Embodiment
Various exemplary embodiment of the present invention is described in detail now with reference to accompanying drawing.It should be noted that: unless specifically stated otherwise, otherwise positioned opposite, the numerical expression of the parts of setting forth in these embodiments and step and numerical value do not limit the scope of the invention.
Meanwhile, it should be understood that for convenience of description, the size of the various piece shown in accompanying drawing is not draw according to the proportionate relationship of reality.
Illustrative to the description only actually of at least one exemplary embodiment below, never as any restriction to the present invention and application or use.
May not discuss in detail for the known technology of person of ordinary skill in the relevant, method and apparatus, but in the appropriate case, described technology, method and apparatus should be regarded as a part for instructions.
It should be noted that: represent similar terms in similar label and letter accompanying drawing below, therefore, once be defined in an a certain Xiang Yi accompanying drawing, then do not need to be further discussed it in accompanying drawing subsequently.
At present on the market Android software to crack pirate phenomenon serious, the application of these piracies is usually quiet appears at some non-normal electronic market or channels, the electronic market even appearing in some authoritys had.The application of these piracies is by embedding advertisement, and interception pays, and implants the malicious manner such as back door, not only can corrode the direct economy interests of legal manufacturer, also can make an extremely bad impression to its reputation.Therefore, need by the service condition in the pirate situation of this application on effective means monitoring electronic market and subscriber equipment.
Fig. 1 is the process flow diagram of the present invention's piracy application detection method embodiment.As shown in Figure 1, the piracy application detection method of this embodiment comprises:
120, whether comprised the legal application message of current application by inquiry white list database, identify whether current application is legal application.
Wherein, store one or more legal application message in white list database, the legal application message of every bar comprises the bag name of routine package and the signature of use of a legal application.
Bag name, be the field that system is used for distinguishing different application, a application of a bag name unique identification, the Bao Minghui of repetition is considered to a application, can not be arranged in a system simultaneously.
Signature, be used for distinguishing different developers, signature file unique identification developer, same developer can have multiple signature, but same signature can only be used by a developer.
If do not exist in white list database and current application bag name and consistent legal application message of signing, then identifying current application is not legal application, executable operations 140.
140, whether the statistical nature identification current application based on associated application is pirate application.
Wherein, associated application comprises current application and related application thereof, related application according to actual needs, such as, can comprise the function class of different developer exploitation like, the same or similar application of Apply Names, and the application of the different editions of same developer's exploitation, bag name have the application of certain association; Statistical nature comprises the version quantity of associated application and/or propagates quantity, and wherein, propagating quantity can be such as apply to install quantity on the subscriber terminal.
Based on the piracy application detection method that the above embodiment of the present invention provides, by storing legal application message in white list database, comprise bag name and the signature of legal application.When carrying out piracy application detection, be first whether legal application by white list database identification current application, if identifying current application by white list database is not legal application, based on the statistical nature of the associated application of this application, such as, version quantity and/or propagation quantity, identify whether current application is pirate application, thus achieve the effective detection and indentification to piracy application.
In embody rule, legal application message in white list database can be provided by certification authority and/or legal application developer, such as can derive from bag name and the signing messages of the high-risk application such as the payment class that Ministry of Industry and Information provides, and can real-time update according to the actual requirements.
True and reliable in order to ensure the legal application message in white list database, in another embodiment of the present invention's piracy application detection method, can by the user profile stored in authentication database, authentication is carried out to providing the developer of legal application message, only having by the developer of authentication is just legal application developer, just allows in white list database, record the application that it provides bag name and signature.
In addition, in another embodiment of the present invention's piracy application detection method, whether can also be pirate application by black list database identification current application, the bag name storing more than one piracy signature in black list database wherein and use the piracy of each piracy signature to apply.Passing through white list database and black list database, both cannot determine current application be legal application, when also cannot determine that current application is pirate application, both signature and the bag name information of current application cannot all have been inquired from white list database and black list database, just executable operations 140.
Particularly, be whether that pirate application can perform with operation 120 simultaneously by black list database identification current application, also can prior to or be later than operation 120 and perform.
Fig. 2 is the process flow diagram of another embodiment of the present invention's piracy application detection method.As shown in Figure 2, compared with applying detection method with the piracy of the above embodiment of the present invention, in this embodiment, if identify current application not to be legal application, neither pirate to apply, that is: by white list database and black list database, both cannot determine that current application was legal application, when also cannot determine that current application is pirate application, performs and operate as follows:
220, detect current application and whether carry the malice feature pre-set, the code characteristic such as such as virus, wooden horse.
If detect, current application carries malice feature, executable operations 240.Otherwise, think that current application cannot be judged to be legal application or pirate application, do not perform the subsequent operation of the present embodiment, can executable operations 140.
240, judge that current application is signed as piracy as the signature of piracy application, current application.
Afterwards, can optionally executable operations 260, to upgrade the piracy signature in black list database, perfect.
260, in black list database, record piracy signature and the bag name of current application.
Realizing in process of the present invention, inventor finds, in actual applications, the version of legal application covers quantity and will apply more than piracy, propagate quantity also to apply more than piracy, therefore, unrestricted according to a concrete example of the present invention's piracy application detection method embodiment, operation 140 in above-described embodiment specifically can realize in the following way: according to the statistical indicator pre-set, obtain the statistical information of associated application, statistical information wherein comprises the statistical indicator numerical value of same application, such as, can comprise version quantity and/or propagate quantity; Maximum same of decision statistic index value is applied as legal application; Optionally in white list database, record is judged to be the legal application message of the same application of legal application, carries out upgrading, perfect with the legal application message in dialogue list data storehouse.
Exemplarily, above-mentioned statistical information can also comprise in associated application the difference bag name using same signature.Correspondingly, based on this statistical information, can judge in associated application, to use the quantity of the difference bag name of same signature whether to be greater than 1; If use the quantity of the difference bag name of same signature to be greater than 1 in associated application, namely the application of different bag name employs same signature, then judge to use between the difference bag name of this same signature whether there is incidence relation further; If use between the difference bag name of this same signature and there is not incidence relation, namely illustrate that these application do not belong to same developer, then judge these use different bag name be applied as pirate application, above-mentioned same signature signs as piracy; In black list database, optionally record same signature and use the bag name of different application of this same signature, to upgrade the piracy signature in black list database, perfect.
In addition, in another embodiment of the present invention's piracy application detection method, for in associated application, all cannot be judged to be the application of legal application or pirate application by the way, these application that cannot judge can be sent to legal developer's client, judged by legal developer, and these receiving that legal developer's client returns are applied as the qualification result message of legal application or pirate application; According to this qualification result message, if having legal application through qualification, by the legal application message of white list data-base recording legal copy application; If have pirate application through qualification, by piracy signature and the bag name of the application of black list database record piracy, thus the information in black, white list database is upgraded in time.
Due to all signatures collecting each developer may be difficult in practical application, likely developer has changed a new business, employ a signature newly developed, but be not supplied to white list database, therefore, when legal application or pirate application all cannot be judged to be by the way, these application that cannot judge be supplied to legal developer and judge, improve legal copy, pirate judging nicety rate and realizability.
Or, in another embodiment of the present invention's piracy application detection method, for in associated application, all be judged to be the application of legal application or pirate application by the way, also can by its sample storage in sample database, and this cannot judge the application related information applied by gray list data-base recording, such as, comprise the bag name of this application, signature, version number, application source, use equipment, propagate quantity, to be in the future supplied to developer or for further statistics.
Fig. 3 is the process flow diagram of another embodiment of the present invention's piracy application detection method.As shown in Figure 3, the method for this embodiment can comprise:
320, obtain the characteristic information of each application in associated application respectively, such as, can comprise the bag name of application, signature and version number.
Such as, specifically by the cloud killing client on user terminal, the characteristic information of each application in associated application can be gathered from application market and user terminal.
340, respectively using the application of in associated application as current application, by inquiring about black, white list database, identify whether current application is legal or pirate application.
If by white list database and black list database, both cannot determine current application be legal application, when also cannot determine that current application is pirate application, executable operations 360.
360, the characteristic information of associated application is added up, obtains the statistical information of associated application.
380, whether the statistical nature identification current application based on associated application is pirate application.
It should be noted that, embodiment illustrated in fig. 3ly can form new embodiment in conjunction with any one or more embodiment of other except embodiment illustrated in fig. 1, unless specially illustrated in the embodiment of the present invention, there is not the restriction of execution sequencing in the operation of the various embodiments described above of the present invention.
Further, can also comprise application source or use equipment by the characteristic information operating the application of 320 acquisitions, wherein, namely which application market this is applied in and occurred in application source, and namely which user terminal this is applied on and installed and used use equipment.
Based on above-mentioned each piracy application detection method embodiment of the present invention, determine one when being applied as pirate application, can according to the use facility information of this piracy application, notify that use equipment that this piracy is applied is applied this piracy and clear up.
Particularly, can notify that the cloud killing client on the use equipment of pirate application is cleared up piracy application, and apply corresponding legal application message to this cloud killing client push piracy; Cloud killing client on the use equipment of pirate application can be cleared up piracy application according to notice, and shows legal application message on use equipment, so that user gives this legal application message carry out downloading and installing of legal application.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that programmed instruction is relevant, aforesaid program can be stored in a computer read/write memory medium, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
Fig. 4 is the structural representation of the present invention's piracy application pick-up unit embodiment.The piracy application pick-up unit of this embodiment can be used in the present invention above-mentioned each piracy application detection method embodiment.As shown in Figure 4, the piracy application pick-up unit of this embodiment comprises recognition unit and the first detecting unit.Wherein:
Recognition unit, for whether being comprised the legal application message of current application by inquiry white list database, identifies whether current application is legal application.Store one or more legal application message in white list database wherein, provided by certification authority and/or legal application developer, the legal application message of every bar comprises bag name and the signature of a legal application.
First detecting unit, when not being legal application for identifying current application at recognition unit, whether the statistical nature identification current application based on associated application is pirate application.Associated application wherein comprises current application and related application thereof; Statistical nature comprises the version quantity of associated application and/or propagates quantity.
Based on the piracy application pick-up unit that the above embodiment of the present invention provides, by storing legal application message in white list database, comprise bag name and the signature of legal application.When carrying out piracy application detection, be first whether legal application by white list database identification current application, if identifying current application by white list database is not legal application, based on the statistical nature of the associated application of this application, such as, version quantity and/or propagation quantity, identify whether current application is pirate application, thus achieve the effective detection and indentification to piracy application.
Fig. 5 is the structural representation of another embodiment of the present invention's piracy application pick-up unit.As shown in Figure 5, compared with the embodiment shown in Fig. 4, the piracy application pick-up unit of this embodiment also comprises authentication database and authentication ' unit.Wherein:
Authentication database, for storing the user profile being authenticated to be legal application developer.
Authentication ' unit, carries out certification for the user profile by storing in authentication database to developer; And confirm by the developer of certification to be legal application developer, legal application message could be provided to white list database.
In another embodiment of the present invention's piracy application pick-up unit, whether recognition unit can also be used for by black list database identification current application is pirate application, the bag name storing more than one piracy signature in black list database wherein and use the piracy of each piracy signature to apply.Correspondingly, the first detecting unit specifically recognition unit identify current application be not legal application, neither pirate application time, whether the statistical nature identification current application performed based on associated application is the operation of pirate application.
Fig. 6 is the structural representation of another embodiment of the present invention's piracy application pick-up unit.As shown in Figure 6, compared with the embodiment shown in Fig. 4 or Fig. 5, the piracy application pick-up unit of this embodiment also comprises fisrt feature information bank, the second detecting unit and the first updating block.Wherein:
Fisrt feature information bank, for storing the malice feature pre-set.
Second detecting unit, for identify at recognition unit current application be not legal application, neither pirate application time, detect current application and whether carry the malice feature pre-set; And when detecting that current application carries malice feature, judge that current application is signed as piracy as the signature of piracy application, current application.
First updating block, for the result of determination according to the second detecting unit, records piracy signature and the bag name of current application in black list database.
Again see Fig. 6, in another embodiment of the present invention's piracy application pick-up unit, second feature information bank and the second updating block can also be comprised.Wherein:
Second feature information bank, for storing the statistical indicator pre-set, statistical indicator numerical value comprises version number and/or propagates number.
First detecting unit, specifically for according to the statistical indicator pre-set, obtains the statistical information of associated application, comprises the statistical indicator numerical value of same application, comprises version quantity and/or propagates quantity; And maximum same of decision statistic index value is applied as legal application.
Second updating block, for the result of determination according to the first detecting unit, in white list database, record is judged to be the legal application message of the same application of legal application.
Further, statistical information can also comprise in associated application the difference bag name using same signature.Again see Fig. 6, in another embodiment of the present invention's piracy application pick-up unit, can also judging unit being comprised, using the quantity of the difference bag name of same signature whether to be greater than 1 in associated application for judging; And if use the quantity of the difference bag name of same signature to be greater than 1 in associated application, judge use this same signature difference bag name between whether there is incidence relation; If use between the difference bag name of this same signature and there is not incidence relation, judge to use different bag name be applied as pirate application, same signature signs as piracy.Correspondingly, in this embodiment, the second updating block also can be used for the result of determination according to judging unit, records same signature and use the bag name of different application of this same signature in black list database.
Again see Fig. 6, compared with the various embodiments described above of the present invention, in another embodiment of the present invention's piracy application pick-up unit, Transmit-Receive Unit and the 3rd updating block can also be comprised.Wherein:
Transmit-Receive Unit, for the application by legal application or pirate application cannot be judged to be in associated application, send to legal developer's client, and receive in the associated application that legal developer's client returns the qualification result message being respectively applied as legal application or pirate application.
3rd updating block, for according to qualification result message, if there is legal application in associated application, by the legal application message of white list data-base recording legal copy application; If there is pirate application in associated application, by piracy signature and the bag name of the application of black list database record piracy.
Fig. 7 is the structural representation of another embodiment of the present invention's piracy application pick-up unit.As shown in Figure 7, in the piracy application pick-up unit of this embodiment, storage unit can also be comprised, for the application that cannot be judged to be legal application or pirate application in associated application, in sample database, store this cannot judge application, and this cannot judge the application related information applied by gray list data-base recording, such as, can comprise bag name, signature, version number, application source, use equipment, propagate quantity.
In addition, state on the invention in pirate application pick-up unit embodiment, can also acquiring unit be comprised, for obtaining the characteristic information of each application in associated application respectively, comprise the bag name of application, signature and version number, optionally can also comprise application source or use equipment in addition.Correspondingly, the first detecting unit, specifically for adding up characteristic information, obtains the statistical information of associated application.
In practical application, acquiring unit specifically can pass through cloud killing client, gathers the characteristic information of each application in associated application from application market and user terminal.
Based on above-mentioned piracy application pick-up unit embodiment, Transmit-Receive Unit is also used in judgement one when being applied as pirate application, according to the use facility information of this piracy application, notify that the use equipment that this piracy is applied is cleared up the application of this piracy, and can optionally to the legal application message that this cloud killing client push piracy application is corresponding.
Fig. 8 is the structural representation of the present invention's piracy application detection system embodiment.The piracy application detection system of this embodiment can comprise the piracy application pick-up unit of above-mentioned any embodiment, for realizing the above-mentioned each piracy application detection method embodiment of the present invention.
Based on the piracy application detection system that the above embodiment of the present invention provides, by storing legal application message in white list database, bag name and the signature of legal application can be comprised.When carrying out piracy application detection, be first whether legal application by white list database identification current application, if identifying current application by white list database is not legal application, based on the statistical nature of the associated application of this application, such as, version quantity and/or propagation quantity, identify whether current application is pirate application, thus achieve the effective detection and indentification to piracy application.
As shown in Figure 8, the piracy application detection system of this embodiment can also optionally comprise white list database and/or black list database.Wherein:
White list database, stores one or more legal application message, and the legal application message of every bar comprises bag name and the signature of a legal application;
Black list database, the bag name storing more than one piracy signature and use the piracy of each piracy signature to apply.
Again see Fig. 8, in another embodiment of the present invention's piracy application detection system, also comprise the cloud killing client be positioned on user terminal, this cloud killing client-side, as being mobile phone bodyguard, antivirus software etc., can gather the characteristic information of each application in associated application from application market and user terminal.In this embodiment:
The pirate Transmit-Receive Unit applied in pick-up unit, for notifying that the cloud killing client of installing on the user terminal of pirate application is cleared up piracy application, and applies corresponding legal application message to this cloud killing client push piracy;
Cloud killing client, for clearing up piracy application, and shows legal application message on use equipment, so that user gives this legal application message carry out downloading and installing of legal application.
As shown in Figure 9, be the structural representation of the present invention's piracy application detection system Application Example.In a particular application, pirate application pick-up unit specifically can pass through a cloud killing engine implementation.
After legal developer provides its whole legal application and signature thereof, based on the embodiment of the present invention, just developer can be helped to find, and its application is originally in the pirate situation occurred on the market, namely developer is helped to find which to be all distributed in its different signature of application signature local, or which machine occurred, its propagation quantity has how many, and we can also be supplied to developer sample.
Embodiments provide following technical scheme:
1, a kind of pirate application detection method, comprising:
Whether comprised the legal application message of current application by inquiry white list database, identify whether current application is legal application; Store one or more legal application message in described white list database, the legal application message of every bar comprises bag name and the signature of a legal application;
If identifying described current application is not legal application, based on associated application statistical nature identification described in current application whether be pirate application; Described associated application comprises described current application and related application thereof; Described statistical nature comprises the version quantity of described associated application and/or propagates quantity.
2, the method according to 1, the legal application message in described white list database is provided by certification authority and/or legal application developer.
3, the method according to 2, also comprises:
By the user profile stored in authentication database, certification is carried out to developer;
Be legal application developer by the developer of certification.
4, the method according to 1, also comprises:
Be whether pirate application by current application described in black list database identification; The bag name storing more than one piracy signature in described black list database and use the piracy of each piracy signature to apply;
Not legal application if identify described current application, neither pirate apply, perform whether current application described in the described statistical nature identification based on associated application is pirate operation of applying.
5, the method according to 4, also comprises:
If identify described current application not to be legal application, neither pirate to apply, detect current application and whether carry the malice feature pre-set;
If detect, current application carries malice feature, judges that current application is signed as piracy as the signature of piracy application, current application;
Piracy signature and the bag name of current application is recorded in black list database.
6, the method according to 1 to 5 any one, whether current application described in the described statistical nature identification based on associated application is that pirate application comprises:
According to the statistical indicator pre-set, obtain the statistical information of described associated application, described statistical information comprises the statistical indicator numerical value of same application, and described statistical indicator numerical value comprises version quantity and/or propagates quantity;
Maximum same of decision statistic index value is applied as legal application;
In white list database, record is judged to be the legal application message of the same application of legal application.
7, the method according to 6, described statistical information also comprises the difference bag name using same signature in described associated application;
Described method also comprises:
Judge in described associated application, to use the quantity of the difference bag name of same signature whether to be greater than 1;
If use the quantity of the difference bag name of same signature to be greater than 1 in described associated application, judge to use between the difference bag name of this same signature whether there is incidence relation;
If use between the difference bag name of this same signature and there is not incidence relation, judge to use described different bag name be applied as pirate application, described same signature signs as piracy;
In black list database, record described same signature and use the bag name of different application of this same signature.
8, the method according to 4 to 7 any one, also comprises:
For the application that cannot be judged to be legal application or pirate application in described associated application, send to legal developer's client, and receive in the described associated application that legal developer's client returns the qualification result message being respectively applied as legal application or pirate application;
According to qualification result message, if there is legal application in associated application, by the legal application message of white list data-base recording legal copy application; If there is pirate application in associated application, by piracy signature and the bag name of the application of black list database record piracy.
9, the method according to 4 to 7 any one, also comprises:
For the application that cannot be judged to be legal application or pirate application in described associated application, in sample database, store this cannot judge application, and this cannot judge the application related information applied by gray list data-base recording, described application related information comprises bag name, signature, version number, application source, use equipment, propagates quantity.
10, the method according to 6 to 9 any one, also comprises:
To obtain in described associated application the characteristic information of each application respectively, described characteristic information comprises the bag name of application, signature and version number;
The statistical information obtaining described associated application comprises: add up described characteristic information, obtains the statistical information of described associated application.
11, the method according to 10, described characteristic information also comprises application source or use equipment.
12, the method according to 10 or 11, the characteristic information of described acquisition application comprises: by cloud killing client, gathers the characteristic information of each application in described associated application from application market and user terminal.
13, the method according to 11 or 12, also comprises:
Be applied as pirate application in response to judgement one, according to the use facility information of this piracy application, notify that the use equipment that this piracy is applied is cleared up the application of this piracy.
14, the method according to 13, the described use equipment notifying that this piracy is applied carries out cleaning to the application of this piracy and comprises:
Notify that the cloud killing client on the use equipment of described piracy application is cleared up piracy application, and apply corresponding legal application message to pirate described in this cloud killing client push;
Cloud killing client on the use equipment of described piracy application is cleared up described piracy application, and shows described legal application message on described use equipment, so that user gives this legal application message carry out downloading and installing of legal application.
15, a kind of pirate application pick-up unit, comprising:
Recognition unit, for whether being comprised the legal application message of current application by inquiry white list database, identifies whether current application is legal application; Store one or more legal application message in described white list database, the legal application message of every bar comprises bag name and the signature of a legal application;
First detecting unit, when not being legal application for identifying described current application at described recognition unit, based on associated application statistical nature identification described in current application whether be pirate application; Described associated application comprises described current application and related application thereof; Described statistical nature comprises the version quantity of described associated application and/or propagates quantity.
16, the device according to 15, the legal application message in described white list database is provided by certification authority and/or legal application developer.
17, the device according to 2, also comprises:
Authentication database is the user profile of legal application developer for authentication storage;
Authentication ' unit, carries out certification for the user profile by storing in authentication database to developer; And confirm by the developer of certification to be legal application developer.
18, the device according to 15, whether described recognition unit, also for being pirate application by current application described in black list database identification; The bag name storing more than one piracy signature in described black list database and use the piracy of each piracy signature to apply;
Described first detecting unit, specifically described recognition unit identify described current application be not legal application, neither pirate application time, perform the operation whether current application described in the described statistical nature identification based on associated application is pirate application.
19, the device according to 18, also comprises:
Fisrt feature information bank, for storing the malice feature pre-set;
Second detecting unit, for identify at recognition unit described current application be not legal application, neither pirate application time, detect current application and whether carry the malice feature pre-set; And when detecting that current application carries malice feature, judge that current application is signed as piracy as the signature of piracy application, current application;
First updating block, for the result of determination according to the second detecting unit, records piracy signature and the bag name of current application in black list database.
20, the device according to 15 to 19 any one, also comprises:
Second feature information bank, for storing the statistical indicator pre-set, described statistical indicator numerical value comprises version number and/or propagates number;
Described first detecting unit, specifically for the statistical indicator that basis pre-sets, obtain the statistical information of described associated application, described statistical information comprises the statistical indicator numerical value of same application, and described statistical indicator numerical value comprises version quantity and/or propagates quantity; And maximum same of decision statistic index value is applied as legal application;
Second updating block, for the result of determination according to the first detecting unit, in white list database, record is judged to be the legal application message of the same application of legal application.
21, the device according to 20, described statistical information also comprises the difference bag name using same signature in described associated application;
Described device also comprises:
Judging unit, uses the quantity of the difference bag name of same signature whether to be greater than 1 for judging in described associated application; And if use the quantity of the difference bag name of same signature to be greater than 1 in described associated application, judge use this same signature difference bag name between whether there is incidence relation; If use between the difference bag name of this same signature and there is not incidence relation, judge to use described different bag name be applied as pirate application, described same signature signs as piracy;
Described second updating block, also for the result of determination according to judging unit, records described same signature and uses the bag name of different application of this same signature in black list database.
22, the device according to 18 to 21 any one, also comprises:
Transmit-Receive Unit, for the application by legal application or pirate application cannot be judged to be in described associated application, send to legal developer's client, and receive in the described associated application that legal developer's client returns the qualification result message being respectively applied as legal application or pirate application;
3rd updating block, for according to described qualification result message, if there is legal application in associated application, by the legal application message of white list data-base recording legal copy application; If there is pirate application in associated application, by piracy signature and the bag name of the application of black list database record piracy.
23, the device according to 18 to 21 any one, also comprises:
Storage unit, for the application that cannot be judged to be legal application or pirate application in described associated application, in sample database, store this cannot judge application, and this cannot judge the application related information applied by gray list data-base recording, described application related information comprises bag name, signature, version number, application source, use equipment, propagates quantity.
24, the device according to 20 to 23 any one, also comprises:
Acquiring unit, for obtaining in described associated application the characteristic information of each application respectively, described characteristic information comprises the bag name of application, signature and version number;
Described first detecting unit, specifically for adding up described characteristic information, obtains the statistical information of described associated application.
25, the device according to 24, described characteristic information also comprises application source or use equipment.
26, the device according to 24 or 25, described acquiring unit, especially by cloud killing client, gathers the characteristic information of each application in described associated application from application market and user terminal.
27, the device according to 25 or 26, described Transmit-Receive Unit, time also for being applied as pirate application judgement one, according to the use facility information of this piracy application, notifies that the use equipment that this piracy is applied is cleared up the application of this piracy.
28, the device according to 27, described Transmit-Receive Unit, also for the legal application message of application correspondence pirate described in this cloud killing client push.
29, a kind of pirate application detection system, comprises the piracy application pick-up unit described in 15 to 28 any one.
30, the system according to 29, also comprises:
White list database, stores one or more legal application message, and the legal application message of every bar comprises bag name and the signature of a legal application; And/or
Black list database, the bag name storing more than one piracy signature and use the piracy of each piracy signature to apply.
31, the system according to 29 or 30, also comprises the cloud killing client be positioned on user terminal;
Described piracy applies the Transmit-Receive Unit in pick-up unit, for notifying that the cloud killing client of installing on the user terminal of pirate application is cleared up piracy application, and applies corresponding legal application message to pirate described in this cloud killing client push;
Described cloud killing client, for clearing up described piracy application, and shows described legal application message, so that user gives this legal application message carry out downloading and installing of legal application on described user terminal.
In this instructions, each embodiment all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiment, same or analogous part cross-reference between each embodiment.For system embodiment, because itself and embodiment of the method are substantially corresponding, so description is fairly simple, relevant part illustrates see the part of embodiment of the method.
Methods, devices and systems of the present invention may be realized in many ways.Such as, any combination by software, hardware, firmware or software, hardware, firmware realizes methods, devices and systems of the present invention.Said sequence for the step of described method is only to be described, and the step of method of the present invention is not limited to above specifically described order, unless specifically stated otherwise.In addition, in certain embodiments, can be also record program in the recording medium by the invention process, these programs comprise the machine readable instructions for realizing according to method of the present invention.Thus, the present invention also covers the recording medium stored for performing the program according to method of the present invention.