CN112261660A - Android mobile phone end application proxy access security control method - Google Patents
Android mobile phone end application proxy access security control method Download PDFInfo
- Publication number
- CN112261660A CN112261660A CN202011111191.0A CN202011111191A CN112261660A CN 112261660 A CN112261660 A CN 112261660A CN 202011111191 A CN202011111191 A CN 202011111191A CN 112261660 A CN112261660 A CN 112261660A
- Authority
- CN
- China
- Prior art keywords
- application
- sdk
- integrated
- mobile phone
- proxy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000005192 partition Methods 0.000 claims 2
- 238000001914 filtration Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000001413 cellular effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
The invention discloses a security control method for application agent access of an android mobile phone terminal. The method comprises the steps that when an application is started, an SDK integrated in the application intercepts a system bottom network data IO read-write method according to an interception scheme and acquires all traffic information sending ports; the method comprises the steps that when an agent service interface receives information sent by an application, the SDK integrated in the agent service judges the application sending the information and stores all data ports of the application sending the information; and comparing the sending port with the application data port intercepted by the integrated SDK while the proxy service forwards the data, releasing the connection of the corresponding port of the integrated SDK and interrupting other connections. The invention can solve the problems that the system can not judge which application accesses the proxy service and can not control the access of the application on the mobile phone to the started proxy service.
Description
Technical Field
The invention relates to the technical field of mobile communication, in particular to a security control method for application agent access of an android mobile phone terminal.
Background
An android system-based smart mobile device represented by an android mobile phone is one of the currently major internet access devices. The android device mainly accesses the internet through a wireless local area network and a mobile cellular data network (GPRS, CDMA, 3G, 4G and the like). Most android device users need to manage the network communications of the device due to the policy that wireless network access providers charge for communication traffic, which may incur high communication charges using mobile cellular data networks. The android system provides a user function of connecting and disconnecting a mobile data network, but such a basic management function of full on-off cannot satisfy the needs of most people to selectively use the network.
In order to solve the above problems, a chinese patent entitled packet filtering method, apparatus and system under the authority of non-super users in android system, which is disclosed in patent No. 201410265628.4, includes: reading a data packet intercepted by a pre-started virtual kernel device TUN according to a default routing strategy; determining an application program APP to which the data packet belongs according to the IP quintuple of the data packet; determining a filtering rule of a data packet according to a preset filtering rule table and an application program APP to which the data packet belongs; and filtering the data packet according to the filtering rule. The data packets can be filtered according to the filtering rule table and the default rule or the requirement of the user, and selective network communication is realized.
The proxy is a common android client proxy forwarding scheme: the application accesses a proxy service, and other applications can still access the proxy service for data forwarding even if the proxy service is specially used for one of the applications. This results in the system being unable to determine which application accessed the proxy service and to control access to the initiated proxy service by the application on the handset.
Disclosure of Invention
Aiming at the defects of the prior art, the invention discloses an application agent access security control method for an android mobile phone terminal, which can solve the problems that a system cannot judge which application accesses an agent service and cannot control the access of the application on the mobile phone to the started agent service.
In order to achieve the purpose, the invention is realized by the following technical scheme:
an android mobile phone end application proxy access security control method comprises the following steps
S1: intercepting a system underlying network data IO read-write method and acquiring all traffic information sending ports by an SDK integrated in an application according to an interception scheme while the application is started;
s2: the method comprises the steps that when an agent service interface receives information sent by an application, the SDK integrated in the agent service judges the application sending the information and stores all data ports of the application sending the information;
s3: and comparing the sending port with the application data port intercepted by the integrated SDK while the proxy service forwards the data, releasing the connection of the corresponding port of the integrated SDK and interrupting other connections.
Preferably, in the step S1, the intercepting scheme includes S11 intercepting the sending port according to the access ip or domain name, S12 intercepting the application access according to the application configuration and making application access distinction, and S13 making application registration according to the application related information obtained from the integrated SDK to distinguish the applications.
In a preferred embodiment, in step S1, all traffic information transmissions sent from the application all send data via TCP.
In a preferred embodiment, in step S2, all the traffic information transmissions received by the proxy service receive data through TCP.
In a preferred embodiment, in step S2, the SDK integrated in the application notifies the SDK integrated in the proxy service, and the proxy server controls data of the application according to feedback of the SDK integrated in the proxy service.
In an optimal technical scheme, an android mobile phone end application module is provided in the step S1, and a first SDK module is integrated with the android mobile phone end application module.
In a preferred embodiment, the step S1 is provided with a proxy service module, and the proxy service module is provided with a second SDK module, and the second SDK module is in communication connection with the plurality of first SDK modules.
The invention discloses an application agent access security control method for an android mobile phone terminal, which has the following advantages:
when multiple applications of the android native machine access the same proxy service port, the source port authentication is carried out on the applications allowed to be accessed, and the safety control that only authorized applications can complete access is ensured.
The integration mode can integrate the technology in a plurality of modes of black box packaging and SDK, and supports a mainstream access mode. The technology is realized by adopting an interception mode, is relatively friendly to application access and does not need to be changed. The transmission protocol content is not changed, and the compatibility is high. Compared with the traditional agent scheme, the method increases the security in the forwarding process, prevents all traffic from accessing the service through the forwarding service, and avoids malicious attack of access.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below, and it is obvious that the described embodiments are a part of the embodiments of the present invention, but not all of the embodiments.
All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The android mobile phone end application agent access security control method provided by the embodiment of the invention comprises the following steps
S1: intercepting a system underlying network data IO read-write method and acquiring all traffic information sending ports by an SDK integrated in an application according to an interception scheme while the application is started;
s2: the method comprises the steps that when an agent service interface receives information sent by an application, the SDK integrated in the agent service judges the application sending the information and stores all data ports of the application sending the information;
s3: and comparing the sending port with the application data port intercepted by the integrated SDK while the proxy service forwards the data, releasing the connection of the corresponding port of the integrated SDK and interrupting other connections.
Wherein the intercepting scheme in step S1 includes S11 intercepting the sending port according to the access ip or domain name, S12 intercepting the application access according to the application configuration and application access differentiation, and S13 registering the application according to the application related information obtained from the integrated SDK to differentiate the application
In order for an application to send out all traffic information, all traffic information sent from the application in step S1 sends data through TCP. In order for the proxy service to receive all the traffic information, all the traffic information transmission received by the proxy service in the step S2 receives data through TCP.
In step S2, the SDK integrated in the application notifies the SDK integrated in the proxy service, and the proxy server controls the data of the application according to the feedback of the SDK integrated in the proxy service.
Specifically, in order to carry and implement the above scheme, an android phone end application module may be provided in step S1, and a first SDK module is integrated with the android phone end application module. In step S1, a proxy service module is provided, and a second SDK module is collected at the proxy service module, and the second SDK module is communicatively connected to the plurality of first SDK modules.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and they may alternatively be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, or fabricated separately as individual integrated circuit modules, or fabricated as a single integrated circuit module from multiple modules or steps. Thus, the present invention is not limited to any specific combination of hardware and software.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (7)
1. An android mobile phone end application proxy access security control method is characterized by comprising the following steps: comprises the following steps
S1: intercepting a system underlying network data IO read-write method and acquiring all traffic information sending ports by an SDK integrated in an application according to an interception scheme while the application is started;
s2: the method comprises the steps that when an agent service interface receives information sent by an application, the SDK integrated in the agent service judges the application sending the information and stores all data ports of the application sending the information;
s3: and comparing the sending port with the application data port intercepted by the integrated SDK while the proxy service forwards the data, releasing the connection of the corresponding port of the integrated SDK and interrupting other connections.
2. The android mobile phone end application proxy access security control method of claim 1, comprising: in the step S1, the intercepting scheme includes S11 intercepting the sending port according to the access ip or domain name, S12 intercepting the application access according to the application configuration as the application access partition, and S13 registering the application according to the application related information obtained from the integrated SDK to partition the application.
3. The android mobile phone end application proxy access security control method of claim 1, comprising: all traffic information transmissions sent from the application in the step S1 are data transmitted over TCP.
4. The android mobile phone end application proxy access security control method of claim 1, comprising: all the traffic information transmissions received by the proxy service in the step S2 are data received through TCP.
5. The android mobile phone end application proxy access security control method of claim 1, comprising: in step S2, the SDK integrated in the application notifies the SDK integrated in the proxy service, and the proxy server controls the data of the application according to the feedback of the SDK integrated in the proxy service.
6. The android mobile phone end application proxy access security control method of claim 1, comprising: in the step S1, an android phone end application module is provided, and a first SDK module is integrated with the android phone end application module.
7. The android mobile phone end application proxy access security control method of claim 6, comprising: in step S1, a proxy service module is provided, and a second SDK module is collected at the proxy service module, and the second SDK module is communicatively connected to the plurality of first SDK modules.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011111191.0A CN112261660B (en) | 2020-10-16 | 2020-10-16 | Android mobile phone end application proxy access security control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011111191.0A CN112261660B (en) | 2020-10-16 | 2020-10-16 | Android mobile phone end application proxy access security control method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112261660A true CN112261660A (en) | 2021-01-22 |
| CN112261660B CN112261660B (en) | 2024-06-04 |
Family
ID=74244690
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011111191.0A Active CN112261660B (en) | 2020-10-16 | 2020-10-16 | Android mobile phone end application proxy access security control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112261660B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1260545A (en) * | 1999-12-29 | 2000-07-19 | 西安交通大学 | Agency for address translation based on transparent network and firewall web gat e |
| WO2001031874A2 (en) * | 1999-10-28 | 2001-05-03 | Jpmorgan Chase Bank | Secured session sequencing proxy system supporting multiple applications and method therefor |
| WO2002085041A2 (en) * | 2001-04-10 | 2002-10-24 | T-Mobile Deutschland Gmbh | Method for carrying out monitoring measures and information searches in telecommunication and data networks |
| CN104010000A (en) * | 2014-06-13 | 2014-08-27 | 北京联宇益通科技发展有限公司 | Data package filtering method, device and system for Android system under non-super user authority |
| CN105376107A (en) * | 2014-08-29 | 2016-03-02 | 腾讯科技(深圳)有限公司 | Terminal test method and proxy server |
| CN106936791A (en) * | 2015-12-31 | 2017-07-07 | 阿里巴巴集团控股有限公司 | Intercept the method and apparatus that malice network address is accessed |
| US20170279803A1 (en) * | 2016-03-28 | 2017-09-28 | Zscaler, Inc. | Systems and methods for cloud based unified service discovery and secure availability |
| WO2019010734A1 (en) * | 2017-07-12 | 2019-01-17 | 网宿科技股份有限公司 | Method and system for guiding service application traffic |
| CN109450991A (en) * | 2018-10-19 | 2019-03-08 | 网宿科技股份有限公司 | Data transmission acceleration method, relevant device and acceleration system based on mobile application |
| CN110113325A (en) * | 2019-04-25 | 2019-08-09 | 成都卫士通信息产业股份有限公司 | Network Data Control method, apparatus and storage medium based on third party SDK |
| CN110324436A (en) * | 2019-07-05 | 2019-10-11 | 网宿科技股份有限公司 | A kind of Proxy Method and device of transport-layer proxy |
| CN111224832A (en) * | 2018-11-26 | 2020-06-02 | 阿里巴巴集团控股有限公司 | Method, control equipment, proxy server and system for capturing network data |
-
2020
- 2020-10-16 CN CN202011111191.0A patent/CN112261660B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001031874A2 (en) * | 1999-10-28 | 2001-05-03 | Jpmorgan Chase Bank | Secured session sequencing proxy system supporting multiple applications and method therefor |
| CN1260545A (en) * | 1999-12-29 | 2000-07-19 | 西安交通大学 | Agency for address translation based on transparent network and firewall web gat e |
| WO2002085041A2 (en) * | 2001-04-10 | 2002-10-24 | T-Mobile Deutschland Gmbh | Method for carrying out monitoring measures and information searches in telecommunication and data networks |
| CN104010000A (en) * | 2014-06-13 | 2014-08-27 | 北京联宇益通科技发展有限公司 | Data package filtering method, device and system for Android system under non-super user authority |
| CN105376107A (en) * | 2014-08-29 | 2016-03-02 | 腾讯科技(深圳)有限公司 | Terminal test method and proxy server |
| CN106936791A (en) * | 2015-12-31 | 2017-07-07 | 阿里巴巴集团控股有限公司 | Intercept the method and apparatus that malice network address is accessed |
| US20170279803A1 (en) * | 2016-03-28 | 2017-09-28 | Zscaler, Inc. | Systems and methods for cloud based unified service discovery and secure availability |
| WO2019010734A1 (en) * | 2017-07-12 | 2019-01-17 | 网宿科技股份有限公司 | Method and system for guiding service application traffic |
| CN109450991A (en) * | 2018-10-19 | 2019-03-08 | 网宿科技股份有限公司 | Data transmission acceleration method, relevant device and acceleration system based on mobile application |
| CN111224832A (en) * | 2018-11-26 | 2020-06-02 | 阿里巴巴集团控股有限公司 | Method, control equipment, proxy server and system for capturing network data |
| CN110113325A (en) * | 2019-04-25 | 2019-08-09 | 成都卫士通信息产业股份有限公司 | Network Data Control method, apparatus and storage medium based on third party SDK |
| CN110324436A (en) * | 2019-07-05 | 2019-10-11 | 网宿科技股份有限公司 | A kind of Proxy Method and device of transport-layer proxy |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112261660B (en) | 2024-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6339713B2 (en) | Method for activating user, method for authenticating user, method for controlling user traffic, method for controlling user connection of 3G traffic Wi-Fi network and 3G traffic routing system | |
| US7522907B2 (en) | Generic wlan architecture | |
| AU765973B2 (en) | Internet protocol traffic filter for a mobile radio network | |
| US7016334B2 (en) | Device, system, method and computer readable medium for fast recovery of IP address change | |
| US7474655B2 (en) | Restricting communication service | |
| CN101651537B (en) | Method and device for performing distributed security control in communication network system | |
| US9130848B2 (en) | Method and apparatus for enhancing QoS during home network remote access | |
| US20090077635A1 (en) | Method, apparatus and system for network service authentication | |
| WO2005099284A2 (en) | A device, system, method and computer readable medium obtaining a network attribute, such as a dns address, for a short distance wireless network | |
| US20060047829A1 (en) | Differentiated connectivity in a pay-per-use public data access system | |
| US20040125762A1 (en) | Device, system, method and computer readable medium for attaching to a device identifited by an access point name in a wide area network providing particular services | |
| JP5206677B2 (en) | Communication apparatus and communication method | |
| EP3276987B1 (en) | Service allocation method and device | |
| US9264885B2 (en) | Method and system for message transmission control, method and system for register/update | |
| CN112261660A (en) | Android mobile phone end application proxy access security control method | |
| EP1176760A1 (en) | Method of establishing access from a terminal to a server | |
| KR101013274B1 (en) | Method and system for intercepting unusual call in wireless data communication environment | |
| WO2022249151A1 (en) | Centralized afc system information function and procedures in 6 ghz afc controlled networks | |
| WO2003079210A1 (en) | Differentiated connectivity in a pay-per-use public data access system | |
| AU743974B2 (en) | The use of a pair made up of a call number and of an internet originating address | |
| CN116094821B (en) | Route configuration method and device | |
| CN116744284A (en) | Method, PCF, system and storage medium for providing QoS service | |
| JP2014036422A (en) | Inter-network filtering system and method | |
| CA3203131A1 (en) | Inter-plmn user plane integration | |
| CN115412925A (en) | Network security protection method and device and security protection function network element |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |