CN105718788B - A kind of malicious application processing method, device and terminal - Google Patents

A kind of malicious application processing method, device and terminal Download PDF

Info

Publication number
CN105718788B
CN105718788B CN201610035932.9A CN201610035932A CN105718788B CN 105718788 B CN105718788 B CN 105718788B CN 201610035932 A CN201610035932 A CN 201610035932A CN 105718788 B CN105718788 B CN 105718788B
Authority
CN
China
Prior art keywords
terminal
installation kit
signature
application
apk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610035932.9A
Other languages
Chinese (zh)
Other versions
CN105718788A (en
Inventor
谭杨
杨泽星
何从华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Original Assignee
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yulong Computer Telecommunication Scientific Shenzhen Co Ltd filed Critical Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority to CN201610035932.9A priority Critical patent/CN105718788B/en
Publication of CN105718788A publication Critical patent/CN105718788A/en
Application granted granted Critical
Publication of CN105718788B publication Critical patent/CN105718788B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Abstract

The embodiment of the invention provides a kind of malicious application processing method, device and terminals, wherein the described method includes: obtaining the APK signature of system application installation kit when detecting that terminal is in the first application cleaning module;If judging, APK signature is that illegal manufacturer signs, and will be loaded into the blacklist file of the terminal with the sign identification information of corresponding system application installation kit of the APK;When detecting that the terminal is in the second application cleaning module, searches and remove system level application installation kit corresponding with the identification information in the blacklist file.Using technical solution of the present invention, the space memory of terminal can be saved, promotes the high efficiency for removing malicious application.

Description

A kind of malicious application processing method, device and terminal
Technical field
The present invention relates to field of computer technology more particularly to a kind of malicious application processing methods, device and end End.
Background technique
Currently, terminal sale is often sought to promote the APP that oneself is researched and developed by many application APP operators Various application APPs are installed in the terminal of sale by manufacturers.However, user can not in discharging terminal those prepackages it is each Kind APP.The Malware APP pre-installed in terminal is purged in order to realize, user can be by enabling the recovery in terminal Factory mode is purged Malware APP by way of brush machine.
However found in practice, the recovery factory mode that user enables in terminal can only be to the customized installation of user in terminal Application APP unloaded, the system-level Malware pre-installed in the terminal cannot be unloaded, cause memory space Waste;In addition, brush machine requires the technical threshold of user relatively high, in user's voluntarily brush machine, brush machine fails, and brush machine it Terminal afterwards destroys the software brush machine and ROOT mark of original manufacturer's setting, also will cause the terminal and does not continue to enjoy factory The guarantee business of quotient.
Summary of the invention
In consideration of it, the present invention provides a kind of malicious application processing method, device and terminal, to save the sky of terminal Between memory, promoted remove malicious application high efficiency.
On the one hand, the embodiment of the invention provides a kind of malicious application processing methods, which comprises
When detecting that terminal is in the first application cleaning module, the APK signature of system application installation kit is obtained;
If judging, the APK signature, will system application corresponding with APK signature for illegal manufacturer signature The identification information of installation kit is loaded into the blacklist file of the terminal;
Detect the terminal be in second application cleaning module when, search and remove in the blacklist file The corresponding system level application installation kit of identification information.
Wherein optionally, the method also includes:
Judge whether system application installation kit corresponding with APK signature has been installed;
If so, unloading system application corresponding with the system application installation kit.
Wherein optionally, described to search and remove system-level application corresponding with the identification information in the blacklist file Program installation kit, comprising:
Read the identification information in the blacklist file;
System level application installation kit corresponding with the identification information is searched, and removes the system level application Installation kit.
Wherein optionally, the APK signature for obtaining system application installation kit, comprising:
Obtain the directory listing for recording the system application installation package informatin;
The directory listing is scanned, the APK signature of the system application installation kit is obtained.
Wherein optionally, the identification information load by corresponding system application installation kit of signing with the APK Into the blacklist file of the terminal, comprising:
Blacklist hash table will be written to the sign identification information of corresponding system application installation kit of the APK;
If detecting, the scanning directory listing terminates, and the blacklist hash table is written to the blacklist of the terminal In file.
On the other hand, the embodiment of the invention also provides a kind of malicious application processing unit, described device includes:
Module is obtained, for obtaining system application installation when detecting that terminal is in the first application cleaning module The APK of packet signs;
Loading module, if for judging that the APK signature, will be corresponding with APK signature for illegal manufacturer signature The identification information of system application installation kit be loaded into the blacklist file of the terminal;
Processing module, for searching and removing and the blacklist when detecting terminal in the second application cleaning module The corresponding system level application installation kit of identification information in file.
Wherein optionally, described device further include:
Judgment module, for judging whether system application installation kit corresponding with APK signature has been installed;
The processing module, if being also used to the judgment module judges that the system application installation kit has been installed, Unload system application corresponding with the system application installation kit.
Wherein optionally,
The processing module, specifically for reading the identification information in the blacklist file;It searches and believes with the mark Corresponding system level application installation kit is ceased, and removes the system level application installation kit.
Wherein optionally,
The acquisition module, specifically for obtaining the catalogue column for recording the system application installation package informatin Table, and scan the directory listing and obtain the APK signature of the system application installation kit.
Wherein optionally,
The loading module, specifically for by with the APK sign corresponding system application installation kit mark believe Breath is written to blacklist hash table;If detecting, the scanning directory listing terminates, and institute is written in the blacklist hash table It states in the blacklist file of terminal.
In another aspect, the terminal includes above-mentioned malicious application the embodiment of the invention also provides a kind of terminal Processing unit.
The embodiment of the present invention can be purposefully targetedly right in the base of applications for retaining the customized installation of user System-level malicious application is purged in terminal, to save the space memory of terminal, is improved removing malice and is answered With the high efficiency of program.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is a kind of flow diagram of camouflage applications program reset processing method of the embodiment of the present invention;
Fig. 2 is the flow diagram of another camouflage applications program reset processing method of the embodiment of the present invention;
Fig. 3 is a kind of structural schematic diagram of camouflage applications program reset processing unit of the embodiment of the present invention;
Fig. 4 is the structural schematic diagram of another camouflage applications program reset processing unit of the embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of terminal of the embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work It encloses.
Description and claims of this specification and term " first " in above-mentioned attached drawing, " second " and " third " are (such as Fruit presence) etc. be for distinguishing different objects, not for description particular order.In addition, term " includes " and they are any Deformation, it is intended that cover and non-exclusive include.Such as contain the process, method, system, product of a series of steps or units Or equipment is not limited to listed step or unit, but optionally further comprising the step of not listing or unit, or can Selection of land further includes the other step or units intrinsic for these process, methods, product or equipment.
Referring to Figure 1, be the embodiment of the present invention a kind of malicious application processing method flow diagram, the present invention The method of embodiment can be applied in band communication network function such as smart phone, tablet computer, intelligent wearable devices In the terminal of energy, it can specifically be realized by the processor of these terminals.The embodiment of the present invention the method also includes walking as follows It is rapid:
S101, detect terminal be in first application cleaning module when, obtain system application installation kit APK label Name.
In the embodiment of the present invention, when terminal detects that this terminal is in the first application cleaning module, the terminal can be with Obtain the APK (AndroidPackage, abbreviation APK) of all or part of system application installation kit present in this terminal Signature.
In the specific implementation, terminal user can input specific character (such as number, letter) in dial, when described When terminal detects the specific character of terminal user's input, the terminal can automatic jump to corresponding with the specific character Application model (such as engineering mode, safe mode, network mode), be also provided under each mode for user's selection other The select button (such as engineering mode is arranged with first and applies cleaning module button, normal mode button) that function is realized, when When the terminal detects that terminal user clicks the first application cleaning module button chosen under engineering mode, the terminal can be with Obtain the APK signature of all or part of system application installation kit in this terminal;Alternatively, research staff can also be by work First under journey mode is arranged in other option columns of the terminal (such as plot Mode, setting choosing using cleaning module function Being shown on the display interface of this terminal using column, with shortcut etc. in), when terminal detects that terminal user selects Opening (that is to say, the terminal detects that this terminal is in the first application and removes using the first application cleaning module function Mode) when, the APK of all or part of system application installation kit present in available terminal of the terminal (AndroidPackage, abbreviation APK) signature.
When the terminal detects that terminal user opens the first application cleaning module function, the engineering of the terminal Mode (be also possible to the terminal first applies cleaning module) can be from packet (such as system application of terminal described in trend Installation kit) management server program sends the broadcast for removing system-level malicious application present in the terminal, institute The packet supervisor services for stating terminal can receive the broadcast that the engineering mode is sent and (that is to say that the terminal receives The broadcast).After the terminal receives the broadcast, the terminal can also be detected to obtain and be used present in this terminal In the directory listing for recording the system application installation package informatin, the terminal can also be scanned under the directory listing All or part of APK file obtains the APK signature of the system application installation kit.
The terminal may include PC, smart phone (such as Android phone, IOS mobile phone), tablet computer, The internets such as palm PC, mobile internet device (MID, Mobile Internet Devices) or wearable intelligent equipment Equipment, the embodiment of the present invention are not construed as limiting.
If S102, judging that for illegal manufacturer signature, system corresponding with APK signature is answered for the APK signature It is loaded into the blacklist file of the terminal with the identification information of program installation kit.
In the embodiment of the present invention, terminal may determine that whether the APK signature that S101 is got is legal manufacturer's signature, When the terminal judges that the APK signature (that is to say, the terminal determines that the APK signature is non-for illegal manufacturer signature Method manufacturer signature) when, the terminal can will add with the sign identification information of corresponding system application installation kit of the APK It is downloaded in the blacklist file of this terminal.
In the specific implementation, the APK signature that the system application apk of manufacturer oneself research and development has oneself exclusive, general institute Stating APK signature is the corresponding manufacturer's name of manufacturer (such as space dragon, Tencent).The terminal may determine that S101 is got described Whether APK signature is legal manufacturer's signature, if the terminal judges the APK signature that S101 is got for illegal manufacturer label Name, then the terminal can also be by the mark of the corresponding system application installation kit of signing with the APK got in S101 Know the blacklist file hash table that information (that is to say the identification information of APK, such as title, ID number) load is written to the terminal In, at the end of the terminal detects that S101 scans all or part of APK file under the directory listing, the terminal The blacklist hash table can also be written in the blacklist file of the terminal.
The signature of application program installation kit of the legal manufacturer's signature for safety, that is, the manufacturer's signature authorized generally refer to grind The manufacturer's name for issuing the correspondence manufacturer of application program installation kit can also refer to other for indicating safe, legal application The signature of program installation kit, the embodiment of the present invention are not construed as limiting;Illegal manufacturer's signature is unauthorized manufacturer's signature, Namely manufacturer's signature of malicious application.
When the terminal judges that APK signature is illegal manufacturer signature, the terminal can also continue to judgement and Whether the APK corresponding system application packet of signing has been installed, when terminal judgement is described with APK signature pair The system application packet answered has been installed, i.e., the corresponding application program of system application packet is already installed on the terminal On, the terminal can also unload system application corresponding with the system application installation kit.
S103, when detecting the terminal and being in the second application cleaning module, search and remove and the blacklist file In the corresponding system level application installation kit of identification information.
In the embodiment of the present invention, when terminal detects that this terminal is in the second application cleaning module, the terminal can be with Searching and removing the identification information in the blacklist file with this terminal (that is to say the mark in the blacklist file in S102 Know information) corresponding system application installation kit.
The second application cleaning module can be used for removing opposite with the identification information in terminal in blacklist file The application program installation kit answered (can be system-level application program installation kit, or the application journey of the customized installation of user Sequence installation kit), described second can be also used for removing the alternative document money in terminal in blacklist file using cleaning module Material, the second application cleaning module perhaps the mode of the customized name of other users or can be for recovery mode The mode of system regulation name, the embodiment of the present invention are not construed as limiting.
In the specific implementation, (the i.e. institute when the terminal detects that terminal user opens the function of the second application cleaning module State terminal detect the terminal be in second application cleaning module when), the terminal can read this terminal blacklist file All or part of identification information in folder;The terminal can also according to the identification information this terminal local data base In or memory in, find out system-level application package corresponding with the identification information;The terminal can also delete The system-level application package found (that is to say the corresponding system of identification information in the blacklist file in S102 System application program installation kit).
Illustratively, when the terminal detects uninstalling system application program, (system application is answered with the system It is corresponding with program installation kit) finish after, the terminal can be restarted automatically into recovery mode or terminal user Oneself restart the terminal and enters recovery mode, when the terminal detects that this terminal enters recovery mode, institute Identification information present in blacklist file in the terminal can be read by stating terminal, and the terminal is searched and deleted and institute State the corresponding system application installation kit of identification information.
In the embodiment of the present invention, when detecting that terminal is in the first application cleaning module, system application peace is obtained The APK signature of dress packet can will system corresponding with APK signature when judge that APK signature is signed for illegal manufacturer The identification information of system application program installation kit is loaded into the blacklist file of the terminal, is in the second application in the terminal When cleaning module, it can search and remove system application installation corresponding with the identification information in the blacklist file Packet.The embodiment of the present invention can carry out the removing of rogue system level application just for system-level application program, to save terminal Space memory;System level application compared to brush machine mode is removed, and the high efficiency for removing malicious application can be promoted.
Fig. 2 is referred to, is a kind of flow diagram of malicious application processing method of the embodiment of the present invention, the present invention The method of embodiment can be applied in band communication network function such as smart phone, tablet computer, intelligent wearable devices In the terminal of energy, it can specifically be realized by the processor of these terminals.The embodiment of the present invention the method also includes walking as follows It is rapid:
S201, when detect terminal be in first application cleaning module when, obtain for recording the system application The directory listing of package informatin is installed.
S202, the scanning directory listing obtain the APK signature of the system application installation kit.
In the embodiment of the present invention, when terminal detects that this terminal is in the first application cleaning module, the terminal can be with It detects and obtains for recording the directory listing of system application installation kit (that is to say APK) information in the terminal, it is described All or part of APK file under the directory listing that terminal can be arrived with Scanning Detction obtains system application peace The APK signature of dress packet (that is to say APK).
S203, judge whether the APK signature is legal manufacturer's signature.
It is illegal manufacturer when the terminal determines the APK signature that S202 is scanned in the embodiment of the present invention When signature, the terminal continues to execute step S204 or S206;Otherwise S201 is executed.
Whether S204, judgement system application installation kit corresponding with APK signature have been installed.
In the embodiment of the present invention, when the terminal judges the APK signature that S202 is scanned for illegal manufacturer label When name, the terminal can also continue to whether judgement system application installation kit corresponding with APK signature has been installed In the terminal, if the terminal judges that the system application installation kit corresponding with APK signature has been installed, Then execute the S205;Otherwise, continue S206.
It should be noted that step S204 and step S206 can be it is arranged side by side, that is to say terminal can choose S204 and Any one step is executed in S206, can also be carried out with S204 and S206, and the sequence of S204 and S206 be it is variable, i.e., Terminal executes S204 after can first carrying out S206, and the embodiment of the present invention is not construed as limiting.
S205, unloading system application corresponding with the system application installation kit.
It should be noted that step S208 can be continued to execute after terminal has executed S205 step, process can also be terminated, System application corresponding with the system application installation kit is unloaded, and removes a kind of tool of system level application Body embodiment.
If S206, judging that for illegal manufacturer signature, system corresponding with APK signature is answered for the APK signature Blacklist hash table is written to the identification information of program installation kit.
S207, at the end of detecting the scanning directory listing, the terminal is written into the blacklist hash table In blacklist file.
In the embodiment of the present invention, when terminal detects that the terminal scans in S202 all or portion under the directory listing When dividing APK file all scanned, the blacklist of the terminal can be written in the blacklist hash table in S206 by the terminal In file.
S208, when detect the terminal be in second application cleaning module when, read the mark in the blacklist file Know information.
S209, lookup simultaneously delete system level application installation kit corresponding with the identification information.
For the ease of preferably understanding above-described embodiment, illustrated below by an example.User A purchase As soon as extremely send Coolpad mobile phone A, 4 sections of APP are installed originally in mobile phone A, respectively LeEco video application, dial and answer With program, Tencent's wechat application program, calendar applications, now the user A wants that the malice for unloading the system-level installation of this mobile phone A is answered With program (that is to say LeEco video app, Tencent wechat app).User A can be preset in input on the dial for extremely sending mobile phone A A string of characters alter " ##### ", when mobile phone A detects that user A is altered " ##### " in the character that dial inputs, mobile phone A can from It is dynamic to jump to engineering mode, and the application interface of the engineering mode, the engineering are shown on the display interface of this mobile phone A There is the function for user's selection to realize button (as using cleaning module button, normal mode button on the application interface of mode Deng), when mobile phone A detects that user A clicks the application removing button chosen under the engineering mode, the mobile phone A will enter Using cleaning module, the engineering mode of the mobile phone A is sent from the packet supervisor services of mobile phone A described in trend for removing The broadcast of rogue system application program present in terminal is stated, the packet supervisor services of the mobile phone A receives the broadcast, It is that the mobile phone A receives the broadcast.Maliciously it is present in the terminal for removing when the mobile phone A is received Unite application program broadcast after, can scan stored in the mobile phone A for record APK information using the institute under catalogue There is APK file, obtain the APK signature of system application installation kit, that is to say, the APK signature of LeEco screen app installation kit is The APK signature of LeEco signature, dialing app installation kit and calendar APP installation kit is the APK of space dragon signature, wechat app installation kit Signature is that Tencent signs.Whether 4 APK signature that the mobile phone A can continue to judge that scanning obtains is Yu Longkupai manufacturer Signature, mobile phone A may determine that LeEco signature and Tencent's signature is not the signature of Yu Longkupai manufacturer, that is to say LeEco signature and rises News signature is that illegal manufacturer signs;The mobile phone A can will LeEco video app installation kit title corresponding with LeEco signature " LeEco video ", wechat app installation kit title " wechat " corresponding with Tencent's signature are loaded into the blacklist hash table of mobile phone A In, when mobile phone A scan through for record APK information using all APK files under catalogue when, the mobile phone A can will be black The write-in of list hash table is loaded into the blacklist file of mobile phone A.The mobile phone A can also detect the LeEco video app peace Whether dress packet and Tencent's wechat app installation kit are already installed in the mobile phone A, when mobile phone A detects the LeEco view Frequency app installation kit and Tencent's wechat app installation kit are mounted, and the mobile phone A can unload and the LeEco automatically The corresponding LeEco video app of video app installation kit, wechat app corresponding with Tencent's wechat app installation kit.When mobile phone A is unloaded It has carried under the application catalogue that the LeEco video app, Tencent's wechat app and mobile phone A are scanned through for recording APK information All APK files when, the mobile phone A can be restarted automatically into recovery mode, detect that this mobile phone is in mobile phone A When recovery mode, the mobile phone A can read in the blacklist file of this mobile phone A identification information (including LeEco video, Tencent's wechat), mobile phone A searches from the local data of this mobile phone and deletes application program installation corresponding with the identification information Packet, that is to say, mobile phone A can remove LeEco screen app installation kit, Tencent's wechat app installation kit.
The embodiment of the present invention can be purposefully targetedly right in the base of applications for retaining the customized installation of user System-level malicious application is purged in terminal, to save the space memory of terminal, is improved removing malice and is answered With the high efficiency of program.
Fig. 3 is referred to, is a kind of structural schematic diagram of malicious application processing unit of the embodiment of the present invention, the present invention The described device of embodiment can may be provided at the band communication networks such as smart phone, tablet computer, intelligent wearable device In the terminal of function, described device 3 includes:
Module 300 is obtained, for obtaining system application peace when detecting that terminal is in the first application cleaning module The APK signature of dress packet;
Loading module 301, if for judging that the APK signature, will be with APK signature pair for illegal manufacturer signature The identification information for the system application installation kit answered is loaded into the blacklist file of the terminal;
Processing module 302, for searching and removing and the black name when detecting terminal in the second application cleaning module The corresponding system level application installation kit of identification information in monofile.
It is related into Fig. 2 object embodiment that the specific implementation of modules involved in the embodiment of the present invention can refer to Fig. 1 The description of functional module, this will not be repeated here.
In the embodiment of the present invention, when detecting that terminal is in the first application cleaning module, system application peace is obtained The APK signature of dress packet can will system corresponding with APK signature when judge that APK signature is signed for illegal manufacturer The identification information of system application program installation kit is loaded into the blacklist file of the terminal, is in the second application in the terminal When cleaning module, it can search and remove system level application installation corresponding with the identification information in the blacklist file Packet.The embodiment of the present invention can carry out the removing of rogue system level application just for system-level application program, to save terminal Space memory;System level application compared to brush machine mode is removed, and the high efficiency for removing malicious application can be promoted.
Fig. 4 is referred to, is the structural schematic diagram of another malicious application processing unit of the embodiment of the present invention, this hair The described device of bright embodiment can may be provided at the band communication networks such as smart phone, tablet computer, intelligent wearable device In the terminal of network function, described device 4 may include above-mentioned acquisition module 300, loading module 301, processing module 302, go back May include:
Judgment module 303, for judging whether system application installation kit corresponding with APK signature has been installed;
The processing module 302, if being also used to the judgment module 303 judges that the system application installation kit has been pacified Dress then unloads system application corresponding with the system application installation kit.
Wherein optionally, in the embodiment of the present invention,
The processing module 302, specifically for reading the identification information in the blacklist file;It searches and the mark The corresponding system level application installation kit of information, and remove the system level application installation kit.
Wherein optionally, in the embodiment of the present invention,
The acquisition module 300, specifically for obtaining the catalogue for recording the system application installation package informatin List, and scan the directory listing and obtain the APK signature of the system application installation kit.
Wherein optionally, in the embodiment of the present invention,
The loading module 301, specifically for by the mark for corresponding system application installation kit of signing with the APK Information is written to blacklist hash table;If detecting, the scanning directory listing terminates, and the blacklist hash table is written In the blacklist file of the terminal.
It is related into Fig. 2 object embodiment that the specific implementation of modules involved in the embodiment of the present invention can refer to Fig. 1 The description of functional module, this will not be repeated here.
In the embodiment of the present invention, when detecting that terminal is in the first application cleaning module, system application peace is obtained The APK signature of dress packet can will system corresponding with APK signature when judge that APK signature is signed for illegal manufacturer System application program installation kit is loaded into the blacklist file of the terminal, applies cleaning module when detection terminal is in second When, it searches and removes system level application installation kit corresponding with the identification information in the blacklist file.The present invention is real The removing of rogue system level application can be carried out just for system-level application program by applying example, to save the space memory of terminal; System level application compared to brush machine mode is removed, and the high efficiency for removing malicious application can be promoted.
Fig. 5 is referred to again, is a kind of structural schematic diagram of terminal of the embodiment of the present invention.The terminal can be intelligent hand The equipment with communications network functionality such as machine, tablet computer, intelligent wearable device, as shown in figure 5, the embodiment of the present invention is described Terminal may include the modules such as display screen, key, loudspeaker, sound pick-up, and further include: at least one bus 501 and bus 501 at least one connected processor 502 and at least one processor 503 being connected with bus 501, realize communication function Communication device 505 is the power supply device 504 of each power consumption module for power supply of terminal.
The processor 502 can call the code stored in memory 503 to execute relevant function by bus 501.
The memory 503 includes operating system and data transmission applications program etc..
The processor 502, for obtaining system application when detecting that terminal is in the first application cleaning module The APK of installation kit signs;If judging, the APK signature, will system corresponding with APK signature for illegal manufacturer signature The identification information of application program installation kit is loaded into the blacklist file of the terminal;It is clear that the second application is in detection terminal When except mode, searches and remove system level application installation kit corresponding with the identification information in the blacklist file.
Still optionally further, if the processor 502 is also used to judge system application corresponding with APK signature Installation kit has been installed, then unloads system application corresponding with the system application installation kit.
Still optionally further, the processor 502 is also used to read the identification information in the blacklist file;Search with The corresponding system level application installation kit of the identification information, and remove the system level application installation kit.
Still optionally further, the processor 502 is also used to obtain for recording the system application installation kit letter The directory listing of breath;The directory listing is scanned, the APK signature of the system application installation kit is obtained.
Still optionally further, the processor 502 is also used to install system application corresponding with APK signature The identification information of packet is written to blacklist hash table;If detecting, the scanning directory listing terminates, by the blacklist Hash table is written in the blacklist file of the terminal.
The embodiment of the present invention can be purposefully targetedly right in the base of applications for retaining the customized installation of user System-level malicious application is purged in terminal, to save the space memory of terminal, is improved removing malice and is answered With the high efficiency of program.
The embodiment of the present invention also provides a kind of computer storage medium, wherein the computer storage medium can be stored with journey Sequence, the program include the part or complete that any audio recorded in above method embodiment plays the operating method of application when executing Portion's step.
It should be noted that for the various method embodiments described above, for simple description, therefore, it is stated as a series of Combination of actions, but those skilled in the art should understand that, the present invention is not limited by the sequence of acts described because According to the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know It knows, the embodiments described in the specification are all preferred embodiments, and related actions and modules is not necessarily of the invention It is necessary.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, there is no the portion being described in detail in some embodiment Point, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed device, it can be by another way It realizes.For example, the apparatus embodiments described above are merely exemplary, such as the division of the unit, it is only a kind of Logical function partition, there may be another division manner in actual implementation, such as multiple units or components can combine or can To be integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual Coupling, direct-coupling or communication connection can be through some interfaces, the indirect coupling or communication connection of device or unit, It can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
In addition, each functional unit in various embodiments of the present invention can integrate in one processing unit, it can also To be that each unit physically exists alone, can also be integrated in one unit with two or more units.It is above-mentioned integrated Unit both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the present invention whole or Part steps.And storage medium above-mentioned includes: that USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code Medium.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although referring to before Stating embodiment, invention is explained in detail, those skilled in the art should understand that: it still can be to preceding Technical solution documented by each embodiment is stated to modify or equivalent replacement of some of the technical features;And these It modifies or replaces, the range for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.

Claims (7)

1. a kind of malicious application processing method, which is characterized in that the described method includes:
When detecting that terminal is in the first application cleaning module, the APK signature of system application installation kit is obtained;
If judging, the APK signature, will system application installation corresponding with APK signature for illegal manufacturer signature The identification information of packet is written to blacklist hash table;
When detecting scanning directory end of list (EOL), then the blacklist hash table is written to the blacklist file of the terminal In;
When detecting that the terminal is in the second application cleaning module, searches and remove and the mark in the blacklist file The corresponding system level application installation kit of information;
Further, the method also includes:
If judging, the APK signature for illegal manufacturer signature, judges system application peace corresponding with APK signature Whether dress packet has been installed;
If so, unloading system application corresponding with the system application installation kit.
2. the method as described in claim 1, which is characterized in that the lookup is simultaneously removed and the mark in the blacklist file The corresponding system level application installation kit of information, comprising:
Read the identification information in the blacklist file;
System level application installation kit corresponding with the identification information is searched, and removes the system level application installation Packet.
3. the method as described in claim 1, which is characterized in that the APK signature for obtaining system application installation kit, packet It includes:
Obtain the directory listing for recording the system application installation package informatin;
The directory listing is scanned, the APK signature of the system application installation kit is obtained.
4. a kind of malicious application processing unit, which is characterized in that described device includes:
Module is obtained, for obtaining system application installation kit when detecting that terminal is in the first application cleaning module APK signature;
Loading module, if for judging that the APK signature, will system corresponding with APK signature for illegal manufacturer signature The identification information of system application program installation kit is written to blacklist hash table;When detecting scanning directory end of list (EOL), by institute Blacklist hash table is stated to be written in the blacklist file of the terminal;
Processing module, for searching and removing and the blacklist file when detecting terminal in the second application cleaning module In the corresponding system level application installation kit of identification information;
Further, described device further include:
Judgment module, if for judging that the APK signature for illegal manufacturer signature, judges corresponding with APK signature Whether system application installation kit has been installed;
The processing module is also used to if so, unloading system application corresponding with the system application installation kit.
5. device as claimed in claim 4, which is characterized in that
The processing module, specifically for reading the identification information in the blacklist file;It searches and the identification information pair The system level application installation kit answered, and remove the system level application installation kit.
6. device as claimed in claim 4, which is characterized in that
The acquisition module, specifically for obtaining the directory listing for recording the system application installation package informatin, and It scans the directory listing and obtains the APK signature of the system application installation kit.
7. a kind of terminal, which is characterized in that the terminal includes the malicious application journey as described in claim 4 to 6 any one Order processing apparatus.
CN201610035932.9A 2016-01-19 2016-01-19 A kind of malicious application processing method, device and terminal Active CN105718788B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610035932.9A CN105718788B (en) 2016-01-19 2016-01-19 A kind of malicious application processing method, device and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610035932.9A CN105718788B (en) 2016-01-19 2016-01-19 A kind of malicious application processing method, device and terminal

Publications (2)

Publication Number Publication Date
CN105718788A CN105718788A (en) 2016-06-29
CN105718788B true CN105718788B (en) 2018-12-25

Family

ID=56147248

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610035932.9A Active CN105718788B (en) 2016-01-19 2016-01-19 A kind of malicious application processing method, device and terminal

Country Status (1)

Country Link
CN (1) CN105718788B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106355093B (en) * 2016-10-28 2021-01-05 努比亚技术有限公司 Application uninstalling device and method
CN107391166B (en) * 2017-06-05 2022-01-25 深圳市优博讯科技股份有限公司 Android application installation method and system, computer device and readable storage medium
CN108170548A (en) * 2017-12-27 2018-06-15 深圳Tcl新技术有限公司 Processing method, device and the computer readable storage medium of terminal data write-in
CN110874294B (en) * 2018-08-31 2023-08-29 北京小米移动软件有限公司 Abnormal equipment information screening method and device, storage medium and electronic equipment
CN110968862B (en) * 2018-09-29 2022-03-29 福建省天奕网络科技有限公司 Data anomaly detection method and terminal

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102663281A (en) * 2012-03-16 2012-09-12 成都市华为赛门铁克科技有限公司 Method and device for detecting malicious software
CN102664875A (en) * 2012-03-31 2012-09-12 华中科技大学 Malicious code type detection method based on cloud mode
CN103679013A (en) * 2012-09-03 2014-03-26 腾讯科技(深圳)有限公司 System rogue program detecting method and device
CN103679029A (en) * 2013-12-11 2014-03-26 北京奇虎科技有限公司 Method and device for repairing cheap-copy application programs
CN104021342A (en) * 2014-05-06 2014-09-03 可牛网络技术(北京)有限公司 Method and device for processing application program
CN104021340A (en) * 2014-06-20 2014-09-03 中科创达软件股份有限公司 Method and device for detecting installation of malicious applications
CN104184574A (en) * 2013-05-22 2014-12-03 中兴通讯股份有限公司 Intelligent mobile terminal and data processing method thereof
CN104765629A (en) * 2015-03-24 2015-07-08 广东欧珀移动通信有限公司 System application installation method and device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102663281A (en) * 2012-03-16 2012-09-12 成都市华为赛门铁克科技有限公司 Method and device for detecting malicious software
CN102664875A (en) * 2012-03-31 2012-09-12 华中科技大学 Malicious code type detection method based on cloud mode
CN103679013A (en) * 2012-09-03 2014-03-26 腾讯科技(深圳)有限公司 System rogue program detecting method and device
CN104184574A (en) * 2013-05-22 2014-12-03 中兴通讯股份有限公司 Intelligent mobile terminal and data processing method thereof
CN103679029A (en) * 2013-12-11 2014-03-26 北京奇虎科技有限公司 Method and device for repairing cheap-copy application programs
CN104021342A (en) * 2014-05-06 2014-09-03 可牛网络技术(北京)有限公司 Method and device for processing application program
CN104021340A (en) * 2014-06-20 2014-09-03 中科创达软件股份有限公司 Method and device for detecting installation of malicious applications
CN104765629A (en) * 2015-03-24 2015-07-08 广东欧珀移动通信有限公司 System application installation method and device

Also Published As

Publication number Publication date
CN105718788A (en) 2016-06-29

Similar Documents

Publication Publication Date Title
CN105718788B (en) A kind of malicious application processing method, device and terminal
CN104935744A (en) Verification code display method, verification code display device and mobile terminal
CN104133832B (en) The recognition methods of pirate application and device
CN101944000A (en) Method and device for arranging icons
CN109564598A (en) A kind of endpoint detection methods and terminal
CN104320161A (en) Method and system for rapid Bluetooth pairing
CN106227585A (en) Application program starting method, device and equipment
US7941185B2 (en) Mobile terminal and data display method by individual SIM cards
CN105426761A (en) Identification method for illegal application and mobile terminal
CN106599115B (en) Data protection method, device and terminal
CN108112010A (en) Access method, apparatus, terminal and the computer readable storage medium of network
CN106445743A (en) Data backup transmission method and mobile terminal
CN106528335A (en) Data backup method and device and terminal
CN106778295A (en) File storage, display methods, device and terminal
CN106453062A (en) Application notification management method and terminal
CN106776908B (en) Data cleaning method and device and terminal
CN106934277A (en) Application program detection method and device and terminal
CN114282212A (en) Rogue software identification method and device, electronic equipment and storage medium
CN104933340A (en) Message sending method and mobile terminal
CN108241515A (en) Application shortcut method for building up and terminal
CN105808300B (en) A kind of starting-up method and device of terminal
CN105827739A (en) Contact person information synchronization method, device, server and system
KR20150020183A (en) Method and device for upgrading telephone number in wireless terminal self-adaptive network upgrade
CN115795544A (en) File security attribute storage method and related device
CN105430738A (en) Method and device for initiating registration

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant