CN104462970B - A kind of Android application program privilege abuse detection methods based on process communication - Google Patents
A kind of Android application program privilege abuse detection methods based on process communication Download PDFInfo
- Publication number
- CN104462970B CN104462970B CN201410787755.0A CN201410787755A CN104462970B CN 104462970 B CN104462970 B CN 104462970B CN 201410787755 A CN201410787755 A CN 201410787755A CN 104462970 B CN104462970 B CN 104462970B
- Authority
- CN
- China
- Prior art keywords
- authority
- application program
- detection
- privilege
- android
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of Android application program privilege abuse detection methods based on process communication, is related to safety detection technology field.The method is included:S1, the installation package file for decompressing application program to be measured, obtain the authority set P of the application programr;S2, scanning application program source code, obtain the necessary authority set P of operationd, and sensitive permission set P is set0;S3, for set PrAnd PdSet up classification and Detection model;S4, operation application program to be measured, the with different levels dynamic detection of all standing is carried out according to model.The invention is set according to the authority application of application program and component, with reference to process communication dynamic monitoring, targetedly can carry out authority detection to Android application programs, improves the efficiency of privilege abuse detection.
Description
Technical field
The present invention relates to mobile terminal safety detection technique field, the rights management of Android platform is related generally to, more
It is to be related to a kind of Android application program privilege abuse detection methods based on process communication body.
Background technology
In recent years, Android intelligent has occupation rate very high in mobile terminal market.With the work(of smart mobile phone
Can become stronger day by day, the work that they can be completed is also more and more, for example, shoot photo, location navigation, Pay Bill, browse net
Page, transmission Email etc..When user uses smart mobile phone, they can be stored in many private datas in mobile phone, including
Photo, Email, document, browse history etc..These private datas have become the mesh that increasing Malware is stolen
Mark.
Android is the open source operating system based on linux system.Android operation system itself provides a series of
For the mechanism of private data guard.Android extends linux system so that each application program can be with difference
Identity operation, and there is provided the mechanism to user resources (the cell phone apparatus information, Internet resources etc.) control that conducts interviews.
In the permission system, the valuable source in mobile phone is divided into several classes, and each class resource all corresponds to a kind of authority;And work as program
When being conducted interviews to certain class resource, it is necessary to perform mandate when possessing corresponding authority and could obtain.This protection mechanism is for single
Individual application program can effectively prevent authority from bypassing the immediate leadership, but multiple is applied and authority can be easily lifted after combination so that malice
Code obtains super-ordinate right, causes information leakage, system to be destroyed.Authority of the android system to the access control of resource
The granularity that system is realized is excessively coarse, and the permission system implements underaction.The authority that one program is possessed is entirely
Determine when it is mounted;And when some program is installed, for a selection for program authority, Android is also only
There is provided two kinds:Authority required by program or all negative are all met, rather than allowing actual feelings of the user according to oneself
Condition only selects to meet part authority.If authority of the program required for erection stage takes it, lack the dynamic fortune to authority
Monitored during row.After application program is granted to, during the life of application program, it will not be removed authority, even if
State that this authority source program is deleted.In sum, the mechanism that Android is carried in itself can not effectively prevent program from revealing
Privacy of user data.
Retrieval finds that Chinese Patent Application No. CN201310154987.8 discloses a kind of based on the thin of Android platform
Granularity authority control method, by gathering malicious application and common applications and according to comparing both least privilege lists
Difference determine dangerous authority Assembly Listing, judge to install or run corresponding application programs using the dangerous authority Assembly Listing
When, with the presence or absence of dangerous authority combination in the application program or application combination.The method overcome Android platform existing
The defect that the mechanism of " statement authority, judges authority before installing during operation " is present in technology.But the method depends on collection
Sample application program, monitoring effect randomness is larger.The method is not examined just for the malice authority Assembly Listing of setting simultaneously
Consider the privilege-escalation and more generally privilege abuse situation between different application.
Not enough for these, the present invention devises an Android application programs privilege abuse based on process communication and examines
Survey method, comprehensively considers all permissions abuse condition of certain application program as far as possible, and for same application
Different detection methods are implemented in different rights set.
The content of the invention
The technology of the present invention solve problem:For authority caused by the coarse grain privilege access control of android system resource
Abuse problem, there is provided a kind of Android application program privilege abuse detection methods based on process communication, to application program
All permissions carry out targetedly all standing classification dynamic detection, effectively increase privilege abuse detection efficiency.
Technical solution of the invention:Android application program privilege abuse detection methods based on process communication, its
The method combination Static Detection and dynamic detection technology are characterised by, are comprised the following steps:
The installation kit of S1, decompression and decompiling application program to be measured, obtains source code.Analysis AndroidManifest.xml
File, obtains the authority set P of the application programrAnd the authority setting of application own components;
S2, scanning application program source code, obtain source code and run necessary authority set Pd.According to actual needs, set quick
Sense authority set P0;
S3, by comparing two above authority set PrAnd PdDifference, set up classification and Detection model.
S4, operation application program to be measured, classification dynamic detection is carried out according to classification and Detection model;For different authority point
Group, also process communication (IPC) both between monitor component, monitoring set (Pr-Pd)∩P0Middle sensitive permission is called;If it find that
It is abnormal, the detailed data of abnormal behaviour is formed into journal file.
The authority set P of application program is obtained in the step S1rBe implemented as:On windows platforms
Decompress application program installation kit to be measured and obtain Classes.dex files, and decompiling is carried out to this document and be applied program source
Code.Analysis AndroidManifest.xml files, obtain the authority set P of the application programrAnd application own components
Authority setting.
Source code is obtained in the step S2 and runs necessary authority set PdBe implemented as follows:
S21, application program's source code is scanned, the api interface list that the program of being applied is used;
S22, the permissions list that the application program is determined using the mapping table of api interface list and Android authorities, and
Duplicate removal treatment is carried out to the permissions list and obtains the necessary authority set P of the application programd。
Preferably, classification and Detection model is described in detail below in the step S3:
The authority set P of application programrNecessary authority set P is run with programdBetween relation have three kinds of feelings
Condition, i.e.,Pd=PrWithSet up all standing classification and Detection model as follows:
1) whenWhen, that is, except authority P necessary to operation in the authority appliedd, it is also extra non-comprising some
Necessary authority Pr-Pd:For PdPrivilege abuse detection, the implementation process communication monitoring mainly between application program, monitoring programme
Whether phenomenon that privacy information be sent to application program (i.e. privilege-escalation) without authority is had;For Pr-PdPrivilege abuse
Detection, mainly monitors whether these authorities are triggered.As long as being triggered, just belong to the behavior of privilege abuse.
2) P is worked asd=PrWhen:The authority applied is exactly authority P necessary to operationd, i.e., the implementation process between application program
Whether communication monitoring, monitoring programme has the phenomenon that privacy information is sent to the application program (i.e. privilege-escalation) without authority.
3) whenWhen:Some functions of application program can not be realized, it is impossible to normal work, and acquiescence such case is not deposited
.
Preferably, dynamic detection of classifying in the step S4 is implemented as follows:
If it is B to be detected application program, for the necessary authority set P of B application operationsdPrivilege abuse detection method
For:When it is employed A accesses, by calling the IPC of Android, monitor the Intent of IAC, can obtain this two
Communication and the authority situation of application that individual application is present, and and P0Set is compared.If in the presence of if by the detailed of abnormal behaviour
Data form journal file, can be checked by user afterwards and decide whether to allow the process to call.If user's selection is allowed,
By the sensitive permission from set P0Middle deletion, no longer does similar prompting;So, the scope of sensitive permission set can be made according to reality
Situation is adjusted.
If set Pr-PdNon-NULL, these inessential authorities are entirely that user has to authorize when application program is installed
, this also exactly one of performance of coarse grain privilege access control of android system resource;Then it is directed to Pr-PdPrivilege abuse
Detection, i.e., judge whether certain API Calls triggers P using the mapping table of api interface list and Android authoritiesr-PdIn
Authority.As long as being triggered, just belong to the behavior of privilege abuse.
Present invention advantage compared with prior art is:
(1) present invention is set up by obtaining the permissions list of each application program and running necessary permissions list
All standing classification privilege abuse detection model, overcomes Android platform Rights Management System coarseness in the prior art
Problem, is effective supplement of the mechanism to " statement authority, judges authority before installing during operation ".
(2) implement different dynamic testing methods for different authority set, both ensure that monitoring coverage rate, also rationally
The scene of different sets privilege abuse is analyzed, and then realizes dynamic monitoring respectively.For necessary authority set is run, by not
With the process monitoring between application program, the possibility with the presence or absence of privilege-escalation is primarily upon;For the non-of application program
Necessary authority set, is primarily upon whether it triggers these authorities.Based on the detection of model layers time, detection is effectively increased
Efficiency and reasonability.
Brief description of the drawings
Fig. 1 is Organization Chart of the invention;
Fig. 2 is privilege-escalation schematic diagram in the present invention;
Fig. 3 is process monitoring detection method schematic diagram of the invention.
Specific embodiment
The present invention is described in further detail with reference to the accompanying drawings and detailed description.
A kind of Android application program privilege abuse detection methods based on process communication of the present invention, comprise the following steps:
The installation kit of S1, decompression and decompiling application program to be measured, obtains source code.Analysis AndroidManifest.xml
File, obtains the authority set P of the application programrAnd the authority setting of application own components;
Application program installation file is a kind of file of ZIP compressed formats, and its content includes application program dex files, money
Source file, configuration file and signature verification file.Decompression is carried out to application program installation file and obtains application program dex files
classes.dex.From third party's Open-Source Tools decompiling dex files, the source codes such as class, the function of application program letter can be obtained
Breath.
Wherein, AndroidManifest.xml mainly describes the title of Android application programs, version, required authority
Module information of statement and application program etc..Using in customized authority, each component (Activity, Service,
Broadcast Receiver, Content Provider) authority have corresponding label authority and exported labels.When
When exported values are true, show that the component can be accessed by other application, and when exported label values are false, table
Show that the component can not be accessed by other application.Whether Exported default values need have intent-filter to determine according to component
It is fixed.When not having intent-filter, default value is false, conversely, default value is true.If the authority of statement is sensitivity
Authority and exported values are true, then the application by other application malicious access, therefore may be listed in monitoring object, otherwise then
Need not monitor.Thus, the authority set P of the application program is obtainedrAnd the authority setting of application own components.
S2, scanning application program source code, obtain source code and run necessary authority set Pd.According to actual needs, set quick
Sense authority set P0;
S21, application program's source code is scanned, with reference to Android SDK classes and function dictionary, by the result of decompiling
Can the api interface list that is used of the program of being applied;
S22, Android define all system interfaces required for authority, weighed using api interface list and Android
The mapping table (such as table 1) of limit determines the permissions list of the application program, and duplicate removal treatment is carried out to the permissions list is somebody's turn to do
The necessary authority set P of application programd.Sensitive permission P in common malicious application0Including:Short message reading content, permit
Perhaps application access contact person address list information, access network connection, by location information of GPS etc..
The API of table 1 and authority corresponding lists
S3, by comparing two above authority set PrAnd PdDifference, set up classification and Detection model.
For the authority set P of application programrNecessary authority set P is run with programdBetween three kinds of relations,
I.e.Pd=PrWithSet up all standing classification and Detection model as follows:
1) whenWhen, that is, except authority P necessary to operation in the authority appliedd, it is also extra non-comprising some
Necessary authority Pr-Pd:For PdPrivilege abuse detection, the implementation process communication monitoring mainly between application program, monitoring programme
Whether phenomenon that privacy information be sent to application program (i.e. privilege-escalation) without authority is had;For Pr-PdPrivilege abuse
Detection, mainly monitors whether these authorities are triggered.As long as being triggered, just belong to the behavior of privilege abuse.
2) P is worked asd=PrWhen:The authority applied is exactly authority P necessary to operationd, i.e., the implementation process between application program
Whether communication monitoring, monitoring programme has the phenomenon that privacy information is sent to the application program (i.e. privilege-escalation) without authority.
3) whenWhen:Some function cisco unity malfunctions of application program, acquiescence such case does not exist.
Privilege-escalation:The application framework of android system encourages to be cooperated between component reuse and application, to reduce developer's
Burden.But the message transmission between application brings new potential safety hazard --- combination attacks between application.From privilege-escalation schematic diagram
(Fig. 2) can be seen, and have three applications to operate on respective Dalvik virtual machine.Respectively have in three applications some components for should
With a cooperation.Any authority is not awarded using one.Using the component in two not by any protection of usage right.Therefore, apply
Any component in one can access the component called using in two.Protection of usage right is provided with using the component l in three, using two
Possess the authority, therefore the component l called using in three can be accessed using any component in two.It was found that using
Although component l in one the component l, the component l in application one for not having permission to access and calling using being protected by authority in three
Can access to call and there is no the component l of protection of usage right using in two, be able to access that again using the component l in two and called using in three
The component l protected by authority.So, access the component l that have invoked using in three indirectly using the component l in.Using
Authority in two is expanded to and is employed one and is utilized, here it is privilege-escalation is attacked.
S4, operation application program to be measured, classification dynamic detection is carried out according to classification and Detection model;For different authority point
Group, also process communication (IPC) both between monitor component, monitoring set (Pr-Pd)∩P0Middle sensitive permission is called.If it find that
It is abnormal, the detailed data of abnormal behaviour is formed into journal file.
If it is B to be detected application program, for the necessary authority set P of B application operationsdPrivilege abuse detection method
For:When it is employed A accesses, by calling the IPC of Android, monitor the Intent of IAC, can obtain this two
Communication and the authority situation of application that individual application is present, and and P0Set is compared.If in the presence of if by the detailed of abnormal behaviour
Data form journal file, can be checked by user afterwards and decide whether to allow the process to call.If user's selection is allowed,
By the sensitive permission from set P0Middle deletion, no longer does similar prompting;So, the scope of sensitive permission set can be made according to reality
Situation is adjusted.
Specific decision process is as shown in Figure 3:If the authority of application program B applications is set P={ p1,p2..., using A
The authority of statement is P'={ p'1,p'2..., if P ≠ P', then it represents that wish to carry out other authorities by using B using A
Obtain.By authority P1=P-P ∩ P' are the part of removing authority A statements in P, with sensitive permission set P0Compare, wherein whether to see
There is sensitive permission.Sensitive permission P0Authority can be increased or decreased according to the situation of itself by user, but one can be given and lacked
The sensitive permission set P of province0, if there is sensitive permission, then to can be determined that and initiated privilege-escalation attack using A.
If set Pr-PdNon-NULL, these inessential authorities are entirely that user has to authorize when application program is installed
, this also exactly one of performance of coarse grain privilege access control of android system resource;Then it is directed to Pr-PdPrivilege abuse
Detection, i.e., judge whether certain API Calls triggers P using the mapping table of api interface list and Android authoritiesr-PdIn
Authority.As long as being triggered, typically just belong to the behavior of privilege abuse.
Non-elaborated part of the present invention belongs to the known technology of those skilled in the art.
The above, the only specific embodiment in the present invention, but protection scope of the present invention is not limited thereto, and appoints
What be familiar with the people of the technology disclosed herein technical scope in, it will be appreciated that the conversion or replacement expected, should all cover
It is of the invention include within the scope of, therefore, protection scope of the present invention should be defined by the protection domain of claims.
Claims (3)
1. a kind of Android application program privilege abuse detection methods based on process communication, it is characterised in that including following step
Suddenly:
The installation kit of S1, decompression and decompiling application program to be measured, be applied program's source code, analysis
AndroidManifest.xml files, obtain the authority set P of the application programrAnd set using the authority of own components
It is fixed;
S2, scanning application program source code, obtain source code and run necessary authority set Pd, according to actual needs, sensitive permission is set
Set P0;
S3, by comparing two above authority set PrAnd PdDifference, set up classification and Detection model;
S4, operation application program to be measured, classification dynamic detection is carried out according to classification and Detection model;It is grouped for different authorities,
Both process communication (IPC) between monitor component, also monitoring set (Pr-Pd)∩P0Middle sensitive permission is called;If it find that different
Often, the detailed data of abnormal behaviour is formed into journal file;
Classification and Detection model is described in detail below described in the step S3:
The authority set P of application programrNecessary authority set P is run with programdBetween relation have three kinds of situations, i.e.,Pd=PrWithSet up all standing classification and Detection model as follows:
(1) whenWhen, that is, except authority P necessary to operation in the authority appliedd, it is also extra inessential comprising some
Authority Pr-Pd:For PdPrivilege abuse detection, be the implementation process communication monitoring between application program, monitoring programme whether have by
Privacy information is sent to the application program without authority, that is, monitor whether there is the phenomenon of privilege-escalation;For Pr-PdAuthority
Misuse detection, that is, monitor whether these authorities are triggered, as long as being triggered, just belongs to the behavior of privilege abuse;
(2) P is worked asd=PrWhen, that is, the authority applied is exactly authority P necessary to operationd:For PdPrivilege abuse detection, be
Implementation process communication monitoring between application program, whether monitoring programme has is sent to the application program without authority by privacy information,
Monitor whether there is the phenomenon of privilege-escalation;
(3) whenWhen:Application program cisco unity malfunction, acquiescence such case does not exist;
Classification dynamic detection is implemented as follows described in the step S4:
If it is B to be detected application program, for the necessary authority set P of B application operationsdPrivilege abuse detection method be:When it
When being employed A access, by calling the IPC of Android, the Intent of IAC is monitored, obtain the two applications and exist
Communication and application authority situation, and and P0Set is compared;If the detailed data of abnormal behaviour is formed into day in the presence of if
Will file, can be checked by user and decide whether to allow the process to call afterwards;If user's selection is allowed, by sensitivity power
Limit from set P0Middle deletion, no longer does similar prompting;
If inessential authority set Pr-PdNon-NULL, then for Pr-PdPrivilege abuse detection, i.e., using api interface list with
The mapping table of Android authorities judges whether certain API Calls triggers Pr-PdIn authority, as long as being triggered, just belong to
The behavior of privilege abuse.
2. the Android application program privilege abuse detection methods of process communication are based on according to claim 1, and its feature exists
In:The authority set P of application program is obtained described in step S1rBe implemented as:Decompressed on windows platforms and treated
Survey application program installation kit and obtain Classes.dex files, and decompiling is carried out to this document and be applied program's source code;Analysis
AndroidManifest.xml files, obtain the authority set P of the application programrAnd set using the authority of own components
It is fixed.
3. the Android application program privilege abuse detection methods of process communication are based on according to claim 1, and its feature exists
In:Source code is obtained described in step S2 and runs necessary authority set PdBe implemented as follows:
S21, application program's source code is scanned, the api interface list that the program of being applied is used;
S22, the permissions list that the application program is determined using the mapping table of api interface list and Android authorities, and to this
Permissions list carries out duplicate removal treatment and obtains the necessary authority set P of the application programd。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410787755.0A CN104462970B (en) | 2014-12-17 | 2014-12-17 | A kind of Android application program privilege abuse detection methods based on process communication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410787755.0A CN104462970B (en) | 2014-12-17 | 2014-12-17 | A kind of Android application program privilege abuse detection methods based on process communication |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104462970A CN104462970A (en) | 2015-03-25 |
CN104462970B true CN104462970B (en) | 2017-06-16 |
Family
ID=52908995
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410787755.0A Expired - Fee Related CN104462970B (en) | 2014-12-17 | 2014-12-17 | A kind of Android application program privilege abuse detection methods based on process communication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104462970B (en) |
Families Citing this family (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104834858A (en) * | 2015-04-24 | 2015-08-12 | 南京邮电大学 | Method for statically detecting malicious code in android APP (Application) |
JP6437892B2 (en) * | 2015-07-13 | 2018-12-12 | 日本電信電話株式会社 | Software analysis system, software analysis method, and software analysis program |
CN105224835B (en) * | 2015-09-08 | 2020-08-21 | Tcl通讯科技(成都)有限公司 | Method for acquiring application program data based on intelligent terminal and intelligent terminal |
CN106557687A (en) * | 2015-09-30 | 2017-04-05 | 北京奇虎科技有限公司 | A kind of authority control method and device of application program installation process |
CN106557669A (en) * | 2015-09-30 | 2017-04-05 | 北京奇虎科技有限公司 | A kind of authority control method and device of application program installation process |
CN105354485B (en) * | 2015-10-13 | 2018-02-16 | 四川携创信息技术服务有限公司 | A kind of portable set data processing method |
CN105184152B (en) * | 2015-10-13 | 2018-03-30 | 四川中科腾信科技有限公司 | A kind of mobile terminal data processing method |
CN105468976B (en) * | 2015-12-08 | 2019-11-12 | 北京元心科技有限公司 | A kind of method for monitoring instruction and device of the multisystem based on container |
CN105550584A (en) * | 2015-12-31 | 2016-05-04 | 北京工业大学 | RBAC based malicious program interception and processing method in Android platform |
CN105871657B (en) * | 2016-04-25 | 2019-08-30 | 北京珊瑚灵御科技有限公司 | A kind of Network Data Control system and method based on Android platform |
CN107066878B (en) * | 2017-01-19 | 2019-06-11 | 国网江苏省电力公司电力科学研究院 | A kind of mobile application security means of defence towards Android platform |
CN106951786A (en) * | 2017-03-30 | 2017-07-14 | 国网江苏省电力公司电力科学研究院 | Towards the Mobile solution legal power safety analysis method of Android platform |
CN107563187A (en) * | 2017-08-30 | 2018-01-09 | 广东欧珀移动通信有限公司 | Access operation monitoring method, device, mobile terminal and readable storage medium storing program for executing |
CN107831886B (en) * | 2017-11-21 | 2020-06-26 | Oppo广东移动通信有限公司 | Control method and device for associated starting application, storage medium and intelligent terminal |
CN108804912B (en) * | 2018-06-15 | 2021-09-28 | 北京大学 | Application program override detection method based on permission set difference |
CN109583207A (en) * | 2018-11-29 | 2019-04-05 | 海南新软软件有限公司 | Android system malicious application detection method, device and terminal |
CN110096431A (en) * | 2019-03-19 | 2019-08-06 | 深圳壹账通智能科技有限公司 | Page permissions test method, device, computer equipment and storage medium |
CN110113325A (en) * | 2019-04-25 | 2019-08-09 | 成都卫士通信息产业股份有限公司 | Network Data Control method, apparatus and storage medium based on third party SDK |
CN110263566B (en) * | 2019-06-29 | 2020-12-22 | 西安交通大学 | Method for detecting and classifying authority-raising behaviors of massive logs |
CN110837360B (en) * | 2019-10-12 | 2023-04-07 | 福建天泉教育科技有限公司 | Method for detecting excessive claim right and computer readable storage medium |
CN111143831A (en) * | 2019-12-24 | 2020-05-12 | 平安普惠企业管理有限公司 | Installation package privacy permission scanning method and device and computer equipment |
CN111240694B (en) * | 2020-01-03 | 2024-01-09 | 北京小米移动软件有限公司 | Application detection method, application detection device and storage medium |
CN113282906B (en) * | 2020-02-20 | 2024-05-03 | Oppo广东移动通信有限公司 | Authority detection method, device, terminal and storage medium |
CN112988607B (en) * | 2021-05-11 | 2022-02-11 | 腾讯科技(深圳)有限公司 | Application program component detection method and device and storage medium |
CN114861180B (en) * | 2022-05-25 | 2023-09-08 | 广东粤密技术服务有限公司 | Application program security detection method and device |
CN117150453B (en) * | 2023-11-01 | 2024-02-02 | 建信金融科技有限责任公司 | Network application detection method, device, equipment, storage medium and program product |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104156660A (en) * | 2014-08-28 | 2014-11-19 | 东南大学 | Android permission fine-grained access control method based on operating environment state |
-
2014
- 2014-12-17 CN CN201410787755.0A patent/CN104462970B/en not_active Expired - Fee Related
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104156660A (en) * | 2014-08-28 | 2014-11-19 | 东南大学 | Android permission fine-grained access control method based on operating environment state |
Also Published As
Publication number | Publication date |
---|---|
CN104462970A (en) | 2015-03-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104462970B (en) | A kind of Android application program privilege abuse detection methods based on process communication | |
US8549649B2 (en) | Systems and methods for sensitive data remediation | |
EP2551786B1 (en) | Efficient securing of data on mobile devices | |
EP2933973A1 (en) | Data protection method, apparatus and system | |
US10009370B1 (en) | Detection and remediation of potentially malicious files | |
KR101266037B1 (en) | Method and apparatus for treating malicious action in mobile terminal | |
CN112685682B (en) | Method, device, equipment and medium for identifying forbidden object of attack event | |
WO2015085244A1 (en) | Distributed monitoring, evaluation, and response for multiple devices | |
CN102831021A (en) | Method and device for interrupting or cleaning plugin | |
CN104809397A (en) | Android malicious software detection method and system based on dynamic monitoring | |
CN110084064B (en) | Big data analysis processing method and system based on terminal | |
CN106650418A (en) | Android access control system and method based onmulti-strategy | |
Hammad et al. | Determination and enforcement of least-privilege architecture in android | |
Jing et al. | Checking intent-based communication in android with intent space analysis | |
CN105930726A (en) | Processing method for malicious operation behavior and user terminal | |
CN109800569A (en) | Program identification method and device | |
CN113168469A (en) | System and method for behavioral threat detection | |
US8978150B1 (en) | Data recovery service with automated identification and response to compromised user credentials | |
Sikder et al. | A survey on android security: development and deployment hindrance and best practices | |
CN104038488A (en) | System network safety protection method and device | |
Gómez-Hernández et al. | ARANAC: a bring-your-own-permissions network access control methodology for android devices | |
CN105631332B (en) | A kind of method and device of processing rogue program | |
CN103279708A (en) | Method and system for monitoring and analyzing mobile terminal malicious code behaviors | |
CN113595986B (en) | Intelligent contract intercepting method and device based on intelligent contract firewall framework | |
JP2018516398A (en) | Optimizing data detection in communications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170616 Termination date: 20191217 |