CN109587345B - Abnormal application prompting method, mobile terminal and computer readable storage medium - Google Patents

Abnormal application prompting method, mobile terminal and computer readable storage medium Download PDF

Info

Publication number
CN109587345B
CN109587345B CN201811628778.1A CN201811628778A CN109587345B CN 109587345 B CN109587345 B CN 109587345B CN 201811628778 A CN201811628778 A CN 201811628778A CN 109587345 B CN109587345 B CN 109587345B
Authority
CN
China
Prior art keywords
application
abnormal
prompting
user
mobile terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811628778.1A
Other languages
Chinese (zh)
Other versions
CN109587345A (en
Inventor
魏红娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nubia Technology Co Ltd
Original Assignee
Nubia Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nubia Technology Co Ltd filed Critical Nubia Technology Co Ltd
Priority to CN201811628778.1A priority Critical patent/CN109587345B/en
Publication of CN109587345A publication Critical patent/CN109587345A/en
Application granted granted Critical
Publication of CN109587345B publication Critical patent/CN109587345B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72406User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by software upgrading or downloading
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
    • H04M1/72454User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions according to context-related or environment-related conditions

Abstract

The invention discloses an abnormal application prompting method, which comprises the following steps: acquiring the file increment and the opening times corresponding to each application in the mobile terminal; calculating the file growth rate and the opening frequency of each application at fixed time; judging whether the file growth rate and the opening frequency are abnormal or not; and when the abnormity is judged to occur, marking the application as the abnormal application and prompting a user. The embodiment of the invention also discloses a mobile terminal and a computer readable storage medium. Therefore, the abnormal application prompting method, the mobile terminal and the computer readable storage medium provided by the embodiment of the invention can mark the abnormal application in time and prompt the user so that the user can further confirm, the user rights and interests are guaranteed, and the user experience is improved.

Description

Abnormal application prompting method, mobile terminal and computer readable storage medium
Technical Field
The invention relates to the technical field of data analysis, in particular to an abnormal application prompting method, a mobile terminal and a computer readable storage medium.
Background
Currently, with the development of mobile terminal technology, applications in the mobile application market are various, and a user may actively or passively install various applications in a mobile terminal. However, after the application program is installed in the mobile terminal, many background behavior users generated in the running process are not clear, and if the application program is a malicious program, the user cannot find the malicious program in time, so that the user rights and interests are likely to be violated, and the user experience is likely to be affected.
Disclosure of Invention
The invention mainly aims to provide an abnormal application prompting method, a mobile terminal and a computer readable storage medium, and aims to solve the problem of how to find a malicious program and prompt a user in time.
In order to achieve the above object, the present invention provides an abnormal application prompting method, which comprises the steps of:
acquiring the file increment and the opening times corresponding to each application in the mobile terminal;
calculating the file growth rate and the opening frequency of each application at fixed time;
judging whether the file growth rate and the opening frequency are abnormal or not; and
and when the abnormity is judged to occur, marking the application as the abnormal application and prompting a user.
Optionally, the method further comprises the step of:
setting sensitive data in the mobile terminal;
acquiring the operation times of each application on the sensitive data at fixed time;
judging whether the operation times corresponding to the applications are abnormal or not according to the application type of each application;
and when the abnormity is judged to occur, marking the application as the abnormal application and prompting a user.
Optionally, in the step of determining whether the file growth rate and the opening frequency are abnormal, when the file growth rate corresponding to the application is higher than a first threshold and the opening frequency is lower than a second threshold, it is determined that the application is abnormal.
Optionally, the first threshold and the second threshold are dynamically adjusted, the file growth rates of all applications are sorted in a descending order, then the file growth rate of a third name is taken as the first threshold, the opening frequencies of all applications are sorted in an ascending order, and then the opening frequency of the third name is taken as the second threshold.
Optionally, the sensitive data is personal data of a user, and includes a phone book, a call record, a short message, a multimedia message, location information, and a photo.
Optionally, the operation on the sensitive data includes reading, adding, deleting, modifying, and transmitting.
Optionally, the step of determining whether the operation frequency corresponding to each application is abnormal according to the application type of each application includes:
and when the operation times of the application on the sensitive data are higher than a third threshold value, judging whether the operation times are reasonable according to the application type of the application, and if not, judging that the application is abnormal.
Optionally, in the step of marking the application as an abnormal application and prompting the user, the user is prompted in a preset manner when the abnormal application is marked for the first time or the marking frequency reaches a preset value.
In addition, to achieve the above object, the present invention further provides a mobile terminal, including: the application prompting method comprises a memory, a processor, a screen and an abnormal application prompting program which is stored on the memory and can run on the processor, wherein when the abnormal application prompting program is executed by the processor, the steps of the abnormal application prompting method are realized.
Further, to achieve the above object, the present invention also provides a computer readable storage medium, on which an abnormal application prompting program is stored, and when the abnormal application prompting program is executed by a processor, the abnormal application prompting program implements the steps of the abnormal application prompting method as described above.
According to the abnormal application prompting method, the mobile terminal and the computer readable storage medium, whether the application is abnormal or not can be judged according to the file growth rate and the opening frequency corresponding to each application or the application type of each application and the operation frequency of sensitive data, and the abnormal application is judged and then marked and prompted to a user, so that the user can further confirm the abnormal application in time, the user rights and interests are guaranteed, and the user use experience is improved.
Drawings
Fig. 1 is a schematic diagram of a hardware structure of a mobile terminal implementing various embodiments of the present invention;
FIG. 2 is a diagram of a wireless communication system for the mobile terminal shown in FIG. 1;
fig. 3 is a flowchart of an abnormal application prompting method according to a first embodiment of the present invention;
fig. 4 is a partial flowchart of an abnormal application prompting method according to a second embodiment of the present invention;
fig. 5 is a block diagram of a mobile terminal according to a third embodiment of the present invention;
fig. 6 is a schematic block diagram of an abnormal application prompting system according to a fourth embodiment of the present invention;
fig. 7 is a schematic block diagram of an abnormal application prompting system according to a fifth embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in itself. Thus, "module", "component" or "unit" may be used mixedly.
The terminal may be implemented in various forms. For example, the terminal described in the present invention may include a mobile terminal such as a mobile phone, a tablet computer, a notebook computer, a palmtop computer, a Personal Digital Assistant (PDA), a Portable Media Player (PMP), a navigation device, a wearable device, a smart band, a pedometer, and the like, and a fixed terminal such as a Digital TV, a desktop computer, and the like.
The following description will be given by way of example of a mobile terminal, and it will be understood by those skilled in the art that the construction according to the embodiment of the present invention can be applied to a fixed type terminal, in addition to elements particularly used for mobile purposes.
Referring to fig. 1, which is a schematic diagram of a hardware structure of a mobile terminal for implementing various embodiments of the present invention, the mobile terminal 100 may include: RF (Radio Frequency) unit 101, WiFi module 102, audio output unit 103, a/V (audio/video) input unit 104, sensor 105, display unit 106, user input unit 107, interface unit 108, memory 109, processor 110, and power supply 111. Those skilled in the art will appreciate that the mobile terminal architecture shown in fig. 1 is not intended to be limiting of mobile terminals, which may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
The following describes each component of the mobile terminal in detail with reference to fig. 1:
the radio frequency unit 101 may be configured to receive and transmit signals during information transmission and reception or during a call, and specifically, receive downlink information of a base station and then process the downlink information to the processor 110; in addition, the uplink data is transmitted to the base station. Typically, radio frequency unit 101 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. In addition, the radio frequency unit 101 can also communicate with a network and other devices through wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System for Mobile communications), GPRS (General Packet Radio Service), CDMA2000(Code Division Multiple Access 2000), WCDMA (Wideband Code Division Multiple Access), TD-SCDMA (Time Division-Synchronous Code Division Multiple Access), FDD-LTE (Frequency Division duplex Long Term Evolution), and TDD-LTE (Time Division duplex Long Term Evolution).
WiFi belongs to short-distance wireless transmission technology, and the mobile terminal can help a user to receive and send e-mails, browse webpages, access streaming media and the like through the WiFi module 102, and provides wireless broadband internet access for the user. Although fig. 1 shows the WiFi module 102, it is understood that it does not belong to the essential constitution of the mobile terminal, and may be omitted entirely as needed within the scope not changing the essence of the invention.
The audio output unit 103 may convert audio data received by the radio frequency unit 101 or the WiFi module 102 or stored in the memory 109 into an audio signal and output as sound when the mobile terminal 100 is in a call signal reception mode, a call mode, a recording mode, a voice recognition mode, a broadcast reception mode, or the like. Also, the audio output unit 103 may also provide audio output related to a specific function performed by the mobile terminal 100 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output unit 103 may include a speaker, a buzzer, and the like.
The a/V input unit 104 is used to receive audio or video signals. The a/V input Unit 104 may include a Graphics Processing Unit (GPU) 1041 and a microphone 1042, the Graphics processor 1041 Processing image data of still pictures or video obtained by an image capturing device (e.g., a camera) in a video capturing mode or an image capturing mode. The processed image frames may be displayed on the display unit 106. The image frames processed by the graphic processor 1041 may be stored in the memory 109 (or other storage medium) or transmitted via the radio frequency unit 101 or the WiFi module 102. The microphone 1042 may receive sounds (audio data) via the microphone 1042 in a phone call mode, a recording mode, a voice recognition mode, or the like, and may be capable of processing such sounds into audio data. The processed audio (voice) data may be converted into a format output transmittable to a mobile communication base station via the radio frequency unit 101 in case of a phone call mode. The microphone 1042 may implement various types of noise cancellation (or suppression) algorithms to cancel (or suppress) noise or interference generated in the course of receiving and transmitting audio signals.
The mobile terminal 100 also includes at least one sensor 105, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor includes an ambient light sensor that can adjust the brightness of the display panel 1061 according to the brightness of ambient light, and a proximity sensor that can turn off the display panel 1061 and/or a backlight when the mobile terminal 100 is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when stationary, and can be used for applications of recognizing the posture of a mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a fingerprint sensor, a pressure sensor, an iris sensor, a molecular sensor, a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured on the mobile phone, further description is omitted here.
The display unit 106 is used to display information input by a user or information provided to the user. The Display unit 106 may include a Display panel 1061, and the Display panel 1061 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.
The user input unit 107 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the mobile terminal. Specifically, the user input unit 107 may include a touch panel 1071 and other input devices 1072. The touch panel 1071, also referred to as a touch screen, may collect a touch operation performed by a user on or near the touch panel 1071 (e.g., an operation performed by the user on or near the touch panel 1071 using a finger, a stylus, or any other suitable object or accessory), and drive a corresponding connection device according to a predetermined program. The touch panel 1071 may include two parts of a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 110, and can receive and execute commands sent by the processor 110. In addition, the touch panel 1071 may be implemented in various types, such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. In addition to the touch panel 1071, the user input unit 107 may include other input devices 1072. In particular, other input devices 1072 may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like, and are not limited to these specific examples.
Further, the touch panel 1071 may cover the display panel 1061, and when the touch panel 1071 detects a touch operation thereon or nearby, the touch panel 1071 transmits the touch operation to the processor 110 to determine the type of the touch event, and then the processor 110 provides a corresponding visual output on the display panel 1061 according to the type of the touch event. Although the touch panel 1071 and the display panel 1061 are shown in fig. 1 as two separate components to implement the input and output functions of the mobile terminal, in some embodiments, the touch panel 1071 and the display panel 1061 may be integrated to implement the input and output functions of the mobile terminal, and is not limited herein.
The interface unit 108 serves as an interface through which at least one external device is connected to the mobile terminal 100. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The interface unit 108 may be used to receive input (e.g., data information, power, etc.) from external devices and transmit the received input to one or more elements within the mobile terminal 100 or may be used to transmit data between the mobile terminal 100 and external devices.
The memory 109 may be used to store software programs as well as various data. The memory 109 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 109 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The processor 110 is a control center of the mobile terminal, connects various parts of the entire mobile terminal using various interfaces and lines, and performs various functions of the mobile terminal and processes data by operating or executing software programs and/or modules stored in the memory 109 and calling data stored in the memory 109, thereby performing overall monitoring of the mobile terminal. Processor 110 may include one or more processing units; preferably, the processor 110 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 110.
The mobile terminal 100 may further include a power supply 111 (e.g., a battery) for supplying power to various components, and preferably, the power supply 111 may be logically connected to the processor 110 via a power management system, so as to manage charging, discharging, and power consumption management functions via the power management system.
Although not shown in fig. 1, the mobile terminal 100 may further include a bluetooth module or the like, which is not described in detail herein.
In order to facilitate understanding of the embodiments of the present invention, a communication network system on which the mobile terminal of the present invention is based is described below.
Referring to fig. 2, fig. 2 is an architecture diagram of a communication Network system according to an embodiment of the present invention, where the communication Network system is an LTE system of a universal mobile telecommunications technology, and the LTE system includes a UE (User Equipment) 201, an E-UTRAN (Evolved UMTS Terrestrial Radio Access Network) 202, an EPC (Evolved Packet Core) 203, and an IP service 204 of an operator, which are in communication connection in sequence.
Specifically, the UE201 may be the terminal 100 described above, and is not described herein again.
The E-UTRAN202 includes eNodeB2021 and other eNodeBs 2022, among others. Among them, the eNodeB2021 may be connected with other eNodeB2022 through backhaul (e.g., X2 interface), the eNodeB2021 is connected to the EPC203, and the eNodeB2021 may provide the UE201 access to the EPC 203.
The EPC203 may include an MME (Mobility Management Entity) 2031, an HSS (Home Subscriber Server) 2032, other MMEs 2033, an SGW (Serving gateway) 2034, a PGW (PDN gateway) 2035, and a PCRF (Policy and Charging Rules Function) 2036, and the like. The MME2031 is a control node that handles signaling between the UE201 and the EPC203, and provides bearer and connection management. HSS2032 is used to provide registers to manage functions such as home location register (not shown) and holds subscriber specific information about service characteristics, data rates, etc. All user data may be sent through SGW2034, PGW2035 may provide IP address assignment for UE201 and other functions, and PCRF2036 is a policy and charging control policy decision point for traffic data flow and IP bearer resources, which selects and provides available policy and charging control decisions for a policy and charging enforcement function (not shown).
The IP services 204 may include the internet, intranets, IMS (IP Multimedia Subsystem), or other IP services, among others.
Although the LTE system is described as an example, it should be understood by those skilled in the art that the present invention is not limited to the LTE system, but may also be applied to other wireless communication systems, such as GSM, CDMA2000, WCDMA, TD-SCDMA, and future new network systems.
Based on the above mobile terminal hardware structure and communication network system, the present invention provides various embodiments of the method.
Example one
As shown in fig. 3, a first embodiment of the present invention provides an abnormal application prompting method, which includes the following steps:
s300, acquiring the file growth amount and the opening times corresponding to each application in the mobile terminal.
Specifically, each application generates a corresponding folder in the/sdcard directory for storing local data generated by the application, and the size of the file generated by the application can be obtained from the folder, so that the file growth amount of the application in a certain period of time is obtained. After each application is opened by the user, the corresponding activity in the system is placed at the top of the stack in the memory, so that the number of times each application is opened can be detected.
And S302, periodically calculating the file growth rate and the opening frequency of each application.
Specifically, since a single file generated by some applications (e.g., multimedia-type applications) is large, it is not suitable to determine the application behavior by using the file growth size, and therefore, in this embodiment, a file growth rate is used as an index to determine whether an application is abnormal, where the file growth rate is the file growth amount/time. When the file growth rate is calculated, the opening frequency corresponding to the application needs to be calculated, so as to assist in judging whether the application is abnormal, where the opening frequency is the opening times/time.
In this embodiment, the file growth rate and the opening frequency of each application may be calculated every 6 hours, four times per 24 hours a day, and then the average of the four times may be taken as the final calculation result. The file growth rate and the opening frequency calculated once can be directly used as the final calculation result. In addition, the interval duration defined by the user can be received, for example, when the user feels that the prompt of the abnormal application is inaccurate, the interval duration for calculating the file growth rate and the opening frequency can be set by the user.
S304, judging whether the file growth rate and the opening frequency are abnormal or not.
Specifically, if an application has a very high file growth rate but a very low open frequency within a certain period of time, it indicates that the application should perform many operations silently in the background and belong to an abnormal application (possibly a malicious program). In this embodiment, when the file growth rate of an application is higher than (greater than or equal to) a first threshold and the opening frequency is lower than (less than or equal to) a second threshold, it is determined that the application is abnormal. The first threshold of the file growth rate and the second threshold of the opening frequency are dynamically adjusted, for example, the file growth rates of all applications may be sorted in a descending order, then the file growth rate of the third name may be taken as the first threshold, the opening frequencies of all applications may be sorted in an ascending order, and then the opening frequency of the third name may be taken as the second threshold.
S306, when the abnormity is judged to occur, the application is marked as abnormal application and the user is prompted.
Specifically, when it is determined that an application is abnormal, the application is marked as an abnormal application according to a preset mode. For example, a red exclamation point may be marked in the upper right corner of the application icon. In addition, the abnormal application can be prompted to the user in other modes, so that the user can confirm whether the application needs to be uninstalled. For example, the user is prompted by a system notification in a notification bar. The user can be prompted immediately after the determined abnormal application is marked for the first time, if the user chooses to ignore the prompt, the user can be prompted for the second time after the abnormal application is marked for 3 times, and if the user continues to choose to ignore the prompt, the user can be prompted for the third time after the abnormal application is marked for 6 times, and so on.
According to the abnormal application prompting method provided by the embodiment, whether the application is abnormal or not can be judged according to the file growth rate and the starting frequency corresponding to each application, and the abnormal application is marked and prompted to a user after being judged, so that the user can further confirm the abnormal application in time, the user rights and interests are guaranteed, and the user experience is improved.
Example two
As shown in fig. 4, a second embodiment of the present invention provides a method for prompting an abnormal application. In a second embodiment, the abnormal application prompting method further includes, based on the first embodiment, the following steps:
s400, setting the sensitive data in the mobile terminal.
Specifically, for a mobile terminal user, personal data is very sensitive, such as a phone book, a call record, a short message, a multimedia message, location information, a photo, and the like, and if a certain application frequently operates sensitive data, the application may be abnormal. The mobile terminal can set which data belongs to the sensitive data by itself or receive the sensitive data range set by the user by itself.
S402, acquiring the operation times of each application on the sensitive data at regular time.
Specifically, the operation mainly refers to operations of reading, adding, deleting, modifying, transmitting and the like of the sensitive data. The reading of the personal data has a corresponding API (Application Programming Interface) available in the system, and the number of operations on the personal data in a preset time period by each Application can be detected only by embedding points below the corresponding API. The preset time period can be set by the mobile terminal, and can also receive user-defined setting of a user.
S404, judging whether the operation times corresponding to the application are abnormal or not according to the application type of each application.
Specifically, when the operation frequency of a certain application on the sensitive data is higher than (greater than or equal to) a third threshold, whether the operation frequency is reasonable or not is judged according to the application type of the application, and if the operation frequency is not reasonable, the application is judged to be abnormal. For example, it is certainly unreasonable for a flashlight application to frequently operate on such sensitive data, and an application with abnormal behavior can be identified by comparing the types of applications. The third threshold of the operation times is dynamically adjusted, for example, the operation times corresponding to all the applications may be sorted in a descending order, and then the operation times of the third name may be taken as the third threshold.
In addition, some common applications that need to manipulate the sensitive data frequently, such as WeChat, Paibao, etc., can also be added to the white list. These applications may not detect the number of operations on the sensitive data.
S406, when the abnormity is judged to occur, the application is marked as abnormal application and the user is prompted.
Specifically, when it is determined that an application is abnormal, the application is marked as an abnormal application according to a preset mode. For example, a red exclamation point may be marked in the upper right corner of the application icon. In addition, the abnormal application can be prompted to the user in other modes, so that the user can confirm whether the application needs to be uninstalled. For example, the user is prompted by a system notification in a notification bar. The user can be prompted immediately after the determined abnormal application is marked for the first time, if the user chooses to ignore the prompt, the user can be prompted for the second time after the abnormal application is marked for 3 times, and if the user continues to choose to ignore the prompt, the user can be prompted for the third time after the abnormal application is marked for 6 times, and so on.
It is to be noted that the two determination methods in the first embodiment and the second embodiment may be combined to perform anomaly determination on the application in the mobile terminal, when any anomaly condition occurs, the application is marked as an abnormal application, and the user is prompted when the first marking or the number of times of marking reaches a preset value.
According to the abnormal application prompting method provided by the embodiment, whether the application is abnormal or not can be judged according to the application type of each application and the operation frequency of sensitive data, and the abnormal application is marked and prompted to a user after the abnormal application is judged, so that the user can further confirm the abnormal application in time, the user rights and interests are guaranteed, and the user experience is improved.
EXAMPLE III
As shown in fig. 5, a fourth embodiment of the present invention proposes a mobile terminal 2. The mobile terminal 2 includes a memory 20, a processor 22, a screen 26, and an anomalous application prompting system 28.
The memory 20 includes at least one type of readable storage medium for storing an operating system installed in the mobile terminal 2 and various types of application software, such as program codes of the abnormal application prompting system 28. In addition, the memory 20 may also be used to temporarily store various types of data that have been output or are to be output.
The processor 22 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 22 is typically operative to control overall operation of the mobile terminal 2. In this embodiment, the processor 22 is configured to run the program code stored in the memory 20 or process data, for example, run the abnormal application prompting system 28.
The screen 26 is used for displaying an application program and receiving a touch operation of a user.
Example four
As shown in fig. 6, a fourth embodiment of the present invention provides an abnormal application prompting system 28. In this embodiment, the abnormal application prompting system 28 includes:
the obtaining module 800 is configured to obtain a file growth amount and an opening number corresponding to each application in the mobile terminal 2.
Specifically, each application generates a corresponding folder in the/sdcard directory for storing local data generated by the application, and the size of the file generated by the application can be obtained from the folder, so that the file growth amount of the application in a certain period of time is obtained. After each application is opened by the user, the corresponding activity in the system is placed at the top of the stack in the memory, so that the number of times each application is opened can be detected.
A calculating module 802, configured to calculate a file growth rate and an opening frequency of each application at regular time.
Specifically, since a single file generated by some applications (e.g., multimedia-type applications) is large, it is not suitable to determine the application behavior by using the file growth size, and therefore, in this embodiment, a file growth rate is used as an index to determine whether an application is abnormal, where the file growth rate is the file growth amount/time. When the file growth rate is calculated, the opening frequency corresponding to the application needs to be calculated, so as to assist in judging whether the application is abnormal, where the opening frequency is the opening times/time.
In this embodiment, the file growth rate and the opening frequency of each application may be calculated every 6 hours, four times per 24 hours a day, and then the average of the four times may be taken as the final calculation result. The file growth rate and the opening frequency calculated once can be directly used as the final calculation result. In addition, the interval duration defined by the user can be received, for example, when the user feels that the prompt of the abnormal application is inaccurate, the interval duration for calculating the file growth rate and the opening frequency can be set by the user.
The determining module 804 is configured to determine whether the file growth rate and the opening frequency are abnormal.
Specifically, if an application has a very high file growth rate but a very low open frequency within a certain period of time, it indicates that the application should perform many operations silently in the background and belong to an abnormal application (possibly a malicious program). In this embodiment, when the file growth rate of an application is higher than (greater than or equal to) a first threshold and the opening frequency is lower than (less than or equal to) a second threshold, it is determined that the application is abnormal. The first threshold of the file growth rate and the second threshold of the opening frequency are dynamically adjusted, for example, the file growth rates of all applications may be sorted in a descending order, then the file growth rate of the third name may be taken as the first threshold, the opening frequencies of all applications may be sorted in an ascending order, and then the opening frequency of the third name may be taken as the second threshold.
And a marking module 806, configured to mark the application as an abnormal application and prompt a user when it is determined that an abnormality occurs.
Specifically, when it is determined that an application is abnormal, the application is marked as an abnormal application according to a preset mode. For example, a red exclamation point may be marked in the upper right corner of the application icon. In addition, the abnormal application can be prompted to the user in other modes, so that the user can confirm whether the application needs to be uninstalled. For example, the user is prompted by a system notification in a notification bar. The user can be prompted immediately after the determined abnormal application is marked for the first time, if the user chooses to ignore the prompt, the user can be prompted for the second time after the abnormal application is marked for 3 times, and if the user continues to choose to ignore the prompt, the user can be prompted for the third time after the abnormal application is marked for 6 times, and so on.
EXAMPLE five
As shown in fig. 7, a fifth embodiment of the present invention provides an abnormal application prompting system 28. In this embodiment, the abnormal application prompting system 28 further includes a setting module 808 besides the obtaining module 800, the calculating module 802, the judging module 804 and the marking module 806 in the fourth embodiment.
The setting module 808 is configured to set the sensitive data in the mobile terminal 2.
Specifically, for the user of the mobile terminal 2, personal data is very sensitive, such as a phone book, a call record, a short message, a multimedia message, location information, a photo, and the like, and if a certain application frequently operates sensitive data, the application may be abnormal. The setting module 808 may set which data belongs to the sensitive data by itself, or receive the sensitive data range set by the user by itself.
The obtaining module 800 is further configured to obtain the operation times of each application on the sensitive data at regular time.
Specifically, the operation mainly refers to operations of reading, adding, deleting, modifying, transmitting and the like of the sensitive data. The reading of the personal data has corresponding API which can be used in the system, and the operation times of each application on the personal data in the preset time period can be detected only by embedding points under the corresponding API. The preset time period may be set by the obtaining module 800, or may receive a user-defined setting.
The determining module 804 is further configured to determine whether the operation frequency corresponding to each application is abnormal according to the application type of the application.
Specifically, when the operation frequency of a certain application on the sensitive data is higher than (greater than or equal to) a third threshold, whether the operation frequency is reasonable or not is judged according to the application type of the application, and if the operation frequency is not reasonable, the application is judged to be abnormal. For example, it is certainly unreasonable for a flashlight application to frequently operate on such sensitive data, and an application with abnormal behavior can be identified by comparing the types of applications. The third threshold of the operation times is dynamically adjusted, for example, the operation times corresponding to all the applications may be sorted in a descending order, and then the operation times of the third name may be taken as the third threshold.
In addition, some common applications that need to manipulate the sensitive data frequently, such as WeChat, Paibao, etc., can also be added to the white list. These applications may not detect the number of operations on the sensitive data.
The marking module 806 is further configured to mark the application as an abnormal application and prompt the user when it is determined that the abnormality occurs.
Specifically, the marking and prompting manners are similar to those of the fourth embodiment, and are not described herein again.
It should be noted that the determining module 804 and the marking module 806 may perform anomaly determination and marking on the application in the mobile terminal 2 by combining the two determining manners in the fourth embodiment and the fifth embodiment, when any one of the abnormal conditions occurs, mark the application as an abnormal application, and prompt the user when the first marking or the number of times of marking reaches a preset value.
EXAMPLE six
The present invention further provides another embodiment, which is to provide a computer-readable storage medium storing an abnormal application prompting program, where the abnormal application prompting program is executable by at least one processor to cause the at least one processor to execute the steps of the abnormal application prompting method as described above.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (9)

1. An abnormal application prompting method is characterized by comprising the following steps:
acquiring the file increment and the opening times corresponding to each application in the mobile terminal;
calculating the file growth rate and the opening frequency of each application at fixed time;
judging whether the file growth rate and the opening frequency are abnormal or not; and
when the abnormity is judged, the application is marked as abnormal application and a user is prompted;
in the step of judging whether the file growth rate and the opening frequency are abnormal or not, when the file growth rate corresponding to the application is higher than a first threshold and the opening frequency is lower than a second threshold, judging that the application is abnormal.
2. The abnormal application prompting method according to claim 1, further comprising the steps of:
setting sensitive data in the mobile terminal;
acquiring the operation times of each application on the sensitive data at fixed time;
judging whether the operation times corresponding to the applications are abnormal or not according to the application type of each application;
and when the abnormity is judged to occur, marking the application as the abnormal application and prompting a user.
3. The abnormal application prompting method according to claim 1, wherein the first threshold and the second threshold are dynamically adjusted, the file growth rates of all applications are sorted in a descending order, then the file growth rate of a third name is taken as the first threshold, the opening frequencies of all applications are sorted in an ascending order, and then the opening frequency of the third name is taken as the second threshold.
4. The abnormal application prompting method of claim 2, wherein the sensitive data is personal data of a user, and comprises a phone book, a call record, a short message, a multimedia message, position information and a photo.
5. The abnormal application prompting method of claim 2, wherein the operation on the sensitive data comprises reading, adding, deleting, modifying, and transmitting.
6. The abnormal application prompting method according to claim 2, wherein the step of judging whether the operation times corresponding to the application are abnormal or not according to the application type of each application comprises:
and when the operation times of the application on the sensitive data are higher than a third threshold value, judging whether the operation times are reasonable according to the application type of the application, and if not, judging that the application is abnormal.
7. The abnormal application prompting method according to claim 1 or 2, wherein in the step of marking the application as the abnormal application and prompting the user, the user is prompted in a preset manner when the abnormal application is marked for the first time or the number of times of marking reaches a preset value.
8. A mobile terminal, characterized in that the mobile terminal comprises: memory, processor, screen and an abnormal application prompting program stored on the memory and executable on the processor, the abnormal application prompting program when executed by the processor implementing the steps of the abnormal application prompting method as claimed in any one of claims 1 to 7.
9. A computer-readable storage medium, having stored thereon an abnormal application prompting program, which when executed by a processor implements the steps of the abnormal application prompting method of any one of claims 1 to 7.
CN201811628778.1A 2018-12-28 2018-12-28 Abnormal application prompting method, mobile terminal and computer readable storage medium Active CN109587345B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811628778.1A CN109587345B (en) 2018-12-28 2018-12-28 Abnormal application prompting method, mobile terminal and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811628778.1A CN109587345B (en) 2018-12-28 2018-12-28 Abnormal application prompting method, mobile terminal and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN109587345A CN109587345A (en) 2019-04-05
CN109587345B true CN109587345B (en) 2021-09-07

Family

ID=65933475

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811628778.1A Active CN109587345B (en) 2018-12-28 2018-12-28 Abnormal application prompting method, mobile terminal and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN109587345B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104866296A (en) * 2014-02-25 2015-08-26 腾讯科技(北京)有限公司 Data processing method and device
CN105025170A (en) * 2015-08-05 2015-11-04 张京源 Detection and alarm method of mobile phone in non-normal use
WO2016000543A1 (en) * 2014-06-30 2016-01-07 北京金山安全软件有限公司 Method, device and mobile terminal for detecting abnormal cpu occupancy rate of app
CN105959462A (en) * 2016-04-20 2016-09-21 深圳市万普拉斯科技有限公司 Abnormal startup control method and system
CN107729167A (en) * 2016-08-10 2018-02-23 腾讯科技(深圳)有限公司 Using abnormality eliminating method and device
CN108089935A (en) * 2017-11-29 2018-05-29 维沃移动通信有限公司 The management method and mobile terminal of a kind of application program

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104866296A (en) * 2014-02-25 2015-08-26 腾讯科技(北京)有限公司 Data processing method and device
WO2016000543A1 (en) * 2014-06-30 2016-01-07 北京金山安全软件有限公司 Method, device and mobile terminal for detecting abnormal cpu occupancy rate of app
CN105025170A (en) * 2015-08-05 2015-11-04 张京源 Detection and alarm method of mobile phone in non-normal use
CN105959462A (en) * 2016-04-20 2016-09-21 深圳市万普拉斯科技有限公司 Abnormal startup control method and system
CN107729167A (en) * 2016-08-10 2018-02-23 腾讯科技(深圳)有限公司 Using abnormality eliminating method and device
CN108089935A (en) * 2017-11-29 2018-05-29 维沃移动通信有限公司 The management method and mobile terminal of a kind of application program

Also Published As

Publication number Publication date
CN109587345A (en) 2019-04-05

Similar Documents

Publication Publication Date Title
CN108391025B (en) Network access management method, mobile terminal and computer readable storage medium
CN109151169B (en) Camera authority management method, mobile terminal and computer readable storage medium
CN107832032B (en) Screen locking display method and mobile terminal
CN108900696B (en) Data processing method, terminal and computer readable storage medium
CN108183833B (en) Response processing method and device and computer readable storage medium
CN108566476B (en) Information processing method, terminal and computer readable storage medium
CN108563388B (en) Screen operation method, mobile terminal and computer-readable storage medium
CN109491577B (en) Holding interaction method and device and computer readable storage medium
CN109413272B (en) Gravity sensor management method, double-sided screen mobile terminal and storage medium
CN109669616B (en) Side screen interaction control method and device and computer readable storage medium
CN111443818A (en) Screen brightness regulation and control method and device and computer readable storage medium
CN108322604B (en) Drop processing method of mobile terminal, mobile terminal and storage medium
CN107992278B (en) Brightness adjusting method, mobile terminal and computer readable storage medium
CN109587345B (en) Abnormal application prompting method, mobile terminal and computer readable storage medium
CN107580106B (en) Call control method, mobile terminal and computer readable storage medium
CN107256108B (en) Screen splitting method, device and computer readable storage medium
CN109327604B (en) Status bar information display method and equipment and computer readable storage medium
CN108667714B (en) Information transmitting method, information receiving method, mobile terminal and storage medium
CN107404568B (en) Control switch management method and mobile terminal
CN109614031B (en) Pressure-sensitive interaction processing method and equipment and computer-readable storage medium
CN109379719B (en) Application program broadcast processing method and device and computer readable storage medium
CN109683796B (en) Interaction control method, equipment and computer readable storage medium
CN109995925B (en) Crank call identification method, terminal and computer readable storage medium
CN109451162B (en) Recording control method, mobile terminal and computer readable storage medium
CN109558056B (en) Display interface switching method and device and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant