 三菱電機株式会社 | Sewing machine stop control method |
| CN102110220B (en) * | 2011-02-14 | 2013-01-23 | 宇龙计算机通信科技(深圳)有限公司 | Application program monitoring method and device |
-
2011
- 2011-09-26 CN CN201110288510.XA patent/CN102426639B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4078313B2 (en) * | 2002-04-03 | 2008-04-23 | 株式会社エヌ・ティ・ティ・ドコモ | Distribution method and terminal device |
| CN101883123A (en) * | 2009-05-04 | 2010-11-10 | 华为技术有限公司 | Method, equipment and system for authenticating safe state of telecommunication equipment |
| CN101917682A (en) * | 2010-08-25 | 2010-12-15 | 宇龙计算机通信科技(深圳)有限公司 | Information transmitting method and system for mobile terminal and mobile terminal |
| CN102063299A (en) * | 2010-12-21 | 2011-05-18 | 东莞宇龙通信科技有限公司 | Method and device for assessing application running condition of mobile terminal, mobile terminal |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107704334A (en) * | 2017-10-13 | 2018-02-16 | 维沃移动通信有限公司 | A kind of SDK processing method and mobile terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102426639A (en) | 2012-04-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102426639B (en) | Information safety monitoring method and device | |
| CN102521548B (en) | Method for managing using rights of function and mobile terminal | |
| CN102236764B (en) | Method and monitoring system for Android system to defend against desktop information attack | |
| CN102289633A (en) | Method for managing dynamic permission of application program under Android platform | |
| CN102413221B (en) | Method for protecting privacy information and mobile terminal | |
| CN102404706B (en) | Method for managing tariff safety and mobile terminal | |
| CN101026834A (en) | Locking method and unlocking method | |
| CN103164229A (en) | Method and device for clearing progresses of mobile terminal | |
| US9330265B2 (en) | Method for component access control and electronic device | |
| CN103379482A (en) | Method and device for preventing recording in process of communicating by telephone | |
| CN101984691A (en) | Upgrading method of system built-in software and mobile terminal | |
| CN103218552B (en) | Based on method for managing security and the device of user behavior | |
| CN103455520A (en) | Method and device for accessing Android database | |
| CN102722663B (en) | Handheld smart device data security protection method | |
| CN101393587A (en) | Mobile equipment with security protection function and security protection method thereof | |
| CN105843653A (en) | TA (trusted application) configuration method and device | |
| CN102413220B (en) | Method for controlling right of using connection function and mobile terminal | |
| CN106406944A (en) | Control method and system for forbidding self-starting of application | |
| CN103389898A (en) | Method for managing mobile terminal software and mobile terminal | |
| CN102810139B (en) | Secure data operation method and communication terminal | |
| CN104035842A (en) | Method for deleting and recovering built-in application program | |
| CN106599115B (en) | Data protection method, device and terminal | |
| CN104750523A (en) | Information processing method and electronic equipment | |
| CN103257893B (en) | A kind of methods, devices and systems obtaining input state-event | |
| CN103034810B (en) | A kind of detection method, device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |