CN104462970B - A kind of Android application program privilege abuse detection methods based on process communication - Google Patents

A kind of Android application program privilege abuse detection methods based on process communication Download PDF

Info

Publication number
CN104462970B
CN104462970B CN201410787755.0A CN201410787755A CN104462970B CN 104462970 B CN104462970 B CN 104462970B CN 201410787755 A CN201410787755 A CN 201410787755A CN 104462970 B CN104462970 B CN 104462970B
Authority
CN
China
Prior art keywords
authority
application program
detection
privilege
android
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201410787755.0A
Other languages
Chinese (zh)
Other versions
CN104462970A (en
Inventor
吴晓慧
马恒太
刘小霞
王思琪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Software of CAS
Original Assignee
Institute of Software of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Software of CAS filed Critical Institute of Software of CAS
Priority to CN201410787755.0A priority Critical patent/CN104462970B/en
Publication of CN104462970A publication Critical patent/CN104462970A/en
Application granted granted Critical
Publication of CN104462970B publication Critical patent/CN104462970B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of Android application program privilege abuse detection methods based on process communication, is related to safety detection technology field.The method is included:S1, the installation package file for decompressing application program to be measured, obtain the authority set P of the application programr;S2, scanning application program source code, obtain the necessary authority set P of operationd, and sensitive permission set P is set0;S3, for set PrAnd PdSet up classification and Detection model;S4, operation application program to be measured, the with different levels dynamic detection of all standing is carried out according to model.The invention is set according to the authority application of application program and component, with reference to process communication dynamic monitoring, targetedly can carry out authority detection to Android application programs, improves the efficiency of privilege abuse detection.

Description

A kind of Android application program privilege abuse detection methods based on process communication
Technical field
The present invention relates to mobile terminal safety detection technique field, the rights management of Android platform is related generally to, more It is to be related to a kind of Android application program privilege abuse detection methods based on process communication body.
Background technology
In recent years, Android intelligent has occupation rate very high in mobile terminal market.With the work(of smart mobile phone Can become stronger day by day, the work that they can be completed is also more and more, for example, shoot photo, location navigation, Pay Bill, browse net Page, transmission Email etc..When user uses smart mobile phone, they can be stored in many private datas in mobile phone, including Photo, Email, document, browse history etc..These private datas have become the mesh that increasing Malware is stolen Mark.
Android is the open source operating system based on linux system.Android operation system itself provides a series of For the mechanism of private data guard.Android extends linux system so that each application program can be with difference Identity operation, and there is provided the mechanism to user resources (the cell phone apparatus information, Internet resources etc.) control that conducts interviews. In the permission system, the valuable source in mobile phone is divided into several classes, and each class resource all corresponds to a kind of authority;And work as program When being conducted interviews to certain class resource, it is necessary to perform mandate when possessing corresponding authority and could obtain.This protection mechanism is for single Individual application program can effectively prevent authority from bypassing the immediate leadership, but multiple is applied and authority can be easily lifted after combination so that malice Code obtains super-ordinate right, causes information leakage, system to be destroyed.Authority of the android system to the access control of resource The granularity that system is realized is excessively coarse, and the permission system implements underaction.The authority that one program is possessed is entirely Determine when it is mounted;And when some program is installed, for a selection for program authority, Android is also only There is provided two kinds:Authority required by program or all negative are all met, rather than allowing actual feelings of the user according to oneself Condition only selects to meet part authority.If authority of the program required for erection stage takes it, lack the dynamic fortune to authority Monitored during row.After application program is granted to, during the life of application program, it will not be removed authority, even if State that this authority source program is deleted.In sum, the mechanism that Android is carried in itself can not effectively prevent program from revealing Privacy of user data.
Retrieval finds that Chinese Patent Application No. CN201310154987.8 discloses a kind of based on the thin of Android platform Granularity authority control method, by gathering malicious application and common applications and according to comparing both least privilege lists Difference determine dangerous authority Assembly Listing, judge to install or run corresponding application programs using the dangerous authority Assembly Listing When, with the presence or absence of dangerous authority combination in the application program or application combination.The method overcome Android platform existing The defect that the mechanism of " statement authority, judges authority before installing during operation " is present in technology.But the method depends on collection Sample application program, monitoring effect randomness is larger.The method is not examined just for the malice authority Assembly Listing of setting simultaneously Consider the privilege-escalation and more generally privilege abuse situation between different application.
Not enough for these, the present invention devises an Android application programs privilege abuse based on process communication and examines Survey method, comprehensively considers all permissions abuse condition of certain application program as far as possible, and for same application Different detection methods are implemented in different rights set.
The content of the invention
The technology of the present invention solve problem:For authority caused by the coarse grain privilege access control of android system resource Abuse problem, there is provided a kind of Android application program privilege abuse detection methods based on process communication, to application program All permissions carry out targetedly all standing classification dynamic detection, effectively increase privilege abuse detection efficiency.
Technical solution of the invention:Android application program privilege abuse detection methods based on process communication, its The method combination Static Detection and dynamic detection technology are characterised by, are comprised the following steps:
The installation kit of S1, decompression and decompiling application program to be measured, obtains source code.Analysis AndroidManifest.xml File, obtains the authority set P of the application programrAnd the authority setting of application own components;
S2, scanning application program source code, obtain source code and run necessary authority set Pd.According to actual needs, set quick Sense authority set P0
S3, by comparing two above authority set PrAnd PdDifference, set up classification and Detection model.
S4, operation application program to be measured, classification dynamic detection is carried out according to classification and Detection model;For different authority point Group, also process communication (IPC) both between monitor component, monitoring set (Pr-Pd)∩P0Middle sensitive permission is called;If it find that It is abnormal, the detailed data of abnormal behaviour is formed into journal file.
The authority set P of application program is obtained in the step S1rBe implemented as:On windows platforms Decompress application program installation kit to be measured and obtain Classes.dex files, and decompiling is carried out to this document and be applied program source Code.Analysis AndroidManifest.xml files, obtain the authority set P of the application programrAnd application own components Authority setting.
Source code is obtained in the step S2 and runs necessary authority set PdBe implemented as follows:
S21, application program's source code is scanned, the api interface list that the program of being applied is used;
S22, the permissions list that the application program is determined using the mapping table of api interface list and Android authorities, and Duplicate removal treatment is carried out to the permissions list and obtains the necessary authority set P of the application programd
Preferably, classification and Detection model is described in detail below in the step S3:
The authority set P of application programrNecessary authority set P is run with programdBetween relation have three kinds of feelings Condition, i.e.,Pd=PrWithSet up all standing classification and Detection model as follows:
1) whenWhen, that is, except authority P necessary to operation in the authority appliedd, it is also extra non-comprising some Necessary authority Pr-Pd:For PdPrivilege abuse detection, the implementation process communication monitoring mainly between application program, monitoring programme Whether phenomenon that privacy information be sent to application program (i.e. privilege-escalation) without authority is had;For Pr-PdPrivilege abuse Detection, mainly monitors whether these authorities are triggered.As long as being triggered, just belong to the behavior of privilege abuse.
2) P is worked asd=PrWhen:The authority applied is exactly authority P necessary to operationd, i.e., the implementation process between application program Whether communication monitoring, monitoring programme has the phenomenon that privacy information is sent to the application program (i.e. privilege-escalation) without authority.
3) whenWhen:Some functions of application program can not be realized, it is impossible to normal work, and acquiescence such case is not deposited .
Preferably, dynamic detection of classifying in the step S4 is implemented as follows:
If it is B to be detected application program, for the necessary authority set P of B application operationsdPrivilege abuse detection method For:When it is employed A accesses, by calling the IPC of Android, monitor the Intent of IAC, can obtain this two Communication and the authority situation of application that individual application is present, and and P0Set is compared.If in the presence of if by the detailed of abnormal behaviour Data form journal file, can be checked by user afterwards and decide whether to allow the process to call.If user's selection is allowed, By the sensitive permission from set P0Middle deletion, no longer does similar prompting;So, the scope of sensitive permission set can be made according to reality Situation is adjusted.
If set Pr-PdNon-NULL, these inessential authorities are entirely that user has to authorize when application program is installed , this also exactly one of performance of coarse grain privilege access control of android system resource;Then it is directed to Pr-PdPrivilege abuse Detection, i.e., judge whether certain API Calls triggers P using the mapping table of api interface list and Android authoritiesr-PdIn Authority.As long as being triggered, just belong to the behavior of privilege abuse.
Present invention advantage compared with prior art is:
(1) present invention is set up by obtaining the permissions list of each application program and running necessary permissions list All standing classification privilege abuse detection model, overcomes Android platform Rights Management System coarseness in the prior art Problem, is effective supplement of the mechanism to " statement authority, judges authority before installing during operation ".
(2) implement different dynamic testing methods for different authority set, both ensure that monitoring coverage rate, also rationally The scene of different sets privilege abuse is analyzed, and then realizes dynamic monitoring respectively.For necessary authority set is run, by not With the process monitoring between application program, the possibility with the presence or absence of privilege-escalation is primarily upon;For the non-of application program Necessary authority set, is primarily upon whether it triggers these authorities.Based on the detection of model layers time, detection is effectively increased Efficiency and reasonability.
Brief description of the drawings
Fig. 1 is Organization Chart of the invention;
Fig. 2 is privilege-escalation schematic diagram in the present invention;
Fig. 3 is process monitoring detection method schematic diagram of the invention.
Specific embodiment
The present invention is described in further detail with reference to the accompanying drawings and detailed description.
A kind of Android application program privilege abuse detection methods based on process communication of the present invention, comprise the following steps:
The installation kit of S1, decompression and decompiling application program to be measured, obtains source code.Analysis AndroidManifest.xml File, obtains the authority set P of the application programrAnd the authority setting of application own components;
Application program installation file is a kind of file of ZIP compressed formats, and its content includes application program dex files, money Source file, configuration file and signature verification file.Decompression is carried out to application program installation file and obtains application program dex files classes.dex.From third party's Open-Source Tools decompiling dex files, the source codes such as class, the function of application program letter can be obtained Breath.
Wherein, AndroidManifest.xml mainly describes the title of Android application programs, version, required authority Module information of statement and application program etc..Using in customized authority, each component (Activity, Service, Broadcast Receiver, Content Provider) authority have corresponding label authority and exported labels.When When exported values are true, show that the component can be accessed by other application, and when exported label values are false, table Show that the component can not be accessed by other application.Whether Exported default values need have intent-filter to determine according to component It is fixed.When not having intent-filter, default value is false, conversely, default value is true.If the authority of statement is sensitivity Authority and exported values are true, then the application by other application malicious access, therefore may be listed in monitoring object, otherwise then Need not monitor.Thus, the authority set P of the application program is obtainedrAnd the authority setting of application own components.
S2, scanning application program source code, obtain source code and run necessary authority set Pd.According to actual needs, set quick Sense authority set P0
S21, application program's source code is scanned, with reference to Android SDK classes and function dictionary, by the result of decompiling Can the api interface list that is used of the program of being applied;
S22, Android define all system interfaces required for authority, weighed using api interface list and Android The mapping table (such as table 1) of limit determines the permissions list of the application program, and duplicate removal treatment is carried out to the permissions list is somebody's turn to do The necessary authority set P of application programd.Sensitive permission P in common malicious application0Including:Short message reading content, permit Perhaps application access contact person address list information, access network connection, by location information of GPS etc..
The API of table 1 and authority corresponding lists
S3, by comparing two above authority set PrAnd PdDifference, set up classification and Detection model.
For the authority set P of application programrNecessary authority set P is run with programdBetween three kinds of relations, I.e.Pd=PrWithSet up all standing classification and Detection model as follows:
1) whenWhen, that is, except authority P necessary to operation in the authority appliedd, it is also extra non-comprising some Necessary authority Pr-Pd:For PdPrivilege abuse detection, the implementation process communication monitoring mainly between application program, monitoring programme Whether phenomenon that privacy information be sent to application program (i.e. privilege-escalation) without authority is had;For Pr-PdPrivilege abuse Detection, mainly monitors whether these authorities are triggered.As long as being triggered, just belong to the behavior of privilege abuse.
2) P is worked asd=PrWhen:The authority applied is exactly authority P necessary to operationd, i.e., the implementation process between application program Whether communication monitoring, monitoring programme has the phenomenon that privacy information is sent to the application program (i.e. privilege-escalation) without authority.
3) whenWhen:Some function cisco unity malfunctions of application program, acquiescence such case does not exist.
Privilege-escalation:The application framework of android system encourages to be cooperated between component reuse and application, to reduce developer's Burden.But the message transmission between application brings new potential safety hazard --- combination attacks between application.From privilege-escalation schematic diagram (Fig. 2) can be seen, and have three applications to operate on respective Dalvik virtual machine.Respectively have in three applications some components for should With a cooperation.Any authority is not awarded using one.Using the component in two not by any protection of usage right.Therefore, apply Any component in one can access the component called using in two.Protection of usage right is provided with using the component l in three, using two Possess the authority, therefore the component l called using in three can be accessed using any component in two.It was found that using Although component l in one the component l, the component l in application one for not having permission to access and calling using being protected by authority in three Can access to call and there is no the component l of protection of usage right using in two, be able to access that again using the component l in two and called using in three The component l protected by authority.So, access the component l that have invoked using in three indirectly using the component l in.Using Authority in two is expanded to and is employed one and is utilized, here it is privilege-escalation is attacked.
S4, operation application program to be measured, classification dynamic detection is carried out according to classification and Detection model;For different authority point Group, also process communication (IPC) both between monitor component, monitoring set (Pr-Pd)∩P0Middle sensitive permission is called.If it find that It is abnormal, the detailed data of abnormal behaviour is formed into journal file.
If it is B to be detected application program, for the necessary authority set P of B application operationsdPrivilege abuse detection method For:When it is employed A accesses, by calling the IPC of Android, monitor the Intent of IAC, can obtain this two Communication and the authority situation of application that individual application is present, and and P0Set is compared.If in the presence of if by the detailed of abnormal behaviour Data form journal file, can be checked by user afterwards and decide whether to allow the process to call.If user's selection is allowed, By the sensitive permission from set P0Middle deletion, no longer does similar prompting;So, the scope of sensitive permission set can be made according to reality Situation is adjusted.
Specific decision process is as shown in Figure 3:If the authority of application program B applications is set P={ p1,p2..., using A The authority of statement is P'={ p'1,p'2..., if P ≠ P', then it represents that wish to carry out other authorities by using B using A Obtain.By authority P1=P-P ∩ P' are the part of removing authority A statements in P, with sensitive permission set P0Compare, wherein whether to see There is sensitive permission.Sensitive permission P0Authority can be increased or decreased according to the situation of itself by user, but one can be given and lacked The sensitive permission set P of province0, if there is sensitive permission, then to can be determined that and initiated privilege-escalation attack using A.
If set Pr-PdNon-NULL, these inessential authorities are entirely that user has to authorize when application program is installed , this also exactly one of performance of coarse grain privilege access control of android system resource;Then it is directed to Pr-PdPrivilege abuse Detection, i.e., judge whether certain API Calls triggers P using the mapping table of api interface list and Android authoritiesr-PdIn Authority.As long as being triggered, typically just belong to the behavior of privilege abuse.
Non-elaborated part of the present invention belongs to the known technology of those skilled in the art.
The above, the only specific embodiment in the present invention, but protection scope of the present invention is not limited thereto, and appoints What be familiar with the people of the technology disclosed herein technical scope in, it will be appreciated that the conversion or replacement expected, should all cover It is of the invention include within the scope of, therefore, protection scope of the present invention should be defined by the protection domain of claims.

Claims (3)

1. a kind of Android application program privilege abuse detection methods based on process communication, it is characterised in that including following step Suddenly:
The installation kit of S1, decompression and decompiling application program to be measured, be applied program's source code, analysis AndroidManifest.xml files, obtain the authority set P of the application programrAnd set using the authority of own components It is fixed;
S2, scanning application program source code, obtain source code and run necessary authority set Pd, according to actual needs, sensitive permission is set Set P0
S3, by comparing two above authority set PrAnd PdDifference, set up classification and Detection model;
S4, operation application program to be measured, classification dynamic detection is carried out according to classification and Detection model;It is grouped for different authorities, Both process communication (IPC) between monitor component, also monitoring set (Pr-Pd)∩P0Middle sensitive permission is called;If it find that different Often, the detailed data of abnormal behaviour is formed into journal file;
Classification and Detection model is described in detail below described in the step S3:
The authority set P of application programrNecessary authority set P is run with programdBetween relation have three kinds of situations, i.e.,Pd=PrWithSet up all standing classification and Detection model as follows:
(1) whenWhen, that is, except authority P necessary to operation in the authority appliedd, it is also extra inessential comprising some Authority Pr-Pd:For PdPrivilege abuse detection, be the implementation process communication monitoring between application program, monitoring programme whether have by Privacy information is sent to the application program without authority, that is, monitor whether there is the phenomenon of privilege-escalation;For Pr-PdAuthority Misuse detection, that is, monitor whether these authorities are triggered, as long as being triggered, just belongs to the behavior of privilege abuse;
(2) P is worked asd=PrWhen, that is, the authority applied is exactly authority P necessary to operationd:For PdPrivilege abuse detection, be Implementation process communication monitoring between application program, whether monitoring programme has is sent to the application program without authority by privacy information, Monitor whether there is the phenomenon of privilege-escalation;
(3) whenWhen:Application program cisco unity malfunction, acquiescence such case does not exist;
Classification dynamic detection is implemented as follows described in the step S4:
If it is B to be detected application program, for the necessary authority set P of B application operationsdPrivilege abuse detection method be:When it When being employed A access, by calling the IPC of Android, the Intent of IAC is monitored, obtain the two applications and exist Communication and application authority situation, and and P0Set is compared;If the detailed data of abnormal behaviour is formed into day in the presence of if Will file, can be checked by user and decide whether to allow the process to call afterwards;If user's selection is allowed, by sensitivity power Limit from set P0Middle deletion, no longer does similar prompting;
If inessential authority set Pr-PdNon-NULL, then for Pr-PdPrivilege abuse detection, i.e., using api interface list with The mapping table of Android authorities judges whether certain API Calls triggers Pr-PdIn authority, as long as being triggered, just belong to The behavior of privilege abuse.
2. the Android application program privilege abuse detection methods of process communication are based on according to claim 1, and its feature exists In:The authority set P of application program is obtained described in step S1rBe implemented as:Decompressed on windows platforms and treated Survey application program installation kit and obtain Classes.dex files, and decompiling is carried out to this document and be applied program's source code;Analysis AndroidManifest.xml files, obtain the authority set P of the application programrAnd set using the authority of own components It is fixed.
3. the Android application program privilege abuse detection methods of process communication are based on according to claim 1, and its feature exists In:Source code is obtained described in step S2 and runs necessary authority set PdBe implemented as follows:
S21, application program's source code is scanned, the api interface list that the program of being applied is used;
S22, the permissions list that the application program is determined using the mapping table of api interface list and Android authorities, and to this Permissions list carries out duplicate removal treatment and obtains the necessary authority set P of the application programd
CN201410787755.0A 2014-12-17 2014-12-17 A kind of Android application program privilege abuse detection methods based on process communication Expired - Fee Related CN104462970B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410787755.0A CN104462970B (en) 2014-12-17 2014-12-17 A kind of Android application program privilege abuse detection methods based on process communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410787755.0A CN104462970B (en) 2014-12-17 2014-12-17 A kind of Android application program privilege abuse detection methods based on process communication

Publications (2)

Publication Number Publication Date
CN104462970A CN104462970A (en) 2015-03-25
CN104462970B true CN104462970B (en) 2017-06-16

Family

ID=52908995

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410787755.0A Expired - Fee Related CN104462970B (en) 2014-12-17 2014-12-17 A kind of Android application program privilege abuse detection methods based on process communication

Country Status (1)

Country Link
CN (1) CN104462970B (en)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104834858A (en) * 2015-04-24 2015-08-12 南京邮电大学 Method for statically detecting malicious code in android APP (Application)
JP6437892B2 (en) * 2015-07-13 2018-12-12 日本電信電話株式会社 Software analysis system, software analysis method, and software analysis program
CN105224835B (en) * 2015-09-08 2020-08-21 Tcl通讯科技(成都)有限公司 Method for acquiring application program data based on intelligent terminal and intelligent terminal
CN106557687A (en) * 2015-09-30 2017-04-05 北京奇虎科技有限公司 A kind of authority control method and device of application program installation process
CN106557669A (en) * 2015-09-30 2017-04-05 北京奇虎科技有限公司 A kind of authority control method and device of application program installation process
CN105354485B (en) * 2015-10-13 2018-02-16 四川携创信息技术服务有限公司 A kind of portable set data processing method
CN105184152B (en) * 2015-10-13 2018-03-30 四川中科腾信科技有限公司 A kind of mobile terminal data processing method
CN105468976B (en) * 2015-12-08 2019-11-12 北京元心科技有限公司 A kind of method for monitoring instruction and device of the multisystem based on container
CN105550584A (en) * 2015-12-31 2016-05-04 北京工业大学 RBAC based malicious program interception and processing method in Android platform
CN105871657B (en) * 2016-04-25 2019-08-30 北京珊瑚灵御科技有限公司 A kind of Network Data Control system and method based on Android platform
CN107066878B (en) * 2017-01-19 2019-06-11 国网江苏省电力公司电力科学研究院 A kind of mobile application security means of defence towards Android platform
CN106951786A (en) * 2017-03-30 2017-07-14 国网江苏省电力公司电力科学研究院 Towards the Mobile solution legal power safety analysis method of Android platform
CN107563187A (en) * 2017-08-30 2018-01-09 广东欧珀移动通信有限公司 Access operation monitoring method, device, mobile terminal and readable storage medium storing program for executing
CN107831886B (en) * 2017-11-21 2020-06-26 Oppo广东移动通信有限公司 Control method and device for associated starting application, storage medium and intelligent terminal
CN108804912B (en) * 2018-06-15 2021-09-28 北京大学 Application program override detection method based on permission set difference
CN109583207A (en) * 2018-11-29 2019-04-05 海南新软软件有限公司 Android system malicious application detection method, device and terminal
CN110096431A (en) * 2019-03-19 2019-08-06 深圳壹账通智能科技有限公司 Page permissions test method, device, computer equipment and storage medium
CN110113325A (en) * 2019-04-25 2019-08-09 成都卫士通信息产业股份有限公司 Network Data Control method, apparatus and storage medium based on third party SDK
CN110263566B (en) * 2019-06-29 2020-12-22 西安交通大学 Method for detecting and classifying authority-raising behaviors of massive logs
CN110837360B (en) * 2019-10-12 2023-04-07 福建天泉教育科技有限公司 Method for detecting excessive claim right and computer readable storage medium
CN111143831A (en) * 2019-12-24 2020-05-12 平安普惠企业管理有限公司 Installation package privacy permission scanning method and device and computer equipment
CN111240694B (en) * 2020-01-03 2024-01-09 北京小米移动软件有限公司 Application detection method, application detection device and storage medium
CN113282906B (en) * 2020-02-20 2024-05-03 Oppo广东移动通信有限公司 Authority detection method, device, terminal and storage medium
CN112988607B (en) * 2021-05-11 2022-02-11 腾讯科技(深圳)有限公司 Application program component detection method and device and storage medium
CN114861180B (en) * 2022-05-25 2023-09-08 广东粤密技术服务有限公司 Application program security detection method and device
CN117150453B (en) * 2023-11-01 2024-02-02 建信金融科技有限责任公司 Network application detection method, device, equipment, storage medium and program product

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104156660A (en) * 2014-08-28 2014-11-19 东南大学 Android permission fine-grained access control method based on operating environment state

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104156660A (en) * 2014-08-28 2014-11-19 东南大学 Android permission fine-grained access control method based on operating environment state

Also Published As

Publication number Publication date
CN104462970A (en) 2015-03-25

Similar Documents

Publication Publication Date Title
CN104462970B (en) A kind of Android application program privilege abuse detection methods based on process communication
US8549649B2 (en) Systems and methods for sensitive data remediation
EP2551786B1 (en) Efficient securing of data on mobile devices
EP2933973A1 (en) Data protection method, apparatus and system
US10009370B1 (en) Detection and remediation of potentially malicious files
KR101266037B1 (en) Method and apparatus for treating malicious action in mobile terminal
CN112685682B (en) Method, device, equipment and medium for identifying forbidden object of attack event
WO2015085244A1 (en) Distributed monitoring, evaluation, and response for multiple devices
CN102831021A (en) Method and device for interrupting or cleaning plugin
CN104809397A (en) Android malicious software detection method and system based on dynamic monitoring
CN110084064B (en) Big data analysis processing method and system based on terminal
CN106650418A (en) Android access control system and method based onmulti-strategy
Hammad et al. Determination and enforcement of least-privilege architecture in android
Jing et al. Checking intent-based communication in android with intent space analysis
CN105930726A (en) Processing method for malicious operation behavior and user terminal
CN109800569A (en) Program identification method and device
CN113168469A (en) System and method for behavioral threat detection
US8978150B1 (en) Data recovery service with automated identification and response to compromised user credentials
Sikder et al. A survey on android security: development and deployment hindrance and best practices
CN104038488A (en) System network safety protection method and device
Gómez-Hernández et al. ARANAC: a bring-your-own-permissions network access control methodology for android devices
CN105631332B (en) A kind of method and device of processing rogue program
CN103279708A (en) Method and system for monitoring and analyzing mobile terminal malicious code behaviors
CN113595986B (en) Intelligent contract intercepting method and device based on intelligent contract firewall framework
JP2018516398A (en) Optimizing data detection in communications

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170616

Termination date: 20191217