CN105718788B - A kind of malicious application processing method, device and terminal - Google Patents
A kind of malicious application processing method, device and terminal Download PDFInfo
- Publication number
- CN105718788B CN105718788B CN201610035932.9A CN201610035932A CN105718788B CN 105718788 B CN105718788 B CN 105718788B CN 201610035932 A CN201610035932 A CN 201610035932A CN 105718788 B CN105718788 B CN 105718788B
- Authority
- CN
- China
- Prior art keywords
- terminal
- installation kit
- signature
- application
- apk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
The embodiment of the invention provides a kind of malicious application processing method, device and terminals, wherein the described method includes: obtaining the APK signature of system application installation kit when detecting that terminal is in the first application cleaning module;If judging, APK signature is that illegal manufacturer signs, and will be loaded into the blacklist file of the terminal with the sign identification information of corresponding system application installation kit of the APK;When detecting that the terminal is in the second application cleaning module, searches and remove system level application installation kit corresponding with the identification information in the blacklist file.Using technical solution of the present invention, the space memory of terminal can be saved, promotes the high efficiency for removing malicious application.
Description
Technical field
The present invention relates to field of computer technology more particularly to a kind of malicious application processing methods, device and end
End.
Background technique
Currently, terminal sale is often sought to promote the APP that oneself is researched and developed by many application APP operators
Various application APPs are installed in the terminal of sale by manufacturers.However, user can not in discharging terminal those prepackages it is each
Kind APP.The Malware APP pre-installed in terminal is purged in order to realize, user can be by enabling the recovery in terminal
Factory mode is purged Malware APP by way of brush machine.
However found in practice, the recovery factory mode that user enables in terminal can only be to the customized installation of user in terminal
Application APP unloaded, the system-level Malware pre-installed in the terminal cannot be unloaded, cause memory space
Waste;In addition, brush machine requires the technical threshold of user relatively high, in user's voluntarily brush machine, brush machine fails, and brush machine it
Terminal afterwards destroys the software brush machine and ROOT mark of original manufacturer's setting, also will cause the terminal and does not continue to enjoy factory
The guarantee business of quotient.
Summary of the invention
In consideration of it, the present invention provides a kind of malicious application processing method, device and terminal, to save the sky of terminal
Between memory, promoted remove malicious application high efficiency.
On the one hand, the embodiment of the invention provides a kind of malicious application processing methods, which comprises
When detecting that terminal is in the first application cleaning module, the APK signature of system application installation kit is obtained;
If judging, the APK signature, will system application corresponding with APK signature for illegal manufacturer signature
The identification information of installation kit is loaded into the blacklist file of the terminal;
Detect the terminal be in second application cleaning module when, search and remove in the blacklist file
The corresponding system level application installation kit of identification information.
Wherein optionally, the method also includes:
Judge whether system application installation kit corresponding with APK signature has been installed;
If so, unloading system application corresponding with the system application installation kit.
Wherein optionally, described to search and remove system-level application corresponding with the identification information in the blacklist file
Program installation kit, comprising:
Read the identification information in the blacklist file;
System level application installation kit corresponding with the identification information is searched, and removes the system level application
Installation kit.
Wherein optionally, the APK signature for obtaining system application installation kit, comprising:
Obtain the directory listing for recording the system application installation package informatin;
The directory listing is scanned, the APK signature of the system application installation kit is obtained.
Wherein optionally, the identification information load by corresponding system application installation kit of signing with the APK
Into the blacklist file of the terminal, comprising:
Blacklist hash table will be written to the sign identification information of corresponding system application installation kit of the APK;
If detecting, the scanning directory listing terminates, and the blacklist hash table is written to the blacklist of the terminal
In file.
On the other hand, the embodiment of the invention also provides a kind of malicious application processing unit, described device includes:
Module is obtained, for obtaining system application installation when detecting that terminal is in the first application cleaning module
The APK of packet signs;
Loading module, if for judging that the APK signature, will be corresponding with APK signature for illegal manufacturer signature
The identification information of system application installation kit be loaded into the blacklist file of the terminal;
Processing module, for searching and removing and the blacklist when detecting terminal in the second application cleaning module
The corresponding system level application installation kit of identification information in file.
Wherein optionally, described device further include:
Judgment module, for judging whether system application installation kit corresponding with APK signature has been installed;
The processing module, if being also used to the judgment module judges that the system application installation kit has been installed,
Unload system application corresponding with the system application installation kit.
Wherein optionally,
The processing module, specifically for reading the identification information in the blacklist file;It searches and believes with the mark
Corresponding system level application installation kit is ceased, and removes the system level application installation kit.
Wherein optionally,
The acquisition module, specifically for obtaining the catalogue column for recording the system application installation package informatin
Table, and scan the directory listing and obtain the APK signature of the system application installation kit.
Wherein optionally,
The loading module, specifically for by with the APK sign corresponding system application installation kit mark believe
Breath is written to blacklist hash table;If detecting, the scanning directory listing terminates, and institute is written in the blacklist hash table
It states in the blacklist file of terminal.
In another aspect, the terminal includes above-mentioned malicious application the embodiment of the invention also provides a kind of terminal
Processing unit.
The embodiment of the present invention can be purposefully targetedly right in the base of applications for retaining the customized installation of user
System-level malicious application is purged in terminal, to save the space memory of terminal, is improved removing malice and is answered
With the high efficiency of program.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is a kind of flow diagram of camouflage applications program reset processing method of the embodiment of the present invention;
Fig. 2 is the flow diagram of another camouflage applications program reset processing method of the embodiment of the present invention;
Fig. 3 is a kind of structural schematic diagram of camouflage applications program reset processing unit of the embodiment of the present invention;
Fig. 4 is the structural schematic diagram of another camouflage applications program reset processing unit of the embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of terminal of the embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention
Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work
It encloses.
Description and claims of this specification and term " first " in above-mentioned attached drawing, " second " and " third " are (such as
Fruit presence) etc. be for distinguishing different objects, not for description particular order.In addition, term " includes " and they are any
Deformation, it is intended that cover and non-exclusive include.Such as contain the process, method, system, product of a series of steps or units
Or equipment is not limited to listed step or unit, but optionally further comprising the step of not listing or unit, or can
Selection of land further includes the other step or units intrinsic for these process, methods, product or equipment.
Referring to Figure 1, be the embodiment of the present invention a kind of malicious application processing method flow diagram, the present invention
The method of embodiment can be applied in band communication network function such as smart phone, tablet computer, intelligent wearable devices
In the terminal of energy, it can specifically be realized by the processor of these terminals.The embodiment of the present invention the method also includes walking as follows
It is rapid:
S101, detect terminal be in first application cleaning module when, obtain system application installation kit APK label
Name.
In the embodiment of the present invention, when terminal detects that this terminal is in the first application cleaning module, the terminal can be with
Obtain the APK (AndroidPackage, abbreviation APK) of all or part of system application installation kit present in this terminal
Signature.
In the specific implementation, terminal user can input specific character (such as number, letter) in dial, when described
When terminal detects the specific character of terminal user's input, the terminal can automatic jump to corresponding with the specific character
Application model (such as engineering mode, safe mode, network mode), be also provided under each mode for user's selection other
The select button (such as engineering mode is arranged with first and applies cleaning module button, normal mode button) that function is realized, when
When the terminal detects that terminal user clicks the first application cleaning module button chosen under engineering mode, the terminal can be with
Obtain the APK signature of all or part of system application installation kit in this terminal;Alternatively, research staff can also be by work
First under journey mode is arranged in other option columns of the terminal (such as plot Mode, setting choosing using cleaning module function
Being shown on the display interface of this terminal using column, with shortcut etc. in), when terminal detects that terminal user selects
Opening (that is to say, the terminal detects that this terminal is in the first application and removes using the first application cleaning module function
Mode) when, the APK of all or part of system application installation kit present in available terminal of the terminal
(AndroidPackage, abbreviation APK) signature.
When the terminal detects that terminal user opens the first application cleaning module function, the engineering of the terminal
Mode (be also possible to the terminal first applies cleaning module) can be from packet (such as system application of terminal described in trend
Installation kit) management server program sends the broadcast for removing system-level malicious application present in the terminal, institute
The packet supervisor services for stating terminal can receive the broadcast that the engineering mode is sent and (that is to say that the terminal receives
The broadcast).After the terminal receives the broadcast, the terminal can also be detected to obtain and be used present in this terminal
In the directory listing for recording the system application installation package informatin, the terminal can also be scanned under the directory listing
All or part of APK file obtains the APK signature of the system application installation kit.
The terminal may include PC, smart phone (such as Android phone, IOS mobile phone), tablet computer,
The internets such as palm PC, mobile internet device (MID, Mobile Internet Devices) or wearable intelligent equipment
Equipment, the embodiment of the present invention are not construed as limiting.
If S102, judging that for illegal manufacturer signature, system corresponding with APK signature is answered for the APK signature
It is loaded into the blacklist file of the terminal with the identification information of program installation kit.
In the embodiment of the present invention, terminal may determine that whether the APK signature that S101 is got is legal manufacturer's signature,
When the terminal judges that the APK signature (that is to say, the terminal determines that the APK signature is non-for illegal manufacturer signature
Method manufacturer signature) when, the terminal can will add with the sign identification information of corresponding system application installation kit of the APK
It is downloaded in the blacklist file of this terminal.
In the specific implementation, the APK signature that the system application apk of manufacturer oneself research and development has oneself exclusive, general institute
Stating APK signature is the corresponding manufacturer's name of manufacturer (such as space dragon, Tencent).The terminal may determine that S101 is got described
Whether APK signature is legal manufacturer's signature, if the terminal judges the APK signature that S101 is got for illegal manufacturer label
Name, then the terminal can also be by the mark of the corresponding system application installation kit of signing with the APK got in S101
Know the blacklist file hash table that information (that is to say the identification information of APK, such as title, ID number) load is written to the terminal
In, at the end of the terminal detects that S101 scans all or part of APK file under the directory listing, the terminal
The blacklist hash table can also be written in the blacklist file of the terminal.
The signature of application program installation kit of the legal manufacturer's signature for safety, that is, the manufacturer's signature authorized generally refer to grind
The manufacturer's name for issuing the correspondence manufacturer of application program installation kit can also refer to other for indicating safe, legal application
The signature of program installation kit, the embodiment of the present invention are not construed as limiting;Illegal manufacturer's signature is unauthorized manufacturer's signature,
Namely manufacturer's signature of malicious application.
When the terminal judges that APK signature is illegal manufacturer signature, the terminal can also continue to judgement and
Whether the APK corresponding system application packet of signing has been installed, when terminal judgement is described with APK signature pair
The system application packet answered has been installed, i.e., the corresponding application program of system application packet is already installed on the terminal
On, the terminal can also unload system application corresponding with the system application installation kit.
S103, when detecting the terminal and being in the second application cleaning module, search and remove and the blacklist file
In the corresponding system level application installation kit of identification information.
In the embodiment of the present invention, when terminal detects that this terminal is in the second application cleaning module, the terminal can be with
Searching and removing the identification information in the blacklist file with this terminal (that is to say the mark in the blacklist file in S102
Know information) corresponding system application installation kit.
The second application cleaning module can be used for removing opposite with the identification information in terminal in blacklist file
The application program installation kit answered (can be system-level application program installation kit, or the application journey of the customized installation of user
Sequence installation kit), described second can be also used for removing the alternative document money in terminal in blacklist file using cleaning module
Material, the second application cleaning module perhaps the mode of the customized name of other users or can be for recovery mode
The mode of system regulation name, the embodiment of the present invention are not construed as limiting.
In the specific implementation, (the i.e. institute when the terminal detects that terminal user opens the function of the second application cleaning module
State terminal detect the terminal be in second application cleaning module when), the terminal can read this terminal blacklist file
All or part of identification information in folder;The terminal can also according to the identification information this terminal local data base
In or memory in, find out system-level application package corresponding with the identification information;The terminal can also delete
The system-level application package found (that is to say the corresponding system of identification information in the blacklist file in S102
System application program installation kit).
Illustratively, when the terminal detects uninstalling system application program, (system application is answered with the system
It is corresponding with program installation kit) finish after, the terminal can be restarted automatically into recovery mode or terminal user
Oneself restart the terminal and enters recovery mode, when the terminal detects that this terminal enters recovery mode, institute
Identification information present in blacklist file in the terminal can be read by stating terminal, and the terminal is searched and deleted and institute
State the corresponding system application installation kit of identification information.
In the embodiment of the present invention, when detecting that terminal is in the first application cleaning module, system application peace is obtained
The APK signature of dress packet can will system corresponding with APK signature when judge that APK signature is signed for illegal manufacturer
The identification information of system application program installation kit is loaded into the blacklist file of the terminal, is in the second application in the terminal
When cleaning module, it can search and remove system application installation corresponding with the identification information in the blacklist file
Packet.The embodiment of the present invention can carry out the removing of rogue system level application just for system-level application program, to save terminal
Space memory;System level application compared to brush machine mode is removed, and the high efficiency for removing malicious application can be promoted.
Fig. 2 is referred to, is a kind of flow diagram of malicious application processing method of the embodiment of the present invention, the present invention
The method of embodiment can be applied in band communication network function such as smart phone, tablet computer, intelligent wearable devices
In the terminal of energy, it can specifically be realized by the processor of these terminals.The embodiment of the present invention the method also includes walking as follows
It is rapid:
S201, when detect terminal be in first application cleaning module when, obtain for recording the system application
The directory listing of package informatin is installed.
S202, the scanning directory listing obtain the APK signature of the system application installation kit.
In the embodiment of the present invention, when terminal detects that this terminal is in the first application cleaning module, the terminal can be with
It detects and obtains for recording the directory listing of system application installation kit (that is to say APK) information in the terminal, it is described
All or part of APK file under the directory listing that terminal can be arrived with Scanning Detction obtains system application peace
The APK signature of dress packet (that is to say APK).
S203, judge whether the APK signature is legal manufacturer's signature.
It is illegal manufacturer when the terminal determines the APK signature that S202 is scanned in the embodiment of the present invention
When signature, the terminal continues to execute step S204 or S206;Otherwise S201 is executed.
Whether S204, judgement system application installation kit corresponding with APK signature have been installed.
In the embodiment of the present invention, when the terminal judges the APK signature that S202 is scanned for illegal manufacturer label
When name, the terminal can also continue to whether judgement system application installation kit corresponding with APK signature has been installed
In the terminal, if the terminal judges that the system application installation kit corresponding with APK signature has been installed,
Then execute the S205;Otherwise, continue S206.
It should be noted that step S204 and step S206 can be it is arranged side by side, that is to say terminal can choose S204 and
Any one step is executed in S206, can also be carried out with S204 and S206, and the sequence of S204 and S206 be it is variable, i.e.,
Terminal executes S204 after can first carrying out S206, and the embodiment of the present invention is not construed as limiting.
S205, unloading system application corresponding with the system application installation kit.
It should be noted that step S208 can be continued to execute after terminal has executed S205 step, process can also be terminated,
System application corresponding with the system application installation kit is unloaded, and removes a kind of tool of system level application
Body embodiment.
If S206, judging that for illegal manufacturer signature, system corresponding with APK signature is answered for the APK signature
Blacklist hash table is written to the identification information of program installation kit.
S207, at the end of detecting the scanning directory listing, the terminal is written into the blacklist hash table
In blacklist file.
In the embodiment of the present invention, when terminal detects that the terminal scans in S202 all or portion under the directory listing
When dividing APK file all scanned, the blacklist of the terminal can be written in the blacklist hash table in S206 by the terminal
In file.
S208, when detect the terminal be in second application cleaning module when, read the mark in the blacklist file
Know information.
S209, lookup simultaneously delete system level application installation kit corresponding with the identification information.
For the ease of preferably understanding above-described embodiment, illustrated below by an example.User A purchase
As soon as extremely send Coolpad mobile phone A, 4 sections of APP are installed originally in mobile phone A, respectively LeEco video application, dial and answer
With program, Tencent's wechat application program, calendar applications, now the user A wants that the malice for unloading the system-level installation of this mobile phone A is answered
With program (that is to say LeEco video app, Tencent wechat app).User A can be preset in input on the dial for extremely sending mobile phone A
A string of characters alter " ##### ", when mobile phone A detects that user A is altered " ##### " in the character that dial inputs, mobile phone A can from
It is dynamic to jump to engineering mode, and the application interface of the engineering mode, the engineering are shown on the display interface of this mobile phone A
There is the function for user's selection to realize button (as using cleaning module button, normal mode button on the application interface of mode
Deng), when mobile phone A detects that user A clicks the application removing button chosen under the engineering mode, the mobile phone A will enter
Using cleaning module, the engineering mode of the mobile phone A is sent from the packet supervisor services of mobile phone A described in trend for removing
The broadcast of rogue system application program present in terminal is stated, the packet supervisor services of the mobile phone A receives the broadcast,
It is that the mobile phone A receives the broadcast.Maliciously it is present in the terminal for removing when the mobile phone A is received
Unite application program broadcast after, can scan stored in the mobile phone A for record APK information using the institute under catalogue
There is APK file, obtain the APK signature of system application installation kit, that is to say, the APK signature of LeEco screen app installation kit is
The APK signature of LeEco signature, dialing app installation kit and calendar APP installation kit is the APK of space dragon signature, wechat app installation kit
Signature is that Tencent signs.Whether 4 APK signature that the mobile phone A can continue to judge that scanning obtains is Yu Longkupai manufacturer
Signature, mobile phone A may determine that LeEco signature and Tencent's signature is not the signature of Yu Longkupai manufacturer, that is to say LeEco signature and rises
News signature is that illegal manufacturer signs;The mobile phone A can will LeEco video app installation kit title corresponding with LeEco signature
" LeEco video ", wechat app installation kit title " wechat " corresponding with Tencent's signature are loaded into the blacklist hash table of mobile phone A
In, when mobile phone A scan through for record APK information using all APK files under catalogue when, the mobile phone A can will be black
The write-in of list hash table is loaded into the blacklist file of mobile phone A.The mobile phone A can also detect the LeEco video app peace
Whether dress packet and Tencent's wechat app installation kit are already installed in the mobile phone A, when mobile phone A detects the LeEco view
Frequency app installation kit and Tencent's wechat app installation kit are mounted, and the mobile phone A can unload and the LeEco automatically
The corresponding LeEco video app of video app installation kit, wechat app corresponding with Tencent's wechat app installation kit.When mobile phone A is unloaded
It has carried under the application catalogue that the LeEco video app, Tencent's wechat app and mobile phone A are scanned through for recording APK information
All APK files when, the mobile phone A can be restarted automatically into recovery mode, detect that this mobile phone is in mobile phone A
When recovery mode, the mobile phone A can read in the blacklist file of this mobile phone A identification information (including LeEco video,
Tencent's wechat), mobile phone A searches from the local data of this mobile phone and deletes application program installation corresponding with the identification information
Packet, that is to say, mobile phone A can remove LeEco screen app installation kit, Tencent's wechat app installation kit.
The embodiment of the present invention can be purposefully targetedly right in the base of applications for retaining the customized installation of user
System-level malicious application is purged in terminal, to save the space memory of terminal, is improved removing malice and is answered
With the high efficiency of program.
Fig. 3 is referred to, is a kind of structural schematic diagram of malicious application processing unit of the embodiment of the present invention, the present invention
The described device of embodiment can may be provided at the band communication networks such as smart phone, tablet computer, intelligent wearable device
In the terminal of function, described device 3 includes:
Module 300 is obtained, for obtaining system application peace when detecting that terminal is in the first application cleaning module
The APK signature of dress packet;
Loading module 301, if for judging that the APK signature, will be with APK signature pair for illegal manufacturer signature
The identification information for the system application installation kit answered is loaded into the blacklist file of the terminal;
Processing module 302, for searching and removing and the black name when detecting terminal in the second application cleaning module
The corresponding system level application installation kit of identification information in monofile.
It is related into Fig. 2 object embodiment that the specific implementation of modules involved in the embodiment of the present invention can refer to Fig. 1
The description of functional module, this will not be repeated here.
In the embodiment of the present invention, when detecting that terminal is in the first application cleaning module, system application peace is obtained
The APK signature of dress packet can will system corresponding with APK signature when judge that APK signature is signed for illegal manufacturer
The identification information of system application program installation kit is loaded into the blacklist file of the terminal, is in the second application in the terminal
When cleaning module, it can search and remove system level application installation corresponding with the identification information in the blacklist file
Packet.The embodiment of the present invention can carry out the removing of rogue system level application just for system-level application program, to save terminal
Space memory;System level application compared to brush machine mode is removed, and the high efficiency for removing malicious application can be promoted.
Fig. 4 is referred to, is the structural schematic diagram of another malicious application processing unit of the embodiment of the present invention, this hair
The described device of bright embodiment can may be provided at the band communication networks such as smart phone, tablet computer, intelligent wearable device
In the terminal of network function, described device 4 may include above-mentioned acquisition module 300, loading module 301, processing module 302, go back
May include:
Judgment module 303, for judging whether system application installation kit corresponding with APK signature has been installed;
The processing module 302, if being also used to the judgment module 303 judges that the system application installation kit has been pacified
Dress then unloads system application corresponding with the system application installation kit.
Wherein optionally, in the embodiment of the present invention,
The processing module 302, specifically for reading the identification information in the blacklist file;It searches and the mark
The corresponding system level application installation kit of information, and remove the system level application installation kit.
Wherein optionally, in the embodiment of the present invention,
The acquisition module 300, specifically for obtaining the catalogue for recording the system application installation package informatin
List, and scan the directory listing and obtain the APK signature of the system application installation kit.
Wherein optionally, in the embodiment of the present invention,
The loading module 301, specifically for by the mark for corresponding system application installation kit of signing with the APK
Information is written to blacklist hash table;If detecting, the scanning directory listing terminates, and the blacklist hash table is written
In the blacklist file of the terminal.
It is related into Fig. 2 object embodiment that the specific implementation of modules involved in the embodiment of the present invention can refer to Fig. 1
The description of functional module, this will not be repeated here.
In the embodiment of the present invention, when detecting that terminal is in the first application cleaning module, system application peace is obtained
The APK signature of dress packet can will system corresponding with APK signature when judge that APK signature is signed for illegal manufacturer
System application program installation kit is loaded into the blacklist file of the terminal, applies cleaning module when detection terminal is in second
When, it searches and removes system level application installation kit corresponding with the identification information in the blacklist file.The present invention is real
The removing of rogue system level application can be carried out just for system-level application program by applying example, to save the space memory of terminal;
System level application compared to brush machine mode is removed, and the high efficiency for removing malicious application can be promoted.
Fig. 5 is referred to again, is a kind of structural schematic diagram of terminal of the embodiment of the present invention.The terminal can be intelligent hand
The equipment with communications network functionality such as machine, tablet computer, intelligent wearable device, as shown in figure 5, the embodiment of the present invention is described
Terminal may include the modules such as display screen, key, loudspeaker, sound pick-up, and further include: at least one bus 501 and bus
501 at least one connected processor 502 and at least one processor 503 being connected with bus 501, realize communication function
Communication device 505 is the power supply device 504 of each power consumption module for power supply of terminal.
The processor 502 can call the code stored in memory 503 to execute relevant function by bus 501.
The memory 503 includes operating system and data transmission applications program etc..
The processor 502, for obtaining system application when detecting that terminal is in the first application cleaning module
The APK of installation kit signs;If judging, the APK signature, will system corresponding with APK signature for illegal manufacturer signature
The identification information of application program installation kit is loaded into the blacklist file of the terminal;It is clear that the second application is in detection terminal
When except mode, searches and remove system level application installation kit corresponding with the identification information in the blacklist file.
Still optionally further, if the processor 502 is also used to judge system application corresponding with APK signature
Installation kit has been installed, then unloads system application corresponding with the system application installation kit.
Still optionally further, the processor 502 is also used to read the identification information in the blacklist file;Search with
The corresponding system level application installation kit of the identification information, and remove the system level application installation kit.
Still optionally further, the processor 502 is also used to obtain for recording the system application installation kit letter
The directory listing of breath;The directory listing is scanned, the APK signature of the system application installation kit is obtained.
Still optionally further, the processor 502 is also used to install system application corresponding with APK signature
The identification information of packet is written to blacklist hash table;If detecting, the scanning directory listing terminates, by the blacklist
Hash table is written in the blacklist file of the terminal.
The embodiment of the present invention can be purposefully targetedly right in the base of applications for retaining the customized installation of user
System-level malicious application is purged in terminal, to save the space memory of terminal, is improved removing malice and is answered
With the high efficiency of program.
The embodiment of the present invention also provides a kind of computer storage medium, wherein the computer storage medium can be stored with journey
Sequence, the program include the part or complete that any audio recorded in above method embodiment plays the operating method of application when executing
Portion's step.
It should be noted that for the various method embodiments described above, for simple description, therefore, it is stated as a series of
Combination of actions, but those skilled in the art should understand that, the present invention is not limited by the sequence of acts described because
According to the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know
It knows, the embodiments described in the specification are all preferred embodiments, and related actions and modules is not necessarily of the invention
It is necessary.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, there is no the portion being described in detail in some embodiment
Point, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed device, it can be by another way
It realizes.For example, the apparatus embodiments described above are merely exemplary, such as the division of the unit, it is only a kind of
Logical function partition, there may be another division manner in actual implementation, such as multiple units or components can combine or can
To be integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual
Coupling, direct-coupling or communication connection can be through some interfaces, the indirect coupling or communication connection of device or unit,
It can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
In addition, each functional unit in various embodiments of the present invention can integrate in one processing unit, it can also
To be that each unit physically exists alone, can also be integrated in one unit with two or more units.It is above-mentioned integrated
Unit both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the present invention whole or
Part steps.And storage medium above-mentioned includes: that USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code
Medium.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although referring to before
Stating embodiment, invention is explained in detail, those skilled in the art should understand that: it still can be to preceding
Technical solution documented by each embodiment is stated to modify or equivalent replacement of some of the technical features;And these
It modifies or replaces, the range for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.
Claims (7)
1. a kind of malicious application processing method, which is characterized in that the described method includes:
When detecting that terminal is in the first application cleaning module, the APK signature of system application installation kit is obtained;
If judging, the APK signature, will system application installation corresponding with APK signature for illegal manufacturer signature
The identification information of packet is written to blacklist hash table;
When detecting scanning directory end of list (EOL), then the blacklist hash table is written to the blacklist file of the terminal
In;
When detecting that the terminal is in the second application cleaning module, searches and remove and the mark in the blacklist file
The corresponding system level application installation kit of information;
Further, the method also includes:
If judging, the APK signature for illegal manufacturer signature, judges system application peace corresponding with APK signature
Whether dress packet has been installed;
If so, unloading system application corresponding with the system application installation kit.
2. the method as described in claim 1, which is characterized in that the lookup is simultaneously removed and the mark in the blacklist file
The corresponding system level application installation kit of information, comprising:
Read the identification information in the blacklist file;
System level application installation kit corresponding with the identification information is searched, and removes the system level application installation
Packet.
3. the method as described in claim 1, which is characterized in that the APK signature for obtaining system application installation kit, packet
It includes:
Obtain the directory listing for recording the system application installation package informatin;
The directory listing is scanned, the APK signature of the system application installation kit is obtained.
4. a kind of malicious application processing unit, which is characterized in that described device includes:
Module is obtained, for obtaining system application installation kit when detecting that terminal is in the first application cleaning module
APK signature;
Loading module, if for judging that the APK signature, will system corresponding with APK signature for illegal manufacturer signature
The identification information of system application program installation kit is written to blacklist hash table;When detecting scanning directory end of list (EOL), by institute
Blacklist hash table is stated to be written in the blacklist file of the terminal;
Processing module, for searching and removing and the blacklist file when detecting terminal in the second application cleaning module
In the corresponding system level application installation kit of identification information;
Further, described device further include:
Judgment module, if for judging that the APK signature for illegal manufacturer signature, judges corresponding with APK signature
Whether system application installation kit has been installed;
The processing module is also used to if so, unloading system application corresponding with the system application installation kit.
5. device as claimed in claim 4, which is characterized in that
The processing module, specifically for reading the identification information in the blacklist file;It searches and the identification information pair
The system level application installation kit answered, and remove the system level application installation kit.
6. device as claimed in claim 4, which is characterized in that
The acquisition module, specifically for obtaining the directory listing for recording the system application installation package informatin, and
It scans the directory listing and obtains the APK signature of the system application installation kit.
7. a kind of terminal, which is characterized in that the terminal includes the malicious application journey as described in claim 4 to 6 any one
Order processing apparatus.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610035932.9A CN105718788B (en) | 2016-01-19 | 2016-01-19 | A kind of malicious application processing method, device and terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610035932.9A CN105718788B (en) | 2016-01-19 | 2016-01-19 | A kind of malicious application processing method, device and terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105718788A CN105718788A (en) | 2016-06-29 |
CN105718788B true CN105718788B (en) | 2018-12-25 |
Family
ID=56147248
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610035932.9A Active CN105718788B (en) | 2016-01-19 | 2016-01-19 | A kind of malicious application processing method, device and terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105718788B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106355093B (en) * | 2016-10-28 | 2021-01-05 | 努比亚技术有限公司 | Application uninstalling device and method |
CN107391166B (en) * | 2017-06-05 | 2022-01-25 | 深圳市优博讯科技股份有限公司 | Android application installation method and system, computer device and readable storage medium |
CN108170548A (en) * | 2017-12-27 | 2018-06-15 | 深圳Tcl新技术有限公司 | Processing method, device and the computer readable storage medium of terminal data write-in |
CN110874294B (en) * | 2018-08-31 | 2023-08-29 | 北京小米移动软件有限公司 | Abnormal equipment information screening method and device, storage medium and electronic equipment |
CN110968862B (en) * | 2018-09-29 | 2022-03-29 | 福建省天奕网络科技有限公司 | Data anomaly detection method and terminal |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102663281A (en) * | 2012-03-16 | 2012-09-12 | 成都市华为赛门铁克科技有限公司 | Method and device for detecting malicious software |
CN102664875A (en) * | 2012-03-31 | 2012-09-12 | 华中科技大学 | Malicious code type detection method based on cloud mode |
CN103679013A (en) * | 2012-09-03 | 2014-03-26 | 腾讯科技(深圳)有限公司 | System rogue program detecting method and device |
CN103679029A (en) * | 2013-12-11 | 2014-03-26 | 北京奇虎科技有限公司 | Method and device for repairing cheap-copy application programs |
CN104021342A (en) * | 2014-05-06 | 2014-09-03 | 可牛网络技术(北京)有限公司 | Method and device for processing application program |
CN104021340A (en) * | 2014-06-20 | 2014-09-03 | 中科创达软件股份有限公司 | Method and device for detecting installation of malicious applications |
CN104184574A (en) * | 2013-05-22 | 2014-12-03 | 中兴通讯股份有限公司 | Intelligent mobile terminal and data processing method thereof |
CN104765629A (en) * | 2015-03-24 | 2015-07-08 | 广东欧珀移动通信有限公司 | System application installation method and device |
-
2016
- 2016-01-19 CN CN201610035932.9A patent/CN105718788B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102663281A (en) * | 2012-03-16 | 2012-09-12 | 成都市华为赛门铁克科技有限公司 | Method and device for detecting malicious software |
CN102664875A (en) * | 2012-03-31 | 2012-09-12 | 华中科技大学 | Malicious code type detection method based on cloud mode |
CN103679013A (en) * | 2012-09-03 | 2014-03-26 | 腾讯科技(深圳)有限公司 | System rogue program detecting method and device |
CN104184574A (en) * | 2013-05-22 | 2014-12-03 | 中兴通讯股份有限公司 | Intelligent mobile terminal and data processing method thereof |
CN103679029A (en) * | 2013-12-11 | 2014-03-26 | 北京奇虎科技有限公司 | Method and device for repairing cheap-copy application programs |
CN104021342A (en) * | 2014-05-06 | 2014-09-03 | 可牛网络技术(北京)有限公司 | Method and device for processing application program |
CN104021340A (en) * | 2014-06-20 | 2014-09-03 | 中科创达软件股份有限公司 | Method and device for detecting installation of malicious applications |
CN104765629A (en) * | 2015-03-24 | 2015-07-08 | 广东欧珀移动通信有限公司 | System application installation method and device |
Also Published As
Publication number | Publication date |
---|---|
CN105718788A (en) | 2016-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105718788B (en) | A kind of malicious application processing method, device and terminal | |
CN104935744A (en) | Verification code display method, verification code display device and mobile terminal | |
CN104133832B (en) | The recognition methods of pirate application and device | |
CN101944000A (en) | Method and device for arranging icons | |
CN109564598A (en) | A kind of endpoint detection methods and terminal | |
CN104320161A (en) | Method and system for rapid Bluetooth pairing | |
CN106227585A (en) | Application program starting method, device and equipment | |
US7941185B2 (en) | Mobile terminal and data display method by individual SIM cards | |
CN105426761A (en) | Identification method for illegal application and mobile terminal | |
CN106599115B (en) | Data protection method, device and terminal | |
CN108112010A (en) | Access method, apparatus, terminal and the computer readable storage medium of network | |
CN106445743A (en) | Data backup transmission method and mobile terminal | |
CN106528335A (en) | Data backup method and device and terminal | |
CN106778295A (en) | File storage, display methods, device and terminal | |
CN106453062A (en) | Application notification management method and terminal | |
CN106776908B (en) | Data cleaning method and device and terminal | |
CN106934277A (en) | Application program detection method and device and terminal | |
CN114282212A (en) | Rogue software identification method and device, electronic equipment and storage medium | |
CN104933340A (en) | Message sending method and mobile terminal | |
CN108241515A (en) | Application shortcut method for building up and terminal | |
CN105808300B (en) | A kind of starting-up method and device of terminal | |
CN105827739A (en) | Contact person information synchronization method, device, server and system | |
KR20150020183A (en) | Method and device for upgrading telephone number in wireless terminal self-adaptive network upgrade | |
CN115795544A (en) | File security attribute storage method and related device | |
CN105430738A (en) | Method and device for initiating registration |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |