CN109298895B - APP management method and device on mobile equipment - Google Patents

APP management method and device on mobile equipment Download PDF

Info

Publication number
CN109298895B
CN109298895B CN201710605008.4A CN201710605008A CN109298895B CN 109298895 B CN109298895 B CN 109298895B CN 201710605008 A CN201710605008 A CN 201710605008A CN 109298895 B CN109298895 B CN 109298895B
Authority
CN
China
Prior art keywords
app
file
desktop
sdk
operating system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710605008.4A
Other languages
Chinese (zh)
Other versions
CN109298895A (en
Inventor
罗治华
林刚
陈仲
李正耀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Infogo Tech Co ltd
Original Assignee
Hangzhou Infogo Tech Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Infogo Tech Co ltd filed Critical Hangzhou Infogo Tech Co ltd
Priority to CN201710605008.4A priority Critical patent/CN109298895B/en
Publication of CN109298895A publication Critical patent/CN109298895A/en
Application granted granted Critical
Publication of CN109298895B publication Critical patent/CN109298895B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Stored Programmes (AREA)

Abstract

The application provides an APP management method and device on mobile equipment, wherein the method is applied to a security container client on the mobile equipment, and the method comprises the following steps: receiving user identity information input by a user after starting, and sending the user identity information to a mobile application management platform for identity authentication; after the user identity authentication is passed, judging whether a desktop starter which is defined in a configuration file of an SDK (software development kit) of the APP and used for loading the APP is a desktop starter of a security container client or not aiming at the APP installed on the mobile equipment; if so, loading the APP through a desktop starter of the security container client and displaying a selection entry of the APP on a desktop of the security container client; when the desktop starter defined in the configuration file and used for loading the APP is not the operating system desktop starter, the operating system desktop starter prohibits the selection entry of the APP from being displayed on the desktop of the operating system when the APP is installed.

Description

APP management method and device on mobile equipment
Technical Field
The present application relates to the field of mobile application technologies, and in particular, to an APP management method and apparatus on a mobile device.
Background
Mobile Application Management (MAM) refers to autonomous Management and control of various Application attributes of a Mobile device through a Management platform in a cloud. The installation/uninstallation of an APP (Application), the start/stop of the APP, the update of the APP, the data removal of the APP, the access authority control of the APP, and the like can be realized through mobile Application management.
At present, many enterprises install enterprise APPs on mobile terminals of enterprise employees by deploying mobile application management systems, and manage the enterprise APPs. The enterprise staff can complete enterprise operation, office, management and related business anytime and anywhere by using the enterprise APP on the mobile terminal.
In the prior art, any person can start and use the enterprise APP on the mobile terminal, so that the internal resources of the enterprise are accessed, and the leakage of the enterprise resources is caused.
Disclosure of Invention
In view of the above, the present application provides an APP management method and apparatus on a mobile device.
Specifically, the method is realized through the following technical scheme:
on one hand, an APP management method on mobile equipment is provided, the mobile equipment is provided with APP, SDK is integrated in the APP, the method is applied to a security container client on the mobile equipment, and the method comprises the following steps:
receiving user identity information input by a user after starting, and sending the user identity information to a mobile application management platform for identity authentication;
after the user identity authentication is passed, judging whether a desktop starter which is defined in a configuration file of the SDK and used for loading the APP is a desktop starter of a client of the security container or not aiming at the APP installed on the mobile equipment;
if so, loading the APP through a desktop starter of the security container client and displaying a selection entry of the APP on a desktop of the security container client; when the desktop starter defined in the configuration file for loading the APP is not the operating system desktop starter of the mobile device, the operating system desktop starter prohibits the selection entry of the APP from being displayed on the desktop of the operating system when the APP is installed.
Wherein, the method also comprises:
when detecting that a user clicks a selection entry of the APP displayed on a desktop of a security container client, judging whether a starting permission value corresponding to the APP recorded in a configuration file is matched with a locally stored starting permission value;
if the APP is matched with the user terminal, starting the APP;
otherwise, the APP is prohibited from being started.
Configuration information for prohibiting the browsing records of the APP from being displayed in the history browser is defined in the configuration file of the SDK, and the configuration information is used for indicating an operating system history browser of the mobile device to hide the browsing records of the APP.
Wherein, the SDK is provided with an encryption interface, a decryption interface and a secret key; then, after the user identity authentication is passed, the method further includes:
displaying a selected entry of a file directory or a file downloaded by the APP, wherein the content in the file directory or the file is encrypted;
and the APP calls an encryption interface to use the key when downloading the file directory or the file, and encrypts the file directory or the file.
Wherein, the method also comprises:
when detecting that the user clicks the selection entry of the file directory or the file, displaying the content in the file directory or the file;
the content in the file directory or file is obtained by the APP calling the decryption interface to decrypt the file directory or file by using the key.
On the other hand, still provide APP management apparatus on mobile device, install APP on the mobile device, integrated SDK in the APP, the security container client that the device was applied to on the mobile device, the device includes:
the authentication module is used for receiving user identity information input by a user after starting and sending the user identity information to the mobile application management platform for identity authentication;
the judging module is used for judging whether a desktop starter which is defined in a configuration file of the SDK and used for loading the APP is a desktop starter of the client side of the security container or not aiming at the APP installed on the mobile equipment after the user identity authentication is passed; when the desktop starter defined in the configuration file and used for loading the APP is not the operating system desktop starter of the mobile equipment, the operating system desktop starter prohibits displaying a selection entry of the APP on a desktop of an operating system when the APP is installed;
and the display module is used for loading the APP through the desktop starter of the safe container client and displaying the selection entry of the APP on the desktop of the safe container client if the judgment module judges that the desktop starter which is defined in the configuration file of the SDK and used for loading the APP is the desktop starter of the safe container client.
Wherein, the device still includes: a start module, wherein:
the judging module is further used for judging whether the starting permission value corresponding to the APP recorded in the configuration file is matched with the locally stored starting permission value or not when the fact that the user clicks the selection entrance of the APP displayed on the desktop of the security container client is detected;
and the starting module is used for starting the APP if the judging module judges that the starting permission value corresponding to the APP recorded in the configuration file is matched with the locally stored starting permission value, otherwise, forbidding starting the APP.
Configuration information for prohibiting the browsing records of the APP from being displayed in the history browser is defined in the configuration file of the SDK, and the configuration information is used for indicating an operating system history browser of the mobile device to hide the browsing records of the APP.
Wherein, the SDK is provided with an encryption interface, a decryption interface and a secret key; then the process of the first step is carried out,
the display module is also used for displaying a selected entry of a file directory or a file downloaded by the APP after the user identity authentication is passed, and the content in the file directory or the file is encrypted;
and the APP calls an encryption interface to use the key when downloading the file directory or file to encrypt the file directory or file.
The display module is further used for displaying the content in the file directory or the file when detecting that the user clicks the selection entry of the file directory or the file;
the content in the file directory or file is obtained by the APP calling the decryption interface to decrypt the file directory or file by using the key.
Through the above technical scheme of this application, integrated SDK in APP, the desktop starter that is used for loading this APP that defines in SDK's configuration file sets up to the desktop starter of security container client, like this, operating system desktop starter detects that the desktop starter that is used for loading this APP that defines in this configuration file is not operating system desktop starter when installing this APP on mobile device, then can not show this APP's selection entry on the operating system desktop. And after the user passes the identity authentication, the safety container client loads the APP through a desktop starter of the safety container client and displays a selection entry of the APP on a desktop of the safety container client. Because the selection entry that can not show APP on mobile device's the operating system desktop, the user can not start this APP on the operating system desktop, and can only carry out the authentication back in the secure container client, the selection entry through this APP that shows on the desktop of secure container client starts this APP, therefore guaranteed that only authorized user can start this APP and visit intranet resources such as enterprise network, the safety of intranet resources has been guaranteed, the access control of intranet resources has been realized, prevent revealing of intranet resources.
Drawings
Fig. 1 is a schematic structural diagram of a mobile application management system according to an embodiment of the present application;
fig. 2 is a flowchart illustrating an APP management method on a mobile device according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an APP displayed on a desktop of a secure container client according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an APP management apparatus on a mobile device according to an embodiment of the present application;
fig. 5 is another schematic structural diagram of an APP management apparatus on a mobile device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In order to solve the problem that any person in the prior art can start using an enterprise APP on a mobile terminal to access an enterprise internal resource, thereby causing enterprise resource leakage, embodiments of the present application provide an Application (APP) management method on a mobile device, where the method may be executed by a secure container client installed on the mobile device, and the secure container client may be implemented by software.
As shown in fig. 1, the mobile application management system includes: the mobile application management platform is located at the cloud end and the mobile device. The mobile equipment can establish connection with the mobile application management platform according to the intranet IP address of the mobile application management platform, perform identity authentication and access the intranet after the identity authentication is passed; or the mobile device can establish connection with the mobile application management platform through the internet according to the external network IP address of the mobile application management platform, perform identity authentication and access the internal network after the identity authentication is passed.
An application server is deployed in the intranet, for example: an OA (Office Automation) server, an Email server, a CRM (Customer relationship management), etc., and a user may use an APP installed in a mobile terminal to access a related application server in an intranet. The mobile device may be a mobile phone, a tablet computer, or the like.
The APP in the following embodiments of the present application may be an enterprise APP, or may be another APP, which is not limited in the embodiments of the present application.
The APP management method on the mobile equipment in the embodiment of the application comprises the following steps:
1. initiation of APP
The APP has integrated thereon an SDK (Software Development Kit). The desktop Launcher (Launcher) defined in the configuration file of the SDK for loading the APP is not an operating system (e.g., android operating system) desktop Launcher of the mobile device, but rather a desktop Launcher of the secure container client in embodiments of the present application. Specifically, assuming that the file name of the configuration file of the SDK is android manifest.xml, the name of the secure container client is IMCSandBox, and the desktop LAUNCHER of the secure container client is IMCSandBox _ LAUNCHER, then the desktop LAUNCHER defined in the android manifest.xml configuration file of the SDK for loading the APP is IMCSandBox _ LAUNCHER, rather than the operating system desktop LAUNCHER.
Thus, when the APP is installed on the mobile device, the operating system desktop launcher may detect the desktop launcher defined in the configuration file of the SDK for loading the APP, and if it is determined that the desktop launcher defined in the configuration file for loading the APP is not an operating system desktop launcher, the selection entry of the APP may not be displayed on the operating system desktop, specifically, the icon and the name of the APP may not be obtained from the software installation package of the APP, and the icon and the name of the APP may not be displayed on the operating system desktop. The selection entry of the APP refers to an icon and a name of the APP. Therefore, after the APP integrated with the SDK of the embodiment of the application is installed on the mobile equipment, the selection entrance of the APP cannot be displayed on the operating system desktop of the mobile equipment, and thus, a user cannot start the APP to access the intranet resources through the APP selection entrance on the operating system desktop of the mobile equipment.
Based on this, as shown in fig. 2, the APP management method executed by the security container client in the embodiment of the present application includes the following steps:
step S201, after starting, receiving user identity information input by a user, and sending the user identity information to a mobile application management platform for identity authentication;
specifically, the secure container client displays a login interface after being started, so that a user can perform identity authentication in various ways. For example, the identity authentication method may be a username and password authentication method, a short message authentication method, a guest (visitor) authentication method, or the like. Wherein:
when the identity authentication is carried out in a user name and password authentication mode, the user identity information required to be input by the user is a user name and a password, the security container client sends the user name and the password to the mobile application management platform after receiving the user name and the password input by the user, the mobile application management platform carries out the identity authentication on the user according to the user name and the password, and the identity authentication result is returned to the security container client.
When the identity authentication is carried out through a short message authentication mode, the user identity information required to be input by a user is a short message verification code, the security container client sends the short message verification code to the mobile application management platform after receiving the short message verification code input by the user, the mobile application management platform carries out the identity authentication on the user according to the short message verification code, and the identity authentication result is returned to the security container client.
When identity authentication is carried out in a guest authentication mode, user identity information needing to be input by a user is a guest code generated in advance by a mobile application management platform, after the guest code input by the user is received by a security container client, the guest code is sent to the mobile application management platform, the identity authentication is carried out on the user by the mobile application management platform according to the guest code, and an identity authentication result is returned to the security container client.
Step S202, after the user identity authentication is passed, judging whether a desktop starter which is defined in a configuration file of the SDK and used for loading the APP is the desktop starter of the security container client or not aiming at the APP installed on the mobile equipment, if so, executing step S203, otherwise, executing step S204;
when the desktop starter defined in the configuration file and used for loading the APP is not the operating system desktop starter of the mobile device, the operating system desktop starter prohibits the APP from being displayed on an operating system desktop when the APP is installed;
step S203, loading the APP through a desktop starter of the security container client and displaying a selection entry of the APP on a desktop of the security container client;
and step S204, forbidding to load the APP through the desktop starter of the security container client and displaying the selection entry of the APP on the desktop of the security container client.
Specifically, each APP installed on the mobile device is polled, whether a desktop initiator defined in a configuration file of an SDK of the APP and used for loading the APP is a desktop initiator IMCSandBox _ LAUNCHER of the secure container client is judged, if yes, the desktop initiator IMCSandBox _ LAUNCHER of the secure container client loads the APP, acquires an icon and a name of the APP from a software installation package of the APP, and displays the icon and the name of the APP on a desktop of the secure container client. Thus, icons and names of APPs that need to be managed can be displayed on the desktop of the secure container. As shown in fig. 3, selection entries of APPs such as OA APP, Email APP, CRM APP, etc. that need to be managed may be displayed on the desktop of the secure container client.
Through steps S201 to S204, after the user authentication is passed, the secure container client displays a selection entry of an APP that needs to be managed, so that the user starts the APP that needs to be used.
In the method according to the foregoing embodiment of the present application, the SDK is integrated in the APP, and the desktop launcher defined in the configuration file of the SDK and used for loading the APP is set as the desktop launcher of the secure container client, so that when the APP is installed on the mobile device, the operating system desktop launcher detects that the desktop launcher defined in the configuration file and used for loading the APP is not the operating system desktop launcher, and then the selection entry of the APP is not displayed on the operating system desktop. And after the user passes the identity authentication, the safety container client loads the APP through a desktop starter of the safety container client and displays a selection entry of the APP on a desktop of the safety container client. Because the selection entry that can not show APP on mobile device's the operating system desktop, the user can not start this APP on the operating system desktop, and can only carry out the authentication back in the secure container client, the selection entry through this APP that shows on the desktop of secure container client starts this APP, therefore guaranteed that only authorized user can start this APP and visit intranet resources such as enterprise network, the safety of intranet resources has been guaranteed, the access control of intranet resources has been realized, prevent revealing of intranet resources.
Further, a start authority value corresponding to the APP is recorded in a configuration file of the SDK, and specifically, a value of a start authority configuration item android: permission is set as the start authority value corresponding to the APP in an android manifest. Meanwhile, the configuration file of the secure container client also records the start authority value corresponding to each APP to be managed, and specifically, the start authority value corresponding to each APP to be managed is recorded in the android manifest. Thus, after step S203, the following steps may be further included: when detecting that a user clicks a selection entry of the APP displayed on the desktop of the client side of the security container, judging whether a starting right limit value corresponding to the APP recorded in the configuration file of the SDK is matched with a locally stored starting right limit value, if so, starting the APP, and if not, forbidding starting the APP.
Specifically, when a user needs to use a certain APP, the user clicks a selection entry of the APP displayed on a desktop of a secure container client, and when the secure container client detects a click operation of the user, it determines whether a value of a permission configuration item android: permission in an SDK of the APP (the value is a start permission value corresponding to the APP) matches a drive permission value stored in an android profile xml configuration file of the secure container client, that is, it determines whether a drive permission value identical to a value of a permission configuration item android: permission in an SDK of the APP exists in each drive permission value stored in the android profile of the secure container client, if so, it indicates that the APP is authorized to be opened, and if not, it indicates that the APP is not opened. The APP will not be started. Thereby further ensured the security that APP started, guaranteed the safety of intranet resource, realized the access control of intranet resource, prevented revealing of intranet resource.
In addition, configuration information for prohibiting displaying of the browsing record of the APP in the history browser is further defined in the configuration file of the SDK of the APP, and specifically, a value of a configuration item excludeFromRecents is set to true in an android manifest. The configuration information for forbidding displaying the browsing records of the APP in the historical browser is defined in the configuration file of the SDK of the APP, so that the browsing records of the APP can be hidden by the historical browser of the operating system, and a user can not start the APP through the browsing records of the APP in the historical browser, thereby further ensuring the safety of intranet resources, realizing the access control of the intranet resources and preventing the leakage of the intranet resources.
2. Data encryption and decryption
After the user starts the APP through the APP selection inlet on the desktop of the client side of the security container, the user can access corresponding intranet resources and download a file directory or a file. In order to ensure the security of a downloaded file directory or a downloaded file, in the embodiment of the present Application, an encryption Interface, a decryption Interface, and a Key are set in an SDK of an APP, where the encryption Interface is an API (Application Programming Interface) Interface for encryption, the decryption Interface is an API Interface for decryption, and the Key is a Key (Key) required for encryption and decryption. Wherein the keys in the SDKs of different APPs may be different.
Thus, when downloading a file directory or file, the APP calls the encryption interface in the SDK to encrypt the file directory or file using the key. Specifically, the ZipEntry object may be recursively compressed, and then encrypted by using an AES (Advanced Encryption Standard) 128 Encryption algorithm. When compressing a file directory, the file directory and files under the directory are compressed together. The ZipEntry object is a class that represents Zip file entries and may be used to perform compression and decompression processes.
A specific directory space is arranged in the security container client and used for storing data downloaded by each APP, one or more sub-directory spaces can be arranged in the specific directory space, and each APP corresponds to one sub-directory space and is used for storing data such as file directories or files downloaded by the APP. The encrypted file directory or file is stored in the corresponding subdirectory space.
When a user needs to check the contents of a file directory or a file, the user can click a selection entry of the file directory or the file displayed on a desktop of the security container client, and when the security container client detects that the user clicks the selection entry of the file directory or the file, the security container client controls the APP to call a decryption interface in the SDK to use the key, decrypt the file directory or the file, and display the contents in the file directory or the file. Specifically, the AES128 decryption algorithm is used for decryption, and then the ZipEntry object is used for recursive decompression, wherein when a file directory is decompressed, the file directory and files in the directory are decompressed together.
By the method, the encrypted storage and the decrypted viewing of the intranet data can be realized, and the data cannot be viewed even if the data is exported from the mobile equipment because the data is encrypted and stored.
Corresponding to the foregoing embodiment of the APP management method on the mobile device, the present application also provides an embodiment of an APP management apparatus on the mobile device, which may be applied to a secure container client.
As shown in fig. 4, an APP management apparatus on a mobile device according to an embodiment of the present application includes: an authentication module 401, a determination module 402, a display module 403, and a start module 404, wherein:
the authentication module 401 is configured to receive user identity information input by a user after being started, and send the user identity information to the mobile application management platform for identity authentication;
a determining module 402, configured to determine, for an APP installed on a mobile device after user identity authentication passes, whether a desktop launcher defined in a configuration file of an SDK of the APP and used for loading the APP is a desktop launcher of a secure container client; when the desktop starter defined in the configuration file and used for loading the APP is not the operating system desktop starter of the mobile device, the operating system desktop starter prohibits displaying a selection entry of the APP on a desktop of an operating system when the APP is installed;
a display module 403, configured to, if the determining module 402 determines that the desktop launcher defined in the configuration file of the SDK and used for loading the APP is the desktop launcher of the secure container client, load the APP through the desktop launcher of the secure container client and display a selection entry of the APP on the desktop of the secure container client.
As shown in fig. 5, the APP management device further includes: an initiation module 404, wherein:
the determining module 402 is further configured to determine whether the start permission value corresponding to the APP recorded in the configuration file matches the locally stored start permission value when it is detected that the user clicks a selection entry of the APP displayed on the desktop of the secure container client;
a starting module 404, configured to start the APP if the determining module 402 determines that the starting permission value corresponding to the APP recorded in the configuration file matches the locally stored starting permission value, otherwise, prohibit starting the APP.
Configuration information for prohibiting the browsing records of the APP from being displayed in the history browser is defined in the configuration file of the SDK, and the configuration information is used for indicating an operating system history browser of the mobile device to hide the browsing records of the APP.
Wherein, the SDK is provided with an encryption interface, a decryption interface and a secret key; then the process of the first step is carried out,
the display module 403 is further configured to display a selected entry of a file directory or a file downloaded by the APP after the user identity authentication passes, where content in the file directory or the file is encrypted;
and the APP calls an encryption interface to use a key when downloading the file directory or the file, and encrypts the file directory or the file.
The display module 403 is further configured to display the content in the file directory or file when it is detected that the user clicks a selection entry of the file directory or file;
the content in the file directory or the file is obtained by calling a decryption interface by the APP to decrypt the file directory or the file by using a key.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.

Claims (10)

1. An APP management method on a mobile device, wherein an APP is installed on the mobile device, a Software Development Kit (SDK) is integrated in the APP, and the method is applied to a secure container client on the mobile device, and the method comprises:
receiving user identity information input by a user after starting, and sending the user identity information to a mobile application management platform for identity authentication;
after the user identity authentication is passed, judging whether a desktop starter which is defined in a configuration file of the SDK and used for loading the APP is a desktop starter of the security container client or not aiming at the APP installed on the mobile equipment;
if so, loading the APP through a desktop starter of the security container client and displaying a selection entry of the APP on a desktop of the security container client; when the desktop launcher defined in the configuration file and used for loading the APP is not the operating system desktop launcher of the mobile device, the operating system desktop launcher prohibits displaying a selection entry of the APP on a desktop of the operating system when the APP is installed.
2. The method of claim 1, further comprising:
when it is detected that a user clicks a selection entry of the APP displayed on a desktop of the security container client, judging whether a starting right value corresponding to the APP recorded in the configuration file is matched with a locally stored starting right value;
if the APP is matched with the user terminal, starting the APP;
otherwise, the APP is prohibited from being started.
3. The method as claimed in claim 1, wherein configuration information for prohibiting displaying of the browsing history of the APP in the history browser is defined in the configuration file of the SDK, and the configuration information is used to instruct an operating system history browser of the mobile device to hide the browsing history of the APP.
4. The method according to claim 1, wherein an encryption interface, a decryption interface and a key are provided in the SDK; then, after the user identity authentication is passed, the method further includes:
after the APP is started through an APP selection entry on a desktop of a security container client, displaying a selection entry of a file directory or a file downloaded by the APP, wherein the content in the file directory or the file is encrypted;
and calling the encryption interface to use the key when the APP downloads the file directory or the file to encrypt the file directory or the file.
5. The method of claim 4, further comprising:
when detecting that a user clicks a selection entry of the file directory or the file, displaying the content in the file directory or the file;
and the APP calls the decryption interface to use the key to decrypt the file directory or the file to obtain the content in the file directory or the file.
6. The utility model provides a APP management apparatus on mobile device, its characterized in that, install APP on the mobile device, integrated software development kit SDK in the APP, the device is applied to the secure container client on the mobile device, the device includes:
the authentication module is used for receiving user identity information input by a user after starting and sending the user identity information to the mobile application management platform for identity authentication;
the judging module is used for judging whether a desktop starter which is defined in a configuration file of the SDK and used for loading the APP is a desktop starter of the client side of the security container or not aiming at the APP installed on the mobile equipment after the user identity authentication is passed; when the desktop launcher defined in the configuration file and used for loading the APP is not an operating system desktop launcher of the mobile device, the operating system desktop launcher prohibits a selection entry of the APP from being displayed on a desktop of the operating system when the APP is installed;
and the display module is used for loading the APP through the desktop starter of the safe container client and displaying the selection entry of the APP on the desktop of the safe container client if the judgment module judges that the desktop starter which is defined in the configuration file of the SDK and used for loading the APP is the desktop starter of the safe container client.
7. The apparatus of claim 6, further comprising: a start module, wherein:
the judging module is further configured to judge whether the start permission value corresponding to the APP recorded in the configuration file matches a locally stored start permission value when it is detected that the user clicks a selection entry of the APP displayed on a desktop of the secure container client;
and the starting module is used for starting the APP if the judging module judges that the starting permission value corresponding to the APP recorded in the configuration file is matched with the locally stored starting permission value, otherwise, forbidding starting the APP.
8. The apparatus of claim 6, wherein configuration information for prohibiting displaying of the browsing history of the APP in the history browser is defined in the configuration file of the SDK, and the configuration information is used to instruct an operating system history browser of the mobile device to hide the browsing history of the APP.
9. The apparatus according to claim 6, wherein the SDK is provided with an encryption interface, a decryption interface, and a key; then the process of the first step is carried out,
the display module is further configured to display a selected entry of a file directory or a file downloaded by the APP after the user identity authentication passes and the APP is started by the APP selected entry on the desktop of the secure container client, where contents in the file directory or the file are encrypted;
and calling the encryption interface to use the key when the APP downloads the file directory or the file to encrypt the file directory or the file.
10. The apparatus of claim 9,
the display module is further used for displaying the content in the file directory or the file when detecting that the user clicks the selection entry of the file directory or the file;
and the APP calls the decryption interface to use the key to decrypt the file directory or the file to obtain the content in the file directory or the file.
CN201710605008.4A 2017-07-24 2017-07-24 APP management method and device on mobile equipment Active CN109298895B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710605008.4A CN109298895B (en) 2017-07-24 2017-07-24 APP management method and device on mobile equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710605008.4A CN109298895B (en) 2017-07-24 2017-07-24 APP management method and device on mobile equipment

Publications (2)

Publication Number Publication Date
CN109298895A CN109298895A (en) 2019-02-01
CN109298895B true CN109298895B (en) 2021-04-23

Family

ID=65167494

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710605008.4A Active CN109298895B (en) 2017-07-24 2017-07-24 APP management method and device on mobile equipment

Country Status (1)

Country Link
CN (1) CN109298895B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110781493B (en) * 2019-09-30 2023-04-18 奇安信科技集团股份有限公司 Processing method for running application program, terminal and server
CN111158788B (en) * 2019-12-31 2023-05-30 科大讯飞股份有限公司 Desktop starter control method and device and storage medium
CN112905258A (en) * 2021-02-05 2021-06-04 杭州天宽科技有限公司 Mobile terminal application safety starting method

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103491082A (en) * 2013-09-16 2014-01-01 北京网秦天下科技有限公司 Security desktop presenting method, mobile terminal and server
CN103544434A (en) * 2013-11-12 2014-01-29 北京网秦天下科技有限公司 Method and terminal used for ensuring safe operation of application program
CN104036202A (en) * 2014-06-27 2014-09-10 中科创达软件股份有限公司 Method and equipment for isolating enterprise applications
CN104133670A (en) * 2014-06-30 2014-11-05 中国科学院信息工程研究所 Intelligent terminal security GUI (Graphical User Interface) generation method on the basis of virtual isolation technology
CN104239778A (en) * 2014-09-02 2014-12-24 中科创达软件股份有限公司 Encrypted boosting method of application based on Android system
CN106446632A (en) * 2016-09-22 2017-02-22 北京奇虎科技有限公司 Hide display starting device and hide display starting method for application programs
US10033763B2 (en) * 2013-05-03 2018-07-24 Kony Inc. Centralized mobile application management system and methods of use
EP3364629B1 (en) * 2012-10-15 2020-01-29 Citrix Systems, Inc. Providing virtualized private network tunnels

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140032733A1 (en) * 2011-10-11 2014-01-30 Citrix Systems, Inc. Policy-Based Application Management
US9043480B2 (en) * 2011-10-11 2015-05-26 Citrix Systems, Inc. Policy-based application management

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3364629B1 (en) * 2012-10-15 2020-01-29 Citrix Systems, Inc. Providing virtualized private network tunnels
US10033763B2 (en) * 2013-05-03 2018-07-24 Kony Inc. Centralized mobile application management system and methods of use
CN103491082A (en) * 2013-09-16 2014-01-01 北京网秦天下科技有限公司 Security desktop presenting method, mobile terminal and server
CN103544434A (en) * 2013-11-12 2014-01-29 北京网秦天下科技有限公司 Method and terminal used for ensuring safe operation of application program
CN104036202A (en) * 2014-06-27 2014-09-10 中科创达软件股份有限公司 Method and equipment for isolating enterprise applications
CN104133670A (en) * 2014-06-30 2014-11-05 中国科学院信息工程研究所 Intelligent terminal security GUI (Graphical User Interface) generation method on the basis of virtual isolation technology
CN104239778A (en) * 2014-09-02 2014-12-24 中科创达软件股份有限公司 Encrypted boosting method of application based on Android system
CN106446632A (en) * 2016-09-22 2017-02-22 北京奇虎科技有限公司 Hide display starting device and hide display starting method for application programs

Also Published As

Publication number Publication date
CN109298895A (en) 2019-02-01

Similar Documents

Publication Publication Date Title
Cahyani et al. Forensic data acquisition from cloud‐of‐things devices: windows Smartphones as a case study
US9712565B2 (en) System and method to provide server control for access to mobile client data
CN107220083B (en) Method and system for installation-free operation of application program in android system
CN106446632B (en) Hidden display starting method and hidden display starting device for application program
EP2563056A2 (en) Apparatus and method for controlling permissions in mobile terminal
CN103713904A (en) Method, related device and system for installing applications in working area of mobile terminal
CN110704863B (en) Configuration information processing method and device, computer equipment and storage medium
CN103514000B (en) Browser plug-in installation method and device
CN105912353B (en) Application program packaging method and device
CN109298895B (en) APP management method and device on mobile equipment
CN103095457A (en) Login and verification method for application program
US20240004974A1 (en) Method and apparatus for accessing authentication credentials within a credential vault
CN105740670B (en) Using encryption, starting method and apparatus
CN114650154B (en) Webpage authority behavior control method and device, computer equipment and storage medium
CN107566413B (en) Smart card security authentication method and system based on data short message technology
CN102223441A (en) Method for personably customizing restore factory setting of mobile phone
CN106548065B (en) Application program installation detection method and device
CN104462997A (en) Method, device and system for protecting work data in mobile terminal
CN109117605B (en) Authentication method, device and equipment thereof and storage medium
CN105530261A (en) Privacy information protecting method and device
CN103036852A (en) Method and device for achieving network login
CN107509180B (en) Method for automatically encrypting short message, storage device and mobile terminal
CN107992319B (en) Patch data updating method and device
JP6322976B2 (en) Information processing apparatus and user authentication method
CN110012149B (en) Application program management method, device, terminal and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant