CN103279706B - Intercept the method and apparatus installing Android application program in the terminal - Google Patents

Intercept the method and apparatus installing Android application program in the terminal Download PDF

Info

Publication number
CN103279706B
CN103279706B CN201310226610.9A CN201310226610A CN103279706B CN 103279706 B CN103279706 B CN 103279706B CN 201310226610 A CN201310226610 A CN 201310226610A CN 103279706 B CN103279706 B CN 103279706B
Authority
CN
China
Prior art keywords
application program
ash
android
mobile terminal
relevant
Prior art date
Application number
CN201310226610.9A
Other languages
Chinese (zh)
Other versions
CN103279706A (en
Inventor
熊昱之
潘剑锋
张聪
Original Assignee
北京奇虎科技有限公司
奇智软件(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京奇虎科技有限公司, 奇智软件(北京)有限公司 filed Critical 北京奇虎科技有限公司
Priority to CN201310226610.9A priority Critical patent/CN103279706B/en
Publication of CN103279706A publication Critical patent/CN103279706A/en
Application granted granted Critical
Publication of CN103279706B publication Critical patent/CN103279706B/en

Links

Abstract

The invention discloses the method and apparatus that Android application program is installed in a kind of interception in the terminal。The method that Android application program is installed in a kind of interception that the embodiment of the present invention provides in the terminal, including: the predetermined port bound mutually with ADB instrument in network driver layer is to computer is monitored;When the process monitored in computer is connected with mobile terminal foundation by ADB instrument, it is judged that whether process is ash process;If judging, this process is ash process, when knowing that the application program that this ash process is relevant to pass through ADB instrument to mobile terminal installation Android application program, it may be judged whether the application program allowing this ash process relevant installs Android application program in mobile terminal;When the application program not allowing ash process to be correlated with is to installation Android application program in mobile terminal, intercepts ash process relevant application program and the operation of Android application program is installed in mobile terminal。

Description

Intercept the method and apparatus installing Android application program in the terminal
Technical field
The present invention relates to Android technology application domain, particularly to the method and apparatus that Android application program is installed in a kind of interception in the terminal。
Background technology
Android (Android) is a kind of open source code operating system based on Linux, is mainly used for the mobile terminals such as mobile phone。Android platform is made up of operating system, middleware, user interface and application software。
Along with the universal of smart mobile phone and development, mobile phone rogue program becomes the new channel of viral progression, various APK (AndroidApplicationPackageFile, Android installation package file) arise at the historic moment, this wherein just includes virus APK, such as, some virus APK is by the customization paid service of such as note, eject harassing and wrecking advertisement, pay phone, sensitive data in backup user mobile phone damages the rights and interests of user to malicious acts such as particular servers, also have some mobile phone rogue programs to may result in user mobile phone to crash, shutdown, data is deleted, it is sent out spam, call。。Wherein advertisement behavior is that default advertising message is shown when user uses this application program by Android application program in a mobile device by picture or word, or the display interface being shown in user is downloaded in networking from the Internet, also include picture or word are embedded link, user is guided to click through, also have some privacy behaviors to include Android application program and authorize the operation of the information reading or revising mobile equipment without user, for instance obtain cell-phone number or obtain the content of installation software in mobile phone and send the information to its server statistics user。
Android device needs driver ADB (AndroidDebugBridge, Android debugging bridge) when connecting computer, can debug Android program by ADB。Utilize the ADB can directly operation management Android simulator or real Android device (such as mobile phone terminal)。
Android system itself does not possess the mechanism of interception, simply informs before rogue program is installed that this program of system user may access some service, but for whether application program is that rogue program does not make a decision。When Android device is connected to computer by ADB by user, third party's program may when allowing without user, monitoring USB interface, once discovery Android device, by ADB to Android device installing advertisement with popularization and application program, or to Android device, some malicious application are installed, thus cause Android device often due to the connection of computer, advertisement promotion application program or other malicious application can be installed into。Program owing to installing can not appear in the application list of android system, user is to the installation of these application programs ignorant, but the harassing and wrecking information such as a lot of advertisement promotion can be received when opening mobile phone access webpage or application program, bring puzzlement and inconvenience to the use of user, and cause hidden danger to the information security of user。
Summary of the invention
In view of the above problems, it is proposed that the present invention is to provide a kind of and overcome the problems referred to above or solve the method and apparatus that Android application program is installed in a kind of interception of the problems referred to above in the terminal at least in part。
According to one aspect of the present invention, embodiments provide a kind of method that Android application program is installed in interception in the terminal, including:
The predetermined port bound mutually with Android debugging bridge ADB instrument in network driver layer is to computer is monitored;
When the process monitored in computer is connected with mobile terminal foundation by ADB instrument, it is judged that whether process is ash process;
If judging, above-mentioned process is ash process, when knowing that the application program that ash process is relevant to pass through ADB instrument to mobile terminal installation Android application program, it may be judged whether the application program allowing this ash process relevant installs Android application program in mobile terminal;
When the application program not allowing ash process to be correlated with is to installation Android application program in mobile terminal, intercepts ash process relevant application program and the operation of Android application program is installed in mobile terminal。
Wherein, said method also includes: when the process monitored in computer is connected with mobile terminal foundation by ADB instrument, if the type judging process is the white process being arranged in white list, then all operations that mobile terminal is performed by the application program allowing this white process relevant;
If the type judging process is the black process being arranged in blacklist, then immediately the application program that this black process is relevant is intercepted, forbid that mobile terminal is performed any operation and shows that in user interface pop-up box the application program to this black process is relevant intercepts successful information by the application program that black process is relevant。
Wherein, before judging that whether process is ash process, said method also includes: judge whether process is the process supporting ADB agreement, is then, continues executing with the operation judging that whether process is ash process, otherwise, it is allowed to the operation of process。
Wherein, above-mentioned judging that whether process is the form of support the process of ADB agreement to include judging packet that process sends to predetermined port and whether data content meets ADB agreement, if meeting, then process is the process of support ADB agreement, if being unsatisfactory for, then process is not the process supporting ADB agreement。
Wherein, above-mentioned when knowing that the application program that ash process is relevant to pass through ADB instrument to mobile terminal installation Android application program, determine whether that the application program that this ash process is relevant is installed Android application program in mobile terminal and included: when monitoring the installation instruction that ash process sends Android application program to predetermined port, know that the application program that ash process is relevant to install Android application program by ADB instrument to mobile terminal;Android installation kit APK file is sent to predetermined port when monitoring ash process, obtain this APK file and this APK file is scanned, when scanning result indicates APK file safe, judge to allow the application program that this ash process is relevant that Android application program is installed in mobile terminal, otherwise, it is judged that the application program not allowing this ash process relevant installs Android application program in mobile terminal。
Wherein, above-mentioned it is scanned including to this APK file: extract the Message Digest Algorithm 5 MD5 value of each file under the instruction and/or APK catalogue stated in the movable feature of the installation kit title of APK file, version number, digital signature, the feature of Android assembly receptor, the feature of Android Component service, Android assembly, executable file;The information extracted is sent to the server side being provided with security identification storehouse, so that server side utilizes the characteristic information in security identification storehouse that the information of APK file is scanned;Receive the scanning result that the APK file that issues of server side is corresponding。
Wherein, above-mentioned when knowing that the application program that ash process is relevant to pass through ADB instrument to mobile terminal installation Android application program, determine whether that the application program that this ash process is relevant is installed Android application program in mobile terminal and included: in user interface pop-up box, show that information, this information include instruction information and/or the processing mode information of the relevant icon of application program of ash process, title, application description, whether advertising program or rogue program;Receive the selection instruction that user is sent by user interface pop-up box;When the application program selecting instruction instruction to allow ash process relevant, judge to allow the application program that this ash process is relevant that Android application program is installed in mobile terminal, when selecting instruction instruction to forbid the application program that ash process is correlated with, it is judged that forbid that the application program that this ash process is relevant installs Android application program in mobile terminal。
Wherein, the application program that above-mentioned interception ash process is relevant is installed the operation of Android application program in mobile terminal and is included: interrupt the connection of ash process and predetermined port, and no thoroughfare, and the APK file from ash process is sent to mobile terminal by predetermined port。
According to a further aspect in the invention, embodiments provide a kind of interception and the device of Android application program is installed in the terminal, including:
Port monitor, the predetermined port being suitable to bind mutually with Android debugging bridge ADB instrument in network driver layer is to computer is monitored;
Diagnosis apparatus, is suitable to when the process monitoring in computer is connected with mobile terminal foundation by ADB instrument, it is judged that whether process is ash process;And, if judging, process is ash process, when knowing that the application program that ash process is relevant to pass through ADB instrument to mobile terminal installation Android application program, it may be judged whether the application program allowing this ash process relevant installs Android application program in mobile terminal;
Blocker, is suitable to, when the application program not allowing ash process to be correlated with is to installation Android application program in mobile terminal, intercept the relevant application program of ash process and install the operation of Android application program in mobile terminal。
Wherein, diagnosis apparatus, is further adapted for when the process monitoring in computer is connected with mobile terminal foundation by ADB instrument, it is judged that the type of process is the white process being arranged in white list, then blocker, is further adapted for all operations allowing the application program that this white process is relevant that mobile terminal is performed;And
Diagnosis apparatus, it is further adapted for when the process monitoring in computer is connected with mobile terminal foundation by ADB instrument, the type of judgement process is the black process in blacklist, then blocker, it is further adapted for the application program to this black process is relevant to intercept, forbids that mobile terminal is performed any operation and shows that in user interface pop-up box the application program to this black process is relevant intercepts successful information by the application program that black process is relevant。
Wherein, it is judged that device, it was further adapted for before judging that whether process is ash process, it is judged that whether process is the process supporting ADB agreement, is then, continues executing with the operation judging that whether process is ash process, otherwise, it is allowed to the operation of process。
Wherein, it is judged that device, being suitable to judge whether the form of the packet that process sends to predetermined port and data content meet ADB agreement, if meeting, then process is support the process of ADB agreement, if being unsatisfactory for, then process is not the process supporting ADB agreement。
Wherein, it is judged that device, be suitable to, when monitoring the installation instruction that ash process sends Android application program to predetermined port, know that the application program that ash process is relevant to install Android application program by ADB instrument to mobile terminal;Android installation kit APK file is sent to predetermined port when monitoring ash process, obtain this APK file and this APK file is scanned, when scanning result indicates APK file safe, judge to allow the application program that this ash process is relevant that Android application program is installed in mobile terminal, otherwise, it is judged that the application program not allowing this ash process relevant installs Android application program in mobile terminal。
Wherein, it is judged that device is suitable to obtain in the following way scanning result: extract the instruction in the movable feature of the installation kit title of APK file, version number, digital signature, the feature of Android assembly receptor, the feature of Android Component service, Android assembly, executable file and/or the MD5 value of each file under APK catalogue;The information extracted is sent to the server side being provided with security identification storehouse, so that server side utilizes the characteristic information in security identification storehouse that the information of APK file is scanned;Receive the scanning result that the APK file that issues of server side is corresponding。
Wherein, it is judged that device is suitable in user interface pop-up box displaying information, whether this information includes the relevant icon of application program of ash process, title, application describe, the instruction information of advertising program or rogue program and/or processing mode information;Receive the selection instruction that user is sent by user interface pop-up box;When the application program selecting instruction instruction to allow ash process relevant, judge to allow the application program that this ash process is relevant that Android application program is installed in mobile terminal, when selecting instruction instruction to forbid the application program that ash process is correlated with, it is judged that forbid that the application program that this ash process is relevant installs Android application program in mobile terminal。
Wherein, blocker, be suitable to the connection interrupting ash process with predetermined port, no thoroughfare, and the APK file from ash process is sent to mobile terminal by predetermined port。
From the above mentioned, the embodiment of the present invention is by the monitoring to the predetermined port bound mutually with ADB instrument, learn and set up, with ADB instrument, all processes being connected, filter out ash process therein and the application program that ash process is relevant is installed, in mobile terminal, the technological means that the authority of Android application program judges, solve the problem that in prior art, third party's program causes with set up applications in purpose mobile terminal, the third party's program utilizing ADB instrument and Android mutual can be carried out effective monitoring, and the authority of third party's program is controlled by process type and decision logic, thus having ensured the safety of information in mobile terminal, convenient for users。
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, and can be practiced according to the content of description, and in order to above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention。
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit those of ordinary skill in the art be will be clear from understanding。Accompanying drawing is only for illustrating the purpose of preferred implementation, and is not considered as limitation of the present invention。And in whole accompanying drawing, it is denoted by the same reference numerals identical parts。In the accompanying drawings:
Fig. 1 illustrates that the method flow diagram of Android application program is installed in a kind of according to an embodiment of the invention interception in the terminal;
Fig. 2 illustrates that the method flow diagram of Android application program is installed in a kind of in accordance with another embodiment of the present invention interception in the terminal;And
Fig. 3 illustrates interaction flow schematic diagram when process in accordance with another embodiment of the present invention utilizes ADB instrument to install Android application program in mobile terminal;
Fig. 4 illustrates the structural representation of the device installing Android application program according to the present invention a kind of interception of another embodiment in the terminal。
Detailed description of the invention
It is more fully described the exemplary embodiment of the disclosure below with reference to accompanying drawings。Although accompanying drawing showing the exemplary embodiment of the disclosure, it being understood, however, that may be realized in various forms the disclosure and should do not limited by embodiments set forth here。On the contrary, it is provided that these embodiments are able to be best understood from the disclosure, and complete for the scope of the present disclosure can be conveyed to those skilled in the art。
One embodiment of the invention provides a kind of method that Android application program is installed in interception in the terminal, and referring to Fig. 1, the method includes:
S100: the predetermined port bound mutually with ADB (AndroidDebugBridge, Android debugging bridge) instrument in network driver layer is to computer is monitored。
The present embodiment performs the interception to the operation installing Android application program in the terminal in network driver layer, this network driver layer is in upper strata and drives, and is call as winsock (WindowsSockets) to be forwarded to the auxiliary intermediate layer that core protocol drives。It is in the driving of this layer and indiscriminate can monitor all this locality and long-range winsock calls and monitor network bottom layer protocol-driven。
Predetermined port in above computer can be 127.0.0.1:5037 port (5037 port), and wherein, ADB instrument is bound mutually with this 5037 port。
S102: when the process monitored in computer is connected with mobile terminal foundation by ADB instrument, it is judged that whether process is ash process。
The present embodiment illustrates for mobile terminal for Android device (terminal such as Android mobile phone or other support Android system)。
Ash process is the not unknown process in white and black list, when the type of the process monitored belongs to ash process, need this process is further monitored, be confirmed whether to allow the application program that this ash process is relevant that Android application program is installed in Android device。
Wherein, the present embodiment can be safeguarded a white and black list in the data base of server, white list is the list of record security process, blacklist is the list of the dangerous process of record, when process is arranged in white list, it is allowed to all operations that this white process is follow-up, no longer this white process is monitored, when process is arranged in blacklist, once monitor out black process, perform interception immediately。
It should be noted that the present embodiment is on the level of process, it is described intercepting the scheme installing Android application program in mobile terminal (Android device)。Application program is static, and process is dynamic, and process is a program being carrying out, the program example being namely currently running in computer;It can be distributed to processor and be performed by processor as an entity。Process can be applied the result of program。One application program once operates to a process, process and application program not one to one on a data set, and an application program operates in and forms multiple different process on multiple different data set。Process produces when creating, and runs because of the scheduling of application program, and after completing task, process can be undone。Process can reflect whole dynamic processes that an application program runs on certain data set。The application program that above-mentioned process is relevant refers to the application program being currently running in process。
S104: when knowing that the application program that ash process is relevant to pass through ADB instrument to mobile terminal installation Android application program, it may be judged whether the application program allowing this ash process relevant installs Android application program in mobile terminal。
The application program that process is relevant utilizes ADB instrument can perform polytype operation, such as, enumerate Android device and the Android device that current system connects set up is connected, the file of read and write in Android device and catalogue, to shell instruction in Android device installation APK file, execution Android device etc.。At this, this programme is primarily upon installing the function of APK file based on ADB agreement, then in this step, when knowing that the application program that ash process is relevant to pass through to start, when ADB instrument installs Android application program to Android device, the logical judgment intercepting operation。
S106: when the application program not allowing ash process to be correlated with is to installation Android application program in mobile terminal, intercepts the relevant application program of ash process and installs the operation of Android application program in mobile terminal。
From the above mentioned, the embodiment of the present invention is when PC end equipment such as computer is connected transmission with Android device, and protection Android device is not forced installing advertisement software or Malware。This programme can not only intercept malice harassing and wrecking program, it is also possible to intercepts any by ADB instrument acquisition rogue program of the authority of set up applications on mobile phone。
The third-party application utilizing ADB instrument to install Android application program on mobile phone cannot be checked by existing Android system, and ADB instrument can obtain all authorities of Android application program, including performing shell instruction etc., thus after causing that mobile phone is connected with computer, virus is easily transmitted to hands machine, for solving this problem, the present embodiment is by the monitoring to the predetermined port bound mutually with ADB instrument, learn and set up, with ADB instrument, all processes being connected, filter out ash process therein and the application program that ash process is relevant is installed, in Android device, the technological means that the authority of Android application program judges, solve the problem that in prior art, third party's program causes with set up applications in purpose Android device, the third party's program utilizing ADB instrument and Android mutual can be carried out effective monitoring, and the authority of third party's program is controlled by process type and decision logic, thus having ensured the safety of information in mobile terminal, convenient for users。
On the basis of embodiment illustrated in fig. 1, the method that Android application program is installed in a kind of interception that another embodiment of the present invention provides in the terminal, referring to Fig. 2, comprise the steps:
S200: 5037 ports bound with ADB instrument are monitored。
In this step, monitoring the packet passed through in 5037 ports in background program, these packets can be the packet sending instruction, it is also possible to for the packet of sending entity data。
Above-mentioned monitoring can by ADB instrument or be arranged on device in ADB instrument and realize。
The function of ADB instrument specifically includes that the order running Android device, the port mapping of management Android simulator or Android device, control to upload or download file between computer or Android device, and local APK file is mounted to Android simulator or Android device。ADB instrument serves the effect of a transfer between computer and Android device。
ADB instrument is based on client-server end model realization, including three parts: ADB client, ADB service end and finger daemon。
ADB client, operates on the computer of exploitation, it is possible to runs ADB order in order line and calls this client, can also call ADB client as the such Android instrument of ADB plug-in unit and DDMS。
ADB service end, is operate in the background process on exploitation computer, and management equipment is also responsible for the data exchange between computer and equipment;
ADB client and ADB service end may reside among same executable file, for instance in Windows system in the executable file of adb.exe by name。ADB client is responsible for mutual with user, just exits after having performed order;And ADB service end runs in computer upon actuation always。
Finger daemon, operates in the process in Android system, receives data that ADB service end sends and performs instruction。
When starting ADB client, first client detects whether ADB service end process is run, and without operation, then starts ADB service end。When ADB service end starts, it can be tied to the TCP5037 port of this locality, and monitors the order sent from ADB client。All of ADB client all uses 5037 ports and ADB service end communication。
S202: when the process monitored in computer is connected with Android device foundation by ADB instrument。
ADB instrument can operate Android mobile phone by predetermined port, to set up applications in Android mobile phone, perform mobile phone and synchronize and the function such as upper transmitting file, third party's program can be passed through bundle an ADB instrument and communicate to Android device transmission order。
ADB instrument includes ADB client and ADB service end。ADB service end, always at running background, is responsible for and Android device communication, it is possible to by network, APK file is delivered to ADB service end, is installed to mobile terminal up thereby through transfer;ADB client is responsible for the connection of third party's program and predetermined port, and is provided with ADB communications protocol in LAN network layers, to support the communication of ADB instrument。Such as, mobile phone assistant is equivalent to an ADB service end, and after other application program is connected with mobile phone assistant, other application program also can utilize the service of mobile phone assistant to Android device set up applications etc.。
Third party's program can be set up Socket (socket) by ADB client with 5037 ports and be connected, and then passes through this Socket connection and ADB service end is connected to Android device。As when being installed on mobile phone by application program, the installation kit of application program is passed to ADB service end by ADB client, and ADB service end just installs this application program to mobile phone。
S204: judge whether process is the process supporting ADB agreement, is then perform step S206。
By the packet of 5037 port transmission except with the packet of Android device communication except, will also include other kinds of packet, in order to avoid intercepting other normal programs, ensure the properly functioning of other programs, in the present embodiment, judge the whether use ADB agreement of the process monitored, when using ADB agreement, illustrate that this process is the process that can communicate with Android device, continue this process is monitored, when not using ADB agreement, illustrate that this process is other processes not communicated with Android device, no longer this process is monitored, allow the operation of this process。
The operation of ADB agreement support include using ADB to enumerate Android device and Android device that current system connects set up is connected, the file of read and write in Android device and catalogue, to shell instruction in Android device installation APK file, execution Android device etc.。
When judging whether process is the process supporting ADB agreement, may determine that whether the form of the packet that this process sends to predetermined port (5037 port) and data content meet ADB agreement, if meeting, then this process is support the process of ADB agreement, if being unsatisfactory for, then this process is not the process supporting ADB agreement。Such as, when the form judging packet meets the call format of ADB agreement, and indicating notebook data bag in data content when being packet based on ADB agreement, confirmation process is support the process of ADB agreement。
S206: judge the type of process。
The information of process can be collected and add up by the present embodiment in advance, the white and black list of maintenance and the process of preservation。
White list is the list of record security process, and blacklist is the list of the dangerous process of record。The type being arranged in white list process is white process, and the type being arranged in blacklist process is black process, and all unknown process outside white and black list belongs to ash process。Additionally, the present embodiment can also pass through client collection procedure behavior and be associated with performance of program, thus in data base the program behavior of logging program feature and correspondence thereof, incidence relation according to the program behavior collected and performance of program, can be analyzed sample concluding in data base, thus contributing to software or program are belonged to the judgement of blacklist or white list。Owing to have recorded performance of program and behavior record corresponding to this feature in data base, therefore in conjunction with known white list, unknown program can be analyzed。Such as, if unknown program feature is identical with the known procedure feature in existing white list, then this unknown program feature and program behavior thereof are all listed in white list。If unknown program behavior is identical or approximate with the known procedure behavior in existing white list, then all list this unknown program behavior and performance of program thereof in white list。
When process is white process (such as the process etc. that 360 mobile phone assistants, 91 mobile phone assistants or pea pods call), confirm that the application program that this process is relevant is believable application program, it is allowed to the operation of this process。
(process etc. of the application call of APK is promoted such as malice) when process is black process, confirm that the application program that this process is relevant is incredible application program, after judging the type of this process, intercept the operation (as intercepted this process by disconnecting the connection of this process and 5037 ports) of this process immediately, forbid that Android device is carried out any operation (as enumerating the Android device connected in system) by the application program that this process is relevant, and successful information will be intercepted send to user, as shown in user interface pop-up box, the application program to this black process is relevant intercepts successful information。
When process is ash process, enter step S208, continue this ash process is monitored。
S208: determine whether that the application program that this ash process is relevant installs Android application program in Android device。
This programme is primarily upon third party's program and utilizes ADB agreement scene of set up applications in Android device, when ash process performs other operations, such as the operation of enumeration operation, read-write Android device catalogue, it is possible to allow the execution of these operations。
In order to be illustrated more clearly that this programme, in conjunction with Fig. 3, the application program that process is relevant utilizing ADB instrument to the illustrating of scene installing Android application program in Android device first below, Fig. 3 illustrates interaction flow schematic diagram when process utilizes ADB instrument to install Android application program in Android device。Wherein, process is set up Socket by ADB client with 5037 ports and is connected, and is connected by this Socket and sends various instruction and datas to 5037 ports, is then sent instruction and data to Android device by ADB service end again, when performing APK file and installing, mainly include following operation:
1), process sends install (installation) instruction by ADB client and ADB service end to Android device。
Namely above-mentioned install instruction instruction process will perform to install the operation of Android application program to Android device。
2), process sends Sync (synchronous synchronizes) instruction, instruction entrance synchronous regime by ADB client and ADB service end to Android device。
3), process sends SEND (transmission) instruction by ADB client and ADB service end to Android device, it is intended that APK file deposit path。
4), process send DATA (data) instruction by ADB client and ADB service end to Android device, thus Android device need to be sent to APK file to be mounted。
5), process sends pmshell instruction, startup APK file installation in Android device by ADB client and ADB service end to Android device。
After APK file is installed, it is also possible to comprise the steps 6)。
6), process send rmshell instruction by ADB client and ADB service end to Android device, delete the data such as the APK file uploaded in installation process。
This step triggers when the application program knowing that ash process is relevant to install Android application program by ADB instrument to Android device and starts to perform。When monitoring ash process and calling the install instruction that the install function of ADB instrument sends Android application program to predetermined port, know that the application program that ash process is relevant to install Android application program by ADB instrument to Android device;After having sent install instruction, ash process also can send Sync (synchronous by ADB instrument to predetermined port, synchronize) instruction, SEND (transmission) instruction etc., then ash process sends DATA (data) instruction carrying APK file to predetermined port, then when monitor ash process to predetermined port send Android installation kit APK file, obtain this APK file and this APK file is scanned, scan whether this APK file to be mounted contains and maliciously deduct fees, malice harassing and wrecking, the hostile content such as the code stealing privacy, when not having hostile content, scanning result is APK file safety, otherwise scanning result is that APK file is dangerous。
When scanning result indicates APK file safe, it is judged that the application program allowing this ash process relevant installs Android application program in Android device, otherwise, it is judged that the application program not allowing this ash process relevant installs Android application program in Android device。
When performing the scanning to APK file, concrete execution operates as follows:
Extracting the various information of APK file, these information are including, but not limited to the instruction (or character string) in installation kit title, version number, digital signature, the feature of Android assembly receptor (receiver), the feature of Android Component service (service), Android the assembly movable feature of (activity), executable file and/or the MD5 value of each file under APK catalogue;Then, the information extracted is sent to the server side being provided with security identification storehouse, so that server side utilizes the characteristic information in security identification storehouse that the information of APK file is scanned;Receive the scanning result that the APK file that issues of server side is corresponding, thus knowing scanning result, the information such as package name, certificate。
Preferably, above-mentioned security identification storehouse can be cloud killing engine。
Wherein, above-mentioned executable file includes Dex file and/or ELF file, and this Dex file includes classes.dex file, extension is called the file of .jar and the file etc. of Dex form。
It should be noted that the present embodiment is before adopting aforesaid way to be scanned, it is necessary in advance the information of APK file is collected, for instance, choose sample Android installation kit, this sample Android installation kit includes the Android installation kit under various level of security。To the instruction in the bag name of various sample Android installation kits, version number, digital signature, the feature of Android assembly receiver, the feature of Android assembly service, the feature of Android assembly activity, executable file or character string, under Android installation kit catalogue, the MD5 value of each file is collected, and the information collected is preset in the security identification storehouse of server side。
The security identification storehouse that server side is preset both have collected the characteristic information of the APK file identifying the various Malwares such as virus, wooden horse, also have collected the characteristic information of the APK file identifying normal use。When the characteristic information having information hit Malware in the information of APK file, then scanning result corresponding to this APK file of obtaining indicates this APK file not to be safe。
Further, the present embodiment also allows for user's installation to Android application program select, namely by above-mentioned decision logic to whether allowing application program that process is relevant to Android device being installed after Android application program judges, final court verdict is made in the selection in conjunction with user。When confirming the application program allowing ash process to be correlated with according to above-mentioned decision logic to installation Android application program in Android device (or other allow the scene of set up applications in Android device, such as white process), this method also includes:
User interface pop-up box is shown information, whether this information includes the relevant icon of application program of ash process, title, application describe, the instruction information of advertising program or rogue program and/or processing mode information, and this processing mode information can include the treatment advice etc. of the application programs recommended。Then, the selection instruction that user is sent is received by user interface pop-up box;When the application program selecting instruction instruction to allow ash process relevant, the final application program judging that this ash process of permission is relevant installs Android application program in Android device, and perform the installation operation of this Android application program, when selecting instruction instruction to forbid the application program that ash process is correlated with, judge to forbid that the application program that this ash process is relevant installs Android application program in Android device, no longer perform the installation process of this Android application program。
S210: intercept the relevant application program of ash process and install the operation of Android application program in Android device。
In the interception mechanism of this programme, interrupt the connection of ash process and 5037 ports, disconnect with ash process as controlled ADB client terminal, and, no thoroughfare, and the APK file from ash process is sent to Android device by 5037 ports, such as, control ADB service end, forbid sending to Android device the APK file of this ash process。
Another embodiment of the present invention provides a kind of interception and installs the device 400 of Android application program in the terminal, referring to Fig. 4, including port monitor 410, diagnosis apparatus 412 and blocker 414。
Port monitor 410, the predetermined port being suitable to bind mutually with Android debugging bridge ADB instrument in network driver layer is to computer is monitored。This predetermined port is 127.0.0.1:5037 port (5037 port)。ADB client and ADB service end is included referring to Fig. 4, ADB instrument。The process of third party application is set up Socket by ADB client with 5037 ports and is connected, and 5037 ports are bound mutually with ADB service end, and ADB service end is connected with Android device by USB。ADB instrument in computer and 5037 ports can be controlled by device 400。
The present embodiment illustrates for mobile terminal for Android device (terminal such as Android mobile phone or other support Android system)。
Diagnosis apparatus 412 is suitable to when the process monitoring in computer is connected with mobile terminal (Android device) foundation by ADB instrument, it is judged that whether process is ash process;And, if judging, process is ash process, when knowing that the application program that ash process is relevant to pass through ADB instrument to Android device installation Android application program, it may be judged whether the application program allowing this ash process relevant installs Android application program in Android device。Concrete, it is judged that device 412, when monitoring the installation instruction that ash process sends Android application program to predetermined port, knows that the application program that ash process is relevant to install Android application program by ADB instrument to Android device;Android installation kit APK file is sent to predetermined port when monitoring ash process, obtain this APK file and this APK file is scanned, when scanning result indicates APK file safe, judge to allow the application program that this ash process is relevant that Android application program is installed in Android device, otherwise, it is judged that the application program not allowing this ash process relevant installs Android application program in Android device。
Diagnosis apparatus 412 is when performing the scanning to APK file, concrete performing following operation: extract the various information of APK file, these information are including, but not limited to the instruction (or character string) in installation kit title, version number, digital signature, the feature of Android assembly receptor (receiver), the feature of Android Component service (service), Android the assembly movable feature of (activity), executable file and/or the MD5 value (can also be SHA1 value) of each file under APK catalogue;Then, the information extracted is sent to the server side being provided with security identification storehouse, so that server side utilizes the characteristic information in security identification storehouse that the information of APK file is scanned;Receive the scanning result that the APK file that issues of server side is corresponding, thus knowing scanning result。Wherein, in server side, will determine that the information of APK file that device reports is compared with the characteristic information of the Malware in security identification storehouse, as long as there being an information hit, then this APK file is not just safe file。Preferably, above-mentioned security identification storehouse can be cloud killing engine。
Ash process is all processes outside default white and black list, the present embodiment also utilizes default white and black list dialogue process and black process to be identified, concrete, diagnosis apparatus 412 is further adapted for when the process monitoring in computer is connected with Android device foundation by ADB instrument, the type of judgement process is the white process being arranged in white list, then blocker 414 is further adapted for allowing all operations that Android device is performed by the application program that this white process is relevant。
And, diagnosis apparatus 412 is further adapted for when the process monitoring in computer is connected with Android device foundation by ADB instrument, the type of judgement process is the black process being arranged in blacklist, then blocker 414 is further adapted for immediately the application program that this black process is relevant being intercepted, and forbids that Android device is performed any operation by the application program that black process is relevant。
Further, due to by the packet of 5037 port transmission except with the packet of Android device communication except, will also include other kinds of packet, in order to avoid intercepting other normal programs, ensure the properly functioning of other programs, in the present embodiment, it is judged that device 412 is further adapted for before judging that whether process is ash process, it is judged that whether process is the process supporting ADB agreement, it is then, continue executing with the operation judging that whether process is ash process, otherwise, it is allowed to the operation of process。Concrete, it is judged that device 412 judges whether the form of the packet that process sends to predetermined port and data content meet ADB agreement, if meeting, then process is support the process of ADB agreement, if being unsatisfactory for, then process is not the process of support ADB agreement。
Further, the present embodiment by diagnosis apparatus 412 according to above-mentioned decision logic to whether allowing process to Android device being installed after Android application program judges, final court verdict is made in the selection herein in connection with user。Such as, it is judged that information shown by device 412 in user interface pop-up box, whether this information includes the relevant icon of application program of ash process, title, application describe, the instruction information of advertising program or rogue program and/or processing mode information;Receive the selection instruction that user is sent by user interface pop-up box;When the application program selecting instruction instruction to allow ash process relevant, judge to allow the application program that this ash process is relevant that Android application program is installed in Android device, when selecting instruction instruction to forbid the application program that ash process is correlated with, it is judged that forbid that the application program that this ash process is relevant installs Android application program in Android device。
For the interception of ash process, blocker 414, when the application program not allowing ash process to be correlated with is to installation Android application program in Android device, intercepts the relevant application program of ash process and installs the operation of Android application program in Android device。Such as, blocker 414 interrupts the connection of ash process and predetermined port, and no thoroughfare, and the APK file from ash process is sent to Android device by predetermined port。For the interception of white process and black process, referring to the description of related content above。
In apparatus of the present invention embodiment, the specific works mode of each device may refer to the embodiment of the method for the present invention, does not repeat them here。
From the above mentioned, the embodiment of the present invention is by the monitoring to the predetermined port bound mutually with ADB instrument, learn and set up, with ADB instrument, all processes being connected, filter out ash process therein and the application program that ash process is relevant is installed, in mobile terminal, the technological means that the authority of Android application program judges, solve the problem that in prior art, third party's program causes with set up applications in purpose mobile terminal, the third party's program utilizing ADB instrument and Android mutual can be carried out effective monitoring, and the authority of third party's program is controlled by process type and decision logic, thus having ensured the safety of information in mobile terminal, convenient for users。
Not intrinsic to any certain computer, virtual system or miscellaneous equipment relevant in algorithm and the display of this offer。Various general-purpose systems can also with use based on together with this teaching。As described above, the structure constructed required by this kind of system is apparent from。Additionally, the present invention is also not for any certain programmed language。It is understood that, it is possible to utilize various programming language to realize the content of invention described herein, and the description above language-specific done is the preferred forms in order to disclose the present invention。
In description mentioned herein, describe a large amount of detail。It is to be appreciated, however, that embodiments of the invention can be put into practice when not having these details。In some instances, known method, structure and technology it are not shown specifically, in order to do not obscure the understanding of this description。
Similarly, it is to be understood that, one or more in order to what simplify that the disclosure helping understands in each inventive aspect, herein above in the description of the exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or descriptions thereof sometimes。But, the method for the disclosure should be construed to and reflect an intention that namely the present invention for required protection requires feature more more than the feature being expressly recited in each claim。More precisely, as the following claims reflect, inventive aspect is in that all features less than single embodiment disclosed above。Therefore, it then follows claims of detailed description of the invention are thus expressly incorporated in this detailed description of the invention, wherein each claim itself as the independent embodiment of the present invention。
Those skilled in the art are appreciated that, it is possible to carry out the module in the equipment in embodiment adaptively changing and they being arranged in one or more equipment different from this embodiment。Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition。Except at least some in such feature and/or process or unit excludes each other, it is possible to adopt any combination that all processes or the unit of all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment are combined。Unless expressly stated otherwise, each feature disclosed in this specification (including adjoint claim, summary and accompanying drawing) can be replaced by the alternative features providing purpose identical, equivalent or similar。
In addition, those skilled in the art it will be appreciated that, although embodiments more described herein include some feature included in other embodiments rather than further feature, but the combination of the feature of different embodiment means to be within the scope of the present invention and form different embodiments。Such as, in the following claims, the one of any of embodiment required for protection can mode use in any combination。
The all parts embodiment of the present invention can realize with hardware, or realizes with the software module run on one or more processor, or realizes with their combination。It will be understood by those of skill in the art that microprocessor or digital signal processor (DSP) can be used in practice to realize interception according to embodiments of the present invention installs the some or all functions of the some or all parts in the device of Android application program in the terminal。The present invention is also implemented as part or all the equipment for performing method as described herein or device program (such as, computer program and computer program)。The program of such present invention of realization can store on a computer-readable medium, or can have the form of one or more signal。Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form。
The present invention will be described rather than limits the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment without departing from the scope of the appended claims。In the claims, any reference marks that should not will be located between bracket is configured to limitations on claims。Word " comprises " and does not exclude the presence of the element or step not arranged in the claims。Word "a" or "an" before being positioned at element does not exclude the presence of multiple such element。The present invention by means of including the hardware of some different elements and can realize by means of properly programmed computer。In the unit claim listing some devices, several in these devices can be through same hardware branch and specifically embody。Word first, second and third use do not indicate that any order。Can be title by these word explanations。
A kind of method that embodiments of the invention disclose A1, Android application program is installed in interception in the terminal, including: the predetermined port bound mutually with Android debugging bridge ADB instrument in network driver layer is to computer is monitored;When the process monitored in computer is connected with mobile terminal foundation by ADB instrument, it is judged that whether described process is ash process;If judging, described process is ash process, when knowing that the application program that described ash process is relevant to pass through ADB instrument to mobile terminal installation Android application program, it may be judged whether the application program allowing this ash process relevant installs Android application program in mobile terminal;When the application program not allowing described ash process to be correlated with is to installation Android application program in mobile terminal, intercepts described ash process relevant application program and the operation of Android application program is installed in mobile terminal。A2, method according to claim A1, wherein, described method also includes: when the process monitored in computer is connected with mobile terminal foundation by ADB instrument, if the type judging described process is the white process being arranged in white list, then all operations that mobile terminal is performed by the application program allowing this white process relevant;If the type judging described process is the black process being arranged in blacklist, then immediately the application program that this black process is relevant is intercepted, forbid that mobile terminal is performed any operation and shows that in user interface pop-up box the application program to this black process is relevant intercepts successful information by the application program that described black process is relevant。A3, method according to claim A1 or A2, wherein, before judging that whether described process is ash process, described method also includes: judge whether described process is the process supporting ADB agreement, it is then, continue executing with the operation judging that whether described process is ash process, otherwise, it is allowed to the operation of described process。A4, method according to claim A3, wherein, described judge that whether described process is that the process supporting ADB agreement includes: judge whether the form of the packet that described process sends to described predetermined port and data content meet ADB agreement, if meeting, then described process is support the process of ADB agreement, if being unsatisfactory for, then described process is not the process supporting ADB agreement。A5, method according to claim A3, wherein, described when knowing that the application program that described ash process is relevant to pass through ADB instrument to mobile terminal installation Android application program, determine whether that the application program that this ash process is relevant is installed Android application program in mobile terminal and included: when monitoring the installation instruction that described ash process sends Android application program to described predetermined port, know that the application program that described ash process is relevant to install Android application program by ADB instrument to mobile terminal;Android installation kit APK file is sent to described predetermined port when monitoring described ash process, obtain this APK file and this APK file is scanned, when scanning result indicates APK file safe, judge to allow the application program that this ash process is relevant that Android application program is installed in mobile terminal, otherwise, it is judged that the application program not allowing this ash process relevant installs Android application program in mobile terminal。A6, method according to claim A5, wherein, described it is scanned including to this APK file: extract the instruction in the movable feature of the installation kit title of described APK file, version number, digital signature, the feature of Android assembly receptor, the feature of Android Component service, Android assembly, executable file and/or the Message Digest Algorithm 5 MD5 value of each file under APK catalogue;The information extracted is sent to the server side being provided with security identification storehouse, so that server side utilizes the characteristic information in security identification storehouse that the information of described APK file is scanned;Receive the scanning result that the described APK file that issues of server side is corresponding。A7, method according to claim A1, wherein, described when knowing that the application program that described ash process is relevant to pass through ADB instrument to mobile terminal installation Android application program, determine whether that the application program that this ash process is relevant is installed Android application program in mobile terminal and included: in user interface pop-up box, show that information, described information include instruction information and/or the processing mode information of the relevant icon of application program of described ash process, title, application description, whether advertising program or rogue program;Receive the selection instruction that user is sent by described user interface pop-up box;When the application program that described selection instruction instruction allows described ash process to be correlated with, judge to allow the application program that this ash process is relevant that Android application program is installed in mobile terminal, when the application program that described ash process is correlated with is forbidden in described selection instruction instruction, it is judged that forbid that the application program that this ash process is relevant installs Android application program in mobile terminal。A8, method according to claim A1, wherein, the application program that described interception described ash process is relevant is installed the operation of Android application program in mobile terminal and is included: interrupt the connection of described ash process and described predetermined port, and no thoroughfare, and the APK file from described ash process is sent to mobile terminal by described predetermined port。The device of Android application program is installed in A9, a kind of interception in the terminal, including port monitor, is suitable to debug with Android in network driver layer is to computer the predetermined port that bridge ADB instrument binds mutually and is monitored;Diagnosis apparatus, is suitable to when the process monitoring in computer is connected with mobile terminal foundation by ADB instrument, it is judged that whether described process is ash process;And, if judging, described process is ash process, when knowing that the application program that described ash process is relevant to pass through ADB instrument to mobile terminal installation Android application program, it may be judged whether the application program allowing this ash process relevant installs Android application program in mobile terminal;Blocker, is suitable to when the application program not allowing described ash process to be correlated with is to installation Android application program in mobile terminal, intercepts the relevant application program of described ash process and installs the operation of Android application program in mobile terminal。A10, device according to claim A9, wherein, described diagnosis apparatus, it is further adapted for when the process monitoring in computer is connected with mobile terminal foundation by ADB instrument, the type judging described process is the white process in white list, then described blocker, is further adapted for all operations allowing the application program that this white process is relevant that mobile terminal is performed;And described diagnosis apparatus, it is further adapted for when the process monitoring in computer is connected with mobile terminal foundation by ADB instrument, the type judging described process is the black process in blacklist, then described blocker, it is further adapted for the application program to this black process is relevant to intercept, forbids that mobile terminal is performed any operation and shows that in user interface pop-up box the application program to this black process is relevant intercepts successful information by the application program that described black process is relevant。A11, device according to claim A9 or A10, wherein, described diagnosis apparatus, it is further adapted for before judging that whether described process is ash process, judge that whether described process is the process supporting ADB agreement, be then, continue executing with the operation judging that whether described process is grey process, otherwise, it is allowed to the operation of described process。A12, device according to claim A11, wherein, described diagnosis apparatus, be suitable to judge whether form and the data content of the packet that described process sends to described predetermined port meet ADB agreement, if meeting, then described process is support the process of ADB agreement, if being unsatisfactory for, then described process is not the process supporting ADB agreement。A13, device according to claim A11, wherein, described diagnosis apparatus, is suitable to when monitoring the installation instruction that described ash process sends Android application program to described predetermined port, knows that the application program that described ash process is relevant to install Android application program by ADB instrument to mobile terminal;Android installation kit APK file is sent to described predetermined port when monitoring described ash process, obtain this APK file and this APK file is scanned, when scanning result indicates APK file safe, judge to allow the application program that this ash process is relevant that Android application program is installed in mobile terminal, otherwise, it is judged that the application program not allowing this ash process relevant installs Android application program in mobile terminal。A14, device according to claim A9, wherein, described diagnosis apparatus, is suitable to obtain described scanning result in the following way: extract the instruction in the movable feature of the installation kit title of described APK file, version number, digital signature, the feature of Android assembly receptor, the feature of Android Component service, Android assembly, executable file and/or the MD5 value of each file under APK catalogue;The information extracted is sent to the server side being provided with security identification storehouse, so that server side utilizes the characteristic information in security identification storehouse that the information of described APK file is scanned;Receive the scanning result that the described APK file that issues of server side is corresponding。A15, device according to claim A9, wherein, described diagnosis apparatus is suitable in user interface pop-up box displaying information, and whether described information includes the relevant icon of application program of described ash process, title, application describe, the instruction information of advertising program or rogue program and/or processing mode information;Receive the selection instruction that user is sent by described user interface pop-up box;When the application program that described selection instruction instruction allows described ash process to be correlated with, judge to allow the application program that this ash process is relevant that Android application program is installed in mobile terminal, when the application program that described ash process is correlated with is forbidden in described selection instruction instruction, it is judged that forbid that the application program that this ash process is relevant installs Android application program in mobile terminal。A16, device according to claim A9, wherein, described blocker, be suitable to the connection interrupting described ash process with described predetermined port, no thoroughfare, and the APK file from described ash process is sent to mobile terminal by described predetermined port。

Claims (14)

1. intercept the method installing Android application program in the terminal, including:
The predetermined port bound mutually with Android debugging bridge ADB instrument in network driver layer is to computer is monitored;
When the process monitored in computer is connected with mobile terminal foundation by ADB instrument, it is judged that whether described process is ash process;
If judging, described process is ash process, when knowing that the application program that described ash process is relevant to pass through ADB instrument to mobile terminal installation Android application program, determine whether that the application program that this ash process is relevant installs Android application program in mobile terminal, including: when monitoring the installation instruction that described ash process sends Android application program to described predetermined port, know that the application program that described ash process is relevant to install Android application program by ADB instrument to mobile terminal;Android installation kit APK file is sent to described predetermined port when monitoring described ash process, obtain this APK file and this APK file is scanned, when scanning result indicates APK file safe, judge to allow the application program that this ash process is relevant that Android application program is installed in mobile terminal, otherwise, it is judged that the application program not allowing this ash process relevant installs Android application program in mobile terminal;
When the application program not allowing described ash process to be correlated with is to installation Android application program in mobile terminal, intercepts described ash process relevant application program and the operation of Android application program is installed in mobile terminal。
2. method according to claim 1, wherein, described method also includes:
When the process monitored in computer is set up by ADB instrument and mobile terminal and to be connected, if judging, the type of described process is the white process being arranged in white list, then allow all operations that mobile terminal is performed by the application program that this white process is correlated with;
If the type judging described process is the black process being arranged in blacklist, then immediately the application program that this black process is relevant is intercepted, forbid that mobile terminal is performed any operation and shows that in user interface pop-up box the application program to this black process is relevant intercepts successful information by the application program that described black process is relevant。
3. method according to claim 1 and 2, wherein, before judging that whether described process is ash process, described method also includes:
Judge that whether described process is the process supporting ADB agreement, be then, continue executing with the operation judging that whether described process is grey process, otherwise, it is allowed to the operation of described process。
4. method according to claim 3, wherein, described judges that whether described process is that the process supporting ADB agreement includes:
Judging whether form and the data content of the packet that described process sends to described predetermined port meet ADB agreement, if meeting, then described process is support the process of ADB agreement, if being unsatisfactory for, then described process is not the process supporting ADB agreement。
5. method according to claim 1, wherein, described is scanned including to this APK file:
Extract the instruction in the movable feature of the installation kit title of described APK file, version number, digital signature, the feature of Android assembly receptor, the feature of Android Component service, Android assembly, executable file and/or the Message Digest Algorithm 5 MD5 value of each file under APK catalogue;
The information extracted is sent to the server side being provided with security identification storehouse, so that server side utilizes the characteristic information in security identification storehouse that the information of described APK file is scanned;
Receive the scanning result that the described APK file that issues of server side is corresponding。
6. method according to claim 1, wherein, described when knowing that the application program that described ash process is relevant to pass through ADB instrument to mobile terminal installation Android application program, it may be judged whether the application program allowing this ash process relevant is installed Android application program in mobile terminal and included:
Showing information in user interface pop-up box, whether described information includes the relevant icon of application program of described ash process, title, application describe, the instruction information of advertising program or rogue program and/or processing mode information;
Receive the selection instruction that user is sent by described user interface pop-up box;
When the application program that described selection instruction instruction allows described ash process to be correlated with, judge to allow the application program that this ash process is relevant that Android application program is installed in mobile terminal, when the application program that described ash process is correlated with is forbidden in described selection instruction instruction, it is judged that forbid that the application program that this ash process is relevant installs Android application program in mobile terminal。
7. method according to claim 1, wherein, the application program that described interception described ash process is relevant is installed the operation of Android application program in mobile terminal and is included:
Interrupting the connection of described ash process and described predetermined port, no thoroughfare, and the APK file from described ash process is sent to mobile terminal by described predetermined port。
8. intercept the device installing Android application program in the terminal, including:
Port monitor, the predetermined port being suitable to bind mutually with Android debugging bridge ADB instrument in network driver layer is to computer is monitored;
Diagnosis apparatus, is suitable to when the process monitoring in computer is connected with mobile terminal foundation by ADB instrument, it is judged that whether described process is ash process;And, if judging, described process is ash process, when knowing that the application program that described ash process is relevant to pass through ADB instrument to mobile terminal installation Android application program, it may be judged whether the application program allowing this ash process relevant installs Android application program in mobile terminal;Specifically, be suitable to when monitoring the installation instruction that described ash process sends Android application program to described predetermined port, know that the application program that described ash process is relevant to install Android application program by ADB instrument to mobile terminal;Android installation kit APK file is sent to described predetermined port when monitoring described ash process, obtain this APK file and this APK file is scanned, when scanning result indicates APK file safe, judge to allow the application program that this ash process is relevant that Android application program is installed in mobile terminal, otherwise, it is judged that the application program not allowing this ash process relevant installs Android application program in mobile terminal;
Blocker, is suitable to when the application program not allowing described ash process to be correlated with is to installation Android application program in mobile terminal, intercepts the relevant application program of described ash process and installs the operation of Android application program in mobile terminal。
9. device according to claim 8, wherein,
Described diagnosis apparatus, it is further adapted for when the process monitoring in computer is connected with mobile terminal foundation by ADB instrument, the type judging described process is the white process in white list, then described blocker, is further adapted for all operations allowing the application program that this white process is relevant that mobile terminal is performed;And
Described diagnosis apparatus, it is further adapted for when the process monitoring in computer is connected with mobile terminal foundation by ADB instrument, the type judging described process is the black process in blacklist, then described blocker, it is further adapted for the application program to this black process is relevant to intercept, forbids that mobile terminal is performed any operation and shows that in user interface pop-up box the application program to this black process is relevant intercepts successful information by the application program that described black process is relevant。
10. require the device described in 8 or 9 according to claims, wherein,
Described diagnosis apparatus, was further adapted for before judging that whether described process is ash process, it is judged that whether described process is the process supporting ADB agreement, is then, continued executing with the operation judging that whether described process is grey process, otherwise, it is allowed to the operation of described process。
11. require the device described in 10 according to claims, wherein,
Described diagnosis apparatus, being suitable to judge whether form and the data content of the packet that described process sends to described predetermined port meet ADB agreement, if meeting, then described process is support the process of ADB agreement, if being unsatisfactory for, then described process is not the process supporting ADB agreement。
12. device according to claim 8, wherein,
Described diagnosis apparatus, is suitable to obtain described scanning result in the following way: extract the instruction in the movable feature of the installation kit title of described APK file, version number, digital signature, the feature of Android assembly receptor, the feature of Android Component service, Android assembly, executable file and/or the MD5 value of each file under APK catalogue;The information extracted is sent to the server side being provided with security identification storehouse, so that server side utilizes the characteristic information in security identification storehouse that the information of described APK file is scanned;Receive the scanning result that the described APK file that issues of server side is corresponding。
13. device according to claim 8, wherein,
Described diagnosis apparatus is suitable in user interface pop-up box displaying information, and whether described information includes the relevant icon of application program of described ash process, title, application describe, the instruction information of advertising program or rogue program and/or processing mode information;Receive the selection instruction that user is sent by described user interface pop-up box;When the application program that described selection instruction instruction allows described ash process to be correlated with, judge to allow the application program that this ash process is relevant that Android application program is installed in mobile terminal, when the application program that described ash process is correlated with is forbidden in described selection instruction instruction, it is judged that forbid that the application program that this ash process is relevant installs Android application program in mobile terminal。
14. device according to claim 8, wherein, described blocker, be suitable to when the application program not allowing described ash process to be correlated with is to installation Android application program in mobile terminal, interrupting the connection of described ash process and described predetermined port, no thoroughfare, and the APK file from described ash process is sent to mobile terminal by described predetermined port。
CN201310226610.9A 2013-06-07 2013-06-07 Intercept the method and apparatus installing Android application program in the terminal CN103279706B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310226610.9A CN103279706B (en) 2013-06-07 2013-06-07 Intercept the method and apparatus installing Android application program in the terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310226610.9A CN103279706B (en) 2013-06-07 2013-06-07 Intercept the method and apparatus installing Android application program in the terminal

Publications (2)

Publication Number Publication Date
CN103279706A CN103279706A (en) 2013-09-04
CN103279706B true CN103279706B (en) 2016-06-22

Family

ID=49062221

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310226610.9A CN103279706B (en) 2013-06-07 2013-06-07 Intercept the method and apparatus installing Android application program in the terminal

Country Status (1)

Country Link
CN (1) CN103279706B (en)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103744686B (en) * 2013-10-18 2017-03-08 聚好看科技股份有限公司 Control method and the system of installation is applied in intelligent terminal
CN103593212A (en) * 2013-11-01 2014-02-19 小米科技有限责任公司 Method and device for installing application and apparatus
CN103617387B (en) * 2013-11-25 2016-12-14 北京奇虎科技有限公司 A kind of method and device preventing automatic set up applications
CN104683996B (en) * 2013-11-29 2018-07-24 中国移动通信集团公司 A kind of mobile application security management-control method and equipment
CN103646215A (en) * 2013-12-23 2014-03-19 北京奇虎科技有限公司 Application installation control method, related system and related device
CN104750458A (en) * 2013-12-26 2015-07-01 三亚中兴软件有限责任公司 Control method, control device, monitoring processing method and monitoring processing device for terminal application
CN103914423B (en) * 2014-03-14 2018-07-03 联想(北京)有限公司 A kind of information processing method and electronic equipment
CN105204884A (en) * 2014-06-27 2015-12-30 联想(北京)有限公司 Information processing method and electronic equipment
CN104239106B (en) * 2014-09-22 2018-08-07 联想(北京)有限公司 A kind of information processing method and electronic equipment
CN104375831B (en) * 2014-11-06 2018-04-20 北京奇虎科技有限公司 Realize the methods, devices and systems of the webpage and inter-application communication on terminal device
CN104462952B (en) * 2014-12-31 2017-11-10 北京奇虎科技有限公司 A kind of method and device forbidden using self-starting
CN105005494A (en) * 2015-08-28 2015-10-28 广东欧珀移动通信有限公司 Method and system for preventing silently installing application
CN105678161A (en) * 2015-12-23 2016-06-15 北京奇虎科技有限公司 Installation monitoring method and apparatus of applications
CN106919413A (en) * 2015-12-25 2017-07-04 北京奇虎科技有限公司 A kind of method and apparatus that application APP is called by webpage
CN107026764B (en) * 2016-02-02 2020-01-14 腾讯科技(深圳)有限公司 Remote debugging method, device, server and system
CN106055357A (en) * 2016-05-26 2016-10-26 北京小米移动软件有限公司 Application installation method and device
CN105975320B (en) * 2016-05-26 2020-03-17 宇龙计算机通信科技(深圳)有限公司 Method and device for forbidding installation of third-party application and terminal
CN106022106A (en) * 2016-05-30 2016-10-12 努比亚技术有限公司 Application installation method and device and terminal
CN107798240B (en) * 2016-09-07 2019-10-18 武汉安天信息技术有限责任公司 A kind of method and device operating mobile device for monitoring the end PC
CN106534342B (en) * 2016-12-07 2019-09-17 腾讯科技(深圳)有限公司 Connect control method, host and system
CN106648783A (en) * 2016-12-27 2017-05-10 北京奇虎科技有限公司 Method and device for installing application program and mobile terminal
CN108280343B (en) * 2017-01-06 2021-04-09 阿里巴巴(中国)有限公司 Method, device and system for detecting application security in android environment
CN107678912B (en) * 2017-09-12 2020-09-22 上海展扬通信技术有限公司 Application program monitoring method and monitoring system based on intelligent terminal
CN108255677A (en) * 2018-01-16 2018-07-06 中电福富信息科技有限公司 The vehicle-mounted vehicle device of car networking and Android device communication means and its device
CN110969815A (en) * 2018-09-28 2020-04-07 北京国双科技有限公司 Alarm method and device based on android device
CN109992430A (en) * 2019-02-28 2019-07-09 维沃移动通信有限公司 A kind of data transmission method, first terminal and second terminal

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102063588A (en) * 2010-12-15 2011-05-18 北京北信源软件股份有限公司 Control method and system for safety protection of computer terminal network
CN102254113A (en) * 2011-06-27 2011-11-23 深圳市安之天信息技术有限公司 Method and system for detecting and intercepting malicious code of mobile terminal
CN102663285A (en) * 2012-03-21 2012-09-12 奇智软件(北京)有限公司 Extracting method and extracting device for APK (android package) virus characteristic code
CN102779257A (en) * 2012-06-28 2012-11-14 奇智软件(北京)有限公司 Security detection method and system of Android application program

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130067577A1 (en) * 2011-09-14 2013-03-14 F-Secure Corporation Malware scanning

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102063588A (en) * 2010-12-15 2011-05-18 北京北信源软件股份有限公司 Control method and system for safety protection of computer terminal network
CN102254113A (en) * 2011-06-27 2011-11-23 深圳市安之天信息技术有限公司 Method and system for detecting and intercepting malicious code of mobile terminal
CN102663285A (en) * 2012-03-21 2012-09-12 奇智软件(北京)有限公司 Extracting method and extracting device for APK (android package) virus characteristic code
CN102779257A (en) * 2012-06-28 2012-11-14 奇智软件(北京)有限公司 Security detection method and system of Android application program

Also Published As

Publication number Publication date
CN103279706A (en) 2013-09-04

Similar Documents

Publication Publication Date Title
US9996697B2 (en) Methods and systems for blocking the installation of an application to improve the functioning of a mobile communications device
US10198574B1 (en) System and method for analysis of a memory dump associated with a potentially malicious content suspect
US10025927B1 (en) Malicious content analysis with multi-version application support within single operating environment
US10152594B2 (en) Method and device for identifying virus APK
US9306974B1 (en) System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits
US10169585B1 (en) System and methods for advanced malware detection through placement of transition events
EP3014513B1 (en) System and method for detecting time-bomb malware
Spreitzenbarth et al. Mobile-Sandbox: combining static and dynamic analysis with machine-learning techniques
US10235524B2 (en) Methods and apparatus for identifying and removing malicious applications
US9563749B2 (en) Comparing applications and assessing differences
US10419499B2 (en) Method and system for application security evaluation
US20170147810A1 (en) Determining source of side-loaded software using signature of authorship
US10075455B2 (en) Zero-day rotating guest image profile
Zhou et al. Dissecting android malware: Characterization and evolution
Wang et al. Unauthorized origin crossing on mobile platforms: Threats and mitigation
Batyuk et al. Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications
US10038711B1 (en) Penetration testing of a networked system
EP2839406B1 (en) Detection and prevention of installation of malicious mobile applications
CN102830992B (en) Plug-in loading method and system
US9235704B2 (en) System and method for a scanning API
Felt et al. Phishing on mobile devices
JP5518829B2 (en) Apparatus and method for detecting and managing unauthenticated executable instructions on a wireless device
US9245114B2 (en) Method and system for automatic detection and analysis of malware
EP3014514B1 (en) Zero-day discovery system
US9294500B2 (en) System and method for creating and applying categorization-based policy to secure a mobile communications device from access to certain data objects

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant