CN112749088B - Application program detection method and device, electronic equipment and storage medium - Google Patents

Application program detection method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN112749088B
CN112749088B CN202110042256.9A CN202110042256A CN112749088B CN 112749088 B CN112749088 B CN 112749088B CN 202110042256 A CN202110042256 A CN 202110042256A CN 112749088 B CN112749088 B CN 112749088B
Authority
CN
China
Prior art keywords
detection
detected
application program
software development
development kit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110042256.9A
Other languages
Chinese (zh)
Other versions
CN112749088A (en
Inventor
邵淼
廖诗江
徐霄越
胡高岩
何蕴川
朱律
赵梦炜
李轶鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guahao Net Hangzhou Technology Co Ltd
Original Assignee
Guahao Net Hangzhou Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guahao Net Hangzhou Technology Co Ltd filed Critical Guahao Net Hangzhou Technology Co Ltd
Priority to CN202110042256.9A priority Critical patent/CN112749088B/en
Publication of CN112749088A publication Critical patent/CN112749088A/en
Application granted granted Critical
Publication of CN112749088B publication Critical patent/CN112749088B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3696Methods or tools to render software testable

Abstract

The embodiment of the invention discloses an application program detection method, an application program detection device, electronic equipment and a storage medium. Wherein the method comprises the following steps: acquiring an application program to be detected; carrying out privacy compliance detection on the application program to be detected; and generating a detection report of the application program to be detected based on the detection result of the privacy compliance detection, and outputting the detection report. The method and the device have the advantages that privacy compliance detection is carried out on the application program, and the effect that the application program steals privacy information of a user is avoided.

Description

Application program detection method and device, electronic equipment and storage medium
Technical Field
The embodiment of the invention relates to computer technology, in particular to an application program detection method and device, electronic equipment and a storage medium.
Background
With the great popularization of intelligent terminals, various Applications (APPs) come into existence, such as financial APPs, life APPs and entertainment APPs, which greatly facilitate the lives of people and can realize shopping, meal ordering, finance and other services without going out of home; however, the APPs bring great convenience to people and bring a series of security problems, and the security problems may cause personal information leakage, property loss and the like; how to carry out safety inspection to APP application program, improve APP's security becomes the problem that needs to solve at present urgently.
At present, there is no document for privacy detection of APPs, and if a third party APP may steal privacy information of a user based on an APP being used when using a function of another APP in one APP, the third party APP is a dangerous APP, and a Software Development Kit (SDK) of the third party APP is at risk. However, there is currently no literature on whether the SDK for APP is a dangerous SDK to assist in the determination.
Disclosure of Invention
The embodiment of the invention provides an application program detection method and device, electronic equipment and a storage medium, which are used for realizing privacy compliance detection on an application program and avoiding the effect that the application program steals privacy information of a user.
In a first aspect, an embodiment of the present invention provides an application detection method, where the method includes:
acquiring an application program to be detected;
carrying out privacy compliance detection on the application program to be detected;
and generating a detection report of the application program to be detected based on the detection result of the privacy compliance detection, and outputting the detection report.
In a second aspect, an embodiment of the present invention further provides an apparatus for detecting an application, where the apparatus includes:
the application program acquisition module to be detected is used for acquiring the application program to be detected;
the privacy compliance detection module is used for carrying out privacy compliance detection on the application program to be detected;
and the detection report generating module is used for generating a detection report of the application program to be detected based on the detection result of the privacy compliance detection and outputting the detection report.
In a third aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:
one or more processors;
storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the application detection method according to any of the embodiments of the present invention.
In a fourth aspect, embodiments of the present invention further provide a storage medium containing computer-executable instructions, which when executed by a computer processor are configured to perform the application detection method described in any of the embodiments of the present invention.
According to the technical scheme of the embodiment of the invention, the privacy compliance detection is carried out on the obtained application program to be detected, and the detection report of the application program to be detected is generated based on the detection result of the privacy compliance detection, so that the problem that the privacy information of a user is stolen in the use process of the application program to be detected is avoided, the privacy safety of the user is maintained, and the user experience is improved.
Drawings
FIG. 1 is a flowchart illustrating an application detection method according to an embodiment of the present invention;
FIG. 2 is a flowchart of an application detection method according to a second embodiment of the present invention;
FIG. 3 is a flowchart illustrating an application detection method according to a second embodiment of the present invention;
FIG. 4 is a schematic structural diagram of an application detection apparatus according to a third embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device in a fourth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some structures related to the present invention are shown in the drawings, not all of them.
Before the technical solution of the embodiment of the present invention is introduced, first, a background knowledge related to APP detection is introduced:
currently, each APP faces a series of security threats, which all cause huge losses to people, and the main security problems of the APP include the following aspects:
1. and (4) program safety:
(1) Decompiling secondary packaging safety: most of Android (Android) -based APPs are not protected by shells, so that the APPs can be decompiled by an attacker, and advertisements, malicious codes, viruses and the like are implanted into the decompiled APP for repacking; after secondary packaging, although the performance, the user experience and the appearance are the same as those of a regular APP, malicious behaviors such as stealing user information, interface hijacking, privacy peeping, advertisement harassment and the like are performed silently in the background;
(2) The Android component is safe: the setting of component authorities such as background service, content Provider (Content Provider) and third party calling and broadcasting of the APP has security problems, so that data is stolen and the like;
2. and (3) data security:
(1) And Log security: the Log Log is generated during the running of the APP and is used for recording and monitoring the running condition of the program, and the running condition in the APP can be known in detail through the Log Log;
(2) And (4) local storage data security: local file storage is often done in the following manner, and some security issues are also encountered;
shared Preferences (Shared Preferences): storing some lightweight data through a key-Value pair for storing some small data such as software configuration information, and reading and modifying Value values after being cracked by hackers;
file storage: is a file (I/O) storage scheme for storing large amounts of data;
the content provider: the method is a data storage mode capable of realizing sharing of all application programs;
SQLite database: the embedded relational database is used, and hackers can modify some SQL statements or read data information in the database, so that information of APP users is leaked;
3. and (3) data transmission safety:
(1) Network monitoring and attack: when the APP runs, a network packet sent or received between the APP and the outside can be captured through a specific tool; after the network packet is obtained, the network protocol of the APP can be analyzed, so that attack is carried out on the server, or the encryption algorithm of the network packet is reversely analyzed;
(2) Login request retransmission attack: most of the APPs use HTTP transmission, so that data can be easily sniffed when a network request is made, and if a replay attack test is performed on a network packet in a login process, an attacker may log in a system, so as to acquire user sensitive information.
The safety detection of the APP application program of the Android mainly comprises the following technical contents:
1. the component safety detection detects and analyzes the standard use of Activity safety, broadcast Receiver safety, service safety, content Provider safety, content safety and WebView, and finds component bugs caused by non-standard use in a program;
2. code security detection: detecting and analyzing code confusion, dex protection, SO protection, resource file protection and security processing of codes of a third-party loading library, and finding out a bug of decompiling and cracking the codes;
3. memory security detection: detecting a memory processing and protecting mechanism in the APP operation process for detection and analysis, and finding whether a vulnerability risk of being modified and damaged exists;
4. data security detection: the method comprises the following steps of carrying out vulnerability detection on the processes of data input, data storage, stored data category, data access control, sensitive data encryption, memory data security, data transmission, certificate verification, remote data communication encryption, data transmission integrity, local data communication security, session security, data output, debugging information, sensitive information display and the like, and discovering vulnerabilities which are illegally called, transmitted and stolen in the data storage and processing processes;
5. and (3) service security detection: detecting and analyzing user login, password management, payment security, identity authentication, timeout setting, exception handling and the like, and discovering potential bugs in the service processing process;
6. application management detection;
(1) Downloading and installing: detecting whether a safe application distribution channel is available for a user to download, and detecting whether malicious applications packaged for the second time exist in each application market;
(2) Application unloading: detecting whether the application unloading is completely cleared or whether data is remained;
(3) Version upgrading: detecting whether the online version detection and upgrading functions are provided; and detecting whether the upgrading process is hijacked and deceived by a third party or not.
When detecting APP, there are two detection modes, namely static detection and dynamic detection, specifically as follows:
1. static detection: static detection is mainly used for detecting the permission configuration and the program code of the APP through a detection tool, and the most common method is decompilation. The dex2jar and the apktool respectively represent two decompiling modes, the dex2jar decompiles java source codes, and the apktool decompiles java assembly codes;
the configuration and the authority of the APP component can be analyzed through static decompilation, and the safety of the APP code is checked; meanwhile, the APP encryption mechanism and the data storage position are known through analysis of the source code; the safety of the APP can be analyzed to the maximum extent by adopting a static decompilation method to perform safety detection on the APP;
2. dynamic detection: besides statically detecting the APP, the safety detection can be performed on the APP in a dynamic mode due to the detection content and the safety reinforcement problem of the APP;
(1) bropesite: the proxy server is set by using the brussuite tool, http protocol content in the APP application program can be detected and analyzed, and whether the APP adopts a security detection such as an encryption transmission mechanism and login replay attack can be detected by using the method;
(2) Interactive Disassembler Professional (IDA Pro): by adopting the dynamic debugging method, some APP programs adopting the shell technology can be detected, so that malicious programs embedded into the APP programs can be found, and the method is a deeper safety detection mode.
Based on the above security problem and detection of the APP, the embodiment of the invention adds privacy compliance detection of the APP on the basis of the existing security detection, so as to prevent the application program from stealing the privacy information of the user and protect the privacy security of the user.
Example one
Fig. 1 is a flowchart of an application detection method according to an embodiment of the present invention, where this embodiment is applicable to a case of detecting an application, the method may be executed by an application detection apparatus, the application detection apparatus may be implemented by software and/or hardware, and the application detection apparatus may be configured on an electronic computing device, and specifically includes the following steps:
and S110, acquiring the application program to be detected.
For example, the application to be detected may be an application to be detected.
Before the application program is detected, the application program to be detected is acquired first.
In the embodiment of the present invention, before the application program to be detected is obtained, the application program to be detected has been developed, that is, each Software Development Kit (SDK) of the application program to be detected has been developed and packaged.
And S120, carrying out privacy compliance detection on the application program to be detected.
For example, the privacy compliance detection may be detection of privacy of the application to be detected, so as to prevent the application from stealing privacy information of a user who installs the application.
The privacy compliance detection is carried out on the application program to be detected, and the method has the advantages that the privacy compliance of the application program to be detected can be detected, so that the problem that the application program steals the privacy information of the user is avoided, the privacy information of the user is guaranteed not to be revealed, the privacy information of the user is protected, and the user experience is improved.
Optionally, the privacy compliance detecting includes: and detecting a software development kit.
In the embodiment of the invention, the privacy compliance detection is performed on the application program to be detected, and the detection can be performed on a software development kit of the application program to be detected. Because an application is generated from a software development kit, if the software development kit for the application has a problem, the application will also have a problem.
Optionally, the preset detection of the application to be detected includes: extracting original authority information of the application program to be detected and information of each software development kit of the application program to be detected; based on the original authority information, acquiring a rule corresponding to the original authority information from a rule base, and correspondingly storing the original authority information and the rule corresponding to the original authority information; the rule base stores a corresponding relation between a rule corresponding to original authority information and the original authority information in advance; acquiring rules corresponding to the software development kit information from a rule base based on the software development kit information, and correspondingly storing the software development kit information and the rules corresponding to the software development kit information; the rule base stores rules corresponding to the software development kit information and corresponding relations of the software development kit information in advance.
For example, the original permission information may be permission information of the application to be detected. For example, the device authority of the application to be detected may be called when the developer develops the application to be detected. For example, the original right information extracted after APP scanning may be [ android.
In the embodiment of the present invention, the specific way to extract the original permission information of the application program to be detected may be to perform decompilation on the code of the application program to be detected by using a decompilation tool, then search for a file named [ android manifest.
The software development kit information may be SDK information of the application to be detected, for example, the name of the SDK, and information represented by the SDK, for example, if the SDK information is [ com.baidu.location ], the SDK information corresponds to [ Baidu positioning SDK ].
In the embodiment of the present invention, the specific way to extract the information of each software development kit of the application program to be detected may be to perform decompiling on the code of the application program to be detected by using a decompiling tool, then search for a file with a name of [ android manifest.xml ], and search for a package name (namely, a directory name) after the decompiling of the application program to be detected for matching, so as to obtain information such as com.
After the original authority information of the application program to be detected is extracted, the rule corresponding to the original authority information can be obtained from the rule base according to the extracted original authority information, and the original authority information and the rule corresponding to the original authority information are correspondingly stored.
In the embodiment of the invention, the rule corresponding to the original authority information and the original authority information are stored in the rule base in advance, wherein the original authority information and the rule corresponding to the original authority information are mutually corresponding.
In the embodiment of the invention, the original authority information of the application program to be detected and the rule corresponding to the original authority information can be stored in the rule base in advance. For example, the original right information extracted after APP scanning may be [ android.
It should be noted that, in the embodiment of the present invention, the correspondence between the original permission information and the rule of the original permission information may be a many-to-one relationship. Namely, the corresponding rules of the original rights information [ android.
After the software development kit information of the application program to be detected is extracted, based on the extracted software development kit information of the application program to be detected, the rule corresponding to the software development kit information can be obtained from the rule base, and the software development kit information and the rule corresponding to the software development kit information are correspondingly stored.
In the embodiment of the invention, the rule corresponding to each piece of software development kit information and each piece of software development kit information are stored in the rule base in advance, wherein each piece of software development kit information and the rule corresponding to each piece of software development kit information are in a corresponding relationship with each other.
In the embodiment of the invention, the information of each software development kit of the application program to be detected and the rules corresponding to the information of each software development kit can be stored in the rule base in advance. For example, if the SDK information proposed after APP scan is [ com.
It should be noted that, in the embodiment of the present invention, the correspondence between each piece of SDK information and the rule corresponding to each piece of SDK information may be a one-to-one relationship. Namely [ com. Alipay ] corresponds to [ arisdk ], and [ com.approach ] corresponds to [ vacation SDK ].
The method has the advantage that the software development kit of the application program to be detected can be detected, so that the problem of the software development kit of the application program to be detected, namely the occurrence of dangerous SDK (software development kit) is avoided.
Optionally, the privacy compliance detection further includes: and (6) privacy detection.
Optionally, after the information of each software development kit and the rule corresponding to the information of each software development kit are correspondingly stored, the method further includes: acquiring an identifier of a privacy policy or an identifier of a privacy right policy of an application program to be detected, and scanning the privacy policy or the privacy right policy of the application program to be detected if the identifier of the privacy policy or the identifier of the privacy right policy of the application program to be detected is determined to be acquired; if the fields corresponding to the original authority information and the fields corresponding to the software development kit are determined to be scanned, comparing the scanned fields corresponding to the original authority information with the stored original authority information, and comparing the scanned fields corresponding to the software development kit with the stored software development kit information; if at least one of the comparison of the field corresponding to the original permission information with the stored original permission information and the comparison of the field corresponding to the software development kit with the stored software development kit information is not matched, determining that the privacy compliance detection of the application program to be detected fails; and if the comparison of the field corresponding to the original permission information with the stored original permission information and the comparison of the field corresponding to the software development kit with the stored software development kit information are matched, determining that the privacy compliance detection of the application program to be detected is passed.
For example, the identifier of the privacy policy may be an identifier of the privacy policy of the application to be detected, for example, may be an identifier indicating the privacy policy of the application to be detected, such as a fixed value set for the privacy policy of the application to be detected, such as 1.
The identifier of the privacy policy may be an identifier of the privacy policy of the application to be detected, for example, may be an identifier indicating the privacy policy of the application to be detected, and may be, for example, a fixed value set for the privacy policy of the application to be detected, such as 2.
In the embodiment of the invention, the privacy policy and the privacy policy are all owned by the application program to be detected, namely the privacy policy and the privacy policy are set for the application program to be detected when the application program to be detected is developed.
It should be noted that the privacy policy may be a policy of the user's privacy information, such as phone number and name, that the APP may need to collect during the use process. The privacy policy may be a policy that when a user uses an APP, the APP will protect some information of the user.
In the embodiment of the present invention, the obtaining of the identifier of the privacy policy or the identifier of the privacy policy of the application program to be detected may specifically be that after the application program to be detected is decompiled, the information of the privacy policy is globally searched, and if the identifier of the privacy policy or the identifier of the privacy policy is found (specifically, the fixed value of the privacy policy or the fixed value of the privacy policy to be found is searched), the link extraction of the privacy policy or the privacy policy is performed. Specifically, all link information in the application program to be detected can be matched by using regular matching, then simulation access is carried out, the linked title is extracted, and if the extracted linked title is a privacy policy or a privacy right policy, the link of the privacy policy or the privacy right policy is stored for subsequent analysis.
After the link of the privacy policy or the privacy right policy is extracted, clicking to access the link of the extracted privacy policy or privacy right policy, scanning the privacy policy or privacy right policy, comparing the scanned field corresponding to the original authority information with the correspondingly stored original authority information if the field corresponding to the original authority information and the field corresponding to the software development kit are determined to be scanned, and comparing the scanned field corresponding to the software development kit with the correspondingly stored software development kit information.
And if at least one of the comparison between the field corresponding to the original permission information and the stored original permission information and the comparison between the field corresponding to the software development kit and the stored software development kit information is not matched, determining that the privacy compliance detection of the application program to be detected fails. Namely, if the comparison of the field corresponding to the original permission information and the stored original permission information is not matched, and/or the comparison of the field corresponding to the software development kit and the stored software development kit information is not matched, determining that the privacy compliance detection of the application program to be detected fails.
And if the comparison between the field corresponding to the original permission information and the stored original permission information and the comparison between the field corresponding to the software development kit and the stored software development kit information are matched, determining that the privacy compliance detection of the application program to be detected is passed. That is, if the field corresponding to the original permission information is matched with the stored original permission information in a comparison manner, and the field corresponding to the software development kit is matched with the stored software development kit information in a comparison manner, it is determined that the privacy compliance detection of the application program to be detected passes.
Therefore, the problem that the privacy information of the user is stolen in the using process of the application program to be detected is avoided, the privacy safety of the user is maintained, and the user experience is improved.
Optionally, before the privacy compliance detection is performed on the application to be detected, the method further includes: judging whether a preset privacy compliance detection software development kit is integrated in the application program to be detected; if the application program to be detected is determined to be integrated with the preset privacy compliance detection software development kit, judging whether the version of the preset privacy compliance detection software development kit is the target version; if the version of the preset privacy compliance detection software development kit is the target version, determining that the privacy compliance detection of the application program to be detected passes; if the version of the preset privacy compliance detection software development kit is not the target version, generating prompt information to prompt that the current version of the preset privacy compliance detection software development kit is updated to the target version; and if the application program to be detected is determined not to be integrated with the preset privacy compliance detection software development kit, executing the step of carrying out privacy compliance detection on the application program to be detected.
For example, the preset privacy compliance detection software development kit may be a preset secure privacy compliance detection software development kit, i.e., the software development kit is detected by privacy compliance.
The target version may be a preset version of a preset privacy compliance detection software development kit, for example, may be a latest version of the preset privacy compliance detection software development kit.
After the application program to be detected is obtained, judging whether a preset privacy compliance detection software development kit is integrated in the application program to be detected; if the application program to be detected is determined to be integrated with the preset privacy compliance detection software development kit, judging whether the version of the preset privacy compliance detection software development kit is the target version; and if the version of the preset privacy compliance detection software development kit is the target version, determining that the privacy compliance detection of the application program to be detected passes.
If the version of the preset privacy compliance detection software development kit is not the target version, generating prompt information to prompt that the current version of the preset privacy compliance detection software development kit is updated to the target version; if the application program to be detected is determined not to be integrated with the preset privacy compliance detection software development kit, detecting the software development kit of the application program to be detected, namely executing the step of carrying out privacy compliance detection on the application program to be detected.
When the preset privacy compliance detection software development kit is integrated in the application program to be detected and the version of the preset privacy compliance detection software development kit is the target version, the privacy compliance detection of the application program to be detected can be omitted, so that the time is saved and the user experience is improved.
And S130, generating a detection report of the application program to be detected based on the detection result of the privacy compliance detection, and outputting the detection report.
For example, after the privacy compliance detection is performed on the application program to be detected, a detection report may be generated according to a detection result of the privacy compliance detection of the application program to be detected, and the detection report may be output.
According to the technical scheme of the embodiment of the invention, the privacy compliance detection is carried out on the obtained application program to be detected, and the detection report of the application program to be detected is generated based on the detection result of the privacy compliance detection, so that the problem that the privacy information of a user is stolen in the using process of the application program to be detected is avoided, the privacy safety of the user is maintained, and the user experience is improved.
Example two
Fig. 2 is a flowchart of an application detection method according to a second embodiment of the present invention, and the second embodiment of the present invention may be combined with various alternatives in the foregoing embodiments. In this embodiment of the present invention, optionally, after the acquiring the application program to be detected, the method further includes: and carrying out safe static detection on the application program to be detected. Correspondingly, the generating a detection report of the application to be detected based on the detection result of the privacy compliance detection includes: and generating a detection report of the application program to be detected based on the detection result of the security static detection and the detection result of the privacy compliance detection.
As shown in fig. 2, the method of the embodiment of the present invention specifically includes the following steps:
s210, acquiring the application program to be detected.
S220, carrying out privacy compliance detection on the application program to be detected.
And S230, carrying out safe static detection on the application program to be detected.
For example, after receiving the application program to be detected, the security static detection needs to be performed on the application program to be detected, and specifically, the vulnerability detection may be performed on the code of the application program to be detected.
It should be noted that, in the embodiment of the present invention, steps S220 and S230 may be performed synchronously, that is, after receiving the application to be detected, privacy compliance detection and security static detection may be performed on the application to be detected at the same time.
Optionally, the performing security static detection on the application to be detected includes: performing safe static detection on the application program to be detected based on each bug stored in the bug library and the detection rule corresponding to each bug; if the vulnerability is detected, determining that the security static detection of the application program to be detected does not pass; and if the vulnerability is not detected, determining that the security static detection of the application program to be detected passes.
For example, performing security static detection on the application program to be detected, specifically, performing security static detection on the application program to be detected according to each vulnerability stored in the vulnerability library and a detection rule corresponding to each vulnerability, and if a vulnerability is detected, determining that the security static detection of the application program to be detected does not pass; and if the vulnerability is not detected, determining that the security static detection of the application program to be detected passes.
It should be noted that, in the embodiment of the present invention, each vulnerability that may exist in the current application program and a detection rule for detecting each vulnerability are stored in the vulnerability library.
In the embodiment of the present invention, the implementation steps of the vulnerability detection script of the detection rule for detecting the vulnerability may specifically be: and (3) decompiling the APP by using a decompilation tool, wherein an assets resource folder is arranged in a decompilated directory, the resource folder is accessed, the resource folder is searched, files with the suffix names js and html are searched, scripts are written according to the steps, the scripts are input into the vulnerability library, and vulnerability scanning can be carried out on the die detection application program by using the vulnerability library.
The method has the advantages that whether the code of the application program to be detected has a bug or not can be determined, and the problem that the application program to be detected cannot be normally used due to the fact that the code of the application program to be detected has the bug is solved.
S240, generating a detection report of the application program to be detected based on the detection result of the security static detection and the detection result of the privacy compliance detection, and outputting the detection report.
For example, after the detection result of the security static detection and the detection result of the privacy compliance detection are obtained, a detection report of the application to be detected may be generated according to the detection result of the security static detection and the detection result of the privacy compliance detection, and the detection report may be output.
In the embodiment of the invention, the detection report comprises basic information of the application to be detected, detection information of privacy compliance detection and detection information of security static detection.
Specifically, the basic information of the application to be detected at least includes: the method comprises the following steps of obtaining a name of an application to be detected, names of files in the application to be detected, the version number of the application to be detected, detection time of the application to be detected, a permission list of the application to be detected (namely, a device list of an application program to be detected can be used), a software development kit list of the application to be detected and a privacy policy link.
The detection information of the privacy compliance detection includes at least: the name of the detection item of the privacy compliance detection and the detection result of the detection item of the privacy compliance detection.
For example, it may be, as detected items: whether the application program to be detected has the basic privacy compliance SDK or not, whether the detection items of the privacy compliance detection pass or not: is.
As another example, as items detected: whether the application program to be detected has a privacy policy or not, whether the privacy policy detection passes or not is judged: is.
The detection information of the safe static detection at least comprises: the name of the detection item of the safety static detection and the detection result of the detection item of the safety static detection.
For example, the name of the detection item for the static security detection, such as vulnerability name: resource file leakage risk, vulnerability details: (xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxis, whether the vulnerability detection result passes: is.
The method has the advantages that the related information of the security static detection and the related information of the privacy compliance detection can be directly displayed in the detection report, so that a developer can visually see the detection result of the application program to be detected.
Referring to the execution flow chart of the application program detection method described in fig. 3, a detection platform or system that can perform privacy compliance detection and security static detection on the application program to be detected may be set, so that when the application program to be detected needs privacy compliance detection and security static detection, the application program to be detected may be packaged and sent to the detection platform or system, and the detection platform or system scans the application program to be detected to perform privacy compliance detection and security static detection on the application program.
According to the technical scheme of the embodiment of the invention, the application program to be detected is subjected to safe static detection, so that whether the code of the application program to be detected has a bug or not can be determined, and the problem that the application program to be detected cannot be normally used due to the bug of the code of the application program to be detected is avoided.
EXAMPLE III
Fig. 4 is a schematic structural diagram of an application detection apparatus according to a third embodiment of the present invention, and as shown in fig. 4, the apparatus includes: an application program to be detected acquisition module 31, a privacy compliance detection module 32 and a detection report generation module 33.
The to-be-detected application program acquiring module 31 is configured to acquire an to-be-detected application program to be detected;
a privacy compliance detection module 32, configured to perform privacy compliance detection on the application to be detected;
and a detection report generating module 33, configured to generate a detection report of the application to be detected based on the detection result of the privacy compliance detection, and output the detection report.
Optionally, the privacy compliance detecting includes: and detecting a software development kit.
On the basis of the technical solution of the embodiment of the present invention, the privacy compliance detection module 32 includes:
the first information extraction unit is used for extracting the original authority information of the application program to be detected and the information of each software development kit of the application program to be detected;
the second information extraction unit is used for acquiring a rule corresponding to the original authority information from a rule base based on the original authority information and correspondingly storing the original authority information and the rule corresponding to the original authority information; wherein, the rule base stores the corresponding relation between the rule corresponding to the original authority information and the original authority information in advance;
a third information extraction unit, configured to obtain, based on each piece of software development kit information, a rule corresponding to each piece of software development kit information from a rule base, and store each piece of software development kit information and the rule corresponding to each piece of software development kit information in a corresponding manner; the rule base stores rules corresponding to the software development kit information and corresponding relations of the software development kit information in advance.
Optionally, the privacy compliance detection further includes: and (6) privacy detection.
On the basis of the technical solution of the embodiment of the present invention, the privacy compliance detection module 32 further includes:
the privacy scanning unit is used for acquiring the identifier of the privacy policy or the identifier of the privacy right policy of the application program to be detected, and if the identifier of the privacy policy or the identifier of the privacy right policy of the application program to be detected is determined to be acquired, scanning the privacy policy or the privacy right policy of the application program to be detected;
a comparison unit, configured to compare the scanned field corresponding to the original permission information with the stored original permission information and compare the scanned field corresponding to the software development kit with the stored software development kit information if it is determined that the field corresponding to the original permission information and the field corresponding to the software development kit are scanned;
a detection failure determining unit, configured to determine that the privacy compliance detection of the application to be detected fails if at least one of a comparison between the field corresponding to the original permission information and the stored original permission information and a comparison between the field corresponding to the software development kit and the stored software development kit information are mismatched;
and the detection pass determining unit is used for determining that the privacy compliance detection of the application program to be detected passes if the comparison between the field corresponding to the original permission information and the stored original permission information and the comparison between the field corresponding to the software development kit and the stored software development kit information are matched.
On the basis of the technical scheme of the embodiment of the invention, the device also comprises:
the first judgment module is used for judging whether a preset privacy compliance detection software development kit is integrated in the application program to be detected;
the second judgment module is used for judging whether the version of the preset privacy compliance detection software development kit is a target version or not if the fact that the preset privacy compliance detection software development kit is integrated in the application program to be detected is determined;
the detection pass determining module is used for determining that the privacy compliance detection of the application program to be detected passes if the version of the preset privacy compliance detection software development kit is the target version;
the version updating module is used for generating prompt information to prompt that the current version of the preset privacy compliance detection software development kit is updated to the target version if the version of the preset privacy compliance detection software development kit is not the target version;
and the privacy compliance detection determining and executing module is used for executing the step of carrying out privacy compliance detection on the application program to be detected if the application program to be detected is determined not to be integrated with a preset privacy compliance detection software development kit.
On the basis of the technical scheme of the embodiment of the invention, the device also comprises: a secure static detection module;
and the safety static detection module is used for carrying out safety static detection on the application program to be detected.
On the basis of the technical scheme of the embodiment of the invention, the safety static detection module is specifically used for:
performing safe static detection on the application program to be detected based on each bug stored in a bug library and a detection rule corresponding to each bug, wherein each bug and the detection rule corresponding to each bug are stored in the bug library in advance; if the vulnerability is detected, determining that the security static detection of the application program to be detected does not pass; and if no loophole is detected, determining that the security static detection of the application program to be detected passes.
On the basis of the technical solution of the embodiment of the present invention, the detection report generating module 33 is specifically configured to:
and generating a detection report of the application program to be detected based on the detection result of the security static detection and the detection result of the privacy compliance detection.
The application program detection device provided by the embodiment of the invention can execute the application program detection method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
Example four
Fig. 5 is a schematic structural diagram of an electronic apparatus according to a fourth embodiment of the present invention, as shown in fig. 5, the electronic apparatus includes a processor 70, a memory 71, an input device 72, and an output device 73; the number of the processors 70 in the electronic device may be one or more, and one processor 70 is taken as an example in fig. 5; the processor 70, the memory 71, the input device 72 and the output device 73 in the electronic apparatus may be connected by a bus or other means, and the bus connection is exemplified in fig. 5.
The memory 71 is a computer-readable storage medium, and can be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the application detection method in the embodiment of the present invention (for example, the to-be-detected application acquisition module 31, the privacy compliance detection module 32, and the detection report generation module 33). The processor 70 executes various functional applications and data processing of the electronic device by executing software programs, instructions and modules stored in the memory 71, that is, implements the application detection method described above.
The memory 71 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 71 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 71 may further include memory located remotely from the processor 70, which may be connected to the electronic device through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 72 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function controls of the electronic apparatus. The output device 73 may include a display device such as a display screen.
EXAMPLE five
The fifth embodiment of the present invention further provides a storage medium containing computer-executable instructions, which are used for executing an application detection method when executed by a computer processor.
Of course, the storage medium provided by the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the operations of the method described above, and may also perform related operations in the application program detection method provided by any embodiment of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes instructions for enabling a computer electronic device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the application detection apparatus, each included unit and module are only divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It is to be noted that the foregoing description is only exemplary of the invention and that the principles of the technology may be employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in some detail by the above embodiments, the invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the invention, and the scope of the invention is determined by the scope of the appended claims.

Claims (9)

1. An application detection method, comprising:
acquiring an application program to be detected;
carrying out privacy compliance detection on the application program to be detected;
generating a detection report of the application program to be detected based on a detection result of the privacy compliance detection, and outputting the detection report;
before the performing privacy compliance detection on the application to be detected, the method further includes:
judging whether a preset privacy compliance detection software development kit is integrated in the application program to be detected;
if the application program to be detected is determined to be integrated with a preset privacy compliance detection software development kit, judging whether the version of the preset privacy compliance detection software development kit is a target version;
if the version of the preset privacy compliance detection software development kit is the target version, determining that the privacy compliance detection of the application program to be detected passes;
if the version of the preset privacy compliance detection software development kit is not the target version, generating prompt information to prompt that the current version of the preset privacy compliance detection software development kit is updated to the target version;
and if the application program to be detected is determined not to be integrated with a preset privacy compliance detection software development kit, executing a privacy compliance detection step on the application program to be detected.
2. The method of claim 1, wherein the privacy compliance detection comprises: detecting a software development kit;
the privacy compliance detection of the application program to be detected comprises:
extracting original authority information of the application program to be detected and information of each software development kit of the application program to be detected;
based on the original authority information, acquiring a rule corresponding to the original authority information from a rule base, and correspondingly storing the original authority information and the rule corresponding to the original authority information; wherein, the rule base stores the corresponding relation between the rule corresponding to the original authority information and the original authority information in advance;
acquiring rules corresponding to the software development kit information from a rule base based on the software development kit information, and correspondingly storing the software development kit information and the rules corresponding to the software development kit information; the rule base stores rules corresponding to the software development kit information and corresponding relations of the software development kit information in advance.
3. The method of claim 2, wherein the privacy compliance detection further comprises: privacy detection;
after correspondingly storing each piece of software development kit information and the rule corresponding to each piece of software development kit information, the method further includes:
acquiring an identifier of the privacy policy or an identifier of the privacy right policy of the application program to be detected, and scanning the privacy policy or the privacy right policy of the application program to be detected if the identifier of the privacy policy or the identifier of the privacy right policy of the application program to be detected is determined to be acquired;
if the fields corresponding to the original permission information and the fields corresponding to the software development kit are determined to be scanned, comparing the scanned fields corresponding to the original permission information with the stored original permission information, and comparing the scanned fields corresponding to the software development kit with the stored software development kit information;
if at least one of the comparison between the field corresponding to the original permission information and the stored original permission information and the comparison between the field corresponding to the software development kit and the stored software development kit information are not matched, determining that the privacy compliance detection of the application program to be detected fails;
and if the field corresponding to the original permission information is matched with the stored original permission information and the field corresponding to the software development kit is matched with the stored software development kit information, determining that the privacy compliance detection of the application program to be detected passes.
4. The method according to claim 1, wherein after the acquiring the application to be detected, the method further comprises:
and carrying out safe static detection on the application program to be detected.
5. The method according to claim 4, wherein the performing the secure static detection on the application to be detected comprises:
performing safe static detection on the application program to be detected based on each bug stored in a bug base and a detection rule corresponding to each bug, wherein each bug and the detection rule corresponding to each bug are stored in the bug base in advance;
if the vulnerability is detected, determining that the security static detection of the application program to be detected does not pass;
and if the vulnerability is not detected, determining that the security static detection of the application program to be detected passes.
6. The method according to claim 1, wherein the generating a detection report of the application to be detected based on the detection result of the privacy compliance detection comprises:
and generating a detection report of the application program to be detected based on the detection result of the security static detection and the detection result of the privacy compliance detection.
7. An application detection apparatus, comprising:
the device comprises a to-be-detected application program acquisition module, a to-be-detected application program acquisition module and a to-be-detected application program acquisition module, wherein the to-be-detected application program acquisition module is used for acquiring the to-be-detected application program to be detected;
the privacy compliance detection module is used for carrying out privacy compliance detection on the application program to be detected;
the detection report generation module is used for generating a detection report of the application program to be detected based on the detection result of the privacy compliance detection and outputting the detection report;
the first judgment module is used for judging whether a preset privacy compliance detection software development kit is integrated in the application program to be detected;
the second judgment module is used for judging whether the version of the preset privacy compliance detection software development kit is a target version or not if the fact that the preset privacy compliance detection software development kit is integrated in the application program to be detected is determined;
the detection pass determining module is used for determining that the privacy compliance detection of the application program to be detected passes if the version of the preset privacy compliance detection software development kit is the target version;
the version updating module is used for generating prompt information to prompt that the current version of the preset privacy compliance detection software development kit is updated to the target version if the version of the preset privacy compliance detection software development kit is not the target version;
and the privacy compliance detection determining and executing module is used for executing the step of carrying out privacy compliance detection on the application program to be detected if the application program to be detected is determined not to be integrated with a preset privacy compliance detection software development kit.
8. An electronic device, characterized in that the electronic device comprises:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the application detection method of any one of claims 1-6.
9. A storage medium containing computer-executable instructions for performing the application detection method of any one of claims 1-6 when executed by a computer processor.
CN202110042256.9A 2021-01-13 2021-01-13 Application program detection method and device, electronic equipment and storage medium Active CN112749088B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110042256.9A CN112749088B (en) 2021-01-13 2021-01-13 Application program detection method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110042256.9A CN112749088B (en) 2021-01-13 2021-01-13 Application program detection method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112749088A CN112749088A (en) 2021-05-04
CN112749088B true CN112749088B (en) 2023-02-17

Family

ID=75651080

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110042256.9A Active CN112749088B (en) 2021-01-13 2021-01-13 Application program detection method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112749088B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114398673A (en) * 2021-12-31 2022-04-26 深圳市欢太科技有限公司 Application compliance detection method and device, storage medium and electronic equipment
CN114676432B (en) * 2022-05-26 2022-09-09 河北兰科网络工程集团有限公司 APP privacy compliance checking method, terminal and system
CN116107911A (en) * 2023-03-29 2023-05-12 杭州海康威视数字技术股份有限公司 Privacy compliance automatic auditing method, device and system based on event replay

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104537309A (en) * 2015-01-23 2015-04-22 北京奇虎科技有限公司 Application program bug detection method, application program bug detection device and server
CN108322466A (en) * 2018-02-02 2018-07-24 深圳市欧乐在线技术发展有限公司 Verification method, server and the readable storage medium storing program for executing of APK based on Android
CN110502926A (en) * 2019-08-26 2019-11-26 北京小米移动软件有限公司 Privacy closes rule detection method and device
CN111240694A (en) * 2020-01-03 2020-06-05 北京小米移动软件有限公司 Application detection method, application detection device and storage medium
CN112199506A (en) * 2020-11-10 2021-01-08 支付宝(杭州)信息技术有限公司 Information detection method, device and equipment for application program
CN112214418A (en) * 2020-12-04 2021-01-12 支付宝(杭州)信息技术有限公司 Application compliance detection method and device and electronic equipment

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9069968B2 (en) * 2012-01-30 2015-06-30 Nokia Technologies Oy Method and apparatus providing privacy benchmarking for mobile application development
US10216954B2 (en) * 2016-06-27 2019-02-26 International Business Machines Corporation Privacy detection of a mobile application program
CN111835756B (en) * 2020-07-10 2023-02-03 深圳市网安计算机安全检测技术有限公司 APP privacy compliance detection method and device, computer equipment and storage medium
CN112035881B (en) * 2020-11-03 2021-02-09 支付宝(杭州)信息技术有限公司 Privacy protection-based application program identification method, device and equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104537309A (en) * 2015-01-23 2015-04-22 北京奇虎科技有限公司 Application program bug detection method, application program bug detection device and server
CN108322466A (en) * 2018-02-02 2018-07-24 深圳市欧乐在线技术发展有限公司 Verification method, server and the readable storage medium storing program for executing of APK based on Android
CN110502926A (en) * 2019-08-26 2019-11-26 北京小米移动软件有限公司 Privacy closes rule detection method and device
CN111240694A (en) * 2020-01-03 2020-06-05 北京小米移动软件有限公司 Application detection method, application detection device and storage medium
CN112199506A (en) * 2020-11-10 2021-01-08 支付宝(杭州)信息技术有限公司 Information detection method, device and equipment for application program
CN112214418A (en) * 2020-12-04 2021-01-12 支付宝(杭州)信息技术有限公司 Application compliance detection method and device and electronic equipment

Also Published As

Publication number Publication date
CN112749088A (en) 2021-05-04

Similar Documents

Publication Publication Date Title
US11038876B2 (en) Managing access to services based on fingerprint matching
US10235524B2 (en) Methods and apparatus for identifying and removing malicious applications
CN112749088B (en) Application program detection method and device, electronic equipment and storage medium
US9582668B2 (en) Quantifying the risks of applications for mobile devices
US9438631B2 (en) Off-device anti-malware protection for mobile devices
JP6019484B2 (en) Systems and methods for server-bound malware prevention
Schmeelk et al. Android malware static analysis techniques
Shezan et al. Vulnerability detection in recent Android apps: An empirical study
Bianchi et al. Exploitation and mitigation of authentication schemes based on device-public information
Ibrahim et al. SafetyNOT: on the usage of the SafetyNet attestation API in Android
CN110968872A (en) File vulnerability detection processing method and device, electronic equipment and storage medium
Meng et al. Post-GDPR Threat Hunting on Android Phones: Dissecting OS-level Safeguards of User-unresettable Identifiers.
Choi et al. Large-scale analysis of remote code injection attacks in android apps
Cao et al. Rotten apples spoil the bunch: An anatomy of Google Play malware
Kulkarni et al. Open source android vulnerability detection tools: a survey
Ham et al. DroidVulMon--Android Based Mobile Device Vulnerability Analysis and Monitoring System
Cao Understanding the characteristics of invasive malware from the Google Play Store
CN112528286A (en) Terminal device security detection method, associated device and computer program product
Bhandari et al. Android app collusion threat and mitigation techniques
Yıldırım et al. A research on software security vulnerabilities of new generation smart mobile phones
Han et al. Medusa Attack: Exploring Security Hazards of {In-App}{QR} Code Scanning
CN111538990B (en) Internet analysis system
Lv et al. A Mitmproxy-based Dynamic Vulnerability Detection System For Android Applications
Khullar et al. Static Method to Locate Risky Features in Android Applications
Li et al. Mobile APP Personal Information Security Detection and Analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant