CN109076126A - Permission update method and terminal device - Google Patents

Permission update method and terminal device Download PDF

Info

Publication number
CN109076126A
CN109076126A CN201780028139.9A CN201780028139A CN109076126A CN 109076126 A CN109076126 A CN 109076126A CN 201780028139 A CN201780028139 A CN 201780028139A CN 109076126 A CN109076126 A CN 109076126A
Authority
CN
China
Prior art keywords
permission
permissions list
terminal device
application
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201780028139.9A
Other languages
Chinese (zh)
Other versions
CN109076126B (en
Inventor
黄洁静
彭峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN109076126A publication Critical patent/CN109076126A/en
Application granted granted Critical
Publication of CN109076126B publication Critical patent/CN109076126B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Telephonic Communication Services (AREA)

Abstract

The present embodiments relate to a kind of permission update method and systems.This method, which may include terminal device, obtains the first permissions list from server, first permissions list is that server has updated the permissions list after permission to the application in application distribution service, or first permissions list be that the application that terminal device is currently installed on has updated the permissions list after permission, server is the corresponding server of the application distribution service of terminal device.Terminal device is updated the permissions list for the application that terminal device is currently installed on according to the first permissions list, generates the second permissions list of terminal device, so that terminal device is controlled or managed to the application being currently installed on according to the second permissions list.This method can be specific to increasing or disable some API permission using the control of fining, or realizes and disposably authorize or withdraws API permission, and user updates APK without re-downloading, so that user experience is promoted, reduction common interest conflict.

Description

Permission update method and terminal device Technical field
The invention relates to the communications field more particularly to a kind of permission update method and terminal devices.
Background technique
It is directed to application programming interface (Application Programming Interface at present, API) method authorized is after authorizing each APK to specific permission, it forms authority and Android installation kit (Android Package, APK) (or application) is packaged with.After APK installation, and when calling permission every time in its use, terminal will check its authority, confirm its whether with access to the API permission.
However, traditional certificate granting scheme is not directed to subsequent replacement problem, if having altered to the API permission of APK and (increasing or cancel some permission newly), it then needs to be packaged new authority and reinstalls APK, or pass through over the air (Over-the-Air Technology, OTA mode), the mode of OTA also corresponds to download in fact and installs APK, renewal process is comparatively laborious, simultaneously directly unload entire APK or directly cancel entire certificate by way of, affect continuing to use for the APK, expand the impairment of benefit range of authorized APK manufacturer.
Summary of the invention
The embodiment of the invention provides a kind of permission update method and terminal devices.During updating API permission, it is not related to handling entire APK or the entire certificate of revocation, realizes that user updates APK without re-downloading, to promote user experience, reduce the conflict of interest of user and authorized APK manufacturer both sides.
First aspect, provide a kind of permission update method, this method may include terminal device from server the first permissions list of acquisition, and the first permissions list is the permissions list after server update permission, and server is that the application distribution of terminal device services corresponding server.Terminal device obtains the first permissions list from server.Terminal device is updated the permissions list for the application that terminal device is currently installed on according to the first permissions list, obtains the second permissions list of terminal device, so that terminal device is controlled or managed to the application being currently installed on according to the second permissions list.This method can be specific to increasing or disable some API permission using the control of fining, or realizes and disposably authorize or withdraws API permission, and user updates APK without re-downloading, so that user experience is promoted, reduction common interest conflict.
In an optional realization, first permissions list is that the application that terminal device is currently installed on has updated the permissions list after permission, terminal device obtains the first permissions list from server, including: terminal device sends triggering message to server, triggering message includes the identification information of terminal device, the identification information can be the device number information or the corresponding user account information of the terminal device of terminal device, such as user mobile phone number, subscriber mailbox subscriber identity information.Wherein, after the application that identification information is used to that server to be made to determine that equipment is currently installed on according to identification information, response message is sent to terminal device, response message includes the first permissions list.
In an optional realization, first permissions list is specially to have updated the permissions list after permission using application provided by distribution service on the terminal device of server service, terminal device obtains the first permissions list from server, it include: that terminal device receives the system message that server broadcast is sent, system message includes the first permissions list.
In an optional realization, the first permissions list includes the permission after modifying at least one application.
In an optional realization, the first permissions list includes the permission after at least one application is authorized or cancelled.
In an optional realization, the first permissions list includes at least one using the permission after re-authorization.
In an optional realization, terminal device is according to the first permissions list, the permissions list for the application that terminal device is currently installed on is updated, obtain the second permissions list of terminal device, it include: terminal device according to the first permissions list, the permission of the permissions list for the application being currently installed on to terminal device is updated, and obtains the second permissions list that updated permissions list is terminal device.
In an optional realization, after the second permissions list for generating terminal device, this method further include: in a kind of permission of terminal device application, the legitimacy of the permission grant file of the respective application of the certificate of authority and permission of the permission of terminal device identification application;If the permission grant file of the respective application of the certificate of authority and permission of permission is legal, and the second permissions list includes the permission of application, then terminal device completes the application to the permission of application.
Second aspect provides a kind of terminal device, which has the function of realizing above method terminal device behavior in practice.The function can also execute corresponding software realization by hardware realization by hardware.The hardware or software include one or more modules corresponding with above-mentioned function.
The third aspect provides another terminal device, which may include receiver and processor,
Receiver is used to obtain the first permissions list from server, and the first permissions list is the permissions list after server update permission, and server is the corresponding server of the application distribution service of terminal device.Processor is used to be updated the permissions list for the application that terminal device is currently installed on according to the first permissions list, generate the second permissions list of terminal device, so that terminal device is controlled or managed to the application being currently installed on according to the second permissions list.
One it is optional realize, terminal device includes transmitter, and the first permissions list is the permissions list of the application that is currently installed on of terminal device in the updated, and transmitter is used to send triggering message to server, and triggering message includes the identification information of terminal device.Wherein, after the application that identification information is used to that server to be made to determine that terminal device is currently installed on according to identification information, response message is sent to terminal device, the response message includes the first permissions list.
In an optional realization, first permissions list is the permissions list for having updated permission on the terminal device of server service using application provided by distribution service, receiver is also used to receive the system message of server broadcast transmission, and system message includes the first permissions list.
In an optional realization, the first permissions list includes the permission after modifying at least one application.
In an optional realization, the first permissions list includes the permission after at least one application is authorized or cancelled.
In an optional realization, the first permissions list includes at least one using the permission after re-authorization.
In an optional realization, terminal device is specifically used for according to the first permissions list, the permission of the permissions list for the application being currently installed on is updated, updated permissions list is obtained, the updated permissions list is the second permissions list of the terminal device.
In an optional realization, the processor identifies the legitimacy of the permission grant file of the certificate of authority of the permission of application and the respective application of permission also particularly useful in a kind of permission of terminal device application;If the permission grant file of the respective application of the certificate of authority and permission of permission is legal, and the second permissions list includes the permission of application, then completes the application to the permission of application.
Fourth aspect provides a kind of computer program product, when computer program product is run on computers, so that computer executes the method as described in any one of above-mentioned optional realization.
5th aspect, provides a kind of computer readable storage medium, and computer program is stored on the computer readable storage medium, and the method as described in any one of above-mentioned optional realization is realized when computer program executes.
Detailed description of the invention
Fig. 1 is a kind of structural schematic diagram of permission more new system;
Fig. 2 is the schematic diagram that a kind of permission updates prompt information;
Fig. 3 is a kind of flow diagram of permission update method provided in an embodiment of the present invention;
Fig. 4 is the schematic diagram of a scenario that a kind of terminal device provided in an embodiment of the present invention obtains the first permissions list;
Fig. 5 is a kind of flow diagram of permission prohibited method provided in an embodiment of the present invention;
Fig. 6 is that a kind of permission provided in an embodiment of the present invention is authorized or the flow diagram of cancelling method;
Fig. 7 is a kind of structural schematic diagram of terminal device provided in an embodiment of the present invention;
Fig. 8 is the structural schematic diagram of another terminal device provided in an embodiment of the present invention.
Specific embodiment
Below by drawings and examples, the technical solution of the application is described in further detail.
The permission update method of the application can be adapted for the more new system of permission shown in Fig. 1.As shown in Figure 1, the system can include but is not limited to server and terminal device.
Server, application distribution service (such as application market, application shop (application store on the terminal device to association (or service), App Store) etc.) provided by least one APK (such as wechat, QQ, Tencent's video etc.) it is managed and (such as updates, deletes), server can be server corresponding to the distribution service of terminal device, can also be for terminal device provide cloud service server or terminal device manufacturer corresponding to server.Wherein, server may include API right of approval platform, with the update (assuming that formerly to the due API permission of each APK authorization institute) of the API permission for managing each APK, and the unlawful practice of user feedback or the violation event of APK are collected, generates permission more new information.
API right of approval platform can include but is not limited to disabling permission, newly-increased permission to the update of API permission or withdraw (authorize or cancel) permission and re-authorization permission, wherein, API permission may include access location information permission, using network interface permission, accessing address list permission and short message prompting permission etc..
In one example, API right of approval platform can be detected for the unlawful practice of all APK, if APK only includes three wechat, QQ and microblogging APK, i.e. API right of approval platform detects the unlawful practice of wechat, QQ and microblogging.The permission that wechat has authorized can have complete internet access permission, read address list permission, recording permission, short message reading permission;The permission that QQ has been authorized, which can have, obtains exact position permission, using camera permission, reading address list permission, recording permission and short message reading permission etc.;The permission that microblogging has authorized, which can have, reads address list permission, using camera permission, permission of sending short messages, acquisition exact position permission etc..
(1) scene of the API right of approval platform for the unlawful practice of at least one APK.
Such as, wechat and QQ were collected when API right of approval platform and has read the violation event of short message of user's transmitting-receiving when not applying for short message reading permission (not obtaining the agreement of user), wechat opens the violation event that camera works and microblogging when not applying using camera permission in the violation event for the location information for not applying for obtaining user when obtaining exact position permission, QQ and do not applying for that right of recording prescribes a time limit the violation event recorded to user.API right of approval platform can disable corresponding API permission to wechat, QQ, microblogging, as shown in table 1.
Table 1
APK packet name API authority Disable API
Wechat NO.20151201XXX Short message reading authority acquiring exact position permission
Microblogging NO.20150815XXX Recording permission
QQ NO.20150109XXX Short message reading permission uses camera permission
In table 1, the corresponding authority of wechat is NO.20151201XXX, and short message reading permission is disabled after permission change, obtains exact position permission;The corresponding authority of microblogging is NO.20150815XXX, disabling recording permission after permission change;The corresponding authority of QQ is NO.20150109XXX, and disabling short message reading permission uses camera permission after permission change.
(2) API right of approval platform withdraws certain API permission (related unlawful practice of such as certain APK manufacturer for some API permission (such as Google certain functional interface newly developed) or collective, withdraw certain permission of all APK under the manufacturer) scene, i.e. API right of approval platform can be using scene that single API permission is disposably authorized or cancelled.
Such as, newly-increased change network state permission is granted to only wechat and QQ, will prevent mobile phone suspend mode permission from authorizing wechat, QQ and microblogging (i.e. all APK) by API right of approval platform, and (i.e. all APK) is disabled to wechat, QQ and microblogging by address list permission is read, as shown in table 2.
Table 2
API permission API authority It can corresponding APK
Change network state permission NO.20151201XXX Wechat and QQ increase this permission
Prevent mobile phone suspend mode permission NO.20150815XXX Wechat, QQ and microblogging authorize this permission
Read address list permission NO.20150109XXX Wechat, QQ and microblogging disable this permission
In table 2, changing the corresponding authority of network state permission is NO.20151201XXX, which is granted to wechat and QQ;Preventing the corresponding authority of mobile phone suspend mode permission is NO.20150815XXX, which is granted to all APK;Reading the corresponding authority of address list permission is NO.20150109XXX, which is disabled by all APK.
(3) scene of the API right of approval platform for the API permission of single or multiple APK re-authorizations.The reauthorization process is direct replacement original API permission, makees the update of permission, that is to say, that the permission of updated single or multiple APK is to be subject to the API permission of re-authorization, unrelated with former API permission.
In one example, APK1 is wechat, the right list of wechat before re-authorization can be with are as follows: start automatically when preventing mobile phone suspend mode, calculating application program memory space, send obstinate broadcast, change Wi-Fi state, the application program that retrieval is currently running, read synchronous setting, bluetooth management, display of system level alarm, guidance, be written synchronous setting, the setting of reading system, check WLAN state, complete internet access, check network state, control vibrator, using camera, short message reading, read contact person, contact person be written, totally 19 permissions.
APK2 is QQ, the right list of QQ before re-authorization can be with are as follows: prevents mobile phone suspend mode, disabling key-lock, sends obstinate broadcast, read syslog file, the application program that retrieval is currently running, read synchronous setting, bluetooth management, expansion/rounding state column, display of system level alarm, update UI setting, the synchronous setting restarting other applications of write-in, check WLAN state, complete internet access, control flash lamp, control vibrator, totally 15 permissions.
APK3 is microblogging, and the right list of the microblogging before re-authorization can be with are as follows: prevent mobile phone suspend mode, disabling key-lock, read synchronous statistical information, send obstinate broadcast, the application program that retrieval is currently running, read synchronous setting, bluetooth management, Start automatically when display of system level alarm, guidance, update UI setting, setting is synchronized to the application program rearrangement, the write-in that are currently running, WLAN state, complete internet access is checked, checks network state, control flash lamp, control vibrator, totally 17 permissions.
The API permission of at least one of wechat, QQ or microblogging is carried out re-authorization by API right of approval platform.
The right list of the wechat of re-authorization are as follows: calculate application program memory space, send obstinate broadcast, change Wi-Fi state, bluetooth management, start automatically when creation bluetooth connection, display of system level alarm, guidance, be written synchronous setting, the setting of reading system, check WLAN state, complete internet access, check network state, control vibrator, using camera, short message reading, read contact person, write-in contact person, write-in short message, totally 18 permissions.
The right list of the QQ of re-authorization are as follows: calculate application program memory space, disabling key-lock, change Wi-Fi state, send obstinate broadcast, read syslog file, the application program that retrieval is currently running, creation bluetooth connection, read synchronous setting, bluetooth management, expansion/rounding state column, display of system level alarm, update UI setting, the synchronous setting restarting other applications of write-in, check WLAN state, complete internet access, control flash lamp, control vibrator, obtain rough position permission, totally 18 permissions.
The right list of the QQ of re-authorization are as follows: disabling key-lock, read synchronous statistical information, change Wi-Fi state, send obstinate broadcast, the application program that retrieval is currently running, read start automatically when synchronous setting, bluetooth management, creation bluetooth connection, display of system level alarm, guidance, update UI setting, to the synchronous setting of application program rearrangement, write-in being currently running, check WLAN state, complete internet access, check network state, control flash lamp, control vibrator, write-in contact person, record, 20 items permission.
In summary, the API permission of at least one of wechat, QQ or microblogging and the API permission of corresponding re-authorization are identical after re-authorization, that is the new API permission of wechat, QQ or microblogging is to be subject to the API permission of re-authorization, unrelated with the API permission of re-authorization (or original).
It should be noted that, the main body of scene (1) concern is APK, certain permissions are authorized or disabled for some APK (such as wechat), the main body of scene (2) concern is API, i.e., is granted to certain APK for some API (permission of such as accessing address list) or certain APK is required to disable the permission.The main body of scene (3) concern is APK, unlike scene (1), which permission the API permission that the API of re-authorization has direct replacement original APK, i.e. scene (3) are awarded without the concern for APK before, can directly carry out the replacement of API.
Further, terminal device can be any movement or portable mobile termianl, including but not limited to mobile phone, removable computer, tablet computer, personal digital assistant (Personal Digital Assistant, PDA), the combination etc. of media player, smart television and above-mentioned two or two or more.
Wherein, terminal device can include but is not limited to the components such as input unit, permission updating unit, scope check unit, output unit, communication unit, storage unit.These components are communicated by one or more bus.It will be understood by those skilled in the art that the structure of terminal device shown in figure does not constitute the restriction to the application, it is either busbar network, it is also possible to hub-and-spoke configuration, it can also include perhaps combining certain components or different component layouts than illustrating more or fewer components.
Communication unit, for establishing the communication channel between terminal device and server, so as to obtain permission more new information (such as permission update list) from server.Communication unit may include WLAN (Wireless Local Area Network, wireless LAN) communication modules such as module, bluetooth module, base band (Base Band) module, and corresponding radio frequency (the Radio Frequency of the communication module, abbreviation RF) circuit, for carrying out WLAN communication, Bluetooth communication, infrared communication and/or cellular communications system communication, such as wideband code division multiple access (Wideband Code Division Multiple Access, W-CDMA) and/or high-speed downstream packet access (High Speed Downlink Packet Access, HSDPA).Communication of the communication module for each component in controlling terminal equipment, and can support direct memory access (Direct Memory Access).
Storage unit, for storing acquisition permission more new information, software program (such as sound playing program, image playing program etc.) and using created data (such as audio data, phone directory etc.) etc. according to terminal device.In the specific embodiment of the invention, storage unit may include volatile memory, such as non-volatile dynamic random access memory (Nonvolatile Random Access Memory, NVRAM), phase change random access memory (Phase Change RAM, PRAM), magnetic-resistance random access memory (Magetoresistive RAM, MRAM) etc., it can also include nonvolatile memory, a for example, at least disk memory, Electrical Erasable programmable read only memory (Electrically Erasable Programmable Read-Only Memory, EEPROM), flush memory device , such as anti-or flash memory (NOR flash memory) or anti-and flash memory (NAND flash memory)
Permission updating unit, the permission of APK for being currently installed on according to terminal device and the permission more new information of acquisition, the first instruction information is sent to input unit, the first instruction information is used to indicate whether input unit (such as display screen) display carries out using the prompt information updated, it is updated to complete permission according to the input information of user, as shown in Figure 2, the display a certain APK of screen display (such as: XXX) has whether new version is updated, when user's selection is, permission updating unit is updated the permission of the APK, conversely, without updating.Wherein, input unit can be touch panel, be also possible to other human-computer interaction interfaces.
Optionally, permission updating unit, it can also be according to the permission for the APK being currently installed on and the permission more new information of acquisition, second indication information is sent to output unit, the second indication information is used to indicate whether output unit (such as voice output unit) voice prompting carries out using the prompt information updated, updates to complete permission according to the input information of user.Wherein, input unit can be image output unit (such as display panel) and voice output unit.
Optionally, permission updating unit directly can also be updated the permission for the APK being currently installed on according to the permission more new information of acquisition.
It is understood that touch panel used by above-mentioned input unit also can be simultaneously as the display panel of output unit.For example, sending permission updating unit to after touch panel detects touch or close gesture operation on it to determine the type of touch event, subsequent permission updating unit provides corresponding visual output according to the type of touch event on a display panel.Although in Fig. 1, input unit and output unit are to output and input function as two independent components come realize terminal device, but it is in some embodiments it is possible to touch panel and display panel is integrated and that realizes terminal device output and input function.
Scope check unit, for in APK (such as wechat) operational process, when some API permission (as used network interface permission) of terminal device application, judge the legitimacy of the certificate of authority of the APK, and judge the legitimacy (i.e. whether the signing messages of inspection authority is true) of the API authority of APK, if legal, further the second permissions list of inquiry, the API permission called to present application confirms, to determine whether the APK has the qualification for applying for the API permission, it determines whether to complete the application to the API permission, existing permission i.e. only in the second permissions list, terminal device can just allow the APK application to call.
It should be appreciated that above-mentioned terminal device is only an example provided in an embodiment of the present invention, also, terminal device can have components more more or fewer than the component shown, can combine two or more components, or can have the different configurations of component to realize.
It can be seen that, the application is by using the control more refined, specific at least one the API permission for disabling some APK, or some API permission is uniformly authorized or cancelled for multiple APK, or the API permission of re-authorization is provided again, which is not related to handling entire APK or the entire certificate of revocation, that is, will not influence continuing to use for other permissions of APK, the user experience is improved, will not expand the impairment of benefit range of authorized APK manufacturer;User updates APK without re-downloading simultaneously, and the API permission that ensure that certificate and authorized can be updated or be disabled in time, has prevented the abuse of certificate and API permission, to ensure that the safety of user terminal.
Fig. 3 is a kind of flow diagram of permission update method provided in an embodiment of the present invention.This method may include:
Step 310, terminal device obtain the first permissions list.
After terminal device networking, when detecting that current system version is low or associated server has using updating, terminal device needs to obtain the first permissions list of application, to carry out permission update to the application being currently installed on.
Optionally, first permissions list is that server has updated the permissions list after permission to the application in application distribution service, or first permissions list be terminal device be currently installed on application have updated the permissions list after permission, that is the first permissions list can only include the API permission after the corresponding change of all APK, also may include API permission after the corresponding change of all APK and the API permission that do not change.It also may include API permission after the corresponding change of APK that terminal device is currently installed on and the API permission that do not change alternatively, the first permissions list can only include the API permission after the corresponding change of APK that be currently installed on of terminal device.Wherein, all APK are using application provided by distribution service on the terminal device of the server service, i.e., all APK are the application that the server can be managed.
In one example, APK may include Netease's mailbox, Tencent's video, Taobao and Meituan in the API right of approval platform of server, the corresponding relationship of above-mentioned APK and corresponding API, as shown in table 3.
Table 3
APK packet name API authority Corresponding API
Netease's mailbox NO.20151xxx It reads contact person's permission, read calendar permission
Tencent's video NO.20152xxx Obtain exact position permission
Taobao NO.20153xxx It reads contact person's permission, change Wi-Fi permission
Meituan NO.20154xxx Obtain exact position permission
In table 3, the corresponding authority of Netease's mailbox is NO.20151xxx, and corresponding API is to read contact person's permission, read calendar permission;The corresponding authority of Tencent's video is NO.20152xxx, and corresponding API is to obtain exact position permission;The corresponding authority of Taobao is NO.20153xxx, and corresponding API is to read contact person's permission, change Wi-Fi permission;The corresponding authority of Meituan is NO.20154xxx, and corresponding API is to obtain exact position permission.
Optionally, terminal device from server obtain the first permissions list mode there are two types of, as shown in Figure 4:
Mode one, terminal device can receive the system message of server broadcast transmission, which includes the first permissions list, so that terminal device be made to obtain the first permissions list.
Wherein, when first permissions list is the updated permissions list of all APK, terminal device is obtained from server before the first permission, the API right of approval platform of server is updated on the terminal device of the server service using the permission applied provided by distribution service, generates the first permissions list.
When having unlawful practice to need to disable its corresponding permission when the API right of approval platform of server checks Netease's mailbox, while needing to increase the application program permission that retrieval is currently running to Tencent's video, Meituan, API right of approval platform is updated table 3, The corresponding permissions list of updated all APK is generated, which updates the corresponding API permission (such as table 5) of APK that list can only include the corresponding API permission of APK of the corresponding API permission (such as table 4) of APK changed and change and not change.
Table 4
APK packet name API authority Corresponding API
Netease's mailbox NO.20151xxx It reads contact person's permission, read calendar permission
Tencent's video NO.20152xxx Obtain exact position permission, the application program permission that retrieval is currently running
Meituan NO.20154xxx Obtain exact position permission, the application program permission that retrieval is currently running
Table 5
APK packet name API authority Corresponding API
Netease's mailbox NO.20151xxx It reads contact person's permission, read calendar permission
Tencent's video NO.20152xxx Obtain exact position permission, the application program permission that retrieval is currently running
Taobao NO.20153xxx It reads contact person's permission, change Wi-Fi permission
Meituan NO.20154xxx Obtain exact position permission, the application program permission that retrieval is currently running
Mode two, terminal device can send triggering message to the API right of approval platform of server, which may include the identification information of terminal device.
Identification information can be the device number information or the corresponding user account information of the terminal device of terminal device, such as user mobile phone number, subscriber mailbox subscriber identity information.
Wherein, before terminal device obtains the first permission from server, the API right of approval platform of server obtains the APK that the terminal device is currently installed on according to the identification information of terminal device, and the permission for the application that the terminal device is currently installed on is updated, generate the first permissions list.
Further, the API right of approval platform of server sends the response message of the triggering message to terminal device, which may include the first permissions list, which is that the corresponding API of APK that the terminal device is currently installed on updates list.
Optionally, which can also include one of APK list and server account information of APK list and terminal device for being currently installed on of the installation situation of corresponding APK, terminal device of terminal device or much information.
Such as, the APK that inquiry is currently installed on the presence or absence of the terminal device in the corresponding permissions list of all APK of API right of approval platform in the updated, if it does not exist, API right of approval platform sends response message to terminal device, the response message may include instruction information, not have the update of API permission with instruction terminal equipment.API right of approval platform sends response message to terminal device if it exists, which may include the first permissions list, there is the update of API permission with instruction terminal equipment.
Step 320, terminal device are according to the first permissions list, the permissions list for the application that terminal device is currently installed on is updated, the second permissions list of terminal device is generated, so that terminal device is controlled or managed to the application being currently installed on according to the second permissions list.
It notes down it is understood that update herein refers to, APK is waited to apply checking again when API permission in use.
The list of the APK being currently installed on and corresponding API permission that terminal device is locally stored, as shown in table 6.
Table 6
APK packet name API authority Corresponding API
Netease's mailbox NO.20151xxx It reads contact person's permission, read calendar permission
Taobao NO.20153xxx It reads contact person's permission, change Wi-Fi permission
Meituan NO.20154xxx Obtain exact position permission
In table 6, the corresponding authority of Netease's mailbox being currently installed on is NO.20151xxx, and corresponding API is to read contact person's permission and reading calendar permission;The corresponding authority of the Taobao being currently installed on is NO.20153xxx, and corresponding API is to read contact person's permission and change Wi-Fi permission;The corresponding authority of the Meituan being currently installed on is NO.20154xxx, and corresponding API is to obtain exact position permission.
Optionally, after terminal device in a manner of one obtains the first permissions list, terminal device pop-up prompts the user whether the prompting frame being updated, when user's selection is updated, terminal device is according to the application message (number, the classification information of the APK such as installed) of the first permissions list and terminal device, determine terminal device APK to be updated, and the corresponding permission of APK to be updated is updated, updated permissions list is obtained, which is the second permissions list of terminal device.
That is, terminal device according to the first permissions list of acquisition and the application message of terminal device, determines that the permissions list for the APK to be updated being currently installed on being locally stored, the permissions list for the updated APK being currently installed on are as shown in table 7.
Table 7
Optionally, after terminal device in a manner of two obtains the first permissions list (permissions list for the APK to be updated being currently installed on), terminal device pop-up prompts the user whether the prompting frame being updated, when user's selection is updated, terminal device directly receives the first permissions list of API right of approval platform transmission, terminal device is updated according to permission of first permissions list to the APK to be updated being locally stored, updated permissions list is obtained, which is the second permissions list of terminal device.
In APK (such as wechat) operational process, when some API permission (as used network interface permission) of terminal device application, need to judge the legitimacy of the certificate of authority of the APK, and judge the legitimacy (i.e. whether the signing messages of inspection authority is true) of the API authority of APK, if legal, further the second permissions list of inquiry, determines whether the APK has the qualification for applying for the API permission, determines whether to complete the application to the API permission.
The method of the above embodiment of the present invention can be specific to some API permission of disabling using the control of fining, by merely withdrawing or authorizing some API permission, or by the way that authority and some API permission are individually bound, some API permission is disposably authorized or is withdrawn in realization, user updates APK without re-downloading, it can accomplish user's unaware, to promote user experience, reduce common interest conflict.
Below for obtaining the first permissions list that server issues by terminal device mode one, the taboo of permission is discussed in detail Use process.
Fig. 5 is a kind of flow diagram of permission prohibited method provided in an embodiment of the present invention.This method may include:
The violation event of unlawful practice or APK that step 500, API right of approval platform are fed back according to manufacturer, update the API permission of each APK, form the first permissions list, and to online end-point device broadcast and first permissions list is provided, the first permissions list is the corresponding permissions list of updated all APK.
Step 510, terminal device receive the first permissions list, and are stored in local.
Step 520, terminal device determine the APK of terminal device API permission to be updated according to the installation situation and the first permissions list of local APK.
Step 530, terminal device are updated corresponding second permissions list of the APK of API permission to be updated according to the first permissions list, and the second permissions list is the corresponding permissions list for the APK being currently installed on that terminal device is locally stored.
Step 540, APK apply for some API permission in the process of running, and terminal device first determines whether the certificate of authority of the APK is legal, if it is illegal, execute step 550, if legal, execute step 560.
Step 550, refuse this API permission application.
Step 560, end equipment judge the legitimacy (i.e. whether the signing messages or public key of inspection authority are true) of the API authority of the APK, if legal, execute step 570, if it is illegal, execute step 550.
Step 570, terminal device inquire updated second permissions list, determine whether the APK has the qualification for applying for the API permission, if so, executing step 480, if not having, execute step 590.
Step 580, the API permission of the APK are disabled in the second permissions list, then terminal device refuses the application of this API permission.
Step 590, the API permission of the APK be not in the second permissions list, then terminal device allows the application (not disabled) of this API permission.
From in the prior art to APK violation using direct unloading APK or directly cancel by the way of the certificate unlike, the above method can be specific to some API permission of disabling, entire APK or the entire certificate of revocation are handled without regard to arriving, this mode does not influence continuing to use for the APK, will not expand the impairment of benefit range to authorized APK manufacturer;User updates APK without re-downloading, and can accomplish user's unaware, to promote user experience, reduces common interest conflict.
It is understood that the above method is not limited only to disabling API permission, the scene for authorizing or cancelling API permission, replacement or re-authorization API permission is applied also for, details are not described herein for the embodiment of the present invention.
Below for obtaining the first permissions list that server issues by terminal device mode two, single permission is discussed in detail authorizes or cancels process.
Fig. 6 is that a kind of permission provided in an embodiment of the present invention is authorized or the flow diagram of cancelling method.This method may include:
The violation event of unlawful practice or APK that step 600, API right of approval platform are fed back according to manufacturer updates the API permission of each APK, forms the corresponding permissions list of updated all APK.
Step 610, terminal device send triggering message to the API right of approval platform of server, the triggering message may include the identification information of terminal device, to request the first permissions list, the first permissions list is that the corresponding API of APK that the terminal device is currently installed on updates list.
Step 620, API right of approval platform determine the APK that terminal device is currently installed on according to the identification information of terminal device.
The APK for whether having the terminal device to be currently installed in step 630, the corresponding permissions list of all APK of API right of approval platform judgement in the updated thens follow the steps 640 if not having;If so, thening follow the steps 650.
Step 640, API right of approval platform send response message to terminal device, which may include instruction information, do not have the update of API permission with instruction terminal equipment.
Step 650, API right of approval Platform Screening go out the first permissions list of terminal device needs, and send response message to terminal device, which may include the first permissions list.
Step 660, terminal device are updated corresponding second permissions list of the APK of API permission to be updated according to the first permissions list, and the second permissions list is the corresponding permissions list for the APK being currently installed on that terminal device is locally stored.
Step 670, APK apply for some API permission in the process of running, and terminal device first determines whether the certificate of authority of the APK is legal, if it is illegal, execute step 680, if legal, execute step 690.
Step 680, refuse this API permission application.
Step 690, terminal device judge the legitimacy (i.e. whether the signing messages or public key of inspection authority are true) of the API authority of the APK, if legal, execute step 700, if it is illegal, execute step 680.
Step 700, terminal device inquire updated second permissions list, determine whether the APK has the qualification for applying for the API permission, if so, executing step 710, if not having, execute step 720.
Step 710, the API permission of the APK are disabled in the second permissions list, then terminal device refuses the application of this API permission.
Step 720, the API permission of the APK be not in the second permissions list, then terminal device allows the application (not disabled) of this API permission.
From in the prior art to APK violation using direct unloading APK or directly cancel by the way of the certificate unlike, by may be implemented disposably to authorize or cancel some API permission by authority and the specific one-to-one binding of API permission.That is, an authority can manage multiple APK simultaneously, to the convenient for management simple of API, to promote user experience, common interest conflict is reduced.
It is understood that the above method is not limited only to authorize or cancel API permission, the scene of disabling API permission, replacement or re-authorization API permission is applied also for, details are not described herein for the embodiment of the present invention.
Corresponding with the above method the embodiment of the invention also provides a kind of terminal devices, as shown in fig. 7, the terminal device may include receiving unit 810 and processing unit 820.Processing unit may include permission updating unit and scope check unit.
Receiving unit 810, for obtaining the first permissions list from the API right of approval platform of server, first permissions list is that server has updated the permissions list after permission to the application in application distribution service, or first permissions list be that the application that terminal device is currently installed on has updated the permissions list after permission, server is the corresponding server of the application distribution service of terminal device.
Processing unit (or permission updating unit) 820, for according to the first permissions list, the permissions list for the application that terminal device is currently installed on is updated, the second permissions list of terminal device is generated, so that terminal device is controlled or managed to the application being currently installed on according to the second permissions list.
Optionally, which can also include transmission unit 830.First permissions list is that the application that terminal device is currently installed on has updated the permissions list after permission, and transmission unit 830, for sending triggering message to server, triggering message includes the identification information of terminal device;Wherein, after the application that identification information is used to that server to be made to determine that terminal device is currently installed on according to identification information, response message is sent to terminal device, response message includes first permissions list.
Optionally, first permissions list is that the server has updated the permissions list after permission to the application in application distribution service, and receiving unit 810 is also used to receive the system message of server broadcast transmission, and system message includes the first permission List.
Optionally, the first permissions list includes the permission after modifying at least one application.
Optionally, the first permissions list includes the permission after at least one application is authorized or cancelled.
Optionally, the first permissions list includes at least one using the permission after re-authorization.
Optionally, processing unit (or permission updating unit) 820 is specifically used for according to the first permissions list, the permission of the permissions list for the application being currently installed on is updated, updated permissions list is obtained, which is the second permissions list of terminal device.
Optionally, processing unit (or scope check unit) 820 is specifically also used to when applying for a kind of permission, identifies the legitimacy of the permission grant file of the certificate of authority of the permission of application and the respective application of permission;If the permission grant file of the respective application of the certificate of authority and permission of permission is legal, and the second permissions list includes the permission of application, then completes the application to the permission of this application.
It is corresponding with the above method that the embodiment of the invention also provides another terminal devices, as shown in figure 8, the terminal device may include receiver 910, processor 920, transmitter 930 and reservoir 940,
Receiver 910 and transmitter 930 can be antenna.Processor 920 can be central processing unit (central processing unit, CPU) or the combination of CPU and hardware chip.Above-mentioned hardware chip can be specific integrated circuit (application-specific integrated circuit, ASIC), programmable logic device (programmable logic device, PLD) or combinations thereof.Above-mentioned PLD can be Complex Programmable Logic Devices (complex programmable logic device, CPLD), field programmable gate array (field-programmable gate array, FPGA), Universal Array Logic (generic array logic, GAL) or any combination thereof.
Memory 940 may include volatile memory (volatile memory), such as random access memory (random-access memory, RAM);Memory 940 also may include nonvolatile memory (non-volatile memory), such as read-only memory (read-only memory, ROM), flash memory (flash memory), hard disk (hard disk drive,) or solid state hard disk (solid-state drive, SSD) HDD.Memory 940 can also include the combination of the memory of mentioned kind.Memory 940 stores program code, and the program code of storage can be transferred to processor 920.
Receiver 910 is used to obtain the first permissions list from the API right of approval platform of server.Wherein, the permissions list after first permissions list to be server have updated the application in application distribution service permission or the first permissions list be terminal device be currently installed on using having updated the permissions list after permission.The server is the corresponding server of the application distribution service of terminal device.
Processor 920 is used to be updated the permissions list for the application that terminal device is currently installed on according to the first permissions list, generate the second permissions list of terminal device, so that terminal device is controlled or managed to the application being currently installed on according to the second permissions list.
Optionally, the first permissions list is the application permissions list in the updated that terminal device is currently installed on, and transmitter 930 is used to send triggering message to server, and triggering message includes the identification information of equipment.Wherein, after the application that identification information is used to that server to be made to determine that equipment is currently installed on according to identification information, response message is sent to equipment, response message may include the first permissions list.
Optionally, the first permissions list is that server has updated the permissions list after permission to the application in application distribution service, and receiver is also used to receive the system message of server broadcast transmission, which includes the first permissions list.
Optionally, the first permissions list includes the permission after modifying at least one application.
Optionally, the first permissions list includes the permission after at least one application is authorized or cancelled.
Optionally, the first permissions list includes at least one using the permission after re-authorization.
Optionally, processor 920 are updated the permissions list for the application that terminal device is currently installed on specifically for the application being currently installed on according to the first permissions list and equipment, obtain the second permissions list of terminal device.
Optionally, processor 920 are specifically also used to identify the legitimacy of the permission grant file of the certificate of authority of the permission of application and the respective application of the permission in a kind of permission of the equipment application;If the permission grant file of the respective application of the certificate of authority and permission of permission is legal, and the second permissions list includes the permission of this application, then completes the application to the permission of this application.
Professional should further appreciate that, unit and algorithm steps described in conjunction with the examples disclosed in the embodiments of the present disclosure, it can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly illustrate the interchangeability of hardware and software, each exemplary composition and step are generally described according to function in the above description.These functions are implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Professional technician can use different methods to achieve the described function each specific application, but this realization is it is not considered that exceed scope of the present application.
Those of ordinary skill in the art will appreciate that implementing the method for the above embodiments is that can be completed by program come instruction processing unit, the program can store in computer readable storage medium, the storage medium is non-transitory (non-transitory) medium, such as random access memory, read-only memory, flash memory, hard disk, solid state hard disk, tape (magnetic tape), floppy disk (floppy disk), CD (optical disc) and any combination thereof.
It is described above; the only preferable specific embodiment of the application, but the protection scope of the application is not limited thereto, and anyone skilled in the art is within the technical scope of the present application; any changes or substitutions that can be easily thought of, should all cover within the scope of protection of this application.Therefore, the protection scope of the application should be subject to the protection scope in claims.

Claims (26)

  1. A kind of permission update method, which is characterized in that the described method includes:
    Terminal device obtains the first permissions list from server, and first permissions list is the permissions list after server update permission, and the server is the corresponding server of the application distribution service of the terminal device;
    The terminal device is according to first permissions list, the permissions list for the application that the terminal device is currently installed on is updated, the second permissions list of the terminal device is obtained, so that the terminal device is controlled or managed to the application being currently installed on according to second permissions list.
  2. According to the method described in claim 1, it is characterized by:
    First permissions list is that the application that the terminal device is currently installed on has updated the permissions list after permission;
    The terminal device obtains first permissions list from the server, comprising:
    The terminal device sends triggering message to the server, and the triggering message includes the identification information of the terminal device;Wherein, after the application that the identification information is used to that the server to be made to determine that the terminal device is currently installed on according to the identification information, Xiang Suoshu terminal device sends response message, and the response message includes first permissions list.
  3. According to the method described in claim 1, it is characterized by:
    First permissions list is that the server has updated the permissions list after permission to the application in application distribution service;
    The terminal device obtains first permissions list from the server, comprising:
    The terminal device receives the system message that the server broadcast is sent, and the system message includes first permissions list.
  4. Method according to claim 1-3, which is characterized in that first permissions list includes the permission after modifying at least one described application.
  5. Method according to claim 1-3, which is characterized in that first permissions list includes the permission after at least one described application is authorized or cancelled.
  6. Method according to claim 1-3, which is characterized in that first permissions list includes at least one permission using after re-authorization.
  7. According to the described in any item methods of claim 3-6, it is characterized in that, the terminal device is updated the permissions list for the application that the terminal device is currently installed on according to first permissions list, obtain the second permissions list of the terminal device, comprising:
    The permission of the permissions list for the application that the terminal device is currently installed on according to first permissions list, to the terminal device is updated, and obtains the second permissions list that updated permissions list is the terminal device.
  8. Method according to claim 1-7, which is characterized in that after second permissions list for generating the terminal device, the method also includes:
    In a kind of permission of the terminal device application, the terminal device identifies the legitimacy of the permission grant file of the certificate of authority of the permission of the application and the respective application of the permission;If the permission grant file of the respective application of the certificate of authority of the permission and the permission is legal, and second permissions list includes the permission of the application, then the terminal device completes the application to the permission of the application.
  9. A kind of terminal device, which is characterized in that the equipment includes: receiving unit and processing unit,
    The receiving unit, for obtaining the first permissions list from server, first permissions list is the permissions list after server update permission, and the server is the corresponding server of the application distribution service of the terminal device;
    The processing unit, for according to first permissions list, the permissions list for the application that the terminal device is currently installed on is updated, the second permissions list of the terminal device is generated, so that the terminal device is controlled or managed to the application being currently installed on according to second permissions list.
  10. Equipment according to claim 9, it is characterised in that:
    The equipment further includes transmission unit;
    First permissions list is the application permissions list in the updated that the equipment is currently installed on;
    The transmission unit, for sending triggering message to the server, the triggering message includes the identification information of the equipment;Wherein, after the application that the identification information is used to that the server to be made to determine that the terminal device is currently installed on according to the identification information, Xiang Suoshu terminal device sends response message, and the response message includes first permissions list.
  11. Equipment according to claim 9, it is characterised in that: first permissions list is that the server has updated the permissions list after permission to the application in application distribution service;
    The receiving unit is also used to receive the system message that the server broadcast is sent, and the system message includes first permissions list.
  12. According to the described in any item equipment of claim 9-11, which is characterized in that first permissions list includes the permission after modifying at least one described application.
  13. According to the described in any item equipment of claim 9-11, which is characterized in that first permissions list includes the permission after at least one described application is authorized or cancelled.
  14. According to the described in any item equipment of claim 9-11, which is characterized in that first permissions list includes at least one permission using after re-authorization.
  15. The described in any item equipment of 1-14 according to claim 1, it is characterized in that, the processing unit, specifically for according to the first permissions list, the permission of the permissions list for the application being currently installed on is updated, updated permissions list is obtained, the updated permissions list is the second permissions list of the terminal device.
  16. According to the described in any item equipment of claim 9-15, it is characterized in that, the processing unit identifies the legitimacy of the permission grant file of the certificate of authority of the permission of the application and the respective application of the permission also particularly useful in a kind of permission of the terminal device application;If the permission grant file of the respective application of the certificate of authority of the permission and the permission is legal, and second permissions list includes the permission of the application, then completes the application to the permission of the application.
  17. A kind of terminal device, which is characterized in that the equipment includes: receiver and processor,
    The receiver, for obtaining the first permissions list from server, first permissions list is the permissions list after server update permission, and the server is the corresponding server of the application distribution service of the terminal device;
    The processor, for according to first permissions list, the permissions list for the application that the terminal device is currently installed on is updated, the second permissions list of the terminal device is generated, so that the terminal device is controlled or managed to the application being currently installed on according to second permissions list.
  18. Equipment according to claim 17, it is characterised in that:
    The equipment further includes transmitter;
    First permissions list is the application permissions list in the updated that the equipment is currently installed on;
    The transmitter, for sending triggering message to the server, the triggering message includes the identification information of the equipment;Wherein, after the application that the identification information is used to that the server to be made to determine that the terminal device is currently installed on according to the identification information, Xiang Suoshu terminal device sends response message, and the response message includes first permissions list.
  19. Equipment according to claim 17, it is characterised in that:
    When first permissions list is the application permissions list in the updated that the equipment is currently installed on;
    The receiver is also used to receive the system message that the server broadcast is sent, and the system message includes first permissions list.
  20. The described in any item equipment of 7-19 according to claim 1, which is characterized in that first permissions list includes the permission after modifying at least one described application.
  21. The described in any item equipment of 7-19 according to claim 1, which is characterized in that first permissions list includes the permission after at least one described application is authorized or cancelled.
  22. The described in any item equipment of 7-19 according to claim 1, which is characterized in that first permissions list includes at least one permission using after re-authorization.
  23. The described in any item equipment of 9-22 according to claim 1, it is characterized in that, the processor, specifically for according to the first permissions list, the permission of the permissions list for the application being currently installed on is updated, updated permissions list is obtained, the updated permissions list is the second permissions list of the terminal device.
  24. The described in any item equipment of 7-23 according to claim 1, it is characterized in that, the processor identifies the legitimacy of the permission grant file of the certificate of authority of the permission of the application and the respective application of the permission also particularly useful in a kind of permission of the terminal device application;If the permission grant file of the respective application of the certificate of authority of the permission and the permission is legal, and second permissions list includes the permission of the application, then completes the application to the permission of the application.
  25. A kind of computer program product comprising instruction, which is characterized in that when the computer program product is run on computers, so that the computer executes the method as described in claim 1-8 any one.
  26. A kind of computer readable storage medium, which is characterized in that be stored with computer program on the computer readable storage medium, the method as described in claim 1-8 any one is realized when the computer program executes.
CN201780028139.9A 2017-03-21 2017-07-14 Permission updating method and terminal equipment Active CN109076126B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN2017101707155 2017-03-21
CN201710170715 2017-03-21
PCT/CN2017/093025 WO2018171092A1 (en) 2017-03-21 2017-07-14 Permission update method and terminal device

Publications (2)

Publication Number Publication Date
CN109076126A true CN109076126A (en) 2018-12-21
CN109076126B CN109076126B (en) 2020-09-18

Family

ID=63583928

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201780028139.9A Active CN109076126B (en) 2017-03-21 2017-07-14 Permission updating method and terminal equipment

Country Status (2)

Country Link
CN (1) CN109076126B (en)
WO (1) WO2018171092A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111222122A (en) * 2019-12-31 2020-06-02 航天信息股份有限公司 Application authority management method and device and embedded equipment
CN111753701A (en) * 2020-06-18 2020-10-09 百度在线网络技术(北京)有限公司 Violation detection method, device and equipment of application program and readable storage medium
WO2022022422A1 (en) * 2020-07-31 2022-02-03 华为技术有限公司 Permission management method and terminal device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103858130A (en) * 2013-08-23 2014-06-11 华为终端有限公司 Method, apparatus and terminal for administration of permission
US20150067030A1 (en) * 2011-02-28 2015-03-05 Unwired Nation, Inc. Mobile Application System
CN104462889A (en) * 2013-09-12 2015-03-25 腾讯科技(深圳)有限公司 Application authority management method and device
CN105320882A (en) * 2014-07-28 2016-02-10 腾讯科技(深圳)有限公司 Method and device for controlling permission of application programs
CN105630518A (en) * 2014-10-28 2016-06-01 北京娜迦信息科技发展有限公司 Method and device for updating resources of Android application software
CN105871811A (en) * 2015-02-09 2016-08-17 华为技术有限公司 Method for controlling rights of application and controller

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102200922B (en) * 2011-04-06 2013-12-11 宇龙计算机通信科技(深圳)有限公司 Application program installation method and terminal
CN103761471A (en) * 2014-02-21 2014-04-30 北京奇虎科技有限公司 Application program installation method and device based on intelligent terminal
CN103905651A (en) * 2014-04-30 2014-07-02 北京邮电大学 Method and system for application permission management in intelligent terminal
CN104125335B (en) * 2014-06-24 2017-08-25 小米科技有限责任公司 Right management method, apparatus and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150067030A1 (en) * 2011-02-28 2015-03-05 Unwired Nation, Inc. Mobile Application System
CN103858130A (en) * 2013-08-23 2014-06-11 华为终端有限公司 Method, apparatus and terminal for administration of permission
CN104462889A (en) * 2013-09-12 2015-03-25 腾讯科技(深圳)有限公司 Application authority management method and device
CN105320882A (en) * 2014-07-28 2016-02-10 腾讯科技(深圳)有限公司 Method and device for controlling permission of application programs
CN105630518A (en) * 2014-10-28 2016-06-01 北京娜迦信息科技发展有限公司 Method and device for updating resources of Android application software
CN105871811A (en) * 2015-02-09 2016-08-17 华为技术有限公司 Method for controlling rights of application and controller

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111222122A (en) * 2019-12-31 2020-06-02 航天信息股份有限公司 Application authority management method and device and embedded equipment
CN111753701A (en) * 2020-06-18 2020-10-09 百度在线网络技术(北京)有限公司 Violation detection method, device and equipment of application program and readable storage medium
CN111753701B (en) * 2020-06-18 2023-08-15 百度在线网络技术(北京)有限公司 Method, device, equipment and readable storage medium for detecting violation of application program
WO2022022422A1 (en) * 2020-07-31 2022-02-03 华为技术有限公司 Permission management method and terminal device

Also Published As

Publication number Publication date
CN109076126B (en) 2020-09-18
WO2018171092A1 (en) 2018-09-27

Similar Documents

Publication Publication Date Title
US9043898B2 (en) Access management system
US8600355B1 (en) Systems and methods for authenticating applications for access to secure data using identity modules
US9584494B2 (en) Terminal and server for applying security policy, and method of controlling the same
US8225393B2 (en) Apparatus for restricting access to application module in mobile wireless device and method of restricting access to application module using the same
US8984592B1 (en) Enablement of a trusted security zone authentication for remote mobile device management systems and methods
US8208900B2 (en) Secure device configuration profiles
US11689575B2 (en) Network access by applications in an enterprise managed device system
US20160234675A1 (en) Dynamic Subscriber Identity Module
US8767694B2 (en) System and method for performing administrative tasks on mobile devices
US20140373184A1 (en) Mobile device persistent security mechanism
US20140281544A1 (en) Trusted Security Zone Containers for the Protection and Confidentiality of Trusted Service Manager Data
US20120291102A1 (en) Permission-based administrative controls
EP3386167B1 (en) Cloud operation interface sharing method, related device and system
CN104462889A (en) Application authority management method and device
US8931045B2 (en) Method and apparatus for management of multiple grouped resources on device
US20170300669A1 (en) Enterprise application management with enrollment tokens
CN109076126A (en) Permission update method and terminal device
US20150067766A1 (en) Application service management device and application service management method
JP7190796B2 (en) Controlling the operation of computing devices
US20150067124A1 (en) Application service management device and application service management method
US20230055285A1 (en) Secure erase of user data using storage regions
TWI707572B (en) Intelligent network mobile terminal certification management system
CN111418181A (en) Shared data processing method, communication device and communication equipment
WO2022252912A1 (en) User data management method and related device
CN109302289B (en) SE space management method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant