CN109600418A

CN109600418A - Track method, apparatus, equipment and the system of application access

Info

Publication number: CN109600418A
Application number: CN201811307178.5A
Authority: CN
Inventors: 吴建雷
Original assignee: Alibaba Group Holding Ltd
Current assignee: Advanced Nova Technology Singapore Holdings Ltd
Priority date: 2018-11-05
Filing date: 2018-11-05
Publication date: 2019-04-09
Anticipated expiration: 2038-11-05
Also published as: CN109600418B

Abstract

This specification embodiment provides a kind of method, apparatus, equipment and system for tracking application access, this method comprises: tracking request to the access that server sends target application；Wherein, the mark of target application is carried in access tracking request；It receives server and the domain name identification that request returns is tracked according to access；By sending HTTP access request to domain name corresponding to domain name identification, detect whether that there are effective hypertext transfer protocol strict safeties corresponding to domain name to transmit HSTS configuration information；Instruction according to testing result, determines whether domain name is accessed by target application.

Description

Track method, apparatus, equipment and the system of application access

Technical field

This application involves Internet technical field more particularly to a kind of method, apparatus for tracking application access, equipment and it is System.

Background technique

With the fast development of information technology, the terminal devices such as mobile phone, tablet computer, computer have obtained quick development It is popularized with extensive.Application and dependence with people to terminal device, the application program installed on the terminal device are also more next It is more.Such as various types of browsers, instant message applications, game class application.Certainly, in the mistake of people's using terminal equipment Cheng Zhong may carry out information push to user or carry out a certain test.Therefore, believe in order to preferably be pushed to user Data when breath or collection test, need to apply accessed domain name to be tracked on terminal device.

In general, generated related data is stored in the system of terminal device when application operation.And in order to protect The safety for demonstrate,proving system data prevents from malicious access or obtains to apply data, is typically provided with protection mechanism on terminal device, Such as sandbox, in this way, application program can not then access system data.In order to be tracked to using accessed domain name, it will usually Link is tracked by finger print data, but is easily received system upgrade or updates brought influence, and stability is poor.

Therefore, it is necessary to propose a kind of method for tracing, the tracking using accessed domain name may be implemented, and not by system Upgrading or the influence updated.

Summary of the invention

The purpose of this specification embodiment is to provide a kind of method, apparatus, equipment and system for tracking application access, from clothes After business device gets domain name identification corresponding to target application, domain name corresponding to access domain name identification is accessed by using HTTP Mode, detect whether that there are effective HSTS configuration informations corresponding to domain name, if in the presence of, it is determined that domain name is by target application It is accessed.This specification embodiment realizes the tracking of domain name accessed to target application, and not by system update or upgrading Influence, stability is preferable；It does not need to obtain the system level datas such as device-fingerprint, therefore, not will receive the anti-privacy tracking of system Limitation.Furthermore, it is contemplated that the configuration information of caching HSTS is steps necessary, therefore this programme will not be prevented by system.

In order to solve the above technical problems, this specification embodiment is achieved in that

This specification embodiment provides a kind of method for tracking application access, comprising:

The access for sending target application to server tracks request, includes the target application in the access tracking request Mark；

Receive the domain name identification that the server is returned according to the access tracking request；

By using the corresponding domain name of hypertext transfer protocol HTTP access domain name mark, detect whether that there are institutes State effective hypertext transfer protocol strict safety transmission HSTS configuration information corresponding to domain name；

Instruction according to testing result, determines whether domain name is accessed by the target application.

This specification embodiment additionally provides a kind of method for tracking application access, comprising:

The access for the target application that receiving terminal apparatus is sent tracks request, includes the mesh in the access tracking request Mark the mark of application；

Request, which is tracked, according to the access searches domain name identification corresponding with access tracking request；

Domain name mark is returned into the terminal device, so that described in the terminal device accessed by using HTTP Domain name corresponding to domain name identification detects whether that there are effective HSTS configuration informations corresponding to domain name；It is tied according to detection The instruction of fruit, determines whether domain name is accessed by the target application.

Receive the domain name that the server is returned according to the access tracking request；

Domain name is accessed by using HTTP, detects whether that there are effective HSTS corresponding to domain name to match confidence Breath；

This specification embodiment additionally provides a kind of device for tracking application access, and described device includes:

Sending module, the access for sending target application to server track request, include institute in the access tracking request State the mark of target application；

First receiving module receives the domain name identification that the server is returned according to the access tracking request；

Detection module detects whether that there are the domains by using the corresponding domain name of HTTP access domain name mark Effective HSTS configuration information corresponding to name；

First determining module, instruction according to testing result determine whether domain name is accessed by the target application.

Second receiving module, the access for the target application that receiving terminal apparatus is sent track request, and the access tracking is asked It include the mark of the target application in asking；

Searching module tracks request according to the access and searches domain name identification corresponding with access tracking request；

Return module, by domain name mark return to the terminal device so that the terminal device by using HTTP accesses the corresponding domain name of domain name mark, detects whether that there are effective HSTS corresponding to domain name to match confidence Breath；Instruction according to testing result, determines whether domain name is accessed by the target application.

Sending module, the access for sending target application to server track request, wrap in the access tracking request Include the mark of the target application；

First receiving module, the domain name returned for receiving the server according to the access tracking request；

Detection module detects whether that there are having corresponding to domain name for accessing domain name by using HTTP Imitate HSTS configuration information；

Whether the first determining module determines domain name by the target application institute for instruction according to testing result Access.

This specification embodiment additionally provides a kind of system for tracking application access, including server and terminal device；

The terminal device, the access for sending target application to the server track request, the access tracking It include the mark of the target application in request；

The server, the access tracking request sent for receiving the terminal device；It is asked according to access tracking Seek lookup domain name identification corresponding with access tracking request；Domain name mark is returned into the terminal device；

The terminal device is also used to receive the domain name identification that the server returns；Described in being accessed by using HTTP Domain name corresponding to domain name identification detects whether that there are effective HSTS configuration informations corresponding to domain name；It is tied according to detection The instruction of fruit, determines whether domain name is accessed by the target application.

The server, the access tracking request sent for receiving the terminal device, according to the access with Domain name corresponding with access tracking request is searched in track request, and domain name is returned to the terminal device；

The terminal device, is also used to receive the domain name that the server returns, and accesses domain name by using HTTP, Detect whether that there are effective HSTS configuration informations corresponding to domain name, instruction according to testing result determines domain name Whether accessed by the target application.

This specification embodiment additionally provides a kind of equipment for tracking application access, comprising:

Processor；And

It is arranged to the memory of storage computer executable instructions, the executable instruction makes the place when executed Manage device:

By using the corresponding domain name of HTTP access domain name mark, detect whether that there are corresponding to domain name Effective HSTS configuration information；

Processor；And

This specification embodiment additionally provides a kind of storage medium, described to hold for storing computer executable instructions Following below scheme is realized in row instruction when executed:

Technical solution in the present embodiment, after getting domain name identification corresponding to target application from server, by making The mode that domain name corresponding to access domain name identification is accessed with HTTP, detects whether that there are effective HSTS corresponding to the domain name to match Confidence breath, if in the presence of, it is determined that the domain name is accessed by target application.This specification embodiment, realizes to target application The tracking of accessed domain name, and do not influenced by system update or upgrading, stability is preferable；It does not need to obtain device-fingerprint etc. Therefore system level data not will receive the limitation of the anti-privacy tracking of system.Furthermore, it is contemplated that the configuration information of caching HSTS is Steps necessary, therefore this programme will not be prevented by system.

Detailed description of the invention

In order to illustrate more clearly of this specification embodiment or technical solution in the prior art, below will to embodiment or Attached drawing needed to be used in the description of the prior art is briefly described, it should be apparent that, the accompanying drawings in the following description is only Some embodiments as described in this application, for those of ordinary skill in the art, before not making the creative labor property It puts, is also possible to obtain other drawings based on these drawings.

Fig. 1 is the first method flow chart of the method for the tracking application access that this specification embodiment provides；

Fig. 2 is the second method flow chart of the method for the tracking application access that this specification embodiment provides；

Fig. 3 is the third method flow diagram of the method for the tracking application access that this specification embodiment provides；

Fig. 4 is the fourth method flow chart of the method for the tracking application access that this specification embodiment provides；

Fig. 5 is the fifth method flow chart of the method for the tracking application access that this specification embodiment provides；

Fig. 6 is the first exchange method flow chart of the method for the tracking application access that this specification embodiment provides；

Fig. 7 is second of exchange method flow chart of the method for the tracking application access that this specification embodiment provides；

Fig. 8 is the application scenarios schematic diagram of the method for the tracking application access that this specification embodiment provides；

Fig. 9 is the 6th kind of method flow diagram of the method for the tracking application access that this specification embodiment provides；

Figure 10 is the 7th kind of method flow diagram of the method for the tracking application access that this specification embodiment provides；

Figure 11 is the 8th kind of method flow diagram of the method for the tracking application access that this specification embodiment provides；

Figure 12 is the third exchange method flow chart of the method for the tracking application access that this specification embodiment provides；

Figure 13 is the first module composition schematic diagram of the device for the tracking application access that this specification embodiment provides；

Figure 14 is second of module composition schematic diagram of the device for the tracking application access that this specification embodiment provides；

Figure 15 is the third module composition schematic diagram of the device for the tracking application access that this specification embodiment provides；

Figure 16 is the structural schematic diagram of the system for the tracking application access that this specification embodiment provides；

Figure 17 is the structural schematic diagram of the equipment for the tracking application access that this specification embodiment provides.

Specific embodiment

In order to make those skilled in the art better understand the technical solutions in the application, below in conjunction with this specification Attached drawing in embodiment is clearly and completely described the technical solution in this specification embodiment, it is clear that described Embodiment is merely a part but not all of the embodiments of the present application.Based on the embodiment in the application, this field Those of ordinary skill's every other embodiment obtained without creative efforts, all should belong to the application The range of protection.

This specification embodiment provides a kind of method, apparatus, equipment and system for tracking application access, by using super Text transfer protocol (Hyper Text Transport Protocol, HTTP) accesses certain domain name, and can detecte whether there is The transmission of effective hypertext transfer protocol strict safety corresponding to the domain name (HTTP Strict Transport Security, HSTS) configuration information is realized and is accessed target application so as to judge whether the domain name is accessed by target application The tracking of domain name, and do not influenced by system upgrade and update, stability is preferable.

It should be noted that above-mentioned HSTS configuration information is generally used for the number of seconds that instruction target application is specified in max-age It is interior to use Hyper text transfer security protocol (Hyper Text Transfer Protocol over Secure Socket Layer, HTTPS) domain name access is carried out, for example, above-mentioned max-age specified number of seconds is 3600 seconds, then from receiving the HSTS Start when configuration information, in 3600 seconds, if accessing the domain name using HTTP, then can jump to HTTPS connection automatically.If It is current time still in the number of seconds that max-age is specified, then it is assumed that the HSTS configuration information is effective configuration information.

Fig. 1 shows the first method flow chart of the method for the tracking application access of this specification embodiment offer, should Method is applied to terminal device, i.e. the executing subject of this method can be terminal device.Wherein, terminal device can for mobile phone, The terminal devices such as tablet computer, computer.Specifically, the executing subject of method shown in FIG. 1 can be to be mounted on terminal device On tracking application access device.Wherein, method shown in FIG. 1 includes at least following steps:

Step 102, request is tracked to the access that server sends target application, includes target in above-mentioned access tracking request The mark of application.

In the specific implementation, the mark of domain name identification and target application can be stored on the server or in database Mapping relations.It should be noted that corresponding multiple and different domain name identification possible for the same application, different applications Identical domain name identification may be corresponded to.For ease of understanding, following to be illustrated citing.

Table 1 is by the domain name identification that stores on server or database in this specification embodiment and target application The possibility form of the mapping relations of mark.

Wherein, in table 1, the mark of application use be application user agent (User Agent, UA), certainly, answer Mark can also be other, only be illustrated by taking UA as an example herein.In the situation shown in table 1, UA1 corresponds to two not Same domain name identification, respectively " afv " and " dyh ", UA3 is identical with domain name identification corresponding to one of UA1, is “afv”。

Table 1

The mark of application	Domain name identification
		UA1	afv
UA2	usy
		UA3	afv
UA1	dyh

Certainly, above-mentioned table 1 is exemplary illustration, does not constitute the restriction to this specification embodiment.

In addition, it is necessary to explanation, mentioned in step 102 to domain name identification (being properly termed as code) be characterization domain name Information, can be domain name component part, as domain name identification be domain name uniform resource locator (Uniform Resource Locator, URL) part.For ease of understanding, following to be illustrated citing.

For example, certain domain name is A.taobao.com, domain name identification corresponding to the domain name can be " A " in the domain name.

Certainly, in other embodiments, above-mentioned domain name identification can also be coding corresponding to domain name, for example, can be with To use setting encryption algorithm to encode domain name, coding corresponding to domain name is obtained；Then terminal is after obtaining domain name identification, Domain name can be obtained by being decoded to domain name identification.Alternatively, above-mentioned domain name identification can also be for using alphabetical, digital or alphabetical With label corresponding to domain name identification set by several combinatorics on words, for example, it is also possible to by domain corresponding to A.taobao.com Name mark is set as " 123 ", " 23hdyb " label that either letter such as " snd " or number are combined into.It is understood that except above-mentioned Outside mode, other modes can also be used, as long as terminal can be made to generate domain name according to domain name identification.

In addition, the mark for the application arrived mentioned in above-mentioned steps 102 can be the UA of application, specifically, the UA of application In may include that the version number etc. of application can identify the information of the application.

Step 104, it receives server and the domain name identification that request returns is tracked according to access.

After server receives the access tracking request of terminal device transmission, according to the mark of the target application from storage The mark of application and the corresponding relationship of domain name identification in search the domain name identification to match with the mark of target application, will search To domain name identification be sent to terminal device as domain name identification.

Certainly, the mark of application and the corresponding relationship of domain name identification can store on the server, it is also possible to be stored in number According in library.Therefore, if the corresponding relationship of the mark of application and domain name identification stores on the server, then when server receives After the access tracking request that terminal device is sent, the domain name identification to match with the mark of target application is directly searched；If answering The corresponding relationship of mark and domain name identification stores in the database, then when server receives the access of terminal device transmission It tracks after requesting, then the domain name identification that server matches from database according to the mark of target application.

By taking above-mentioned table 1 as an example, for example, application entrained in access tracking request is identified as UA1, then looked into table 1 The corresponding domain name identification of UA1 is looked for, then the domain name identification found is " afv " and " dyh ", then server makees " afv " and " dyh " Terminal device is sent to for domain name identification.

Step 106, by using domain name corresponding to HTTP access domain name identification, detect whether that there are corresponding to domain name Effective HSTS configuration information.

In this specification embodiment, before domain name corresponding to HTTP access domain name identification, it is thus necessary to determine that domain name The corresponding domain name of mark.

Therefore, before using domain name corresponding to HTTP access domain name identification, the method for this specification embodiment offer Further include:

According to the domain name combination rule of setting, above-mentioned domain name identification group is combined into domain name；Alternatively, the decoding according to setting is calculated Method, parsing obtain domain name corresponding to the domain name identification.

In this specification embodiment, above-mentioned domain name identification belongs to the component part of domain name, the domain name combination of above-mentioned setting Rule can be the rule for being combined domain name identification and setting domain name, and domain name can be set in above-mentioned domain name combination rule Template, in this way, domain name identification can be directly added to the corresponding position of domain name template when domain name identification group is combined into domain name Place, obtains domain name.The other components of domain name and the placement location of domain name identification are provided in the domain name template.Example Such as, preset domain name template can be with are as follows: domain name identification .Tmall.com, in this way, directly domain name identification can be placed on Corresponding domain name can be obtained at position corresponding to " domain name identification ".Certainly, herein only to the example of domain name combination rule Property explanation, do not constitute the restriction to domain name combination rule in this specification embodiment.

Wherein, in this specification embodiment, the domain of multiple and different domain names can be stored in advance in above-mentioned domain name combination rule Name template, for example, may include the template that domain name identification .A.com, domain name identification .B.com etc. are directed to A domain name and B domain name.

In addition, in this specification embodiment, above-mentioned domain name identification can also for by setting encryption algorithm to domain name into The coding obtained after row coding, correspondingly, corresponding decoding algorithm can be stored on the terminal device, in this way, determining domain name When decoding algorithm corresponding to mark, directly the domain name identification can be decoded using the decoding algorithm, so as to solve Analysis obtains domain name corresponding to the domain name identification.

Certainly, in other embodiments, above-mentioned domain name identification can also use letter, number or letter and number Group is combined into label set by domain name, in that case, is stored with domain name identification and corresponding domain name on the server Therefore mapping relations can search domain name corresponding to the domain name identification from server according to the domain name identification.

The above-mentioned specific implementation for only listing domain name corresponding to several determining domain name identifications, determines domain name identification The specific implementation of corresponding domain name is not limited thereto, and can also be realized by other means, this specification embodiment It will not enumerate.

It, at least can be with specifically, in step 106, detect whether that there are effective HSTS configuration informations corresponding to domain name It is realized by two ways, it is specific as follows.

Mode one,

Using domain name corresponding to HTTP access domain name identification, and detect whether established connection is HTTPS connection；If It is, it is determined that there are effective HSTS configuration informations corresponding to domain name；Otherwise, it determines there is no effective HSTS corresponding to domain name Configuration information.

Specifically, after determining domain name corresponding to domain name identification HTTP access request can be sent to domain name, and examine It surveys by the way that whether the connection that the access request is established with server is that HTTPS is connect.

If so, the domain name is accessed by target application, then the configuration of HSTS corresponding to the domain name can be downloaded from server Information, and the HSTS configuration information is all effectively, if in the effective of HSTS within the max-age specified time of the HSTS In time, HTTP access request is sent to server, then can change into HTTPS access automatically, i.e., is HTTPS with server foundation Access request.Therefore, in this specification embodiment, if the connection for detecting foundation is HTTPS connection, then illustrate existence domain Effective HSTS configuration information corresponding to name, to illustrate that domain name was accessed by target application.

In addition, it is necessary to explanation, if detecting that the connection of foundation is not HTTPS connection, but HTTP connection, then Specification domain name not by target application accessed or domain name corresponding to HSTS configuration information it is no longer valid.

Mode two,

Using domain name corresponding to HTTP access domain name identification, and monitor whether to receive the HSTS configuration of server return Information；If so, determining that there is no effective HSTS configuration informations corresponding to domain name；Otherwise, it determines there are corresponding to domain name Effective HSTS configuration information.

In this specification embodiment, if after domain name was not accessed or failed by target application, then using HTTP When accessing domain name, server can return to the HSTS configuration information of domain name to terminal device.Therefore, by monitoring whether to receive clothes The HSTS configuration information for the domain name that business device returns, it can be determined that going out terminal device currently whether there is effective HSTS configuration of domain name Information.

If so, determining HSTS configuration information of the terminal device there are domain name, then illustrate that domain name is accessed by target application； Otherwise, then it is assumed that domain name not by target application access or domain name corresponding to HSTS configuration information it is no longer valid.

Step 108, instruction according to testing result, determines whether the domain name is accessed by target application.

In this specification embodiment, if detecting the presence of effective HSTS configuration corresponding to domain name by step 106 Information can then determine that domain name was accessed by target application；If detecting that there is no corresponding to domain name by step 106 HSTS configuration information, then illustrate domain name not by target application accessed or the domain name corresponding to HSTS configuration information lost Effect.

In addition, being sent in the access tracking request of server further includes access server in this specification embodiment Used Internet protocol (Internet Protocol, IP) address information；

Then after server receives the access tracking request of terminal device transmission, search and the mark of target application and should The domain name identification found is returned to terminal device as domain name identification by the domain name identification that IP address information matches.

Therefore, in that case, in above-mentioned steps 104, server is received according to access tracking and requests returned domain Name mark, comprising:

Receive the domain name identification found according to the mark and IP address information of target application that server is sent.

Specifically, in that case, then stored in server or database be application mark, domain name identification Corresponding relationship between IP address information, wherein a kind of possible storage form is as shown in table 2.

Table 2

The mark of application, IP address information	Domain name identification
		UA1, IP1	asd
UA1, IP1	fev
		UA2, IP1	12fgt
UA3, IP2	asd
		UA3, IP3	hr5

Certainly, above-mentioned table 2 is exemplary illustration, does not constitute the restriction to this specification embodiment.

The above process for ease of understanding, it is following to be illustrated citing.

For example, terminal device, which is sent to the target application carried in the access tracking request of server, is identified as UA2, IP Address information is identified as IP1, then can determine from above-mentioned table 2, is according to the domain name identification that UA2 and IP1 are found “12fgt”。

For above situation, Fig. 2 shows second of the method for the tracking application access of this specification embodiment offer Method flow diagram, method shown in Fig. 2 include at least following steps:

Step 202, access tracking request is sent to server；It wherein, include target application in access tracking request IP address information used in mark and access server.

Step 204, domain name identification corresponding to the mark and IP address information for the target application that server returns is received.

Step 206, according to the domain name combination rule of setting, above-mentioned domain name identification group is combined into domain name.

Step 208, above-mentioned domain name is accessed using HTTP, and detects whether the connection established with server is that HTTPS is connect； If so, thening follow the steps 210, otherwise, step 212 is executed.

Wherein, in a step 208, it can also monitor whether to receive the HSTS configuration information of the domain name of server return.

Step 210, determine that the domain name is accessed by target application.

Step 212, determine the domain name not by target application access or domain name corresponding to HSTS configuration information fail.

In addition, further including terminal device relevant information in above-mentioned access tracking request in this specification embodiment；

Therefore, in that case, above-mentioned steps 104 receive server according to access and track the domain name mark that request returns Know, comprising:

Receive finding according to the mark of target application, IP address information and terminal device relevant information for server transmission Domain name identification.

Specifically, above-mentioned terminal device relevant information can be the information such as resolution ratio, the terminal models of terminal device, so as to The range of found domain name identification can be further reduced, to reduce the subsequent lookup from the domain name identification got eventually The workload for the domain name that the target application of end equipment is accessed, so as to shorten the domain for determining that the target application of terminal device accessed The time of name improves search efficiency.

In addition, it should also be noted that, the method that this specification embodiment provides can be applied to the on terminal device One application is tracked by the domain name that the first application in target application accesses target application.

Therefore, for this kind of situation, in above-mentioned steps 102, access tracking request is sent to server, is specifically included:

The first application by being installed on terminal device sends above-mentioned access tracking request to server；

In above-mentioned steps 108, instruction according to testing result determines whether above-mentioned domain name is accessed by target application, wraps It includes:

Instruction according to testing result, determines whether above-mentioned domain name is accessed by the target application on terminal device；Wherein, First application and target application are the different application on terminal device.

It should be noted that in the specific implementation, above-mentioned target application can be to be mounted on arbitrarily answering on terminal device With program, above-mentioned first application is the application program on terminal device in addition to browser.

It is following the access of target application to be linked by the first application on terminal device by specific embodiment introduction The embodiment being tracked.Fig. 3 is the third method stream of the method for the tracking application access that this specification embodiment provides Cheng Tu, method shown in Fig. 3 include at least following steps:

Step 302, request is tracked to the access that server sends target application by the first application on terminal device；Its In, the mark of target application is carried in access tracking request.

Step 304, domain name identification corresponding to the mark with target application that server returns is received.

Step 306, according to the domain name combination rule of setting, above-mentioned domain name identification group is combined into domain name.

Step 308, which is accessed using HTTP by first on terminal device.

Step 310, monitor whether to receive the HSTS configuration information of the domain name of server return；If so, thening follow the steps 312, it is no to then follow the steps 314.

Wherein, in the step 310, can also by detect with server establish connection whether be HTTPS connection side Formula is realized.

Step 312, determine the domain name not by the target application on terminal device access or domain name corresponding to HSTS Configuration information is no longer valid.

Step 314, determine that the domain name is accessed by the target application on the terminal device.

The method for the tracking application access that this specification embodiment provides, gets corresponding to target application from server After domain name identification, the mode of domain name corresponding to access domain name identification is accessed by using HTTP, detects whether that there are domain name institutes Corresponding effective HSTS configuration information, if in the presence of, it is determined that domain name is accessed by target application.This specification embodiment, it is real The tracking of domain name accessed to target application is showed, and has not been influenced by system update or upgrading, stability is preferable；It does not need The system level datas such as device-fingerprint are obtained, therefore, not will receive the limitation of the anti-privacy tracking of system.Furthermore, it is contemplated that caching The configuration information of HSTS is steps necessary, therefore this programme will not be prevented by system.

Specification embodiment additionally provides a kind of method for tracking application access, and this method is applied to server, the i.e. party The executing subject of method is server, specifically, the executing subject of this method can be that the tracking application being mounted on server is visited The device asked.Fig. 4 shows the fourth method flow chart of the method for the tracking application access of this specification embodiment offer, figure Method shown in 4 includes at least following steps:

Step 402, the access for the target application that receiving terminal apparatus is sent tracks request, carries in access tracking request There is the mark of target application.

Step 404, request is tracked according to access and searches domain name identification corresponding with access tracking request.

In this specification embodiment, the corresponding relationship of the mark of domain name identification and application is potentially stored on server, It may also be stored in the database except server.Therefore, if domain name identification and the storage of the corresponding relationship of the mark of application On the server, then the domain name identification to match with the mark of target application is directly searched on the server；If domain name identification In the database stored with the corresponding relationship of the mark of application, then server is searched from database according to the mark of target application Domain name identification corresponding to the mark of target application.

Step 406, domain name identification is returned into terminal device, so that terminal device accesses domain name identification by using HTTP Corresponding domain name detects whether that there are effective HSTS configuration informations corresponding to domain name；Instruction according to testing result determines Whether domain name is accessed by target application.

Wherein, before executing above-mentioned steps 402, the method for this specification embodiment offer further include:

Receive the domain name access request that each terminal device is sent；It is requested to determine domain name corresponding to domain name according to domain name access The mark of the application of mark and access domain name；Establish and store the first corresponding pass between domain name identification and the mark of application System.

Specifically, in this specification embodiment, after server receives the access request of terminal device, according to the visit It asks request, the mark for accessing the application of the domain name is extracted from the context of the access request, and from the domain name accessed In extract the domain name identification of the domain name.For example, if terminal device is by the application access domain name A.taobao.com of UA1, Then application identities are UA1, and the domain name identification extracted from the domain name is " A ", then in server or database by UA1 and " A " is corresponding to be stored.

In addition, also carrying access the used network of server in access tracking request in this specification embodiment IP address information；

Therefore, before executing step 402, the method for this specification embodiment offer further include:

It is requested to determine IP address information used in access domain name according to domain name access；It establishes and stores domain name identification, answer The second corresponding relationship between mark and IP address information.

Wherein, IP address information and the mark of application can be extracted from the context that domain name access is requested.

The realization process phase of the specific implementation process of above-mentioned each step and method and step in embodiment corresponding to Fig. 1-Fig. 3 Together, therefore, the realization process of above-mentioned each step can refer to embodiment corresponding to Fig. 1-Fig. 3, and details are not described herein again.

Fig. 5 is the fifth method flow chart of the method for the tracking application access that this specification embodiment provides, shown in Fig. 5 Method, include at least following steps:

Step 502, the domain name access request that the target application of each terminal device is sent is received；

Step 504, extract the domain name identification of domain name, and according to domain name access request to determine target application mark and IP address information.

Step 506, by domain name identification, the mark of target application and the corresponding storage of IP address information.

It wherein, in step 506, can be by domain name identification, the mark of target application and the corresponding storage of IP address information In server or database.

Step 508, the access that the first application of receiving terminal apparatus is sent tracks request；Wherein, access tracking request In carry the mark of target application and IP address information used in connecting with server.

Step 510, it is searched according to the mark of target application and IP address information and is believed with the mark of target application and IP address Cease corresponding domain name identification.

Step 512, the domain name identification found is returned into terminal device.

It is following will be by being interacted between server and terminal device for, be discussed in detail this specification embodiment offer Method, Fig. 6 is the first interaction diagrams for the method for tracking application access that this specification embodiment provides, shown in Fig. 6 Method, include at least following steps:

Step 602, terminal device tracks request to the access that server sends target application, wherein access tracking is asked The mark of target application is carried in asking and accesses the IP address of the used network of server.

Step 604, after server receives access tracking request, target application is extracted from access tracking request Mark and IP address.

Step 606, server is searched from the mapping relations of the mark of the application pre-established, IP address and domain name identification The domain name identification to match with the mark and IP address of target application.

Step 608, the domain name identification found is sent to terminal device by server.

Step 610, above-mentioned domain name identification group is combined into domain name according to the domain name combination rule of setting by terminal device.

Step 612, terminal device accesses the domain name by HTTP, and detect the connection established with server whether be HTTPS connection；If so, thening follow the steps 614, otherwise, step 616 is executed；

Specifically, can also monitor whether to receive HSTS corresponding to the domain name of server return in step 614 Configuration information.

Step 614, determine that the domain name was accessed by target application.

Step 616, determine the domain name not by target application accessed or domain name corresponding to HSTS configuration information Failure.

In addition, in a specific embodiment, it can be by the application of one on terminal device to another application The domain name accessed is tracked.Therefore, following will be by applying A institute on terminal device using B on terminal device For the domain name of access is tracked, in such a way that server and terminal device interact, this specification embodiment is introduced The method of the tracking application access of offer, Fig. 7 are second of the method for the tracking application access that this specification embodiment provides Interaction diagrams, method shown in Fig. 7 include at least following steps:

Step 702, terminal device is requested by tracking using B to the access of server sending application A, is tracked in the access The IP address of the UA and access the used network of server using A are carried in request.

Wherein, the access tracking request sent by application B can be HTTPS request.

Step 704, server searches the UA and the IP address according to the UA and IP address using A carried in the request Corresponding domain name identification.

Step 706, the domain name identification found is returned to terminal device by server.

Step 708, above-mentioned domain name identification group is combined into domain name according to the domain name combination rule of setting by terminal device.

Step 710, terminal device is by accessing above-mentioned domain name using HTTP using B, and monitors whether to receive server HSTS configuration information corresponding to the domain name of return；If so, thening follow the steps 712, otherwise, step 714 is executed.

Wherein, in step 720, can also by detect with server establish connection whether be HTTPS connection side Formula is realized.

Step 712, determine above-mentioned domain name not by terminal device using A accessed or target application corresponding to HSTS Configuration information is no longer valid.

Step 714, above-mentioned domain name accessing using A by terminal device is determined.

Wherein, a kind of concrete application scene of embodiment corresponding to Fig. 7 passes through as shown in figure 8, in scene shown in Fig. 8 Being tracked using the domain name that A is accessed to terminal device using B of terminal device.

The method for the tracking application access that this specification embodiment provides, server is by domain name mark corresponding to target application Knowledge returns to terminal device, in a manner of making terminal device access domain name corresponding to access domain name identification by using HTTP, Detect whether that there are effective HSTS configuration informations corresponding to domain name, if in the presence of, it is determined that domain name is accessed by target application. This specification embodiment, realizes the tracking of domain name accessed to target application, and is not influenced by system update or upgrading, Stability is preferable；It does not need to obtain the system level datas such as device-fingerprint, therefore, not will receive the limitation of the anti-privacy tracking of system. Furthermore, it is contemplated that the configuration information of caching HSTS is steps necessary, therefore this programme will not be prevented by system.

This illustrates that embodiment additionally provides a kind of method for tracking application access, is applied to terminal device, i.e. this method Executing subject is terminal device, the device of the specific tracking application access for installation on the terminal device.Fig. 9 is this specification 6th kind of method flow diagram of the method for the tracking application access that embodiment provides, method shown in Fig. 9 include at least following step It is rapid:

Step 902, request is tracked to the access that server sends target application, is answered in access tracking request including target Mark；

Step 904, it receives server and the domain name that request returns is tracked according to above-mentioned access；

Step 906, above-mentioned domain name is accessed by using HTTP, detects whether that there are effective HSTS corresponding to above-mentioned domain name Configuration information；

Step 908, instruction according to testing result, determines whether above-mentioned domain name is accessed by target application.

In this specification embodiment, need to store the mark of application and the corresponding relationship of domain name on the server in advance, For searching domain name corresponding to target application, wherein the mark of identical application can correspond to multiple and different domain names, application Mark and domain name corresponding relationship it is as shown in table 3.

Table 3

The mark of application	Domain name
		UA1	123.A.com
UA2	2D6.B.com
		UA3	Der.C.com
UA1	3gt.D.com

In table 3, the UA for being identified as application of used application, it is, of course, also possible to for the other information of application, this theory Bright book embodiment does not limit the mark of application.In addition, above-mentioned table 3 is exemplary illustration, do not constitute to this theory Respectively using the limitation of corresponding domain name and specific domain name in bright book embodiment.

After server receives the access tracking request of terminal device transmission, deposited according to the mark of target application from advance In the mark of the application of storage and the corresponding relationship of domain name, domain name corresponding to the mark of target application is searched, which is returned To terminal device.For example, if the target application carried in above-mentioned access tracking request is identified as UA1, then from above-mentioned table 3 It searches, can determine that domain name corresponding to UA1 is 123.A.com and 3gt.D.com, then return to the two domain names found To terminal device.

Specifically, accessing above-mentioned domain name in above-mentioned steps 906 by using HTTP, detecting whether that there are above-mentioned domain name institutes Corresponding effective HSTS configuration information, can at least be realized by the following two kinds mode；

Mode one,

Above-mentioned domain name is accessed using HTTP, and detects whether established connection is Hyper text transfer security protocol HTTPS Connection；If so, determining that there are effective HSTS configuration informations corresponding to above-mentioned domain name；Otherwise, it determines above-mentioned domain name is not present Corresponding effective HSTS configuration information.

Mode two,

Above-mentioned domain name is accessed using HTTP, and monitors whether to receive the HSTS configuration information that above-mentioned server returns；If It is, it is determined that there is no effective HSTS configuration informations corresponding to above-mentioned domain name；Otherwise, it determines there are corresponding to above-mentioned domain name Effective HSTS configuration information.

Wherein, the access tracking request of the target application of server is sent in this specification embodiment, in step 902 In, it can also include IP address information used in access server；

The domain name that request returns is tracked according to the access correspondingly, receiving server, is specifically included:

Receive the domain name found according to the mark and IP address information of target application that server is sent.

It in addition, further include terminal device relevant information in above-mentioned access tracking request；

Correspondingly, receiving server in above-mentioned steps 904 according to the access and tracking the domain name that request returns, comprising:

Receive looking into according to the mark, above-mentioned IP address information and terminal device relevant information of target application for server transmission The domain name found.

In addition, in above-mentioned steps 902, the access tracking of target application is sent to server in this specification embodiment Request, comprising:

Access tracking is sent to server by the first application of installation on the terminal device to request；

In above-mentioned steps 908, instruction according to testing result determines whether above-mentioned domain name is accessed by target application, has Body includes:

Instruction according to testing result, determines whether above-mentioned domain name is accessed by the target application on the terminal device.

Wherein, the specific implementation process and Fig. 1-of each step in the method for application access are tracked provided by the present embodiment The specific implementation process of each step is identical in embodiment corresponding to Fig. 3, therefore, the specific implementation of each step in the present embodiment Process can refer to embodiment corresponding to Fig. 1-Fig. 3, and details are not described herein again.

Figure 10 is the 7th kind of method flow diagram of the method for tracking application access provided by this specification embodiment, Figure 10 Shown in method, include at least following steps:

Step 1002, request is tracked to the access that server sends target application by the first application on terminal device； Wherein, the mark of target application is carried in access tracking request.

Step 1004, domain name corresponding to the mark with target application that server returns is received.

Step 1006, which is accessed using HTTP by first on terminal device.

Step 1008, monitor whether to receive the HSTS configuration information of the domain name of server return；If so, thening follow the steps 1010, it is no to then follow the steps 1012.

Wherein, in step 1008, can also by detect with server establish connection whether be HTTPS connection side Formula is realized.

Step 1010, determine the domain name not by the target application on terminal device access or domain name corresponding to HSTS Configuration information is no longer valid.

Step 1012, determine that the domain name is accessed by the target application on the terminal device.

The method for the tracking application access that this specification embodiment provides, gets corresponding to target application from server After domain name, the mode of the domain name is accessed by using HTTP, detects whether that there are effective HSTS corresponding to the domain name to match Confidence breath, if in the presence of, it is determined that the domain name is accessed by target application.This specification embodiment, realizes to target application The tracking of accessed domain name, and do not influenced by system update or upgrading, stability is preferable；It does not need to obtain device-fingerprint etc. Therefore system level data not will receive the limitation of the anti-privacy tracking of system.Furthermore, it is contemplated that the configuration information of caching HSTS is Steps necessary, therefore this programme will not be prevented by system.

This specification embodiment additionally provides a kind of method for tracking application access, and this method is applied to server, i.e., should The executing subject of method is server, specifically, the executing subject of this method can be the tracking application being mounted on server The device of access.Figure 11 shows the 8th kind of method flow of the method for the tracking application access of this specification embodiment offer Scheme, method shown in Figure 11 includes at least following steps:

Step 1102, the access for the target application that receiving terminal apparatus is sent tracks request, wraps in access tracking request Include the mark of target application.

Step 1104, request is tracked according to above-mentioned access and searches domain name corresponding with access tracking request.

Step 1106, above-mentioned domain name is returned into terminal device, so that terminal device accesses the domain name by using HTTP, Detect whether that there are effective HSTS configuration informations corresponding to the domain name；Instruction according to testing result determines that above-mentioned domain name is It is no to be accessed by target application.

In this specification embodiment, the corresponding relationship being previously stored between domain name and the mark of application and is answered at domain name The corresponding relationship of mark is potentially stored on server, it is also possible to is stored in the database except server.Therefore, if Be the mark of domain name and application corresponding relationship storage on the server, then directly search and the mark of target application on the server Sensible matched domain name；If then server is according to target in the database of the corresponding relationship of domain name and the mark of application storage The mark of application searches domain name corresponding to the mark of target application from database.

Wherein, before executing above-mentioned steps 1102, the method for this specification embodiment offer further include:

Receive the domain name access request that each terminal device is sent；Establish and store between each domain name and the mark of application One corresponding relationship.

Specifically, in this specification embodiment, after server receives the access request of terminal device, according to the visit It asks request, the mark for accessing the application of the domain name is extracted from the context of the access request, establishes and stores the application The corresponding relationship of mark and the domain name accessed.For example, if terminal device passes through the application access domain name of UA1 A.taobao.com, then application identities are UA1, then in server or database that UA1 and " A.taobao.com " is corresponding Carry out store.

Therefore, before executing step 1102, the method for this specification embodiment offer further include:

It is requested to determine IP address information used in access domain name according to domain name access；Establish and store domain name, application The second corresponding relationship between mark and IP address information.

The realization process of method and step in embodiment corresponding to the specific implementation process and Fig. 9-Figure 10 of above-mentioned each step Identical, therefore, the realization process of above-mentioned each step can refer to embodiment corresponding to Fig. 9-Figure 10, and details are not described herein again.

Figure 12 shows the third interaction diagrams that application access method is tracked in this specification embodiment, shown in Figure 12 Method, include at least following steps:

Step 1202, terminal device tracks request to the access that server sends target application, wherein access tracking is asked The mark of target application is carried in asking and accesses the IP address of the used network of server.

Step 1204, after server receives access tracking request, target application is extracted from access tracking request Mark and IP address.

Step 1206, server searched from the mapping relations of the mark of the application pre-established, IP address and domain name with The domain name that the mark and IP address of target application match.

Step 1208, the domain name found is sent to terminal device by server.

Step 1210, terminal device accesses the domain name by HTTP, and detect the connection established with server whether be HTTPS connection；If so, thening follow the steps 1212, otherwise, step 1214 is executed；

Specifically, in step 1210, can also monitor whether to receive corresponding to the domain name of server return HSTS configuration information.

Step 1212, determine that the domain name was accessed by target application.

Step 1214, determine the domain name not by target application accessed or domain name corresponding to HSTS configuration information Through failing.

The method for the tracking application access that this specification embodiment provides, server return domain name corresponding to target application Detect whether that there are the domain names in a manner of making terminal device access the domain name by using HTTP back to terminal device Corresponding effective HSTS configuration information, if in the presence of, it is determined that the domain name is accessed by target application.This specification is implemented Example, realizes the tracking of domain name accessed to target application, and do not influenced by system update or upgrading, stability is preferable； It does not need to obtain the system level datas such as device-fingerprint, therefore, not will receive the limitation of the anti-privacy tracking of system.Furthermore, it is contemplated that The configuration information for caching HSTS is steps necessary, therefore this programme will not be prevented by system.

This specification embodiment additionally provides a kind of device for tracking application access, for executing this specification implementation example figure The method of tracking application access corresponding to 1- Fig. 3, the device can be applied to terminal device, wherein the terminal device can be with For equipment such as mobile phone, tablet computer, computers.Figure 13 is the of the device of tracking application access that this specification embodiment provides A kind of module composition schematic diagram, device shown in Figure 13, includes at least:

Sending module 1301, the access for sending target application to server track request, wrap in access tracking request Include the mark of target application；

First receiving module 1302 tracks the domain name identification that request returns according to access for receiving server；

Detection module 1303, for detecting whether existence domain by using domain name corresponding to HTTP access domain name identification Effective HSTS configuration information corresponding to name；

First determining module 1304 determines whether domain name is accessed by target application for instruction according to testing result.

Optionally, above-mentioned detection module 1303, comprising:

First transmission unit, for using domain name corresponding to HTTP access domain name identification,；

First detection unit, for detecting whether established connection is HTTPS connection；

First determination unit, if the connection for foundation is HTTPS connection, it is determined that there are effective corresponding to domain name HSTS configuration information；Otherwise, it determines there is no effective HSTS configuration informations corresponding to domain name.

Optionally, above-mentioned detection module 1303, further includes:

Second transmission unit, for using domain name corresponding to HTTP access domain name identification；

Second detection unit, for monitoring whether to receive the HSTS configuration information of server return；

Second determination unit, if the HSTS configuration information for receiving server return, it is determined that domain name institute is not present Corresponding effective HSTS configuration information；Otherwise, it determines there are effective HSTS configuration informations corresponding to domain name.

Optionally, above-mentioned sending module 1301, comprising:

Third transmission unit, the first application by being installed on terminal device send access tracking request to server；

First determining module 1304, comprising:

Whether third determination unit, instruction according to testing result determine domain name by the target application institute on terminal device Access；

Wherein, the first application and target application are the different application on terminal device.

It optionally, further include IP address information used in access server in above-mentioned access tracking request；

Correspondingly, above-mentioned first receiving module 1302, comprising:

First receiving unit, for receiving finding according to the mark and IP address information of target application for server transmission Domain name identification.

It optionally, further include terminal device relevant information in above-mentioned access tracking request；

Correspondingly, above-mentioned first receiving module 1302, comprising:

Second receiving unit, for receiving the mark, IP address information and terminal according to target application of server transmission The domain name identification that device-dependent message is found.

Optionally, the device that this specification embodiment provides, further includes:

Domain name identifier combination is domain name for the domain name combination rule according to setting by composite module；

Alternatively,

Parsing module, for the decoding algorithm according to setting, parsing obtains the corresponding domain name of domain name mark.

The device of the tracking application access of this specification embodiment can also carry out the device that application access is tracked in Fig. 1-Fig. 3 The method of execution, and the device for tracking application access is realized in Fig. 1-embodiment illustrated in fig. 3 function, details are not described herein.

The device for the tracking application access that this specification embodiment provides, gets corresponding to target application from server After domain name identification, the mode of domain name corresponding to access domain name identification is accessed by using HTTP, detects whether that there are the domain names Corresponding effective HSTS configuration information, if in the presence of, it is determined that the domain name is accessed by target application.This specification is implemented Example, realizes the tracking of domain name accessed to target application, and do not influenced by system update or upgrading, stability is preferable； It does not need to obtain the system level datas such as device-fingerprint, therefore, not will receive the limitation of the anti-privacy tracking of system.Furthermore, it is contemplated that The configuration information for caching HSTS is steps necessary, therefore this programme will not be prevented by system.

This specification embodiment additionally provides a kind of device for tracking application access, for executing this specification implementation example figure The method of tracking application access corresponding to 4- Fig. 5, the device can be applied to server.Figure 14 is that this specification embodiment mentions Second of module composition schematic diagram of the device of the tracking application access of confession, device shown in Figure 14, includes at least:

Second receiving module 1401, the access tracking request for the target application that receiving terminal apparatus is sent；Access with The mark of target application is carried in track request；

Searching module 1402 searches domain name identification corresponding with access tracking request for tracking request according to access；

Return module 1403, for domain name identification to be returned to terminal device, so that terminal device is visited by using HTTP It asks domain name corresponding to domain name identification, detects whether that there are effective HSTS configuration informations corresponding to domain name；According to testing result Instruction, determine whether domain name is accessed by target application.

Third receiving module, the domain name access request sent for receiving each terminal device；

Second determining module determines domain name identification corresponding to domain name and access domain name for requesting according to domain name access Application mark；

First memory module, for establishing and storing the first corresponding relationship between domain name identification and the mark of application.

Optionally, the IP address information of access the used network of server is also carried in above-mentioned access tracking request；

The device that this specification embodiment provides, further includes:

Third determining module determines IP address information used in access domain name for requesting according to domain name access；

Second memory module, second between mark and IP address information for establishing and storing domain name identification, application Corresponding relationship.

The device of the tracking application access of this specification embodiment can also carry out the device that application access is tracked in Fig. 4-Fig. 5 The method of execution, and the device for tracking application access is realized in Fig. 4-embodiment illustrated in fig. 5 function, details are not described herein.

The device for the tracking application access that this specification embodiment provides, server is by domain name mark corresponding to target application Knowledge returns to terminal device, in a manner of making terminal device access domain name corresponding to access domain name identification by using HTTP, Detect whether that there are effective HSTS configuration informations corresponding to the domain name, if in the presence of, it is determined that the domain name is by target application institute Access.This specification embodiment realizes the tracking of domain name accessed to target application, and not by system update or upgrading It influences, stability is preferable；It does not need to obtain the system level datas such as device-fingerprint, therefore, not will receive the anti-privacy tracking of system Limitation.Furthermore, it is contemplated that the configuration information of caching HSTS is steps necessary, therefore this programme will not be prevented by system.

This specification embodiment additionally provides a kind of device for tracking application access, for executing this specification implementation example figure The method of tracking application access corresponding to 9- Figure 10, the device can be applied to terminal device.Figure 15 is this specification implementation The third module composition schematic diagram of the device for the tracking application access that example provides, device shown in figure 15 include at least:

Sending module 1501, the access for sending target application to server track request, above-mentioned access tracking request In include above-mentioned target application mark；

First receiving module 1502 tracks the domain name that request returns according to above-mentioned access for receiving above-mentioned server；

Detection module 1503 detects whether that there are corresponding to above-mentioned domain name for accessing above-mentioned domain name by using HTTP Effective HSTS configuration information；

First determining module 1504 determines whether above-mentioned domain name is answered by above-mentioned target for instruction according to testing result With being accessed.

Optionally, optionally, above-mentioned detection module 1503, comprising:

First transmission unit, for using HTTP to access the domain name,；

First determination unit, if the connection for foundation is HTTPS connection, it is determined that there are effective corresponding to the domain name HSTS configuration information；Otherwise, it determines there is no effective HSTS configuration informations corresponding to the domain name.

Optionally, above-mentioned detection module 1503, further includes:

Second transmission unit, for using HTTP to access the domain name；

Second determination unit, if the HSTS configuration information for receiving server return, it is determined that the domain name is not present Corresponding effective HSTS configuration information；Otherwise, it determines there are effective HSTS configuration informations corresponding to the domain name.

Optionally, above-mentioned sending module 1501, comprising:

First determining module 1504, comprising:

Whether third determination unit, instruction according to testing result determine the domain name by the target application on terminal device It is accessed；

Correspondingly, above-mentioned first receiving module 1502, comprising:

First receiving unit, for receiving finding according to the mark and IP address information of target application for server transmission Domain name.

Correspondingly, above-mentioned first receiving module 1502, comprising:

Second receiving unit, for receiving the mark, IP address information and terminal according to target application of server transmission The domain name that device-dependent message is found.

The device of the tracking application access of this specification embodiment can also carry out the dress that application access is tracked in Fig. 9-Figure 10 The method for setting execution, and the device for tracking application access is realized in Fig. 9-embodiment illustrated in fig. 10 function, details are not described herein.

The device for the tracking application access that this specification embodiment provides, gets corresponding to target application from server After domain name, the mode of the domain name is accessed by using HTTP, detects whether that there are effective HSTS corresponding to the domain name to match Confidence breath, if in the presence of, it is determined that the domain name is accessed by target application.This specification embodiment, realizes to target application The tracking of accessed domain name, and do not influenced by system update or upgrading, stability is preferable；It does not need to obtain device-fingerprint etc. Therefore system level data not will receive the limitation of the anti-privacy tracking of system.Furthermore, it is contemplated that the configuration information of caching HSTS is Steps necessary, therefore this programme will not be prevented by system.

Corresponding to this specification implementation example figure 1- method shown in Fig. 8, it is based on identical thinking, this specification embodiment mentions A kind of system for tracking application access is supplied, Figure 16 is the structure of the system for the tracking application access that this specification embodiment provides Schematic diagram, including server 1601 and terminal device 1602；

Above-mentioned terminal device 1602, the access for sending target application to server track request, and access tracking is asked It include the mark of target application in asking；

Above-mentioned server 1601, the access sent for receiving terminal apparatus track request；It is looked into according to access tracking request Look for domain name identification corresponding with access tracking request；Domain name identification is returned into terminal device；

Above-mentioned terminal device 1602 is also used to receive server according to access and tracks the domain name identification that request returns；Pass through Using domain name corresponding to HTTP access domain name identification, detect whether that there are effective HSTS configuration informations corresponding to domain name；Root According to the instruction of testing result, determine whether domain name is accessed by target application.

Optionally, above-mentioned terminal device 1602, is specifically used for:

Using domain name corresponding to HTTP access domain name identification, and detect whether established connection is Hyper text transfer peace Full agreement HTTPS connection；If so, determining that there are effective HSTS configuration informations corresponding to domain name；Otherwise, it determines domain is not present Effective HSTS configuration information corresponding to name.

Optionally, above-mentioned terminal device 1602, also particularly useful for:

Correspondingly, above-mentioned terminal device 1602, is specifically used for:

Correspondingly, above-mentioned terminal device 1602, also particularly useful for:

Optionally, above-mentioned terminal device 1602, also particularly useful for:

The first application by being installed on terminal device sends access tracking request to server；And it is tied according to detection The instruction of fruit, determines whether domain name is accessed by the target application on terminal device；

Optionally, above-mentioned server 1601, is also used to:

Optionally, the IP address information of access the used network of server is also carried in above-mentioned access tracking request；On Server 1601 is stated, is also used to:

Optionally, above-mentioned terminal device 1602, also particularly useful for:

According to the domain name combination rule of setting, above-mentioned domain name identification group is combined into domain name；

Alternatively, parsing obtains domain name corresponding to above-mentioned domain name identification according to the decoding algorithm of setting.

The system for the tracking application access that this specification embodiment provides, server is by domain name mark corresponding to target application Knowledge returns to terminal device, and it is right that terminal device accesses access domain name identification institute after getting domain name identification, by using HTTP The mode for the domain name answered detects whether that there are effective HSTS configuration informations corresponding to domain name, if in the presence of, it is determined that domain name quilt Target application is accessed.This specification embodiment realizes the tracking of domain name accessed to target application, and more not by system New or upgrading influence, stability are preferable；Therefore not needing the system level datas such as acquisition device-fingerprint it is anti-not to will receive system The limitation of privacy tracking.Furthermore, it is contemplated that the configuration information of caching HSTS is steps necessary, therefore this programme will not be by system It is prevented.

Corresponding to method shown in this specification implementation example figure 9- Figure 12, it is based on identical thinking, this specification embodiment A kind of system for tracking application access is provided, as shown in figure 16.

The system includes terminal device 1602 and server 1601；

Above-mentioned terminal device, the access for sending target application to above-mentioned server track request, above-mentioned access tracking It include the mark of above-mentioned target application in request；

Above-mentioned server, the above-mentioned access tracking request sent for receiving above-mentioned terminal device, according to above-mentioned access with Domain name corresponding with above-mentioned access tracking request is searched in track request, and above-mentioned domain name is returned to above-mentioned terminal device；

Above-mentioned terminal device, is also used to receive the domain name that above-mentioned server returns, and accesses above-mentioned domain name by using HTTP, Detect whether that there are effective HSTS configuration informations corresponding to above-mentioned domain name, instruction according to testing result determines above-mentioned domain name Whether accessed by above-mentioned target application.

Optionally, above-mentioned terminal device, also particularly useful for:

Above-mentioned domain name is accessed using HTTP, and detects whether established connection is Hyper text transfer security protocol HTTPS Connection；

If so, determining that there are effective HSTS configuration informations corresponding to above-mentioned domain name；Otherwise, it determines above-mentioned domain is not present Effective HSTS configuration information corresponding to name.

Optionally, above-mentioned terminal device, also particularly useful for:

Correspondingly, above-mentioned terminal device, is specifically used for:

Correspondingly, above-mentioned terminal device, also particularly useful for:

Receive finding according to the mark of target application, IP address information and terminal device relevant information for server transmission Domain name.

Optionally, above-mentioned terminal device, also particularly useful for:

The first application by being installed on terminal device sends access tracking request to server；And it is tied according to detection The instruction of fruit, determines whether above-mentioned domain name is accessed by the target application on terminal device；

Optionally, above-mentioned server, is also used to:

Receive the domain name access request that each terminal device is sent；It establishes and stores and taken in domain name and domain name access request The first corresponding relationship between the mark of the application of band.

The system for the tracking application access that this specification embodiment provides, server return domain name corresponding to target application Back to terminal device, terminal device is accessed the mode of the domain name by using HTTP, detected whether after getting domain name There are effective HSTS configuration informations corresponding to the domain name, if in the presence of, it is determined that the domain name is accessed by target application.This theory Bright book embodiment, realizes the tracking of domain name accessed to target application, and is not influenced by system update or upgrading, stablizes Property is preferable；It does not need to obtain the system level datas such as device-fingerprint, therefore, not will receive the limitation of the anti-privacy tracking of system.In addition, In view of the configuration information of caching HSTS is steps necessary, therefore this programme will not be prevented by system.

Further, based on above-mentioned Fig. 1 to method shown in Fig. 3, this specification embodiment additionally provides a kind of tracking and answers With the equipment of access, as shown in figure 17.Wherein, the equipment of the tracking application access can be applied to the end in system shown in Figure 16 End equipment.

The equipment for tracking application access can generate bigger difference because configuration or performance are different, may include one or More than one processor 1701 and memory 1702 can store one or more storage applications in memory 1702 Program or data.Wherein, memory 1702 can be of short duration storage or persistent storage.It is stored in the application program of memory 1702 It may include one or more modules (diagram is not shown), each module may include in the equipment to tracking application access Series of computation machine executable instruction information.Further, processor 1701 can be set to communicate with memory 1702, The series of computation machine executable instruction information in memory 1702 is executed in the equipment of tracking application access.Tracking application is visited The equipment asked can also include one or more power supplys 1703, one or more wired or wireless network interfaces 1704, one or more input/output interfaces 1705, one or more keyboards 1706 etc..

In a specific embodiment, the equipment for tracking application access include memory and one or one with On program, perhaps more than one program is stored in memory and one or more than one program can wrap for one of them Include one or more modules, and each module may include that series of computation machine in equipment to tracking application access can Information is executed instruction, and is configured to execute this by one or more than one processor or more than one program includes For carrying out following computer executable instructions information:

The access for sending target application to server tracks request, includes the mark of target application in access tracking request；

It receives server and the domain name identification that request returns is tracked according to access；

By using domain name corresponding to hypertext transfer protocol HTTP access domain name identification, detect whether that there are domain name institutes Corresponding effective hypertext transfer protocol strict safety transmits HSTS configuration information；

Instruction according to testing result, determines whether domain name is accessed by target application.

Optionally, computer executable instructions information when executed, is accessed by using hypertext transfer protocol HTTP Domain name corresponding to domain name identification detects whether that there are the transmission of effective hypertext transfer protocol strict safety corresponding to domain name HSTS configuration information, comprising:

Optionally, computer executable instructions information further includes access server in access tracking request when executed Used Internet protocol IP address information；

It receives server and the domain name identification that request returns is tracked according to access, comprising:

Optionally, computer executable instructions information further includes terminal device phase in access tracking request when executed Close information；

Optionally, computer executable instructions information when executed, sends access tracking request to server, comprising:

Instruction according to testing result, determines whether domain name is accessed by target application, comprising:

Instruction according to testing result, determines whether domain name is accessed by the target application on terminal device；

Optionally, computer executable instructions information when executed, is accessed by using hypertext transfer protocol HTTP Domain name corresponding to domain name identification detects whether that there are the transmission of effective hypertext transfer protocol strict safety corresponding to domain name Before HSTS configuration information, following steps can also be performed:

It is domain name by domain name identifier combination according to the domain name combination rule of setting；

Alternatively,

According to the decoding algorithm of setting, parsing obtains the corresponding domain name of domain name mark.

The equipment for the tracking application access that this specification embodiment provides, gets corresponding to target application from server After domain name identification, the mode of domain name corresponding to access domain name identification is accessed by using HTTP, detects whether that there are the domain names Corresponding effective HSTS configuration information, if in the presence of, it is determined that the domain name is accessed by target application.This specification is implemented Example, realizes the tracking of domain name accessed to target application, and do not influenced by system update or upgrading, stability is preferable； It does not need to obtain the system level datas such as device-fingerprint, therefore, not will receive the limitation of the anti-privacy tracking of system.Furthermore, it is contemplated that The configuration information for caching HSTS is steps necessary, therefore this programme will not be prevented by system.

Further, based on above-mentioned Fig. 4 to method shown in fig. 5, this specification embodiment additionally provides a kind of tracking and answers With the equipment of access, as shown in figure 17.Wherein, the equipment of the tracking application access can be applied to the clothes in system shown in Figure 16 Business device.

The access for the target application that receiving terminal apparatus is sent tracks request, carries target application in access tracking request Mark；

Request, which is tracked, according to access searches domain name identification corresponding with access tracking request；

Domain name identification is returned into terminal device, so that terminal device is by using corresponding to HTTP access domain name identification Domain name detects whether that there are effective HSTS configuration informations corresponding to domain name；Whether instruction according to testing result, determine domain name It is accessed by target application.

Optionally, when executed, the access that receiving terminal apparatus is sent tracks request to computer executable instructions information Before, method further include:

Optionally, computer executable instructions information when executed, also carries access service in access tracking request The IP address information of the used network of device；

Before the access tracking request that receiving terminal apparatus is sent, method further include:

The equipment for the tracking application access that this specification embodiment provides, server is by domain name mark corresponding to target application Knowledge returns to terminal device, in a manner of making terminal device access domain name corresponding to access domain name identification by using HTTP, Detect whether that there are effective HSTS configuration informations corresponding to the domain name, if in the presence of, it is determined that the domain name is by target application institute Access.This specification embodiment realizes the tracking of domain name accessed to target application, and not by system update or upgrading It influences, stability is preferable；It does not need to obtain the system level datas such as device-fingerprint, therefore, not will receive the anti-privacy tracking of system Limitation.Furthermore, it is contemplated that the configuration information of caching HSTS is steps necessary, therefore this programme will not be prevented by system.

Further, based on above-mentioned Fig. 9 to method shown in Fig. 10, this specification embodiment additionally provides a kind of tracking and answers With the equipment of access, as shown in figure 17.Wherein, the equipment of the tracking application access can be applied to the end in system shown in Figure 16 End equipment.

The access for sending target application to server tracks request, includes above-mentioned target application in above-mentioned access tracking request Mark；

It receives above-mentioned server and the domain name that request returns is tracked according to above-mentioned access；

Above-mentioned domain name is accessed by using HTTP, detects whether that there are effective HSTS corresponding to above-mentioned domain name to match confidence Breath；

Instruction according to testing result, determines whether above-mentioned domain name is accessed by above-mentioned target application.

Optionally, computer executable instructions information when executed, above by using HTTP to access above-mentioned domain name, is examined It surveys with the presence or absence of effective HSTS configuration information corresponding to above-mentioned domain name, comprising:

Above-mentioned domain name is accessed using HTTP, and monitors whether to receive the HSTS configuration information that above-mentioned server returns；

If so, determining that there is no effective HSTS configuration informations corresponding to above-mentioned domain name；Otherwise, it determines there are above-mentioned domains Effective HSTS configuration information corresponding to name.

The equipment for the tracking application access that this specification embodiment provides, gets corresponding to target application from server After domain name, the mode of the domain name is accessed by using HTTP, detects whether that there are effective HSTS corresponding to the domain name to match Confidence breath, if in the presence of, it is determined that the domain name is accessed by target application.This specification embodiment, realizes to target application The tracking of accessed domain name, and do not influenced by system update or upgrading, stability is preferable；It does not need to obtain device-fingerprint etc. Therefore system level data not will receive the limitation of the anti-privacy tracking of system.Furthermore, it is contemplated that the configuration information of caching HSTS is Steps necessary, therefore this programme will not be prevented by system.

Further, based on above-mentioned Fig. 1 to method shown in Fig. 3, this specification embodiment additionally provides a kind of storage Jie Matter, for storing computer executable instructions information, in a kind of specific embodiment, the storage medium can for USB flash disk, CD, Hard disk etc., the computer executable instructions information of storage medium storage are able to achieve following below scheme when being executed by processor:

Optionally, the storage medium storage computer executable instructions information when being executed by processor, by using Hypertext transfer protocol HTTP accesses domain name corresponding to domain name identification, detects whether that there are effective hypertexts corresponding to domain name Transport protocol strict safety transmits HSTS configuration information, comprising:

Optionally, the computer executable instructions information of storage medium storage is when being executed by processor, access tracking It further include Internet protocol IP address information used in access server in request；

Optionally, the computer executable instructions information of storage medium storage is when being executed by processor, access tracking It further include terminal device relevant information in request；

Optionally, the computer executable instructions information of storage medium storage is when being executed by processor, to server Send access tracking request, comprising:

The first application by being installed on terminal device sends access tracking request to server；

Optionally, the storage medium storage computer executable instructions information when being executed by processor, above by Domain name corresponding to above-mentioned domain name identification is accessed using hypertext transfer protocol HTTP, detects whether that there are corresponding to above-mentioned domain name Effective hypertext transfer protocol strict safety transmission HSTS configuration information before, following steps can also be performed:

Alternatively,

According to the decoding algorithm of setting, parsing obtains domain name corresponding to above-mentioned domain name identification.

The computer executable instructions information for the storage medium storage that this specification embodiment provides is being executed by processor When, after getting domain name identification corresponding to target application from server, it is right that access domain name identification institute is accessed by using HTTP The mode for the domain name answered detects whether that there are effective HSTS configuration informations corresponding to the domain name, if in the presence of, it is determined that the domain Name is accessed by target application.This specification embodiment, realizes the tracking of domain name accessed to target application, and is not System updates or the influence of upgrading, stability are preferable；It does not need to obtain the system level datas such as device-fingerprint, therefore, not will receive and be The limitation that anti-privacy of uniting is tracked.Furthermore, it is contemplated that the configuration information of caching HSTS is steps necessary, therefore this programme will not be by System is prevented.

Further, based on above-mentioned Fig. 4 to method shown in fig. 5, this specification embodiment additionally provides a kind of storage Jie Matter, for storing computer executable instructions information, in a kind of specific embodiment, the storage medium can for USB flash disk, CD, Hard disk etc., the computer executable instructions information of storage medium storage are able to achieve following below scheme when being executed by processor:

Optionally, the computer executable instructions information of storage medium storage receives terminal when being executed by processor Before the access tracking request that equipment is sent, method further include:

Optionally, the computer executable instructions information of storage medium storage is when being executed by processor, access tracking The IP address information of access the used network of server is also carried in request；

The computer executable instructions information for the storage medium storage that this specification embodiment provides is being executed by processor When, domain name identification corresponding to target application is returned to terminal device by server, so that terminal device is visited by using HTTP The mode for asking domain name corresponding to access domain name identification, detects whether there are effective HSTS configuration information corresponding to the domain name, If in the presence of, it is determined that the domain name is accessed by target application.This specification embodiment is realized to target application institute access domain The tracking of name, and do not influenced by system update or upgrading, stability is preferable；It does not need to obtain the systems series such as device-fingerprint According to therefore, not will receive the limitation of system anti-privacy tracking.Furthermore, it is contemplated that the configuration information of caching HSTS is steps necessary, Therefore this programme will not be prevented by system.

Further, based on above-mentioned Fig. 9 to method shown in Fig. 10, this specification embodiment additionally provides a kind of storage Jie Matter, for storing computer executable instructions information, in a kind of specific embodiment, the storage medium can for USB flash disk, CD, Hard disk etc., the computer executable instructions information of storage medium storage are able to achieve following below scheme when being executed by processor:

Optionally, the storage medium storage computer executable instructions information when being executed by processor, above by Above-mentioned domain name is accessed using HTTP, detects whether that there are effective HSTS configuration informations corresponding to above-mentioned domain name, comprising:

The computer executable instructions information for the storage medium storage that this specification embodiment provides is being executed by processor When, after getting domain name corresponding to target application from server, the mode of the domain name, detection are accessed by using HTTP With the presence or absence of effective HSTS configuration information corresponding to the domain name, if in the presence of, it is determined that the domain name is accessed by target application. This specification embodiment, realizes the tracking of domain name accessed to target application, and is not influenced by system update or upgrading, Stability is preferable；It does not need to obtain the system level datas such as device-fingerprint, therefore, not will receive the limitation of the anti-privacy tracking of system. Furthermore, it is contemplated that the configuration information of caching HSTS is steps necessary, therefore this programme will not be prevented by system.

In the 1990s, the improvement of a technology can be distinguished clearly be on hardware improvement (for example, Improvement to circuit structures such as diode, transistor, switches) or software on improvement (improvement for method flow).So And with the development of technology, the improvement of current many method flows can be considered as directly improving for hardware circuit. Designer nearly all obtains corresponding hardware circuit by the way that improved method flow to be programmed into hardware circuit.Cause This, it cannot be said that the improvement of a method flow cannot be realized with hardware entities module.For example, programmable logic device (Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable Gate Array, FPGA)) it is exactly such a integrated circuit, logic function determines device programming by user.By designer Voluntarily programming comes a digital display circuit " integrated " on a piece of PLD, designs and makes without asking chip maker Dedicated IC chip.Moreover, nowadays, substitution manually makes IC chip, this programming is also used instead mostly " is patrolled Volume compiler (logic compiler) " software realizes that software compiler used is similar when it writes with program development, And the source code before compiling also write by handy specific programming language, this is referred to as hardware description language (Hardware Description Language, HDL), and HDL is also not only a kind of, but there are many kind, such as ABEL (Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL (Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language) etc., VHDL (Very-High-Speed is most generally used at present Integrated Circuit Hardware Description Language) and Verilog.Those skilled in the art also answer This understands, it is only necessary to method flow slightly programming in logic and is programmed into integrated circuit with above-mentioned several hardware description languages, The hardware circuit for realizing the logical method process can be readily available.

Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processing The computer for the computer readable program code (such as software or firmware) that device and storage can be executed by (micro-) processor can Read medium, logic gate, switch, specific integrated circuit (Application SpecificIntegrated Circuit, ASIC), The form of programmable logic controller (PLC) and insertion microcontroller, the example of controller includes but is not limited to following microcontroller: ARC 625D, Atmel AT91SAM, MicrochipPIC18F26K20 and Silicone Labs C8051F320, memory control Device is also implemented as a part of the control logic of memory.It is also known in the art that in addition to pure computer Readable program code mode realizes other than controller, completely can be by the way that method and step is carried out programming in logic come so that controller Identical function is realized in the form of logic gate, switch, specific integrated circuit, programmable logic controller (PLC) and insertion microcontroller etc. Energy.Therefore this controller is considered a kind of hardware component, and to the dress for realizing various functions for including in it Set the structure that can also be considered as in hardware component.Or even, can will be considered as realizing the device of various functions both can be with It is that the software module of implementation method can be the structure in hardware component again.

System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used Think personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play It is any in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipment The combination of equipment.

For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this The function of each unit can be realized in the same or multiple software and or hardware when application.

It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.

The application is reference according to the method for this specification embodiment, the stream of equipment (system) and computer program product Journey figure and/or block diagram describe.It should be understood that can be by computer program instructions information realization flowchart and/or the block diagram The combination of process and/or box in each flow and/or block and flowchart and/or the block diagram.It can provide these calculating Machine program instruction information is to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices Processor is to generate a machine, so that the instruction executed by computer or the processor of other programmable data processing devices Information generates specifies for realizing in one or more flows of the flowchart and/or one or more blocks of the block diagram Function device.

These computer program instructions information, which may also be stored in, is able to guide computer or other programmable data processing devices In computer-readable memory operate in a specific manner, so that command information stored in the computer readable memory produces Raw includes the manufacture of command information device, the command information device realize in one or more flows of the flowchart and/or The function of being specified in one or more blocks of the block diagram.

These computer program instructions information also can be loaded onto a computer or other programmable data processing device, so that Series of operation steps are executed on a computer or other programmable device to generate computer implemented processing, thus calculating The command information that is executed on machine or other programmable devices provide for realizing in one or more flows of the flowchart and/or The step of function of being specified in one or more blocks of the block diagram.

In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net Network interface and memory.

Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.

Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer-readable instruction information, data structure, the module of program or other numbers According to.The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory techniques, CD-ROM are read-only Memory (CD-ROM), digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or Other magnetic storage devices or any other non-transmission medium, can be used for storage can be accessed by a computing device information.According to Herein defines, and computer-readable medium does not include temporary computer readable media (transitory media), such as modulation Data-signal and carrier wave.

It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want There is also other identical elements in the process, method of element, commodity or equipment.

It will be understood by those skilled in the art that embodiments herein can provide as method, system or computer program product. Therefore, complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used in the application Form.It is deposited moreover, the application can be used to can be used in the computer that one or more wherein includes computer usable program code The shape for the computer program product implemented on storage media (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) Formula.

The application can computer executable instructions information it is general up and down described in the text, such as Program module.Generally, program module include routines performing specific tasks or implementing specific abstract data types, it is program, right As, component, data structure etc..The application can also be practiced in a distributed computing environment, in these distributed computing environment In, by executing task by the connected remote processing devices of communication network.In a distributed computing environment, program module It can be located in the local and remote computer storage media including storage equipment.

All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method Part explanation.

The above description is only an example of the present application, is not intended to limit this application.For those skilled in the art For, various changes and changes are possible in this application.All any modifications made within the spirit and principles of the present application are equal Replacement, improvement etc., should be included within the scope of the claims of this application.

Claims

1. a kind of method for tracking application access, which comprises

The access for sending target application to server tracks request, includes the mark of the target application in the access tracking request Know；

By using the corresponding domain name of hypertext transfer protocol HTTP access domain name mark, detect whether that there are the domains Effective hypertext transfer protocol strict safety corresponding to name transmits HSTS configuration information；

2. according to the method described in claim 1, described by using hypertext transfer protocol HTTP access domain name mark Corresponding domain name detects whether that there are the transmission of effective hypertext transfer protocol strict safety corresponding to domain name HSTS to match Confidence breath, comprising:

Corresponding domain name is identified using HTTP access domain name, and detects whether established connection is Hyper text transfer peace Full agreement HTTPS connection；

If so, determining that there are effective HSTS configuration informations corresponding to domain name；Otherwise, it determines domain name institute is not present Corresponding effective HSTS configuration information.

3. according to the method described in claim 1, described by using hypertext transfer protocol HTTP access domain name mark Corresponding domain name detects whether that there are the transmission of effective hypertext transfer protocol strict safety corresponding to domain name HSTS to match Confidence breath, comprising:

Corresponding domain name is identified using HTTP access domain name, and monitors whether to receive the HSTS that the server returns Configuration information；

If so, determining that there is no effective HSTS configuration informations corresponding to domain name；Otherwise, it determines there are domain name institutes Corresponding effective HSTS configuration information.

4. method according to claim 1-3, it further includes accessing the server that the access, which tracks in request, Used Internet protocol IP address information；

The domain name identification for receiving the server and being returned according to the access tracking request, comprising:

Receive the domain name mark found according to the mark of the target application and the IP address information that the server is sent Know.

5. according to the method described in claim 4, further including terminal device relevant information in access tracking request；

Receive that the server sends according to the mark of the target application, the IP address information and the terminal device phase Close the domain name identification that information searching arrives.

6. method according to claim 1-3, the access for sending target application to server tracks request, Include:

The first application by being installed on terminal device sends the access tracking request to server；

The instruction according to testing result, determines whether domain name is accessed by the target application, comprising:

According to the instruction of the testing result, determine whether domain name is visited by the target application on the terminal device It asks；

Wherein, first application and the target application are the different application on the terminal device.

7. according to the method described in claim 1, described by using hypertext transfer protocol HTTP access domain name mark Corresponding domain name detects whether that there are the transmission of effective hypertext transfer protocol strict safety corresponding to domain name HSTS to match Before confidence breath, the method also includes:

It is domain name by domain name identifier combination according to the domain name combination rule of setting.

8. a kind of method for tracking application access, which comprises

The access for the target application that receiving terminal apparatus is sent tracks request, includes that the target is answered in the access tracking request Mark；

Domain name mark is returned into the terminal device, so that the terminal device accesses domain name by using HTTP The corresponding domain name of mark, detects whether that there are effective HSTS configuration informations corresponding to domain name；According to testing result Instruction, determines whether domain name is accessed by the target application.

9. according to the method described in claim 8, the receiving terminal apparatus send access tracking request before, the method Further include:

Receive the domain name access request that each terminal device is sent；

According to domain name access request determine domain name corresponding to domain name identification and access the application of domain name Mark；

It establishes and stores the first corresponding relationship between domain name mark and the mark of the application.

10. according to the method described in claim 9, further including access the used network of server in access tracking request IP address information；

Before the access tracking request that the receiving terminal apparatus is sent, the method also includes:

It is determined according to domain name access request and accesses IP address information used in domain name；It establishes and stores domain name The second corresponding relationship between mark, the mark and the IP address information of the application.

11. a kind of method for tracking application access, which comprises

Domain name is accessed by using HTTP, detects whether that there are effective HSTS configuration informations corresponding to domain name；

12. according to the method for claim 11, described access domain name by using HTTP, detect whether to exist described Effective HSTS configuration information corresponding to domain name, comprising:

Domain name is accessed using HTTP, and detects whether established connection is the HTTPS connection of Hyper text transfer security protocol；

13. according to the method for claim 11, described access domain name by using HTTP, detect whether to exist described Effective HSTS configuration information corresponding to domain name, comprising:

Domain name is accessed using HTTP, and monitors whether to receive the HSTS configuration information that the server returns；

14. a kind of device for tracking application access, described device include:

Sending module, the access for sending target application to server track request, include the mesh in the access tracking request Mark the mark of application；

Detection module detects whether that there are domain name institutes by using the corresponding domain name of HTTP access domain name mark Corresponding effective HSTS configuration information；

15. device according to claim 14, the detection module include:

First transmission unit identifies corresponding domain name using HTTP access domain name；

First detection unit, detects whether established connection is HTTPS connection；

First determination unit, if the connection established is HTTPS connection, it is determined that there are effective HSTS corresponding to domain name to match Confidence breath；Otherwise, it determines there is no effective HSTS configuration informations corresponding to domain name.

16. device according to claim 14, the detection module further include:

Second transmission unit identifies corresponding domain name using HTTP access domain name；

Second detection unit monitors whether to receive the HSTS configuration information that the server returns；

Second determination unit, if receiving the HSTS configuration information that the server returns, it is determined that domain name institute is not present Corresponding effective HSTS configuration information；Otherwise, it determines there are effective HSTS configuration informations corresponding to domain name.

17. the described in any item devices of 4-16 according to claim 1, the sending module, comprising:

Third transmission unit, the first application by being installed on terminal device send the access tracking request to server；

First determining module, comprising:

Whether third determination unit determines domain name by the institute on the terminal device according to the instruction of the testing result Target application is stated to be accessed；

18. a kind of device for tracking application access, described device include:

Second receiving module, the access for the target application that receiving terminal apparatus is sent track request, and the access tracks in request Take the mark including the target application；

Domain name mark is returned to the terminal device, so that the terminal device is visited by using HTTP by return module It asks domain name mark corresponding domain name, detects whether that there are effective HSTS configuration informations corresponding to domain name；According to The instruction of testing result, determines whether domain name is accessed by the target application.

19. a kind of device for tracking application access, described device include:

Detection module detects whether that there are effective corresponding to domain name for accessing domain name by using HTTP HSTS configuration information；

First determining module determines whether domain name is accessed by the target application for instruction according to testing result.

20. a kind of system for tracking application access, including server and terminal device；

The terminal device, the access for sending target application to the server track request, the access tracking request In include the target application mark；

The terminal device is also used to receive the domain name identification that the server returns；Domain name is accessed by using HTTP The corresponding domain name of mark, detects whether that there are effective HSTS configuration informations corresponding to domain name；According to testing result Instruction, determines whether domain name is accessed by the target application.

21. a kind of system for tracking application access, including server and terminal device；

The server, the access tracking request sent for receiving the terminal device, is asked according to access tracking Lookup domain name corresponding with access tracking request is sought, and domain name is returned into the terminal device；

The terminal device is also used to receive the domain name that the server returns, and accesses domain name, detection by using HTTP With the presence or absence of effective HSTS configuration information corresponding to domain name, whether instruction according to testing result determines domain name It is accessed by the target application.

22. a kind of equipment for tracking application access, comprising:

Processor；And

It is arranged to the memory of storage computer executable instructions, the executable instruction makes the processing when executed Device:

By using the corresponding domain name of HTTP access domain name mark, detect whether that there are effective corresponding to domain name HSTS configuration information；

23. a kind of equipment for tracking application access, comprising:

Processor；And

Request is taken to search domain name identification corresponding with access tracking request according to access tracking；

24. a kind of equipment for tracking application access, comprising:

Processor；And

25. a kind of storage medium, for storing computer executable instructions, the executable instruction is realized following when executed Process:

26. a kind of storage medium, for storing computer executable instructions, the executable instruction is realized following when executed Process:

27. a kind of storage medium, for storing computer executable instructions, the executable instruction is realized following when executed Process: