CN108833690B

CN108833690B - Authority control method, terminal and computer readable storage medium

Info

Publication number: CN108833690B
Application number: CN201810547011.XA
Authority: CN
Inventors: 张恒
Original assignee: Nubia Technology Co Ltd
Current assignee: Nubia Technology Co Ltd
Priority date: 2018-05-31
Filing date: 2018-05-31
Publication date: 2021-11-16
Anticipated expiration: 2038-05-31
Also published as: CN108833690A

Abstract

The invention discloses a permission management and control method, a terminal and a computer readable storage medium. The method comprises the following steps: detecting an authority request in the installation or operation process of an application program, and analyzing the authority request; if the permission request is matched with a preset target permission list, acquiring the running state and attribute information of the application program; acquiring source information of the application program and use information in a preset time period according to the attribute information of the application program; determining the type of the application program according to the running state, the source information and the use information; and determining whether to open the permission request according to the type of the application program. Compared with the prior art that all the authorities need to be manually opened by users, the management and control method provided by the embodiment of the invention automatically screens out the authority requests which can be opened or not opened, and simultaneously gives certain option to the users, so that the management and control method is more intelligent and humanized.

Description

Authority control method, terminal and computer readable storage medium

Technical Field

The present invention relates to the field of mobile terminals, and in particular, to a method for managing and controlling permissions of a mobile terminal and a computer-readable storage medium.

Background

At present, smart phones have various permissions, such as: when the application needs to use the rights, the user needs to grant the rights dynamically, otherwise, the application cannot be used, and the measures increase the protection of the mobile phone system on the privacy of the user.

However, in reality, all rights are often granted manually by the user, and the user does not carefully view the specific contents of the rights requested by the applications, and all rights are granted, and the rights request to be paid attention is ignored, thereby causing the potential safety hazard of the terminal.

The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.

Disclosure of Invention

The invention mainly aims to provide a permission management and control method, a terminal and a computer readable storage medium, and aims to solve the problem of permission request in the installation or operation process of an application program.

In order to achieve the above object, a first aspect of an embodiment of the present invention provides a method for managing and controlling permissions, where the method for managing and controlling permissions includes:

detecting an authority request in the installation or operation process of an application program, and analyzing the authority request;

if the permission request is matched with a preset target permission list, acquiring the running state and attribute information of the application program;

acquiring source information of the application program and use information in a preset time period according to the attribute information of the application program;

determining the type of the application program according to the running state, the source information and the use information;

and determining whether to open the permission request according to the type of the application program.

Optionally, the step of determining whether to open the permission request according to the type of the application program includes:

if the type of the application program is a safe application program, opening the permission request;

if the type of the application program is an application program to be determined, setting a virtual area in a current interface to receive a user instruction, and opening or not opening the permission request according to the user instruction;

and if the type of the application program is a non-secure application program, not opening the permission request.

Optionally, if the type of the application program is an application program to be determined, a virtual area is set in the current interface to receive a user instruction, and the step of opening the permission request according to the user instruction includes:

and opening the permission request according to the user instruction to be effective within preset time or effective for one time.

Optionally, the source information of the application program comprises an official source, a third party source and an unknown source.

Optionally, the usage information in the preset time includes the number of times of opening, the number of times of using, and the duration of using the application program in the preset time after the permission request is opened.

Optionally, the running states of the application include foreground running and background running.

Optionally, the step of determining the type of the application according to the running state, the source information, and the usage information includes:

if the running state of the application program is foreground running and the source information of the application program is official application, the type of the application program is a safe application program;

if the running state of the application program is foreground running and the source information of the application program is a third party source and an unknown source, the type of the application program is a pending application program;

if the running state of the application program is background running and the source information of the application program is a third party source and an unknown source, the type of the application program is a non-safe application program;

and if the running state of the application program is background running and the source information of the application program is an official source, determining that the type of the application program is a pending application program.

Optionally, the step of determining the type of the application according to the running state, the source information, and the usage information further includes:

if the running state of the application program is foreground running, and the source information of the application program is a third party source and an unknown source, when the use information of the application program exceeds a preset threshold value, converting the type of the application program from the application program to be determined into a safe application program;

if the running state of the application program is background running and the source information of the application program is official source, the type of the application program is an undetermined application program, and when the use information of the application program exceeds a preset threshold value, the type of the application program is converted into a safe application program from the undetermined application program.

In addition, to achieve the above object, a second aspect of the present invention provides a terminal, including: the system comprises a memory, a processor and a permission management program stored on the memory and capable of running on the processor, wherein the permission management program realizes the steps of the permission management method when being executed by the processor.

The third aspect of the present invention also provides a computer readable storage medium, on which a rights management program is stored, which when executed by a processor implements the steps of the rights management method as described above.

The embodiment of the invention has the following beneficial effects:

the embodiment of the invention provides a permission management and control method, a terminal and a computer readable storage medium. In the installation or operation process of the application program, when the permission request is detected, the terminal can determine the type of the application program according to the operation state, the source information and the use information of the application program, and adopt a corresponding permission management and control strategy aiming at the safe application program, the undetermined application program and the non-safe application program. Compared with the prior art that all the authorities need to be manually opened by users, the management and control method provided by the embodiment of the invention automatically screens out the authority requests which can be opened or not opened, and simultaneously gives certain option to the users, so that the management and control method is more intelligent and humanized.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a schematic diagram of a hardware structure of a mobile terminal according to an embodiment of the present invention;

fig. 2 is a schematic structural diagram of a wireless communication system of a mobile terminal according to an embodiment of the present invention;

FIG. 3 is a flowchart illustrating a method for managing rights according to an embodiment of the present invention;

FIG. 4 is a schematic view of a virtual area for prompting and receiving user instructions in one embodiment of the present invention;

fig. 5 is a block diagram of a mobile terminal according to one embodiment of the present invention.

The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.

Detailed Description

It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in itself. Thus, "module", "component" or "unit" may be used mixedly.

The terminal may be implemented in various forms. For example, the terminal described in the present invention may include a mobile terminal such as a mobile phone, a tablet computer, a notebook computer, a palmtop computer, a Personal Digital Assistant (PDA), a Portable Media Player (PMP), a navigation device, a wearable device, a smart band, a pedometer, and the like, and a fixed terminal such as a Digital TV, a desktop computer, and the like. The following description will be given by way of example of a mobile terminal, and it will be understood by those skilled in the art that the construction according to the embodiment of the present invention can be applied to a fixed type terminal, in addition to elements particularly used for mobile purposes.

Referring to fig. 1, which is a schematic diagram of a hardware structure of a mobile terminal for implementing various embodiments of the present invention, the mobile terminal 100 may include: RF (Radio Frequency) unit 101, WiFi module 102, audio output unit 103, a/V (audio/video) input unit 104, sensor 105, display unit 106, user input unit 107, interface unit 108, memory 109, processor 110, and power supply 111. Those skilled in the art will appreciate that the mobile terminal architecture shown in fig. 1 is not intended to be limiting of mobile terminals, which may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.

The following describes each component of the mobile terminal in detail with reference to fig. 1:

the radio frequency unit 101 may be configured to receive and transmit signals during information transmission and reception or during a call, and specifically, receive downlink information of a base station and then process the downlink information to the processor 110; in addition, the uplink data is transmitted to the base station. Typically, radio frequency unit 101 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. In addition, the radio frequency unit 101 can also communicate with a network and other devices through wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System for Mobile communications), GPRS (General Packet Radio Service), CDMA2000(Code Division Multiple Access 2000), WCDMA (Wideband Code Division Multiple Access), TD-SCDMA (Time Division-Synchronous Code Division Multiple Access), FDD-LTE (Frequency Division duplex Long Term Evolution), and TDD-LTE (Time Division duplex Long Term Evolution).

WiFi belongs to short-distance wireless transmission technology, and the mobile terminal can help a user to receive and send e-mails, browse webpages, access streaming media and the like through the WiFi module 102, and provides wireless broadband internet access for the user. Although fig. 1 shows the WiFi module 102, it is understood that it does not belong to the essential constitution of the mobile terminal, and may be omitted entirely as needed within the scope not changing the essence of the invention.

The audio output unit 103 may convert audio data received by the radio frequency unit 101 or the WiFi module 102 or stored in the memory 109 into an audio signal and output as sound when the mobile terminal 100 is in a call signal reception mode, a call mode, a recording mode, a voice recognition mode, a broadcast reception mode, or the like. Also, the audio output unit 103 may also provide audio output related to a specific function performed by the mobile terminal 100 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output unit 103 may include a speaker, a buzzer, and the like.

The a/V input unit 104 is used to receive audio or video signals. The a/V input Unit 104 may include a Graphics Processing Unit (GPU) 1041 and a microphone 1042, the Graphics processor 1041 Processing image data of still pictures or video obtained by an image capturing device (e.g., a camera) in a video capturing mode or an image capturing mode. The processed image frames may be displayed on the display unit 106. The image frames processed by the graphic processor 1041 may be stored in the memory 109 (or other storage medium) or transmitted via the radio frequency unit 101 or the WiFi module 102. The microphone 1042 may receive sounds (audio data) via the microphone 1042 in a phone call mode, a recording mode, a voice recognition mode, or the like, and may be capable of processing such sounds into audio data. The processed audio (voice) data may be converted into a format output transmittable to a mobile communication base station via the radio frequency unit 101 in case of a phone call mode. The microphone 1042 may implement various types of noise cancellation (or suppression) algorithms to cancel (or suppress) noise or interference generated in the course of receiving and transmitting audio signals.

The mobile terminal 100 also includes at least one sensor 105, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor includes an ambient light sensor that can adjust the brightness of the display panel 1061 according to the brightness of ambient light, and a proximity sensor that can turn off the display panel 1061 and/or a backlight when the mobile terminal 100 is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when stationary, and can be used for applications of recognizing the posture of a mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a fingerprint sensor, a pressure sensor, an iris sensor, a molecular sensor, a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured on the mobile phone, further description is omitted here.

The display unit 106 is used to display information input by a user or information provided to the user. The Display unit 106 may include a Display panel 1061, and the Display panel 1061 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.

The user input unit 107 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the mobile terminal. Specifically, the user input unit 107 may include a touch panel 1071 and other input devices 1072. The touch panel 1071, also referred to as a touch screen, may collect a touch operation performed by a user on or near the touch panel 1071 (e.g., an operation performed by the user on or near the touch panel 1071 using a finger, a stylus, or any other suitable object or accessory), and drive a corresponding connection device according to a predetermined program. The touch panel 1071 may include two parts of a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 110, and can receive and execute commands sent by the processor 110. In addition, the touch panel 1071 may be implemented in various types, such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. In addition to the touch panel 1071, the user input unit 107 may include other input devices 1072. In particular, other input devices 1072 may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like, and are not limited to these specific examples.

Further, the touch panel 1071 may cover the display panel 1061, and when the touch panel 1071 detects a touch operation thereon or nearby, the touch panel 1071 transmits the touch operation to the processor 110 to determine the type of the touch event, and then the processor 110 provides a corresponding visual output on the display panel 1061 according to the type of the touch event. Although the touch panel 1071 and the display panel 1061 are shown in fig. 1 as two separate components to implement the input and output functions of the mobile terminal, in some embodiments, the touch panel 1071 and the display panel 1061 may be integrated to implement the input and output functions of the mobile terminal, and is not limited herein.

The interface unit 108 serves as an interface through which at least one external device is connected to the mobile terminal 100. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The interface unit 108 may be used to receive input (e.g., data information, power, etc.) from external devices and transmit the received input to one or more elements within the mobile terminal 100 or may be used to transmit data between the mobile terminal 100 and external devices.

The memory 109 may be used to store software programs as well as various data. The memory 109 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 109 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.

The processor 110 is a control center of the mobile terminal, connects various parts of the entire mobile terminal using various interfaces and lines, and performs various functions of the mobile terminal and processes data by operating or executing software programs and/or modules stored in the memory 109 and calling data stored in the memory 109, thereby performing overall monitoring of the mobile terminal. Processor 110 may include one or more processing units; preferably, the processor 110 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 110.

The mobile terminal 100 may further include a power supply 111 (e.g., a battery) for supplying power to various components, and preferably, the power supply 111 may be logically connected to the processor 110 via a power management system, so as to manage charging, discharging, and power consumption management functions via the power management system.

Although not shown in fig. 1, the mobile terminal 100 may further include a bluetooth module or the like, which is not described in detail herein.

In order to facilitate understanding of the embodiments of the present invention, a communication network system on which the mobile terminal of the present invention is based is described below.

Referring to fig. 2, fig. 2 is an architecture diagram of a communication Network system according to an embodiment of the present invention, where the communication Network system is an LTE system of a universal mobile telecommunications technology, and the LTE system includes a UE (User Equipment) 201, an E-UTRAN (Evolved UMTS Terrestrial Radio Access Network) 202, an EPC (Evolved Packet Core) 203, and an IP service 204 of an operator, which are in communication connection in sequence.

Specifically, the UE201 may be the terminal 100 described above, and is not described herein again.

The E-UTRAN202 includes eNodeB2021 and other eNodeBs 2022, among others. Among them, the eNodeB2021 may be connected with other eNodeB2022 through backhaul (e.g., X2 interface), the eNodeB2021 is connected to the EPC203, and the eNodeB2021 may provide the UE201 access to the EPC 203.

The EPC203 may include an MME (Mobility Management Entity) 2031, an HSS (Home Subscriber Server) 2032, other MMEs 2033, an SGW (Serving gateway) 2034, a PGW (PDN gateway) 2035, and a PCRF (Policy and Charging Rules Function) 2036, and the like. The MME2031 is a control node that handles signaling between the UE201 and the EPC203, and provides bearer and connection management. HSS2032 is used to provide registers to manage functions such as home location register (not shown) and holds subscriber specific information about service characteristics, data rates, etc. All user data may be sent through SGW2034, PGW2035 may provide IP address assignment for UE201 and other functions, and PCRF2036 is a policy and charging control policy decision point for traffic data flow and IP bearer resources, which selects and provides available policy and charging control decisions for a policy and charging enforcement function (not shown).

The IP services 204 may include the internet, intranets, IMS (IP Multimedia Subsystem), or other IP services, among others.

Although the LTE system is described as an example, it should be understood by those skilled in the art that the present invention is not limited to the LTE system, but may also be applied to other wireless communication systems, such as GSM, CDMA2000, WCDMA, TD-SCDMA, and future new network systems.

Based on the above mobile terminal hardware structure and communication network system, the present invention provides various embodiments of the method.

Example one

Referring to fig. 3, fig. 3 is a flowchart illustrating a method for managing and controlling permissions according to a first embodiment of the present invention. The rights management method includes the following steps S301 to S305.

In step S301, a permission request during installation or operation of an application is detected, and the permission request is analyzed;

specifically, when a user installs or runs a certain application program, the application program may send a corresponding permission request to ensure the implementation of the corresponding function of the application program, for example, when an image is acquired, the application program needs to request an image acquisition device, usually a camera in a mobile terminal, and then needs to invoke camera permission. When a permission request sent by an application program is detected, the permission request is analyzed, and a specific object requested by the permission request, related hardware equipment and a function which the permission wants to realize are analyzed.

In step S302, if the permission request matches a preset target permission list, acquiring an operating state and attribute information of the application program;

specifically, the preset target permission list is set for the application developer and is linked to the inside of the application; the preset target authority list can also be set by the user, and the permission to be opened is prestored as the target authority list and stored in the terminal database. And when the authority requested by the application program is matched with a preset target application program list, acquiring the running state and the attribute information of the application program. In this embodiment, the running states of the application include foreground running and background running. And calling the attribute information of the application program from the server, wherein the attribute information of the application program comprises the type of the application program, source information, use information, a starting object, the program, information and the like.

In step S303, obtaining source information of the application program and usage information within a preset time period according to the attribute information of the application program;

extracting source information of the application program and use information in a preset time period according to the attribute information of the application program; the preset time can be set by the user according to the habit of the user or can be set by the system.

The source information of the application program comprises an official source, a third party source and an unknown source, and when the source information of the application program is the official source, for example, the source of the QQ is provided for Tencent official, the source information of the QQ is also authenticated by an application mall, and the reliability is higher; when the source of the application program is a third party source or an unknown source, the reliability of the application program is low, and the application program is likely to be a virus. And the use information in the preset time comprises the opening times, the use times and the use duration of the application program in the preset time after the permission request is opened. After the permission request is opened, in a preset time, the user opens the application program for multiple times, or uses the application program for multiple times, and the use time length reaches a certain threshold value, the user is considered to permit the application program to use the permission request, and the application program is in the safety range of the user.

In step S304, determining the type of the application according to the running state, the source information and the usage information;

the types of the application programs comprise a safe application program, a pending application program and a non-safe application program, and different authority request management and control strategies are adopted for different application types.

In step S305, it is determined whether to open the permission request according to the type of the application program.

Specifically, if the type of the application program is a safe application program, opening the permission request;

For ease of understanding, an example is presented. If the running state of the application program is foreground running and the source information of the application program is official application, the type of the application program is a safe application program, for example, a current interface runs QQ, the permission of the camera is requested, the QQ is considered as a safe application, and the request of the camera permission is opened.

If the running state of the application program is background running and the source information of the application program is an official source, the type of the application program is an application program to be determined, for example, a QQ runs in the background, the camera permission is requested at this time, and the QQ does not use the camera permission in the background, the QQ is considered to be an application to be determined, and a virtual area needs to be set on a current interface for opening the camera permission, referring to fig. 4, which is a schematic view of the virtual area for prompting and receiving a user instruction in one embodiment of the present invention. The virtual area is used to prompt a user and receive a user instruction, optionally, the virtual area may be a semi-transparent rectangular suspension frame suspended on a current interface, in this embodiment, the size, shape, and attribute of the area of the virtual area are not limited, and a prompt is sent to "QQ needs to request camera permission at the background, yes or no? And the word of ' simultaneously receiving a user instruction, when the user selects ' yes ', opening the camera authority, otherwise, forbidding the QQ to open the camera authority at the background. If the running state of the application program is foreground running, and the source information of the application program is a third party source and an unknown source, the type of the application program is a pending application program, for example, a plug-in capable of beautifying a video object when a QQ software provided by a third party starts a video is provided, when the QQ runs on the foreground, the plug-in requests a camera right, the QQ is considered as a pending application, a virtual area is also set on the current interface, the virtual area is used for prompting a user and receiving a user instruction, optionally, the virtual area may be a semi-transparent rectangular suspension frame suspended on the current interface, in this embodiment, the area size, the area shape, the area attribute and the like of the virtual area are not limited, and a prompt is sent to prompt that the QQ needs to request a camera right on the background, yes or no? And the word of ' simultaneously receiving a user instruction, when the user selects ' yes ', opening the camera authority, otherwise, forbidding the QQ to open the camera authority at the background.

And if the running state of the application program is background running and the source information of the application program is a third party source and an unknown source, determining that the type of the application program is a non-safe application program. For example, a QQ runs in the background, but its source is not the Tencent company, but rather some third party source or unknown source, at which point the QQ is considered a non-secure application, and the permission request for the QQ is not opened.

The embodiment provides a method for managing and controlling authority. The method comprises the following steps: detecting an authority request in the installation or operation process of an application program, and analyzing the authority request; if the permission request is matched with a preset target permission list, acquiring the running state and attribute information of the application program; acquiring source information of the application program and use information in a preset time period according to the attribute information of the application program; determining the type of the application program according to the running state, the source information and the use information; and determining whether to open the permission request according to the type of the application program. Compared with the prior art that all the authorities need to be manually opened by users, the management and control method provided by the embodiment of the invention automatically screens out the authority requests which can be opened or not opened, and simultaneously gives certain option to the users, so that the management and control method is more intelligent and humanized.

Example two

Further, on the basis of the first embodiment of the method for managing and controlling permissions of the present invention, a second embodiment of the method for managing and controlling permissions is proposed, where the difference between the second embodiment and the first embodiment is that in step S304, determining the type of the application according to the running state, the source information, and the usage information further includes:

And the use information in the preset time comprises the opening times, the use times and the use duration of the application program in the preset time after the permission request is opened. After the permission request is opened, in a preset time, the user opens the application program for multiple times, or uses the application program for multiple times, and the use time length reaches a certain threshold value, the user is considered to permit the application program to use the permission request, and the permission requested by the application program is in the safety range of the user. And in a preset time, the opening times of the application program exceed a first preset threshold, and/or the use times exceed a second preset threshold, and/or the use duration exceeds a third preset threshold, the application program is converted into a safe application program from the application program to be determined, and then the user is considered to permit the application program to use the permission request, and the permission request is automatically opened. The first preset threshold, the second preset threshold and the third preset threshold are set by a system.

For ease of understanding, the following examples are given. If the running state of the application program is background running and the source information of the application program is an official source, the type of the application program is an application program to be determined, for example, a QQ runs in the background, the camera permission is requested at this time, and the QQ does not use the camera permission in the background, the QQ is considered to be an application to be determined, and a virtual area needs to be set on a current interface for opening the camera permission, referring to fig. 4, which is a schematic view of the virtual area for prompting and receiving a user instruction in one embodiment of the present invention. The virtual area is used to prompt a user and receive a user instruction, optionally, the virtual area may be a semi-transparent rectangular suspension frame suspended on a current interface, in this embodiment, the size, shape, and attribute of the area of the virtual area are not limited, and a prompt is sent to "QQ needs to request camera permission at the background, yes or no? And the word of ' simultaneously receiving a user instruction, when the user selects ' yes ', opening the camera authority, otherwise, forbidding the QQ to open the camera authority at the background. Within a preset time, for example, within one hour, the QQ runs in the background, the camera permission is requested at this time, and the QQ does not use the camera permission in the background, the QQ is considered to be a pending application, and for the opening of the camera permission, a virtual area needs to be set on the current interface, and a prompt is given, that "is the QQ needs to request the camera permission in the background, yes or no? "while receiving a user instruction, and when the user selects" yes ", the usage time thereof exceeds a third threshold value (half an hour). At the moment, the QQ is converted into a safe application program from the application program to be determined, and when the camera authority is requested again, the authority request is automatically opened.

If the running state of the application program is foreground running, and the source information of the application program is a third party source and an unknown source, the type of the application program is a pending application program, for example, a plug-in capable of beautifying a video object when a QQ software provided by a third party starts a video is provided, when the QQ runs on the foreground, the plug-in requests a camera right, the QQ is considered as a pending application, a virtual area is also set on the current interface, the virtual area is used for prompting a user and receiving a user instruction, optionally, the virtual area may be a semi-transparent rectangular suspension frame suspended on the current interface, in this embodiment, the area size, the area shape, the area attribute and the like of the virtual area are not limited, and a prompt is sent to prompt that the QQ needs to request a camera right on the background, yes or no? "and when the user selects" yes ", the number of requests exceeds the first threshold (15) 20 times. At the moment, the QQ is converted into a safe application program from the application program to be determined, and when the camera authority is requested again, the authority request is automatically opened.

The embodiment provides a method for managing and controlling authority. Compared with the scheme that all authorities in the related technology need to be manually opened by users, the method for managing and controlling the application programs provided by the embodiment of the invention automatically screens out authority requests which can be opened or not opened, and gives certain option to the users, so that the method is more intelligent and humanized.

EXAMPLE III

Further, based on the third embodiment of the rights management method according to the present invention provided in the foregoing embodiment, referring to fig. 5, fig. 5 is a block diagram of a mobile terminal according to an embodiment of the present invention, and it can be understood by those skilled in the art that all or part of the steps of implementing the method according to the foregoing embodiment may be implemented by hardware related to at least one program instruction, where the at least one program may be stored in the memory 501 of the server 500 shown in fig. 5 and can be executed by the processor 502, and when the at least one program is executed by the processor 502, the steps of the rights management method according to the first embodiment are implemented:

Optionally, the step of determining, by the processor 502, whether to open the permission request according to the type of the application program includes:

Optionally, if the type of the application program is an application program to be determined, the processor 502 sets a virtual area in a current interface to receive a user instruction, and the step of opening the permission request according to the user instruction includes:

Optionally, the step of determining, by the processor 502, the type of the application according to the running state, the source information, and the usage information includes:

Optionally, the step of determining, by the processor 502, the type of the application according to the running state, the source information, and the usage information further includes:

The mobile terminal provided by this embodiment analyzes the permission request by detecting the permission request in the installation or operation process of the application program; if the permission request is matched with a preset target permission list, acquiring the running state and attribute information of the application program; acquiring source information of the application program and use information in a preset time period according to the attribute information of the application program; determining the type of the application program according to the running state, the source information and the use information; and determining whether to open the permission request according to the type of the application program. Compared with the prior art that all the authorities need to be manually opened by users, the mobile terminal provided by the embodiment of the invention can automatically screen out the authority requests which can be opened or not, and simultaneously gives certain option to the users, so that the mobile terminal is more intelligent and humanized.

The specific embodiment of the mobile terminal of the present invention is substantially the same as the specific embodiments of the above-mentioned privilege management and control method, and is not described herein again.

The present invention also provides a computer readable storage medium storing one or more programs, the one or more programs being further executable by one or more processors for:

The specific implementation manner of the computer-readable storage medium of the present invention is substantially the same as that of the above-mentioned embodiments of the method for managing and controlling permissions and the mobile terminal, and is not described herein again.

The computer-readable storage medium provided in this embodiment parses the permission request by detecting the permission request during installation or operation of the application; if the permission request is matched with a preset target permission list, acquiring the running state and attribute information of the application program; acquiring source information of the application program and use information in a preset time period according to the attribute information of the application program; determining the type of the application program according to the running state, the source information and the use information; and determining whether to open the permission request according to the type of the application program. Compared with the prior art that all authorities need to be opened manually by users, the computer-readable storage medium provided by the embodiment of the invention can automatically screen out authority requests which can be opened or not, and simultaneously gives certain option to the users, so that the computer-readable storage medium is more intelligent and humanized.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.

Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.

While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.

Claims

1. A permission management and control method is applied to a terminal, and is characterized by comprising the following steps:

detecting an authority request in the installation or operation process of an application program, and analyzing the authority request; the permission request comprises camera permission, address list permission and telephone permission;

acquiring source information of the application program and use information in a preset time period according to the attribute information of the application program; the use information in the preset time comprises the opening times, the use times and the use duration of the application program in the preset time after the permission request is opened;

determining whether to open the permission request according to the type of the application program;

the step of determining whether to open the permission request according to the type of the application program comprises the following steps: if the type of the application program is an application program to be determined, setting a virtual area in a current interface to receive a user instruction, and opening or not opening the permission request according to the user instruction;

the source information of the application program comprises an official source;

the running state of the application program comprises background running;

the step of determining the type of the application program according to the running state, the source information and the usage information comprises: and if the running state of the application program is background running and the source information of the application program is an official source, determining that the type of the application program is a pending application program.

2. The rights management method of claim 1, wherein determining whether to open the rights request according to the type of the application further comprises:

3. The method for managing and controlling authority according to claim 2, wherein if the type of the application is a pending application, a virtual area is set in a current interface for receiving a user instruction, and the step of opening the authority request according to the user instruction includes:

4. The rights management method of claim 1, wherein the source information of the application further includes a third party source and an unknown source.

5. The rights management method of claim 4, wherein the running state of the application further comprises foreground running.

6. The rights management method of claim 5, wherein the step of determining the type of the application from the operating state, source information, and usage information further comprises:

and if the running state of the application program is background running and the source information of the application program is a third party source and an unknown source, determining that the type of the application program is a non-safe application program.

7. The rights management method of claim 5, wherein the step of determining the type of the application from the operating state, source information, and usage information further comprises:

8. A terminal, characterized in that the terminal comprises: memory, a processor and a rights management program stored on the memory and executable on the processor, the rights management program when executed by the processor implementing the steps of the rights management method of any of claims 1-7.

9. A computer-readable storage medium, having stored thereon a rights management program which, when executed by a processor, implements the steps of the rights management method of any of claims 1-7.