CN103309808A - Label-based black box detection method and system for privacy disclosure of Android user - Google Patents
Label-based black box detection method and system for privacy disclosure of Android user Download PDFInfo
- Publication number
- CN103309808A CN103309808A CN2013102340431A CN201310234043A CN103309808A CN 103309808 A CN103309808 A CN 103309808A CN 2013102340431 A CN2013102340431 A CN 2013102340431A CN 201310234043 A CN201310234043 A CN 201310234043A CN 103309808 A CN103309808 A CN 103309808A
- Authority
- CN
- China
- Prior art keywords
- android
- label
- privacy
- application program
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Telephone Function (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention relates to a label-based black box detection method and system for privacy disclosure of an Android user. The detection steps are as follows: 1), user privacy data are created for an Android user terminal and category labels are added to the user privacy data; 2), at least one to-be-detected application program is mounted in the Android user terminal and is triggered; 3), the category labels carried in data packets sent by the application program are detected at an network exit of the Internet, a Bluetooth or a short message; and 4), privacy data categories are judged according to category labels carried in the data packets, and results are recorded. Analysis of a large number of orders and stain spreading time is saved, variables in all orders of the application program and intermediate variables during calculation are avoided, and a large amount of memory expenditure is saved at the same time.
Description
Technical field
The present invention relates to the Android user privacy information and detect, relate in particular to a kind of label based on prior setting and whether detect the Android application program with outside method and the implementation system thereof that sends of certain class privacy of user data, belong to the mobile terminal safety field.
Background technology
At present, infotech has entered the mobile Internet epoch, and intelligent mobile terminal is owing to its portability, low cost and other advantages become the main terminal form that the user carries out the disparate networks activity day by day.Compare traditional mobile terminal, intelligent mobile terminal has more high performance processor, larger storage space, higher mobile network data transmittability and open third party's mobile terminal operating system, therefore can carry out a large number of services by intelligent mobile terminal and use, process more individual privacy data.These data, such as conversation and short message, the geographic position, the social networks account, account No., personal identification number, photograph video etc. is all linked up with direct or indirect mode and pecuniary benefit, thereby has attracted numerous assailants' notice, cause privacy to steal class Malware growth rate surprising, show according to the data in net Qin Fabu " whole world mobile phone safety message first half of the year in 2012 ", 17676 sections of mobile phone Malwares are arrived in killing in the first half of the year in 2012, compare to increase by 42% the second half year in 2011, infect 1,283 ten thousand ones of mobile phones, wherein privacy is stolen class and has been occupied 23.2% infection proportion.Be general protection user's privacy and property safety, promote the development of Intelligent mobile equipment, the research of intelligent mobile terminal privacy guard technology has become the common direction of paying close attention to of industrial community and academia.
The data stream Tracing Control is one of important directions of intelligent mobile terminal privacy protection, present data stream Tracing Control scheme is that responsive private data arranges the stain label, process the instruction operation of private data in the monitoring Android application program, set rule and guarantee that the stain label has effect spread in data handling procedure, thereby follow the tracks of the flow direction of private data, until data stream is left the various channels of mobile phone, prevent the unauthorized leakage of private data.Intel laboratory in 2010, the laboratory, Pennsylvania, and the Duke University developed jointly the TaintDroid system that is applied on the Android, and this system has utilized the DVM virtual machine architecture of Android, it carried out lightweight expand to carry out other stain of four levels and follow the trail of; The same year, the researchers such as Georgios have developed Paranoid Android system, utilize virtual machine to record and reproducing process, the Android running status is copied and passes to remote server, detect at server operation checking and killing virus and tainting, privacy compromise and other malicious intrusions behavior are detected.
What yet existing Android data stream was followed the trail of the employing of privacy detection scheme is that the white box of data stream is followed the trail of, need in virtual machine, intercept and capture in real time and analyze the operation of each bar instruction (such as the data plus and minus calculation, the distortion of data character string, data copy etc.), and in system, open up in addition a large amount of internal memories, the stain label of storage and propagation data source and intermediate data could be followed the tracks of private data stream, detects private data.This brings a large amount of performance consumption with regard to limited portable terminal to this kind mode to computational resource, affects the user and experiences.In the intelligent mobile terminal field, also there is not a kind of efficient private data stream method for tracing that need not the Real Time Monitoring instruction at present.Usually in the process of each application program operation, relate to command operating and often have hundred, thousand, ten thousand even the higher order of magnitude, adopt one by one the white box mode of instruction analysis trace data stream, will bring a large amount of time and memory cost.In addition, when many application programs outwards send user's private data, usually just simply read copy and transmission, seldom waste too much working time and computational resource and it is out of shape and encrypts.
Summary of the invention
The object of the invention is to make up a kind of Android privacy of user data black box tracking detection method and system based on label, the mode that adopts black box to follow the trail of fast, be that dissimilar user data arranges the type feature label in the source, application program to be detected is installed subsequently, and automatically trigger the application behavior, data all processing procedures in application program inside are considered as black box, will not interfere.Only in network information exit, the interception based data output detects the packet with label, judges which kind of private data is application program outwards send.
To achieve these goals, the present invention adopts following technical scheme---and the Android privacy of user based on label is revealed the black box detection method, comprises the steps:
1) adds in the described privacy of user data to Android user terminal establishment privacy of user data and with class label;
2) be no less than an application program to be detected and trigger described application program to be detected in the installation of Android user terminal;
3) detect the class label that carries in the outside packet that sends of described application program in the data outlet;
4) judge the private data classification according to the class label that carries in the described packet.
Further, described network egress is one or more in Internet or bluetooth or the short message.
Alternatively, described privacy of user data include but not limited to: contacts list, the application list, content of short message, SD Cavan notebook data, log information, GPS geographical location information, IMEI device number, bluetooth MAC Address, WiFi MAC Address, recently conversation.Perhaps can be defined by the user, can be a large class, such as contacts list, the part associated person information that also can select wherein forms a group.
Alternatively, described class label is set one or more coded strings according to the privacy of user data type.
Further, described application program to be detected is installed by manual or automated manner:
Described manual installation by the testing staff in one of Android terminal manual installation or a collection of application program to be measured and the good application program to be measured of opening installation one by one;
Described Auto-mounting installs by the existing robotization of Android system and/or the instrument of test is connected to the Android user terminal, one of Auto-mounting or a collection of application program to be measured, and the stochastic model user behavior triggers application function automatically.
Alternatively, described Android user terminal is the adjustable intelligent terminal: one or more of mobile phone, panel computer, TV.
Further, at described Internet, bluetooth, the short message network egress detects the outside packet that sends of described application program: the application program to be measured of installing on the Android system is by calling web socket interface function in the Android system core library, the packet that sends to outside Internet address.
Further, described at Internet, bluetooth, the method whether short message network egress detection packet carries label is:
1) is responsible for to Internet at the Android bottom, blueteeth network sends in the interface function of packet, and in the interface function of being responsible for sending SMS message to outside telephone number, by adding modularity function comparison bag sender's identification information, the packet that the application program in intercepting and capturing to be measured batch will send by interface function;
2) class label that takes out all types of user data is gathered, adopt character string comparison mode, detect packet and whether comprise some class label, if this packet character string comprises a class label in certain class user data class label set at least, then this packet has carried such user data.
Further, if packet carries such user data, then record testing result and comprise: according in packet content, entrained class label, class label under classification and Packet Generation time, send the application name of packet.
Further, use Android internal database instrument to create a testing result database and be used for storing described testing result.
The present invention also proposes a kind of Android privacy of user based on label and reveals the black box detection system, comprising:
Be used for the Android user terminal is created the privacy of user data and class label added to the device of described privacy of user data;
Be used at the Android user terminal device that is no less than an application program to be detected and triggers described application program to be detected being installed;
Be used at Internet, bluetooth, the short message network egress detects the device of the class label that carries in the outside packet that sends of described application program;
The class label that is used for carrying according to described packet is judged the private data classification, record result's device;
And type label database and testing result database.
Beneficial effect of the present invention
Method of the present invention is carried out the detection of based on data class label simply to data in the data stream exit, saved the time of a large amount of instruction analysis and tainting, intermediate variable when also having avoided as the variable in all instructions of application program and calculating, and register opens up special memory headroom for stain storage and propagates, and saved a large amount of memory costs.
Description of drawings
Fig. 1 is the inventive method is revealed the black box detection system based on the Android privacy of user of label configuration diagram.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, be understandable that, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those skilled in the art belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.In an embodiment of the present invention, detection method is as follows:
1) creates all types of user private data that carries class label at Android terminal test machine, and deposit class label in the class label database.
2) automatic or manual is installed application program to be measured, and automatic or manual triggers application behavior.
3) at Internet, bluetooth, the short message network egress detects in the outside packet that sends of application program to be measured whether carry label, carries which kind of label.
4) if detect and carry label, testing result is recorded in the testing result database of Android terminal test machine inside.
5) tester can be by checking the testing result database file, or read the testing result that software is checked single or multiple software under testing by the testing result database that is installed on the Android terminal test machine that uses in advance exploitation.
In an embodiment of the present invention, described Android terminal test machine is that operating system is the smart mobile phone of Android, flat board, the adjustable intelligent terminals such as TV.Described application program to be measured comprise on the domestic and international Android application market can for free or pay download towards the Android smart mobile phone, flat board, the application program of TV, and the Android application program that obtains from other channel.
In an embodiment of the present invention, described user data comprises contacts list, the application list, content of short message, SD Cavan notebook data, log information, GPS geographical location information.The granularity of described user data classification can by testing staff's self-defining, as content of short message being considered as a class of subscriber, also can be divided into it three class of subscribers: inbox short message, outbox short message, draft short message.
In an embodiment of the present invention, the described method that creates the privacy of user data carry class label at Android terminal test machine is, rely on Android system to carry application, use in Android market or independently developed Android is used, the user data content that editor carries class label deposits Android terminal test machine in.
Described class label refers to the distinctive one or more feature strings of user data of every kind, and its form can be special phrase, also can be insignificant character combination.
In another embodiment of the present invention, class label is the Contact contact application of utilizing Android system to carry, edit several associated person informations, unified add " #SecretContact# " behind its name of contact person, the contact phone unification is set to " 13333333333 ", { " #SecretContact# ", " 13333333333 " } are as the class label collection of contact data.
In an embodiment of the present invention, described manual installation application program to be measured and triggering application behavior, refer to by the staff one of manual installation or a collection of application program to be measured on Android terminal test machine that participate in detection, the good application program to be measured of opening installation one by one triggers its various application functions as far as possible all sidedly subsequently.
In an embodiment of the present invention, described Auto-mounting application program to be measured and triggering application behavior, refer to the instrument by the more existing robotization Installation And Tests of Android self, write the computer program script, connect Android terminal test machine, one of Auto-mounting or a collection of application program to be measured, and randomness simulation user behavior triggers its various application functions automatically.
In another embodiment of the present invention, the Internet that passes through that needs detection, bluetooth, the packet that the short message network egress outwards sends is the application program to be measured of installing on the Android system, call web socket interface function in the Android system core library, to outside Internet address, Bluetooth address, the data-message bag that telephone number sends.
In an embodiment of the present invention at Internet, bluetooth, the short message network egress detects the method whether packet carry label and is:
1) in Android bottom code file, is responsible for to Internet, blueteeth network sends in the interface function of packet, and in the interface function of being responsible for sending SMS message to outside telephone number, by adding modularity function comparison bag sender's identification information, the packet that the application program in intercepting and capturing to be measured batch will send by interface function;
2) class label that takes out all types of user data is gathered, adopt character string comparison mode, detect packet and whether comprise some class label, if this packet character string comprises a class label in certain class user data class label set at least, then this packet has carried such user data.
Described testing result database way of realization can for but the sqlite data base tool that is not limited only to use Android inside to carry be pre-created.
Be the configuration diagram that the present invention is based on the Android privacy of user leakage black box detection system of label as shown in Figure 1, wherein, this system comprises test front end and test rear end.The test front end is erected on the Android terminal test machine, comprises data outlet monitoring assembly, writes assembly with the testing result database, and type label database and two databases of testing result database.Data outlet monitoring assembly is responsible for tackling network and is sent packet outside, detects it and whether carries the type label that records in the type label database.The testing result database writes assembly, is responsible for writing in the testing result database detecting packet and the relevant information thereof of having carried label.
The test rear end is erected on the computing machine, connects Android terminal test machine by the USB debugging interface, comprises that mainly type label writes assembly, robotization installment and debugging script component, and testing result data reading assembly.Wherein the type label collection writes assembly, provide in the machine type label database of test terminal the in advance function of editor's type label collection of storage to the tester, the testing result database reads assembly, possess from the testing result database of terminal test machine and read, the ability of inquiry and displaying testing result.
The below will provide example of the present invention, and the technical scheme among the present invention is clearly and completely described, and be understandable that, described example only is the present invention's part example, rather than whole embodiment.Based on the embodiment among the present invention, those skilled in the art belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
It is contacts list at the test terminal machine that this example is described the tester, note, IMEI device number, the GPS position, SD Cavan part creates and carries the privacy of user data of class label, and detects a certain application program to the process of the leakage situation of the privacy of user data of these classifications, and is as shown in table 1:
1 tester starts the test terminal machine, and is connected to and can sends on the test computer of instruction it
2 testers are contacts list, note, and the IMEI device number, the GPS position, SD Cavan part creates the privacy of user data of carrying class label:
3 tester's call type labels write assembly the above-mentioned type label are write test terminal machine type label database.
4 tester's invoke script programs are installed a collection of appointment software under testing at the test terminal machine, and automatically trigger their various software actions.
5 in the software action trigger process, the oriented exterior I nternet address transmission data of this batch software bag, and then this packet will be blocked at bottom, detect the type label whether it carries prior setting.If carry, then record advances database.
After 6 automatic triggering shell scripts end were out of service, the tester can check the privacy leak case report of software under testing by start detection result database reading assembly on the test back-end computer.
Table 1
Claims (10)
1. the Android privacy of user based on label is revealed the black box detection method, the steps include:
1) adds in the described privacy of user data to Android user terminal establishment privacy of user data and with class label;
2) be no less than an application program to be detected and trigger described application program to be detected in the installation of Android user terminal;
3) detect the class label that carries in the outside packet that sends of described application program in the data outlet;
4) judge the private data classification according to the class label that carries in the described packet.
2. the Android privacy of user based on label as claimed in claim 1 is revealed the black box detection method, it is characterized in that, described network egress is one or more in Internet or bluetooth or the short message.
3. the Android privacy of user based on label as claimed in claim 1 is revealed the black box detection method, it is characterized in that, described privacy of user data based user be set as: one or more combinations in contacts list, the application list, content of short message, SD Cavan notebook data, log information, GPS geographical location information, OS Type, the IMEI device number.
4. the Android privacy of user based on label as claimed in claim 1 is revealed the black box detection method, it is characterized in that, described class label is set one or more coded strings according to the privacy of user data type.
5. the Android privacy of user based on label as claimed in claim 1 is revealed the black box detection method, it is characterized in that, described application program to be detected is installed by manual or automated manner:
Described manual installation by the testing staff in one of Android terminal manual installation or a collection of application program to be measured and the good application program to be measured of opening installation one by one;
Described Auto-mounting installs by the existing robotization of Android system and/or the instrument of test is connected to the Android user terminal, one of Auto-mounting or a collection of application program to be measured, and the stochastic model user behavior triggers application function automatically.
6. the Android privacy of user based on label as claimed in claim 1 is revealed the black box detection method, it is characterized in that, described Android user terminal is the adjustable intelligent terminal: one or more of mobile phone, panel computer, TV.
7. the Android privacy of user based on label as claimed in claim 2 is revealed the black box detection method, it is characterized in that, detecting the packet that described application program outwards sends at the network egress of described Internet or bluetooth or short message is: the application program to be measured that Android system is installed is by calling the short message transmission interface function of web socket interface function in the Android system core library or frameworks layer, the data-message bag that sends to outside Internet, Bluetooth address and external call.
8. the Android privacy of user based on label as claimed in claim 7 is revealed the black box detection method, it is characterized in that, and is described at Internet, bluetooth, and the method whether short message network egress detection packet carries label is:
1) intercepting and capturing the web socket interface function that called by upper level applications or system component at Android system core library layer will be to outside Internet address or the packet that sends of Bluetooth address; Intercept and capture the short message data bag that the short message transmission interface function that called by upper level applications or system component will send to outside telephone number at the Android system ccf layer;
2) class label that takes out all types of user data is gathered, adopt character string comparison mode, detect packet and whether comprise some class label, if this packet character string comprises a class label in certain class user data class label set at least, then this packet has carried such user data.
9. the Android privacy of user based on label as claimed in claim 7 is revealed the black box detection method, it is characterized in that, if packet carries such user data, then record testing result and comprise: according in packet content, entrained class label, class label under classification and Packet Generation time, send the application name of packet.
10. the Android privacy of user based on label is revealed the black box detection system, comprising:
Be used for the Android user terminal is created the privacy of user data and class label added to the device of described privacy of user data;
Be used at the Android user terminal device that is no less than an application program to be detected and triggers described application program to be detected being installed;
Device for the class label that carries at the outside packet that sends of the described application program of data outlet detection;
The class label that is used for carrying according to described packet is judged the private data classification, record result's device;
And type label database and testing result database.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310234043.1A CN103309808B (en) | 2013-06-13 | 2013-06-13 | Based on privacy disclosure of Android user black box detection method and the system of label |
| PCT/CN2014/077139 WO2014198171A1 (en) | 2013-06-13 | 2014-05-09 | Label based black box testing method and system for android user privacy leaks |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310234043.1A CN103309808B (en) | 2013-06-13 | 2013-06-13 | Based on privacy disclosure of Android user black box detection method and the system of label |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103309808A true CN103309808A (en) | 2013-09-18 |
| CN103309808B CN103309808B (en) | 2016-06-15 |
Family
ID=49135055
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310234043.1A Expired - Fee Related CN103309808B (en) | 2013-06-13 | 2013-06-13 | Based on privacy disclosure of Android user black box detection method and the system of label |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103309808B (en) |
| WO (1) | WO2014198171A1 (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014198171A1 (en) * | 2013-06-13 | 2014-12-18 | 华为技术有限公司 | Label based black box testing method and system for android user privacy leaks |
| CN104579831A (en) * | 2014-12-26 | 2015-04-29 | 北京网秦天下科技有限公司 | Data transmission processing method and device |
| WO2015067170A1 (en) * | 2013-11-06 | 2015-05-14 | 中国银联股份有限公司 | Method and system for analyzing android application program |
| CN105069374A (en) * | 2015-08-06 | 2015-11-18 | 上海斐讯数据通信技术有限公司 | Private data intercepting protection method and system |
| CN105335593A (en) * | 2014-06-27 | 2016-02-17 | 阿里巴巴集团控股有限公司 | Method and device for detecting significance of variables in black box model |
| CN105354118A (en) * | 2015-10-27 | 2016-02-24 | 广东欧珀移动通信有限公司 | Method, apparatus and system for automatically testing intelligent terminal |
| CN105721477A (en) * | 2016-02-25 | 2016-06-29 | 上海斐讯数据通信技术有限公司 | IPTABLES-based privacy leak control method and system for mobile terminal |
| CN105827644A (en) * | 2016-05-17 | 2016-08-03 | 努比亚技术有限公司 | Method and terminal for processing cipher information |
| CN103984900B (en) * | 2014-05-19 | 2017-03-01 | 南京赛宁信息技术有限公司 | Android application leak detection method and system |
| CN106778255A (en) * | 2016-11-24 | 2017-05-31 | 工业和信息化部电信研究院 | Credible performing environment isolation detection method and device based on internal memory traversal |
| CN106803028A (en) * | 2017-01-18 | 2017-06-06 | 西安电子科技大学 | A kind of method for preventing Android mobile phone short message verification code to be stolen |
| US9721094B2 (en) | 2015-05-20 | 2017-08-01 | International Business Machines Corporation | Determining privacy leaks |
| CN107038372A (en) * | 2016-11-14 | 2017-08-11 | 平安科技(深圳)有限公司 | Leaking data interface detection method and device |
| CN110737887A (en) * | 2019-10-22 | 2020-01-31 | 厦门美图之家科技有限公司 | Malicious code detection method and device, electronic equipment and storage medium |
| CN111382424A (en) * | 2018-12-27 | 2020-07-07 | 全球能源互联网研究院有限公司 | Mobile application sensitive behavior detection method and system based on controlled environment |
| CN111818492A (en) * | 2020-05-20 | 2020-10-23 | 上海橙群微电子有限公司 | Bluetooth beacon and data transmission method and readable storage medium thereof |
| CN111967047A (en) * | 2020-08-18 | 2020-11-20 | 中国银行股份有限公司 | Personal information protection method, device and system based on big data matching |
| CN112182581A (en) * | 2020-09-24 | 2021-01-05 | 百度在线网络技术(北京)有限公司 | Application testing method and device, application testing equipment and storage medium |
| CN112417506A (en) * | 2020-11-26 | 2021-02-26 | 北京指掌易科技有限公司 | Private data monitoring method and device, electronic equipment and storage medium |
| CN112487415A (en) * | 2020-12-09 | 2021-03-12 | 华控清交信息科技(北京)有限公司 | Method and device for detecting safety of computing task |
| CN113535539A (en) * | 2020-04-22 | 2021-10-22 | 网易(杭州)网络有限公司 | Debugging method, device, equipment and storage medium in game editing |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101610396A (en) * | 2008-06-16 | 2009-12-23 | 北京智安邦科技有限公司 | Intellective video monitoring device module and system and method for supervising thereof with secret protection |
| WO2011001304A1 (en) * | 2009-06-30 | 2011-01-06 | Nokia Corporation | A method and an apparatus for tracing software |
| CN102413221A (en) * | 2011-11-24 | 2012-04-11 | 中兴通讯股份有限公司 | Method for protecting privacy information and mobile terminal |
| CN102810143A (en) * | 2012-04-28 | 2012-12-05 | 天津大学 | Safety detecting system and method based on mobile phone application program of Android platform |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103309808B (en) * | 2013-06-13 | 2016-06-15 | 华为技术有限公司 | Based on privacy disclosure of Android user black box detection method and the system of label |
| CN103327183B (en) * | 2013-06-13 | 2015-05-20 | 中国科学院信息工程研究所 | Black box protecting method and system for private data of Android user based on tag |
| CN103729595B (en) * | 2014-01-02 | 2016-08-17 | 东南大学 | A kind of Android application program private data leakage off-line checking method |
-
2013
- 2013-06-13 CN CN201310234043.1A patent/CN103309808B/en not_active Expired - Fee Related
-
2014
- 2014-05-09 WO PCT/CN2014/077139 patent/WO2014198171A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101610396A (en) * | 2008-06-16 | 2009-12-23 | 北京智安邦科技有限公司 | Intellective video monitoring device module and system and method for supervising thereof with secret protection |
| WO2011001304A1 (en) * | 2009-06-30 | 2011-01-06 | Nokia Corporation | A method and an apparatus for tracing software |
| CN102413221A (en) * | 2011-11-24 | 2012-04-11 | 中兴通讯股份有限公司 | Method for protecting privacy information and mobile terminal |
| CN102810143A (en) * | 2012-04-28 | 2012-12-05 | 天津大学 | Safety detecting system and method based on mobile phone application program of Android platform |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014198171A1 (en) * | 2013-06-13 | 2014-12-18 | 华为技术有限公司 | Label based black box testing method and system for android user privacy leaks |
| WO2015067170A1 (en) * | 2013-11-06 | 2015-05-14 | 中国银联股份有限公司 | Method and system for analyzing android application program |
| CN103984900B (en) * | 2014-05-19 | 2017-03-01 | 南京赛宁信息技术有限公司 | Android application leak detection method and system |
| CN105335593A (en) * | 2014-06-27 | 2016-02-17 | 阿里巴巴集团控股有限公司 | Method and device for detecting significance of variables in black box model |
| CN104579831A (en) * | 2014-12-26 | 2015-04-29 | 北京网秦天下科技有限公司 | Data transmission processing method and device |
| US9721094B2 (en) | 2015-05-20 | 2017-08-01 | International Business Machines Corporation | Determining privacy leaks |
| CN105069374A (en) * | 2015-08-06 | 2015-11-18 | 上海斐讯数据通信技术有限公司 | Private data intercepting protection method and system |
| CN105069374B (en) * | 2015-08-06 | 2018-02-13 | 上海斐讯数据通信技术有限公司 | A kind of private data intercepts guard method and system |
| CN105354118B (en) * | 2015-10-27 | 2019-09-13 | Oppo广东移动通信有限公司 | Automatic test approach, the apparatus and system of intelligent terminal |
| CN105354118A (en) * | 2015-10-27 | 2016-02-24 | 广东欧珀移动通信有限公司 | Method, apparatus and system for automatically testing intelligent terminal |
| CN105721477A (en) * | 2016-02-25 | 2016-06-29 | 上海斐讯数据通信技术有限公司 | IPTABLES-based privacy leak control method and system for mobile terminal |
| CN105721477B (en) * | 2016-02-25 | 2019-11-01 | 上海斐讯数据通信技术有限公司 | The method and system of the control privacy compromise based on IPTABLES of mobile terminal |
| CN105827644A (en) * | 2016-05-17 | 2016-08-03 | 努比亚技术有限公司 | Method and terminal for processing cipher information |
| WO2018086293A1 (en) * | 2016-11-14 | 2018-05-17 | 平安科技(深圳)有限公司 | Method and apparatus for detecting data leakage interface, device, and storage medium |
| CN107038372A (en) * | 2016-11-14 | 2017-08-11 | 平安科技(深圳)有限公司 | Leaking data interface detection method and device |
| CN106778255A (en) * | 2016-11-24 | 2017-05-31 | 工业和信息化部电信研究院 | Credible performing environment isolation detection method and device based on internal memory traversal |
| CN106803028B (en) * | 2017-01-18 | 2019-08-30 | 西安电子科技大学 | A method of prevent Android mobile phone short message verification code to be stolen |
| CN106803028A (en) * | 2017-01-18 | 2017-06-06 | 西安电子科技大学 | A kind of method for preventing Android mobile phone short message verification code to be stolen |
| CN111382424A (en) * | 2018-12-27 | 2020-07-07 | 全球能源互联网研究院有限公司 | Mobile application sensitive behavior detection method and system based on controlled environment |
| CN110737887A (en) * | 2019-10-22 | 2020-01-31 | 厦门美图之家科技有限公司 | Malicious code detection method and device, electronic equipment and storage medium |
| CN113535539B (en) * | 2020-04-22 | 2023-07-25 | 网易(杭州)网络有限公司 | Method, device, equipment and storage medium for debugging in game editing |
| CN113535539A (en) * | 2020-04-22 | 2021-10-22 | 网易(杭州)网络有限公司 | Debugging method, device, equipment and storage medium in game editing |
| CN111818492A (en) * | 2020-05-20 | 2020-10-23 | 上海橙群微电子有限公司 | Bluetooth beacon and data transmission method and readable storage medium thereof |
| CN111818492B (en) * | 2020-05-20 | 2024-05-24 | 上海橙群微电子有限公司 | Bluetooth beacon, data transmission method thereof, and readable storage medium |
| CN111967047A (en) * | 2020-08-18 | 2020-11-20 | 中国银行股份有限公司 | Personal information protection method, device and system based on big data matching |
| CN112182581A (en) * | 2020-09-24 | 2021-01-05 | 百度在线网络技术(北京)有限公司 | Application testing method and device, application testing equipment and storage medium |
| CN112182581B (en) * | 2020-09-24 | 2023-10-13 | 百度在线网络技术(北京)有限公司 | Application testing method, device, application testing equipment and storage medium |
| CN112417506A (en) * | 2020-11-26 | 2021-02-26 | 北京指掌易科技有限公司 | Private data monitoring method and device, electronic equipment and storage medium |
| CN112487415A (en) * | 2020-12-09 | 2021-03-12 | 华控清交信息科技(北京)有限公司 | Method and device for detecting safety of computing task |
| CN112487415B (en) * | 2020-12-09 | 2023-10-03 | 华控清交信息科技(北京)有限公司 | Method and device for detecting security of computing task |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103309808B (en) | 2016-06-15 |
| WO2014198171A1 (en) | 2014-12-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103309808A (en) | Label-based black box detection method and system for privacy disclosure of Android user | |
| CN103327183B (en) | Black box protecting method and system for private data of Android user based on tag | |
| CN103729595B (en) | A kind of Android application program private data leakage off-line checking method | |
| CN106845236A (en) | A kind of application program various dimensions privacy leakage detection method and system for iOS platforms | |
| CN105956474B (en) | Android platform software unusual checking system | |
| Lalande et al. | Hiding privacy leaks in android applications using low-attention raising covert channels | |
| CN111931166B (en) | Application program anti-attack method and system based on code injection and behavior analysis | |
| CN104281808B (en) | A kind of general Android malicious act detection methods | |
| CN103927485A (en) | Android application program risk assessment method based on dynamic monitoring | |
| CN104933362A (en) | Automatic detection method of API (Application Program Interface) misuse-type bug of Android application software | |
| CN106570399B (en) | A kind of detection method of across App inter-module privacy leakage | |
| Zhao et al. | Attack tree based android malware detection with hybrid analysis | |
| CN103186740A (en) | Automatic detection method for Android malicious software | |
| CN103440459A (en) | Function-call-based Android malicious code detection method | |
| CN103746992B (en) | Based on reverse intruding detection system and method thereof | |
| CN107092830A (en) | The early warning of IOS Malwares and detecting system and its method based on flow analysis | |
| CN104392177A (en) | Android platform based virus forensics system and method | |
| CN104751052A (en) | Dynamic behavior analysis method for mobile intelligent terminal software based on support vector machine algorithm | |
| KR20110128632A (en) | Method and device for detecting malicious action of application program for smartphone | |
| CN104462973A (en) | System and method for detecting dynamic malicious behaviors of application program in mobile terminal | |
| CN105069354A (en) | Attack tree model based Android software hybrid detection method | |
| Hwang et al. | Bittersweet adb: Attacks and defenses | |
| Tabrizi et al. | A model-based intrusion detection system for smart meters | |
| Liu et al. | RAPID: real-time alert investigation with context-aware prioritization for efficient threat discovery | |
| CN104992116A (en) | Monitoring method and system based on intent sniffer |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Applicant after: Huawei Technologies Co., Ltd. Applicant after: Institute of Information Engineering, Gas Address before: 100093 Beijing city Haidian District minzhuang Road No. 89 Applicant before: Institute of Information Engineering, Gas Applicant before: Huawei Technologies Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160615 Termination date: 20170613 |