CN109739748B

CN109739748B - Compliance detection method and device

Info

Publication number: CN109739748B
Application number: CN201811526442.4A
Authority: CN
Inventors: 任天赋
Original assignee: Beijing Xiaomi Mobile Software Co Ltd
Current assignee: Beijing Xiaomi Mobile Software Co Ltd
Priority date: 2018-12-13
Filing date: 2018-12-13
Publication date: 2022-06-10
Anticipated expiration: 2038-12-13
Also published as: CN109739748A

Abstract

The disclosure relates to a compliance detection method and device. The method comprises the following steps: running a Monkey test program; the Monkey test program is used for testing the application program of the first terminal; acquiring communication data of the application program from the Monkey test program; and sending the communication data to a server, so that when the server determines that the communication data contains private data, the server marks the private data according to whether the private data is used, and sends the marked private data to a second terminal, so that when the second terminal determines that violation data which do not accord with GDPR compliance rules exist in the marked private data, a detection report of an application program is generated according to the violation data. The technical scheme realizes the automatic generation of the detection report of the application program and has high detection efficiency.

Description

Compliance detection method and device

Technical Field

The present disclosure relates to the field of terminal technologies, and in particular, to a compliance detection method and apparatus.

Background

GDPR (General Data Protection Regulation) is a Regulation of the european union, and GDPR compliance detection is required for applications of terminals in order to ensure stable development of overseas services.

In the related art, generally, a terminal displays uploaded or read data, a user determines whether private data exists in the displayed data according to a GDPR rule, and if the displayed data includes the private data, an application corresponding to the uploaded or read private data is manually marked.

Disclosure of Invention

To overcome the problems in the related art, embodiments of the present disclosure provide a compliance detection method and apparatus. The technical scheme is as follows:

according to a first aspect of the embodiments of the present disclosure, there is provided a compliance detection method applied to a first terminal, including:

running a Monkey test program; the Monkey test program is used for testing the application program of the first terminal;

acquiring communication data of the application program from the Monkey test program;

and sending the communication data to a server, so that when the server determines that the communication data contains private data, the server marks the private data according to whether the private data is used, and sends the marked private data to a second terminal, so that when the second terminal determines that violation data which do not accord with GDPR compliance rules exist in the marked private data, a detection report of an application program is generated according to the violation data.

The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: the method comprises the steps that a first terminal obtains communication data of an application program from a Monkey test program and sends the communication data to a server, so that the server marks the privacy data and sends the marked privacy data to a second terminal when determining that the communication data contain the privacy data, and the second terminal generates a detection report of the application program according to the violation data when determining that the marked privacy data contain violation data which do not accord with GDPR (graphics hardware compliance rules), so that a user can check the detection result of the application program through the detection report, the automatic generation of the detection report of the application program is realized, and the detection efficiency is high.

In one embodiment, the communication data includes at least one of http request message, memory stack data, and log data.

According to a second aspect of the embodiments of the present disclosure, there is provided a compliance detection method applied to a server, including:

receiving communication data sent by a first terminal;

determining whether the communication data contains privacy data according to pre-stored privacy sample data; the privacy sample data is the privacy data of the first terminal stored by the server;

When the communication data contain the privacy data, marking the privacy data according to the data type of the privacy data; the data type of the private data comprises an http request message, memory stack data and log data;

and sending the marked privacy data to a second terminal, so that the second terminal generates a detection report of an application program according to the violation data when the second terminal determines that the marked privacy data contains the violation data which does not accord with the GDPR compliance rule.

The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: when the server receives the communication data of the application program sent by the first terminal and determines that the communication data contains the private data, the server marks the private data and sends the marked private data to the second terminal, so that when the second terminal determines that the marked private data contains the illegal data which does not accord with the GDPR compliance rule, a detection report of the application program is generated according to the illegal data, a user can check the detection result of the application program through the detection report, the automatic generation of the detection report of the application program is realized, and the detection efficiency is high.

In one embodiment, further comprising:

Determining whether the privacy sample data contains sample data different from the communication data;

when the privacy sample data contains sample data different from the communication data, marking the sample data;

the sending the marked privacy data to a second terminal so that when the second terminal determines that the marked privacy data contains illegal data which does not accord with GDPR (graphics device compliance rule), generating a detection report of an application program according to the illegal data comprises the following steps:

and sending the marked privacy data and the marked sample data to a second terminal, so that the second terminal generates a detection report of an application program according to the violation data when the second terminal determines that the marked privacy data and the marked sample data contain the violation data which do not accord with the GDPR compliance rule.

In one embodiment, the sending the marked privacy data and the marked sample data to the second terminal includes:

receiving a private data request sent by the second terminal;

and responding to the privacy data request and sending the marked privacy data and the marked sample data to the second terminal.

In one embodiment, the determining whether the communication data contains privacy data according to pre-stored privacy sample data includes:

searching whether data in the communication data exists in the privacy sample data;

when determining that the data in the communication data exists in the privacy sample data, determining the data as the privacy data.

According to a third aspect of the embodiments of the present disclosure, there is provided a compliance detection method applied to a second terminal, including:

receiving the marked privacy data sent by the server;

determining whether the marked private data has illegal data which does not accord with the GDPR compliance rule or not according to a pre-stored GDPR compliance rule;

and when the marked private data is determined to have the illegal data which does not accord with the GDPR compliance rule, generating a detection report of an application program according to the illegal data.

The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: the method comprises the steps that a first terminal obtains communication data of an application program from a Monkey test program and sends the communication data to a server, so that when the server determines that the communication data contain privacy data, the privacy data are marked and then sent to a second terminal, and when the second terminal determines that the marked privacy data contain illegal data which do not accord with GDPR (graphics hardware description protocol) compliance rules, a detection report of the application program is generated according to the illegal data and conventional data, a user can check the detection result of the application program through the detection report, the automatic generation of the detection report of the application program is achieved, and the detection efficiency is high.

In one embodiment, the generating a detection report of an application according to the violation data when it is determined that there is the violation data that does not meet the GDPR compliance rule in the marked private data includes:

when illegal data which do not accord with the GDPR compliance rule in the marked privacy data are determined, generating a detection report of the application program according to conventional data and the illegal data; the regular data is data which accords with the GDPR compliance rule in the marked privacy data.

In one embodiment, the determining whether there is violation data that does not meet the GDPR compliance rule in the marked private data according to a prestored GDPR compliance rule includes:

modifying the pre-stored GDPR compliance rules;

and determining whether the marked private data has illegal data which does not accord with the modified GDPR compliance rule or not according to the modified GDPR compliance rule.

In one embodiment, the receiving the tagged privacy data sent by the server includes:

receiving the marked privacy data and the marked sample data sent by the server;

the determining whether the marked private data has the violation data which does not meet the GDPR compliance rule according to the prestored GDPR compliance rule includes:

Determining whether the marked private data and the marked sample data have illegal data which do not accord with the GDPR compliance rule or not according to a pre-stored GDPR compliance rule;

when it is determined that there is illegal data which does not meet the GDPR compliance rule in the marked private data, generating a detection report of an application program according to the illegal data includes:

and when determining that the marked privacy data and the marked sample data contain illegal data which does not accord with the GDPR compliance rule, generating a detection report of an application program according to the illegal data.

In one embodiment, the receiving the signed privacy data and the signed sample data sent by the server includes:

sending a private data request to the server;

and receiving the marked privacy data and the marked sample data sent by the server.

In one embodiment, when it is determined that there is illegal data that does not meet the GDPR compliance rule in the marked private data and the marked sample data, generating a detection report of an application according to the illegal data includes:

determining a category of the violation data;

And generating a detection report of the application program according to the category of the violation data and the mark of the violation data.

According to a fourth aspect of the embodiments of the present disclosure, there is provided a compliance detection apparatus including: the operation module is used for operating the Monkey test program; the Monkey test program is used for testing the application program of the first terminal;

the acquisition module is used for acquiring the communication data of the application program from the Monkey test program;

the first sending module is used for sending the communication data to a server, so that when the server determines that the communication data contains private data, the server marks the private data according to whether the private data is used or not, and sends the marked private data to a second terminal, so that when the second terminal determines that violation data which do not accord with a GDPR (graphics device compliance rule) exist in the marked private data, a detection report of an application program is generated according to the violation data.

According to a fifth aspect of embodiments of the present disclosure, there is provided a compliance detection apparatus including:

The first receiving module is used for receiving communication data sent by a first terminal;

the first determining module is used for determining whether the communication data contain the privacy data according to the pre-stored privacy sample data; the privacy sample data is the privacy data of the first terminal stored by the server;

the first marking module is used for marking the private data according to the data type of the private data when the communication data are determined to contain the private data; the data type of the private data comprises an http request message, memory stack data and log data;

and the second sending module is used for sending the marked privacy data to a second terminal so that the second terminal generates a detection report of an application program according to the violation data when the second terminal determines that the marked privacy data contains the violation data which does not accord with the GDPR compliance rule.

In one embodiment, the system further comprises a second determining module and a second marking module, wherein the second sending module comprises a first sending submodule;

the second determining module is configured to determine whether the privacy sample data includes sample data different from the communication data;

The second marking module is configured to mark the sample data when it is determined that the privacy sample data contains sample data different from the communication data;

the first sending submodule is used for sending the marked privacy data and the marked sample data to a second terminal, so that the second terminal generates a detection report of an application program according to the violation data when the second terminal determines that the marked privacy data and the marked sample data contain the violation data which do not accord with the GDPR compliance rule.

In one embodiment, the first transmission submodule includes a first receiving unit and a first transmitting unit;

the first receiving unit is used for receiving a private data request sent by the second terminal;

the first sending unit is configured to send the marked privacy data and the marked sample data to the second terminal in response to the privacy data request.

In one embodiment, the first determination module includes a lookup sub-module and a first determination sub-module;

the searching submodule is used for searching whether the data in the communication data exists in the privacy sample data;

The first determining sub-module is configured to determine, when it is determined that there is data in the communication data in the privacy sample data, the data as the privacy data.

According to a sixth aspect of the embodiments of the present disclosure, there is provided a compliance detection device including:

the second receiving module is used for receiving the marked privacy data sent by the server;

a third determining module, configured to determine, according to a prestored GDPR compliance rule, whether there is illegal data that does not meet the GDPR compliance rule in the marked private data;

and the generating module is used for generating a detection report of an application program according to the violation data when the violation data which do not accord with the GDPR compliance rule in the marked privacy data is determined.

In one embodiment, the generation module comprises a first generation submodule;

the first generation sub-module is used for generating a detection report of the application program according to regular data and violation data when the fact that the marked private data does not conform to the GDPR compliance rule is determined; the regular data is data which accords with the GDPR compliance rule in the marked privacy data.

In one embodiment, the third determination module includes a modification sub-module and a second determination sub-module;

the modification sub-module is used for modifying the pre-stored GDPR compliance rules;

the second determining sub-module is configured to determine, according to the modified GDPR compliance rule, whether there is illegal data that does not meet the modified GDPR compliance rule in the marked private data.

In one embodiment, the second receiving module comprises a second receiving submodule, the third determining module comprises a third determining submodule, and the generating module comprises a second generating submodule;

the second receiving submodule is used for receiving the marked privacy data and the marked sample data sent by the server;

the third determining sub-module is used for determining whether the marked private data and the marked sample data have illegal data which do not accord with the GDPR compliance rule or not according to a pre-stored GDPR compliance rule;

and the second generation sub-module is used for generating a detection report of an application program according to the illegal data when the fact that the marked private data and the marked sample data have the illegal data which do not accord with the GDPR compliance rule is determined.

In one embodiment, the second receiving module comprises a second transmitting unit and a second receiving unit;

the second sending unit is used for sending a private data request to the server;

the second receiving unit is configured to receive the marked privacy data and the marked sample data sent by the server.

In one embodiment, the second generation submodule includes a determination unit and a generation unit;

the determining unit is used for determining the category of the violation data;

and the generating unit is used for generating a detection report of the application program according to the category of the violation data and the mark of the violation data.

According to a seventh aspect of an embodiment of the present disclosure, there is provided a compliance detection apparatus including: a first processor;

a first memory for storing first processor-executable instructions;

wherein the first processor is configured to:

According to an eighth aspect of an embodiment of the present disclosure, there is provided a compliance detection apparatus including: a second processor;

a second memory for storing second processor-executable instructions;

wherein the second processor is configured to:

receiving communication data sent by a first terminal;

when the communication data are determined to contain the privacy data, marking the privacy data according to the data type of the privacy data; the data type of the private data comprises an http request message, memory stack data and log data;

According to a ninth aspect of the embodiments of the present disclosure, there is provided a compliance detection apparatus including: a third processor;

a third memory for storing third processor-executable instructions;

Wherein the third processor is configured to:

receiving the marked privacy data sent by the server;

According to a tenth aspect of the embodiments of the present disclosure, there is provided a computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method of the above-described embodiments.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.

FIG. 1a is a flow diagram illustrating a compliance detection method according to an example embodiment.

FIG. 1b is a flow diagram illustrating a compliance detection method according to an example embodiment.

FIG. 2 is a flow chart illustrating a compliance detection method in accordance with an exemplary embodiment.

FIG. 3a is a flow chart illustrating a compliance detection method in accordance with an exemplary embodiment.

FIG. 3b is a flowchart illustrating a compliance detection method, according to an example embodiment.

FIG. 4a is an interaction diagram illustrating a compliance detection method, according to an example embodiment.

FIG. 4b is an interaction diagram illustrating a compliance detection method, according to an example embodiment.

FIG. 5 is a schematic diagram illustrating a configuration of a compliance detection device, according to an exemplary embodiment.

FIG. 6a is a schematic diagram illustrating a configuration of a compliance detection device, according to an exemplary embodiment.

FIG. 6b is a schematic diagram illustrating a configuration of a compliance detection device, according to an exemplary embodiment.

FIG. 6c is a schematic diagram illustrating a configuration of a compliance detection device, according to an exemplary embodiment.

FIG. 6d is a schematic diagram illustrating a configuration of a compliance detection device, according to an exemplary embodiment.

FIG. 7a is a schematic diagram illustrating a configuration of a compliance detection device, according to an exemplary embodiment.

FIG. 7b is a schematic diagram illustrating a configuration of a compliance detection device, according to an exemplary embodiment.

FIG. 7c is a schematic diagram illustrating a configuration of a compliance detection device, according to an exemplary embodiment.

FIG. 7d is a schematic diagram illustrating a configuration of a compliance detection device, according to an exemplary embodiment.

FIG. 7e is a schematic diagram illustrating a configuration of a compliance detection device, according to an example embodiment.

FIG. 7f is a schematic diagram illustrating a configuration of a compliance detection device, according to an exemplary embodiment.

FIG. 8 is a schematic diagram illustrating a configuration of a compliance detection device, according to an exemplary embodiment.

FIG. 9 is a block diagram illustrating the structure of a compliance detection device, according to an exemplary embodiment.

Detailed Description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.

The technical scheme provided by the embodiment of the disclosure relates to a first terminal, a second terminal and a server, wherein the first terminal can be a mobile terminal such as a smart phone and a tablet computer used by a user, and the second terminal can be a device with processing and display functions such as a mobile phone, a tablet computer and a computer, which are not limited in the embodiment of the disclosure. In the related art, generally, a terminal displays uploaded or read data, a user determines whether private data exists in the displayed data according to a GDPR rule, and if the displayed data includes the private data, an application corresponding to the uploaded or read private data is manually marked. However, the above-mentioned compliance detection is a manual detection, and the detection efficiency is low. According to the technical scheme provided by the embodiment of the disclosure, the first terminal acquires communication data of the application program from the Monkey test program and sends the communication data to the server, so that when the server determines that the communication data contains private data, the private data is marked and then sent to the second terminal, and when the second terminal determines that the marked private data contains illegal data which does not conform to the GDPR compliance rule, a detection report of the application program is generated according to the illegal data, a user can check a detection result of the application program through the detection report, the automatic generation of the detection report of the application program is realized, and the detection efficiency is high.

The embodiment of the disclosure provides a compliance detection method, and an execution main body for implementing the method comprises a first terminal, a second terminal and a server. The embodiment of the disclosure arranges three sets of embodiments according to different implementation main bodies of the method, as follows:

a server side:

fig. 1a is a flowchart illustrating a compliance detection method applied to a server according to an exemplary embodiment, and as shown in fig. 1a, the compliance detection method includes the following steps 101a to 104 a:

in step 101a, communication data transmitted by a first terminal is received.

The communication data at least comprises one of http request messages, memory stack data and log data.

In step 102a, it is determined whether the communication data contains privacy data according to the pre-stored privacy sample data.

The privacy sample data is the privacy data of the first terminal stored by the server, and the privacy sample data can be a user telephone number, a serial number of the first terminal, user bank card account information, short messages and the like.

Optionally, whether data in the communication data exists in the privacy sample data is searched, and when it is determined that data in the communication data exists in the privacy sample data, the data is determined as the privacy data.

In an example, the communication data received by the server includes multiple http request messages, multiple internal memory stack data and multiple log data, the server analyzes each http request message to obtain the request data in each http request message, for example, the request data includes a telephone number 137 × 8257, a mobile phone serial number F78P × 5MP, 66666, etc., the internal memory stack data includes a telephone number 187 × 7894 and account information 622 × 1754, the log data includes a mobile phone serial number F78 × 5MP, 11111, etc., the privacy data includes a telephone number 137 × 7894, account information 622, etc., and the privacy data includes a mobile phone serial number F82187 × 5MP, an internal memory stack data × 17578, a mobile phone number 8248, an internal privacy data × 82187 × P, and a mobile phone number × 82187 × P, and a mobile phone number × 82187 × 821754, and the privacy data includes information And determining that the phone number 137 × 8257, the phone number 187 × 7894, the account information 622 × 1754 and the mobile phone serial number F78P × 5MP are private data, and determining that 66666, 11111 and × 5MP are not private data.

In step 103a, when it is determined that the communication data contains the private data, the private data is marked according to the data type of the private data.

Optionally, the server determines a use mode of the private data according to a data type of the private data, where the data type of the private data includes an http request packet, memory stack data, and log data.

For example, if the data type of the private data is an http request packet, it may be determined that the private data is uploaded and read; if the data type of the private data is memory stack data, the private data can be determined to be read; if the data type of the private data is log data, it may be determined that the private data is printed.

For example, the private data includes a phone number 137 × 8257, a phone number 187 × 7894, account information 622 × 1754, and a mobile phone serial number F78P × 5MP, wherein, the data types of the telephone number 137 × 8257 are http request messages and memory stack data, the data types of the telephone number 187 × 7894 and the account information 622 × 1754 are memory stack data, the data types of the mobile phone serial number F78P × 5MP are http request messages, memory stack data and log data, it may be determined that phone number 137 x 8257 was uploaded and read, phone number 137 x 8257 was not printed, so that the telephone number 137 x 8257 can be given a red mark, a brown mark and a yellow mark, wherein the red mark represents uploaded, the brown mark represents read, and the yellow mark represents unprinted; telephone number 187 x 7894 is read, telephone number 187 x 7894 is not uploaded and not printed, so that a brown mark, a green mark and a yellow mark can be added to telephone number 187 x 7894, wherein the green mark represents that the telephone number is not uploaded; account information 622 × 1754 is read, and account information 622 × 1754 is not uploaded and printed, so that a brown mark, a green mark, and a yellow mark may be added to account information 622 × 1754; the cell phone serial number F78P × 5MP is uploaded, read, and printed, so that the cell phone serial number F78P × 5MP can be added with a gray mark, a red mark, and a brown mark, wherein the gray mark represents the printed table.

It should be noted that the marked privacy data may be stored and sent in a list form or a table form, which is not limited in the embodiment of the present disclosure.

In step 104a, the marked privacy data is sent to a second terminal, so that when the second terminal determines that the marked privacy data contains illegal data which does not meet the GDPR compliance rule, a detection report of an application program is generated according to the illegal data.

Optionally, the server may directly send the marked private data to the second terminal, or send the marked private data to the second terminal when receiving a private data request sent by the second terminal, so that when the second terminal receives the marked private data, it is determined whether there is illegal data that does not meet the GDPR compliance rule in the marked private data according to the prestored GDPR compliance rule, and when it is determined that there is illegal data that does not meet the GDPR compliance rule in the marked private data, a detection report of the application program is generated according to the illegal data.

For example, the GDPR compliance rules include rules of prohibiting upload of phone numbers, allowing read and print of phone numbers, prohibiting upload of account information, prohibiting print and allowing read of account information, prohibiting upload of phone numbers, prohibiting read and prohibiting print of phone serial numbers, and the like, and the private data after the mark includes phone numbers 137 × 8257 to which red marks, brown marks, and yellow marks are added, phone numbers 187 × 7894 to which brown marks, green marks, and yellow marks are added, account information 622 × 1754 to which brown marks, green marks, and yellow marks are added, phone serial numbers F78P × 8257 to which gray marks, red marks, and brown marks are added, phone numbers 137 × 8294 to which brown marks, green marks, and yellow marks are added, and the phone numbers 187 × 8294 to which red marks, brown marks, and yellow marks are added, and the phone numbers 187 × 8294 to which gray marks are added, the brown marks, the green marks, and the yellow marks are added may be determined, The mobile phone serial numbers F78P × 5MP of the red marks and the brown marks are violation data, account information 622 × 1754 added with the brown marks, the green marks and the yellow marks is conventional data, namely the violation of the application program on the phone numbers and the mobile phone serial numbers is determined, so that a detection report is generated according to the phone numbers and the mobile phone serial numbers, developers can see which specific communication data in the application program are violated through the detection report, and the developers can conveniently process the application program further; in addition, when a plurality of applications are detected, the violation item for each application can be associated with the application, and finally, a detection report for the plurality of applications can be generated.

The embodiment of the disclosure provides a compliance detection method, wherein when a server receives communication data of an application program sent by a first terminal and determines that the communication data contains private data, the server marks the private data and sends the marked private data to a second terminal, so that when the second terminal determines that the marked private data contains illegal data which does not accord with a GDPR compliance rule, a detection report of the application program is generated according to the illegal data, a user can check a detection result of the application program through the detection report, automatic generation of the detection report of the application program is realized, and the detection efficiency is high.

Fig. 1b is a flowchart illustrating a compliance detection method applied to a server according to an exemplary embodiment, and as shown in fig. 1b, the compliance detection method includes the following steps 101b to 106 b:

in step 101b, communication data transmitted by the first terminal is received.

It should be noted that, in the embodiment of the present disclosure, the execution sequence of step 102b and step 104b is not limited, and step 102b and step 103b may be executed first, and then step 104b and step 105b may be executed; step 104b and step 105b may be performed first, and then step 102b and step 103b may be performed.

In step 102b, determining whether the communication data contains privacy data according to pre-stored privacy sample data; the privacy sample data is the privacy data of the first terminal stored by the server.

In step 103b, when it is determined that the communication data contains the private data, marking the private data according to the data type of the private data; the data types of the private data comprise http request messages, memory stack data and log data.

In step 104b, it is determined whether sample data different from the communication data is contained in the privacy sample data.

In step 105b, when it is determined that the privacy sample data includes sample data different from the communication data, the sample data is marked.

For example, the communication data is compared with the privacy sample data, and when the privacy sample data contains sample data different from the communication data, the sample data is marked as unused privacy data, for example, a purple mark is added to the sample data, wherein the purple mark represents the unused privacy data.

In step 106b, the marked privacy data and the marked sample data are sent to a second terminal, so that when the second terminal determines that the marked privacy data and the marked violation data contain violation data which do not accord with the GDPR compliance rule, a detection report of an application program is generated according to the violation data.

A first terminal side:

fig. 2 is a flowchart illustrating a compliance detection method according to an exemplary embodiment, which is applied to a first terminal, and as shown in fig. 2, the compliance detection method includes the following steps 201 to 203:

in step 201, a Monkey test program is run.

The Monkey test program is used for testing the application program of the first terminal.

Specifically, the Monkey test program uses an application program with no regular instructions or operations to observe the stability and fault tolerance of the application program, the specific operations are to simulate key input, touch screen input, gesture input and the like of a user, and then observe how long the application program is abnormal, when the Monkey test program is running, if the user triggers events such as clicking, touching and the like, the Monkey test program generates random pulses, so the Monkey test program can be adopted to randomly and repeatedly test the application program.

Illustratively, the Monkey test program is burned on the first terminal, and when the application program needs to be tested, the Monkey test program is operated aiming at the application program needing to be tested.

In step 202, the communication data of the application program is obtained from the Monkey test program.

In step 203, the communication data is sent to a server, so that when the server determines that the communication data contains private data, the server marks the private data according to whether the private data is used, and sends the marked private data to a second terminal, so that when the second terminal determines that violation data which do not meet the GDPR compliance rule exists in the marked private data, a detection report of an application program is generated according to the violation data.

Illustratively, in the process of running the Monkey test program, the first terminal records communication data corresponding to an instruction and the like input by a response simulation user on the application program, and after the Monkey test program runs, packs all the recorded communication data of the application program and sends the packed communication data to the server, so that the server performs further processing when receiving the communication data of the application program, and for the further processing process of the communication data by the specific server, refer to the step 102a and the step 103a, which is not described herein again in the embodiments of the present disclosure.

The embodiment of the disclosure provides a compliance detection method, a first terminal acquires communication data of an application program from a Monkey test program and sends the communication data to a server, so that the server marks the privacy data and sends the marked privacy data to a second terminal when determining that the communication data contains the privacy data, and the second terminal generates a detection report of the application program according to the violation data when determining that the marked privacy data contains the violation data which does not accord with a GDPR compliance rule.

A second terminal side:

fig. 3a is a flowchart illustrating a compliance detection method applied to a second terminal according to an exemplary embodiment, and as shown in fig. 3a, the compliance detection method includes the following steps 301a to 303 a:

in step 301a, the marked privacy data sent by the server is received.

Optionally, the second terminal may directly receive the marked privacy data sent by the server, or send a privacy data request to the server first, so that when the server receives the privacy data request, the marked privacy data is sent to the second terminal, and the second terminal receives the marked privacy data.

In step 302a, it is determined whether there is illegal data that does not meet the GDPR compliance rule in the marked private data according to a prestored GDPR compliance rule.

For example, the GDPR compliance rules include rules of prohibiting upload of phone numbers, allowing read and print of phone numbers, prohibiting upload of account information, prohibiting print and allowing read of account information, prohibiting upload of phone numbers, prohibiting read and prohibiting print of phone serial numbers, and the like, and the private data after the mark includes phone numbers 137 × 8257 to which red marks, brown marks, and yellow marks are added, phone numbers 187 × 7894 to which brown marks, green marks, and yellow marks are added, account information 622 × 1754 to which brown marks, green marks, and yellow marks are added, phone serial numbers F78P × 5MP to which gray marks, red marks, and brown marks are added, and phone numbers 137 × 8257 to which brown marks, green marks, and yellow marks are added, and it may be determined that the phone numbers 137 × 8294 to which red marks, brown marks, and yellow marks are added, and the phone numbers 187 × 7894 to which gray marks are added, and the phone numbers 187 × 7894 to which are added with brown marks, green marks, and yellow marks are added, The mobile phone serial number F78P × 5MP with red marks and brown marks is violation data, and the account information 622 × 1754 with the brown marks, green marks, and yellow marks added is regular data.

Further, the second terminal can also modify the pre-stored GDPR compliance rule; and determining whether the marked private data has illegal data which does not accord with the modified GDPR compliance rule or not according to the modified GDPR compliance rule.

For example, a user may modify a pre-stored GDPR compliance rule according to a requirement, store the modified GDPR compliance rule after modification, and determine whether there is illegal data that conforms to the modified GDPR compliance rule in the marked private data according to the modified GDPR compliance rule when the marked private data is received.

For example, in the above example, if the modified GDPR compliance rules include phone number upload permission, read permission, and print prohibition, account information upload prohibition, print prohibition, and read prohibition, phone serial number upload prohibition, read prohibition, and print prohibition, the marked privacy data includes phone number 137 × 8257 to which red, brown, and yellow marks are added, account information 622 × 1754 to which brown, green, and yellow marks are added, phone serial number F78P × 5MP to which gray, red, and brown marks are added, then, the account number information 622 × 1754 to which the brown mark, the green mark, and the yellow mark are added, the mobile phone serial number F78P × 5MP to which the gray mark, the red mark, and the brown mark are added may be determined as violation data, and the phone number 137 × 8257 to which the red mark, the brown mark, and the yellow mark are added may be determined as regular data.

In step 303a, when it is determined that there is violation data that does not meet the GDPR compliance rule in the marked private data, a detection report of an application program is generated according to the violation data.

For example, if the violation data includes phone numbers 137 × 8257 added with red marks, brown marks and yellow marks, phone numbers 187 × 7894 added with brown marks, green marks and yellow marks, and phone serial numbers F78P × 5MP added with gray marks, red marks and brown marks, a detection report is generated according to the phone numbers 137 × 8257 added with red marks, brown marks and yellow marks, the phone numbers 187 × 7894 added with brown marks, green marks and yellow marks, and the phone serial numbers F78P × 5MP added with gray marks, red marks and brown marks, so that the developer can see which specific communication data in the application program through the detection report, and the developer can conveniently process the application program; in addition, when a plurality of applications are detected, the violation item for each application can be associated with the application, and finally, a detection report for the plurality of applications can be generated.

Further, when it is determined that violation data which do not meet the GDPR compliance rule exist in the marked private data, generating a detection report of the application program according to regular data and the violation data; and the regular data is the data which accords with the GDPR compliance rule in the marked private data.

As an example, if the phone numbers 137 × 8257 to which the red mark, the brown mark, and the yellow mark are added, the phone numbers 187 × 7894 to which the brown mark, the green mark, and the yellow mark are added, and the cell phone serial numbers F78P × 5MP to which the gray mark, the red mark, and the brown mark are added, the general data includes the account information 622 × 1754 to which the brown mark, the green mark, and the yellow mark are added, then a test report is generated based on the phone number 137 × 8257 to which the red mark, the brown mark, and the yellow mark are added, the phone number 187 × 7894 to which the brown mark, the green mark, and the yellow mark are added, the serial number F78P × 5MP to which the gray mark, the red mark, and the brown mark are added, and the account number information 622 × 1754 to which the brown mark, the green mark, and the yellow mark are added, so that the developer can see the violation data and the regular data at the same time through the test report.

In practical applications, the second terminal may be the first terminal, or may be a mobile phone, a tablet, a computer, or the like other than the first terminal, which is not limited in the embodiment of the present disclosure.

The embodiment of the disclosure provides a compliance detection method, a first terminal acquires communication data of an application program from a Monkey test program and sends the communication data to a server, so that the server marks the privacy data and sends the marked privacy data to a second terminal when determining that the communication data contains the privacy data, and the second terminal generates a detection report of the application program according to the violation data and conventional data when determining that the marked privacy data contains violation data which does not meet GDPR compliance rules, and a user can check a detection result of the application program through the detection report, so that the automatic generation of the detection report of the application program is realized, and the detection efficiency is high.

Fig. 3b is a flowchart illustrating a compliance detection method applied to a second terminal according to an exemplary embodiment, as shown in fig. 3b, the compliance detection method includes the following steps 301b to 303 b:

in step 301b, the marked privacy data and the marked sample data transmitted by the server are received.

Optionally, the second terminal may directly receive the marked privacy data and the marked sample data sent by the server, or send a privacy data request to the server first, so that when the server receives the privacy data request, the server sends the marked privacy data and the marked sample data to the second terminal, and the second terminal receives the marked privacy data and the marked sample data.

In step 302b, it is determined whether there is illegal data that does not comply with the GDPR compliance rule in the marked private data and the marked sample data according to a prestored GDPR compliance rule.

Illustratively, the GDPR compliance rules include rules of forbidding uploading of phone numbers, allowing reading and printing of phone numbers, forbidding uploading, forbidding printing and allowing reading of account information, forbidding uploading, forbidding reading and prohibiting printing of mobile phone serial numbers, allowing uploading, allowing reading and allowing printing of phone numbers of the mobile phone, and the like, the marked private data includes phone numbers 137 × 8257 added with red marks, brown marks and yellow marks and account information 622 × 1754 added with brown marks, green marks and yellow marks, the marked sample data includes phone numbers of the first terminal added with purple marks, which indicates that the phone numbers of the first terminal are allowed to be uploaded but not to be uploaded, and in order to avoid carrying out processes such as encryption and the like on illegal data allowed to be uploaded in the GDPR compliance rules, the data allowed to be uploaded but not to be uploaded is also used as data, therefore, it is possible to determine that the phone number 137 × × 8257 to which the red mark, the brown mark, and the yellow mark are added and the phone number of the first terminal to which the purple mark is added are violation data, and the account information 622 × 1754 to which the brown mark, the green mark, and the yellow mark are added is regular data.

Further, when the pre-stored GDPR compliance rule is modified, whether illegal data which do not accord with the modified GDPR compliance rule exists in the marked privacy data and the marked sample data or not is determined according to the modified GDPR compliance rule.

In step 303b, when it is determined that there is illegal data that does not meet the GDPR compliance rule in the marked private data and the marked sample data, a detection report of an application program is generated according to the illegal data.

Optionally, determining a category of the violation data;

and generating a detection report of the application program according to the type of the violation data and the mark of the violation data.

For example, if the violation data includes the phone number 137 × × 8257 with the red, brown, and yellow marks added thereto and the phone number of the first terminal local to which the purple mark is added, the violation data may be classified into the normal phone number and the phone number of the first terminal local to which the purple mark is added, so that the detection report of the application program may be generated based on the normal phone number and the corresponding mark, and the phone number of the first terminal local to which the purple mark is added and the corresponding mark.

Further, when it is determined that there is illegal data that does not meet the GDPR compliance rule in the marked privacy data and the marked sample data, a detection report of the application program is generated according to the regular data and the illegal data, and the specific method refers to the description of step 303a, which is not described herein again in the embodiments of the present disclosure.

Fig. 4a is an interaction diagram illustrating a compliance detection method according to an exemplary embodiment, where the execution subject is a first terminal, a second terminal, and a server, and as shown in fig. 4a, the method includes the following steps 401a to 408 a:

in step 401a, the first terminal runs a Monkey test program.

In step 402a, the first terminal obtains the communication data of the application program from the Monkey test program.

In step 403a, the first terminal sends the communication data to the server, and the server receives the communication data sent by the first terminal.

In step 404a, the server determines whether the communication data contains privacy data according to the pre-stored privacy sample data.

The privacy sample data is data stored in the first terminal.

In step 405a, when the server determines that the communication data contains the privacy data, the server marks the privacy data according to the data type of the privacy data.

The data type of the private data comprises an http request message, memory stack data or log data.

In step 406a, the server sends the marked privacy data to the second terminal, and the second terminal receives the marked privacy data sent by the server.

In step 407a, the second terminal determines whether there is illegal data that does not meet the GDPR compliance rule in the marked private data according to a prestored GDPR compliance rule.

In step 408a, when it is determined that there is illegal data that does not meet the GDPR compliance rule in the marked private data, the second terminal generates a detection report of the application program according to the illegal data.

The embodiment of the disclosure provides a compliance detection method, a first terminal acquires communication data of an application program from a Monkey test program and sends the communication data to a server, so that the server marks the privacy data and sends the marked privacy data to a second terminal when determining that the communication data contains the privacy data, and the second terminal generates a detection report of the application program according to the violation data when determining that the marked privacy data contains the violation data which does not meet GDPR compliance rules, and a user can check a detection result of the application program through the detection report, so that the automatic generation of the detection report of the application program is realized, and the detection efficiency is high.

Fig. 4b is an interaction diagram illustrating a compliance detection method according to an exemplary embodiment, where the execution subject is a first terminal, a second terminal, and a server, and as shown in fig. 4b, the method includes the following steps 401b to 412 b:

in step 401b, the first terminal runs a Monkey test program.

In step 402b, the first terminal obtains the communication data of the application program from the Monkey test program.

In step 403b, the first terminal sends the communication data to the server, and the server receives the communication data sent by the first terminal.

In step 404b, the server determines whether the communication data contains privacy data according to the pre-stored privacy sample data.

The privacy sample data is data stored in the first terminal.

In step 405b, when the server determines that the communication data contains the privacy data, the server marks the privacy data according to the data type of the privacy data.

In step 406b, it is determined whether sample data different from the communication data is contained in the privacy sample data.

In step 407b, upon determining that the privacy sample data includes sample data different from the communication data, marking the sample data.

In step 408b, the second terminal sends a private data request to the server, and the server receives the private data request sent by the second terminal.

In step 409b, the server responds to the private data request to send the marked private data and the marked sample data to the second terminal, and the second terminal receives the marked private data and the marked sample data sent by the server.

In step 410b, the second terminal modifies the GDPR compliance rule stored in advance.

In step 411b, the second terminal determines whether there is illegal data that does not comply with the GDPR compliance rule in the marked private data and the marked sample data according to the modified GDPR compliance rule.

In step 412b, when it is determined that there is illegal data that does not meet the GDPR compliance rule in the marked private data and the marked sample data, the second terminal generates a detection report of the application program according to the regular data and the illegal data.

And the regular data is the data which accords with the GDPR compliance rule in the marked private data.

The embodiment of the disclosure provides a compliance detection method, a first terminal acquires communication data of an application program from a Monkey test program and sends the communication data to a server, so that the server marks and stores the privacy data when determining that the communication data contains the privacy data, the server sends the marked privacy data to a second terminal when receiving a privacy data request sent by the second terminal, and when determining that the marked privacy data contains illegal data which does not accord with a GDPR compliance rule, the second terminal generates a detection report of the application program according to conventional data and the illegal data added with the illegal tag, a user can check a detection result of the application program through the detection report, automatic generation of the detection report of the application program is realized, and the detection efficiency is high.

The following are embodiments of the disclosed apparatus that may be used to perform embodiments of the disclosed methods.

Fig. 5 is a schematic structural diagram illustrating a compliance detection device 50 according to an exemplary embodiment, where the compliance detection device 50 may be implemented as part or all of an electronic device through software, hardware or a combination of both. As shown in fig. 5, the compliance detection device 50 includes an operation module 501, an acquisition module 502, and a first sending module 503.

The running module 501 is used for running a Monkey test program; the Monkey test program is used for testing the application program of the first terminal.

An obtaining module 502, configured to obtain the communication data of the application program from the Monkey test program.

A first sending module 503, configured to send the communication data to a server, so that when determining that the communication data contains private data, the server marks the private data according to whether the private data is used, and sends the marked private data to a second terminal, so that when determining that there is illegal data that does not meet the GDPR compliance rule in the marked private data, the second terminal generates a detection report of an application according to the illegal data.

The embodiment of the disclosure provides a compliance detection device, a first terminal acquires communication data of an application program from a Monkey test program and sends the communication data to a server, so that the server marks the privacy data and sends the marked privacy data to a second terminal when determining that the communication data contains the privacy data, and the second terminal generates a detection report of the application program according to the violation data when determining that the marked privacy data contains the violation data which does not meet the GDPR compliance rule, and a user can check a detection result of the application program through the detection report, so that the automatic generation of the detection report of the application program is realized, and the detection efficiency is high.

Fig. 6a is a schematic structural diagram illustrating a compliance detection device 60 according to an exemplary embodiment, where the compliance detection device 60 may be implemented as part of or all of an electronic device through software, hardware or a combination of both. As shown in fig. 6a, the compliance detecting device 60 includes a first receiving module 601, a first determining module 602, a first marking module 603, and a second sending module 604.

The first receiving module 601 is configured to receive communication data sent by a first terminal.

A first determining module 602, configured to determine whether the communication data contains privacy data according to pre-stored privacy sample data; the privacy sample data is the privacy data of the first terminal stored by the server.

A first marking module 603, configured to mark the private data according to a data type of the private data when it is determined that the communication data contains the private data; the data type of the private data comprises an http request message, memory stack data and log data.

A second sending module 604, configured to send the marked private data to a second terminal, so that when it is determined that there is illegal data that does not meet the GDPR compliance rule in the marked private data, the second terminal generates a detection report of an application according to the illegal data.

In one embodiment, as shown in fig. 6b, the apparatus 60 further comprises a second determining module 605 and a second marking module 606, and the second sending module 604 comprises a first sending submodule 6041.

The second determining module 605 is configured to determine whether sample data different from the communication data is included in the privacy sample data.

The second marking module 606 is configured to mark the sample data when it is determined that the privacy sample data contains sample data different from the communication data.

The first sending sub-module 6041 is configured to send the marked privacy data and the marked sample data to a second terminal, so that the second terminal generates a detection report of an application program according to the violation data when it is determined that the marked privacy data and the marked sample data contain violation data that does not meet the GDPR compliance rule.

In one embodiment, as shown in fig. 6c, the first transmission submodule 6041 comprises a receiving unit 60411 and a transmitting unit 60412.

The receiving unit 60411 is configured to receive the private data request sent by the second terminal.

The sending unit 60412 is configured to send, in response to the private data request, the tagged private data and the tagged sample data to the second terminal.

In one embodiment, as shown in FIG. 6d, the first determination module 602 includes a look-up sub-module 6021 and a first determination sub-module 6022.

The searching sub-module 6021 is configured to search whether there is data in the communication data in the privacy sample data.

The first determining sub-module 6022 is configured to determine, when it is determined that there is data in the communication data in the privacy sample data, the data as the privacy data.

The embodiment of the disclosure provides a compliance detection device, when a server receives communication data of an application program sent by a first terminal and determines that the communication data contains private data, the server marks the private data and sends the marked private data to a second terminal, so that when the second terminal determines that the marked private data contains illegal data which does not accord with GDPR compliance rules, a detection report of the application program is generated according to the illegal data, a user can check a detection result of the application program through the detection report, automatic generation of the detection report of the application program is achieved, and the detection efficiency is high.

Fig. 7a is a schematic structural diagram illustrating a compliance detection device 70 according to an exemplary embodiment, where the compliance detection device 70 may be implemented as part of or all of an electronic device through software, hardware or a combination of both. As shown in fig. 7a, the compliance detection device 70 includes a second receiving module 701, a third determining module 702 and a generating module 703.

The second receiving module 701 is configured to receive the marked privacy data sent by the server.

A third determining module 702, configured to determine, according to a prestored GDPR compliance rule, whether there is illegal data that does not meet the GDPR compliance rule in the marked private data.

A generating module 703 is configured to generate a detection report of an application according to the violation data when it is determined that the marked privacy data includes the violation data that does not meet the GDPR compliance rule.

In one embodiment, as shown in fig. 7b, the generating module 703 comprises a first generating submodule 7031.

The first generating sub-module 7031 is configured to, when it is determined that there is illegal data that does not meet the GDPR compliance rule in the marked private data, generate a detection report of the application program according to regular data and the illegal data; the regular data is data which accords with the GDPR compliance rule in the marked privacy data.

In one embodiment, as shown in fig. 7c, the third determination module 702 includes a modification sub-module 7021 and a second determination sub-module 7022.

The modification sub-module 7021 is configured to modify the GDPR compliance rule stored in advance.

The second determining sub-module 7022 is configured to determine, according to the modified GDPR compliance rule, whether there is illegal data that does not meet the modified GDPR compliance rule in the marked privacy data.

In one embodiment, as shown in fig. 7d, the second receiving module 701 includes a second receiving submodule 7011, the third determining module 702 includes a third determining submodule 7023, and the generating module 703 includes a second generating submodule 7032.

The second receiving submodule 7011 is configured to receive the marked privacy data and the marked sample data sent by the server.

The third determining sub-module 7023 is configured to determine, according to a prestored GDPR compliance rule, whether there is illegal data that does not meet the GDPR compliance rule in the marked privacy data and the marked sample data.

The second generating sub-module 7032 is configured to generate a detection report of an application program according to the violation data when it is determined that there is the violation data that does not meet the GDPR compliance rule in the marked privacy data and the marked sample data.

In one embodiment, as shown in fig. 7e, the second receiving sub-module 7011 includes a second sending unit 70111 and a second receiving unit 70112.

The second sending unit 70111 is configured to send a private data request to the server.

The second receiving unit 70112 is configured to receive the marked privacy data and the marked sample data sent by the server.

In one embodiment, as shown in fig. 7f, the second generation submodule 7032 includes a determination unit 70321 and a generation unit 70322.

The determining unit 70321 is configured to determine a category of the violation data.

The generating unit 70322 is configured to generate a detection report of the application according to the category of the violation data and the label of the violation data.

The embodiment of the disclosure provides a compliance detection device, a first terminal acquires communication data of an application program from a Monkey test program and sends the communication data to a server, so that the server marks the privacy data and sends the marked privacy data to a second terminal when determining that the communication data contains the privacy data, and the second terminal generates a detection report of the application program according to the violation data and conventional data when determining that the marked privacy data contains violation data which does not conform to a GDPR compliance rule, and a user can check a detection result of the application program through the detection report, thereby realizing automatic generation of the detection report of the application program and having high detection efficiency.

The disclosed embodiment provides a compliance detection device, which includes:

a first processor;

a first memory for storing first processor-executable instructions;

wherein the first processor is configured to:

In one embodiment, the first processor may be further configured to: the communication data at least comprises one of http request messages, memory stack data and log data.

a second processor;

a second memory for storing second processor-executable instructions;

wherein the second processor is configured to:

receiving communication data sent by a first terminal;

and sending the marked private data to a second terminal, so that the second terminal generates a detection report of an application program according to the illegal data when determining that the marked private data contains the illegal data which does not accord with the GDPR compliance rule.

In one embodiment, the second processor may be further configured to: determining whether the privacy sample data contains sample data different from the communication data;

In one embodiment, the second processor may be further configured to: receiving a private data request sent by the second terminal;

In one embodiment, the second processor may be further configured to: searching whether data in the communication data exists in the privacy sample data;

a third processor;

a third memory for storing third processor-executable instructions;

wherein the third processor is configured to:

receiving the marked privacy data sent by the server;

In one embodiment, the third processor may be further configured to: when illegal data which do not accord with the GDPR compliance rule in the marked privacy data are determined, generating a detection report of the application program according to conventional data and the illegal data; the regular data is data which accords with the GDPR compliance rule in the marked privacy data.

In one embodiment, the third processor may be further configured to: modifying the pre-stored GDPR compliance rules;

In one embodiment, the third processor may be further configured to: receiving the marked privacy data and the marked sample data sent by the server;

In one embodiment, the third processor may be further configured to: sending a private data request to the server;

In one embodiment, the third processor may be further configured to: determining a category of the violation data;

With regard to the apparatus in the above-described embodiment, a specific method in which each module performs an operation has been described in detail in the embodiment related to the method, and will not be described in detail here.

Fig. 8 is a block diagram illustrating a configuration of a compliance detection apparatus 80 according to an exemplary embodiment, where the apparatus 80 is adapted for use with a first terminal and a second terminal. For example, the apparatus 80 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.

The apparatus 80 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816.

The processing component 802 generally controls overall operation of the device 80, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing elements 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.

The memory 804 is configured to store various types of data to support operations at the apparatus 80. Examples of such data include instructions for any application or method operating on the device 80, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.

The power supply component 806 provides power to the various components of the device 80. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the device 80.

The multimedia component 808 includes a screen that provides an output interface between the device 80 and the user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front camera and/or the rear camera may receive external multimedia data when the device 80 is in an operational mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.

The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 80 is in an operating mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.

The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.

The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 80. For example, the sensor assembly 814 may detect the open/closed status of the device 80, the relative positioning of the components, such as a display and keypad of the device 80, the change in position of the device 80 or a component of the device 80, the presence or absence of user contact with the device 80, the orientation or acceleration/deceleration of the device 80, and the change in temperature of the device 80. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 816 is configured to facilitate wired or wireless communication between the apparatus 80 and other devices. The device 80 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast associated information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communications component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the apparatus 80 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.

In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 804 comprising instructions, executable by the processor 820 of the apparatus 80 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.

FIG. 9 is a block diagram illustrating a compliance detection device, according to an example embodiment. For example, the apparatus 900 may be provided as a server. Apparatus 900 includes a processing component 922 that further includes one or more processors and memory resources, represented by memory 932, for storing instructions, such as applications, that are executable by processing component 922. The application programs stored in memory 932 may include one or more modules that each correspond to a set of instructions. Further, the processing component 922 is configured to execute instructions to perform the above-described methods.

The device 900 may also include a power component 926 configured to perform power management of the device 900, a wired or wireless network interface 950 configured to connect the device 900 to a network, and an input output (I/O) interface 958. The apparatus 900 may operate based on an operating system stored in the memory 932, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, or the like.

The disclosed embodiments provide a non-transitory computer-readable storage medium, where instructions, when executed by a processor of a first terminal, enable the first terminal to perform the compliance detection method described above, the method including:

The disclosed embodiments provide a non-transitory computer-readable storage medium, wherein instructions in the storage medium, when executed by a processor of a server, enable the server to perform the compliance detection method described above, the method including:

receiving communication data sent by a first terminal;

In one embodiment, further comprising:

when the privacy sample data is determined to contain sample data different from the communication data, marking the sample data;

receiving a private data request sent by the second terminal;

The disclosed embodiments provide a non-transitory computer-readable storage medium, wherein when instructions in the storage medium are executed by a processor of a second terminal, the second terminal is enabled to perform the compliance detection method, and the method includes:

receiving the marked privacy data sent by the server;

modifying the pre-stored GDPR compliance rules;

In one embodiment, the receiving the marked privacy data and the marked sample data sent by the server includes:

sending a private data request to the server;

determining a category of the violation data;

Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims

1. A compliance detection method applied to a first terminal includes:

Sending the communication data to a server, so that when the server determines that the communication data contains privacy data according to privacy sample data, the server marks the privacy data according to whether the privacy data is used, and when the privacy sample data contains sample data different from the communication data, the server marks the sample data; and sending the marked privacy data and the marked sample data to a second terminal, so that the second terminal generates a detection report of an application program according to the violation data when the second terminal determines that the marked privacy data and the marked sample data contain the violation data which do not accord with the GDPR compliance rule.

2. The method according to claim 1, wherein the communication data comprises at least one of http request messages, memory stack data, and log data.

3. A compliance detection method is applied to a server and comprises the following steps:

receiving communication data sent by a first terminal;

sending the marked private data to a second terminal, so that the second terminal generates a detection report of an application program according to the illegal data when the second terminal determines that the marked private data contains the illegal data which does not accord with the GDPR compliance rule;

further comprising:

4. The method according to claim 3, wherein the sending the tagged private data and the tagged sample data to the second terminal comprises:

receiving a private data request sent by the second terminal;

5. The method according to claim 3, wherein the determining whether the communication data contains privacy data according to pre-stored privacy sample data comprises:

6. A compliance detection method applied to a second terminal includes:

receiving the marked privacy data sent by the server;

when the marked private data is determined to have the illegal data which does not accord with the GDPR compliance rule, generating a detection report of an application program according to the illegal data;

The receiving the marked privacy data sent by the server comprises:

the step of determining whether the marked private data has violation data which does not conform to the GDPR compliance rule according to the prestored GDPR compliance rule comprises the following steps:

7. The method of claim 6, wherein when it is determined that there is illegal data that does not meet the GDPR compliance rule in the marked private data, generating a detection report of an application according to the illegal data comprises:

When illegal data which do not accord with the GDPR compliance rule in the marked privacy data are determined, generating a detection report of the application program according to conventional data and the illegal data; and the regular data is the data which accords with the GDPR compliance rule in the marked private data.

8. The method of claim 6, wherein the determining whether there is violation data that does not comply with the GDPR compliance rule in the marked private data according to a pre-stored GDPR compliance rule comprises:

modifying the pre-stored GDPR compliance rules;

9. The method of claim 6, wherein receiving the signed privacy data and the signed sample data sent by the server comprises:

sending a private data request to the server;

10. The method of claim 6, wherein when it is determined that there is illegal data that does not meet the GDPR compliance rule in the marked private data and the marked sample data, generating a detection report of an application according to the illegal data comprises:

Determining a category of the violation data;

11. A compliance detection device, comprising:

the operation module is used for operating the Monkey test program; the Monkey test program is used for testing the application program of the first terminal;

the first sending module is used for sending the communication data to a server, so that when the server determines that the communication data contains privacy data according to privacy sample data, the server marks the privacy data according to whether the privacy data is used, and when the privacy sample data contains sample data different from the communication data, the server marks the sample data; and sending the marked privacy data and the marked sample data to a second terminal, so that the second terminal generates a detection report of an application program according to the violation data when the second terminal determines that the marked privacy data and the marked sample data contain the violation data which do not accord with the GDPR compliance rule.

12. The apparatus according to claim 11, wherein the communication data comprises at least one of http request message, memory stack data, and log data.

13. A compliance detection device, comprising:

the first determining module is used for determining whether the communication data contains the privacy data according to the pre-stored privacy sample data; the privacy sample data is the privacy data of the first terminal stored by the server;

the second sending module is used for sending the marked privacy data to a second terminal, so that the second terminal generates a detection report of an application program according to the illegal data when the second terminal determines that the marked privacy data contains the illegal data which does not accord with the GDPR compliance rule;

the system also comprises a second determining module and a second marking module, wherein the second sending module comprises a first sending submodule;

14. The apparatus of claim 13, wherein the first transmission submodule comprises a first receiving unit and a first transmitting unit;

15. The apparatus of claim 13, wherein the first determining module comprises a look-up sub-module and a first determining sub-module;

16. A compliance detection device, comprising:

the generation module is used for generating a detection report of an application program according to the illegal data when the fact that the illegal data which do not accord with the GDPR compliance rule exists in the marked privacy data is determined;

the second receiving module comprises a second receiving submodule, the third determining module comprises a third determining submodule, and the generating module comprises a second generating submodule;

the third determining submodule is used for determining whether the marked privacy data and the marked sample data have illegal data which do not accord with the GDPR compliance rule or not according to a pre-stored GDPR compliance rule;

17. The apparatus of claim 16, wherein the generation module comprises a first generation submodule;

the first generation submodule is used for generating a detection report of the application program according to conventional data and violation data when the fact that the violation data which do not accord with the GDPR compliance rule exist in the marked privacy data is determined; and the regular data is the data which accords with the GDPR compliance rule in the marked private data.

18. The apparatus of claim 16, wherein the third determination module comprises a modification sub-module and a second determination sub-module;

the modification submodule is used for modifying the pre-stored GDPR compliance rule;

the second determining submodule is used for determining whether violation data which do not accord with the modified GDPR compliance rule exists in the marked privacy data according to the modified GDPR compliance rule.

19. The apparatus of claim 16, wherein the second receiving submodule comprises a second transmitting unit and a second receiving unit;

20. The apparatus of claim 16, wherein the second generation submodule comprises a determination unit and a generation unit;

21. A compliance detection device, comprising:

a first processor;

a first memory for storing first processor-executable instructions;

wherein the first processor is configured to:

22. A compliance detection device, comprising:

a second processor;

a second memory for storing second processor-executable instructions;

wherein the second processor is configured to:

receiving communication data sent by a first terminal;

The sending the marked private data to a second terminal so that when the second terminal determines that the marked private data contains illegal data which does not conform to a GDPR (graphics hardware description protocol) compliance rule, generating a detection report of an application program according to the illegal data comprises the following steps:

23. A compliance detection device, comprising:

a third processor;

a third memory for storing third processor-executable instructions;

wherein the third processor is configured to:

receiving the marked privacy data sent by the server;

when illegal data which do not accord with the GDPR compliance rule are determined in the marked privacy data, generating a detection report of an application program according to the illegal data;

The receiving the marked privacy data sent by the server comprises:

and when the marked private data and the marked sample data are determined to have the illegal data which do not accord with the GDPR compliance rule, generating a detection report of an application program according to the illegal data.

24. A computer-readable storage medium having stored thereon computer instructions, which when executed by a processor, perform the steps of the method of any one of claims 1 to 10.