CN112817603A - Application program processing method and device, electronic equipment, system and storage medium - Google Patents
Application program processing method and device, electronic equipment, system and storage medium Download PDFInfo
- Publication number
- CN112817603A CN112817603A CN202110114613.8A CN202110114613A CN112817603A CN 112817603 A CN112817603 A CN 112817603A CN 202110114613 A CN202110114613 A CN 202110114613A CN 112817603 A CN112817603 A CN 112817603A
- Authority
- CN
- China
- Prior art keywords
- sensitive function
- sensitive
- authority
- application program
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/53—Decompilation; Disassembly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The embodiment of the invention discloses an application program processing method, an application program processing device, electronic equipment, an application program processing system and a storage medium, wherein the application program processing method comprises the following steps: decompiling an installation package of the target application program to obtain a source code file; determining a sensitive function called by a target application program according to the source code file and a preset sensitive function library; and generating a sensitive function detection report for the target application program according to the sensitive function. In the embodiment of the invention, the sensitive function called by the target application program can be automatically detected according to the source code file obtained by decompiling and the preset sensitive function library, compared with a manual detection method, the detection efficiency of the sensitive function is improved, and the detection result can be automatically and visually presented.
Description
Technical Field
The present invention relates to computer technologies, and in particular, to an application processing method, an application processing apparatus, an electronic device, an application processing system, and a storage medium.
Background
In the process of implementing the invention, the inventor finds that, in the process of auditing, a file obtained by decompiling the installation package needs to be manually detected to determine which sensitive functions are called in the application program, wherein the sensitive functions refer to functions for calling sensitive authorities, the sensitive authorities can comprise authorities related to user privacy information (such as address book, short message and the like) and authorities related to sensitive operation capability (such as camera, microphone and the like), and the method for manually detecting the sensitive functions is not intelligent enough, has low detection efficiency, and cannot automatically and intuitively present detection results.
Disclosure of Invention
The embodiment of the invention provides an application program processing method, an application program processing device, electronic equipment, an application program processing system and a storage medium, which can improve the sensitive function detection efficiency and can automatically and visually present the detection result.
In a first aspect, an embodiment of the present invention provides an application processing method, where the method includes:
decompiling an installation package of the target application program to obtain a source code file;
determining a sensitive function called by the target application program according to the source code file and a preset sensitive function library;
and generating a sensitive function detection report for the target application program according to the sensitive function.
In a second aspect, an embodiment of the present invention provides an application processing apparatus, where the apparatus includes:
the decompiling module is used for decompiling the installation package of the target application program to obtain a source code file;
the determining module is used for determining a sensitive function called by the target application program according to the source code file and a preset sensitive function library;
and the generating module is used for generating a sensitive function detection report for the target application program according to the sensitive function.
In a third aspect, an embodiment of the present invention further provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the application processing method according to any one of the embodiments of the present invention when executing the program.
In a fourth aspect, an embodiment of the present invention further provides an application processing system, which includes a terminal and an electronic device configured to execute any one of the application processing methods in the embodiments of the present invention.
In a fifth aspect, the embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the application processing method according to any one of the embodiments of the present invention.
In the embodiment of the invention, the installation package of the target application program can be decompiled to obtain the source code file; determining a sensitive function called by a target application program according to the source code file and a preset sensitive function library; generating a sensitive function detection report for the target application program according to the sensitive function; in the embodiment of the invention, the sensitive function called by the target application program can be automatically detected according to the source code file obtained by decompiling and the preset sensitive function library, compared with a manual detection method, the method is more intelligent, and the sensitive function detection efficiency is improved; and by automatically generating the sensitive function detection report, the detection result can be automatically and visually presented, and convenience is provided for auditors.
In addition, in the detection process, the sensitive function can be detected from the two dimensions of the class and the name of the sensitive function by adopting a regular matching method and a character string matching method, so that missing detection is avoided, and the comprehensiveness of the detection result is improved.
Furthermore, when a sensitive function detection report is generated, the position information of the sensitive function is combined, so that the auditor can conveniently position the calling position of the sensitive function in the source code.
In addition, an authority auditing report is generated according to the sensitive authority related to the detected sensitive function and the applied authority, and an auditor can obtain the authority compliance condition by checking the authority auditing report, thereby further providing convenience for auditing the application program.
Drawings
Fig. 1 is a schematic flowchart of an application processing method according to an embodiment of the present invention.
Fig. 2 is a schematic flow chart of a method for detecting a sensitivity function according to an embodiment of the present invention.
Fig. 3 is a schematic diagram illustrating an effect of a sensitivity function detection report according to an embodiment of the present invention.
Fig. 4 is another schematic flow chart of a method for detecting a sensitivity function according to an embodiment of the present invention.
Fig. 5 is a schematic flowchart of a permission auditing method according to an embodiment of the present invention.
Fig. 6 is a schematic diagram illustrating an effect of a permission audit report according to an embodiment of the present invention.
Fig. 7 is a schematic structural diagram of an application processing apparatus according to an embodiment of the present invention.
Fig. 8 is a schematic structural diagram of an application processing system according to an embodiment of the present invention.
Fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Fig. 1 is a schematic flowchart of an application processing method according to an embodiment of the present invention, where the method may be executed by an application processing apparatus according to an embodiment of the present invention, and the apparatus may be implemented in software and/or hardware. In a particular embodiment, the apparatus may be integrated in a server. The following embodiments will be described taking as an example that the apparatus is integrated in a server. Referring to fig. 1, the method may specifically include the following steps:
and 101, decompiling the installation package of the target application program to obtain a source code file.
For example, the target application may refer to an application that needs to perform sensitivity function detection, and the target application may be an Android application (a mobile operating system developed by google, inc.) or an IOS application (a mobile operating system developed by apple, inc.), and the following description will take the target application as an Android application as an example. Specifically, the source code file may be obtained by decompiling an installation package of the target application program by using a decompiling tool, where the installation package of the target application program may be an apk (application package) package or a Software Development tool (SDK) package, and the decompiling tool includes: apktool, dex2jar, jd-gui, jadx, AXMLPrinter2, etc., and the source code file may be, for example, a java file, a kotlin file, etc.
For example, the installation package may be decompiled and parsed using apktool or AXMLPrinter2 to obtain classes. And analyzing the class and dex files obtained after decompiling into a jar file with a suffix by utilizing dex2jar, and analyzing the jar file into a java file by utilizing jd-gui so as to obtain a source code file.
And 102, determining a sensitive function integrated in the target application program according to the source code file and a preset sensitive function library.
Illustratively, the sensitive function may refer to a function calling sensitive rights, and the sensitive rights may include rights related to user private information (such as an address book, a short message, and the like), rights related to sensitive operation capabilities (such as a camera, a microphone, and the like), and the like. The permissions in the Android system are clearly divided into a Normal Permission (Normal Permission) and a Dangerous Permission (Dangerous Permission), and the Dangerous Permission belongs to a sensitive Permission.
For convenience of management, the Android system organizes permissions with similar functions, such as a Permission RE AD _ extra _ STORAGE for reading EXTERNAL STORAGE and a Permission WRITE _ extra _ STORAGE for writing EXTERNAL STORAGE, into a plurality of Permission groups (Permission groups), all permissions in the same Group are granted at the same time, and in practical application, the following two situations occur:
(1) if an application applies for a dangerous right that has been declared in the global configuration file android manifest, xml, and the application does not yet obtain any right in the group of rights to which the dangerous right belongs, the system pops up a dialog box asking the user to grant permission to grant the right in the group of rights (but not to indicate which right is in the group).
(2) If an application applies for a dangerous right that has been declared in the global configuration file android manifest.
What distinguishes the normal permission from the dangerous permission is whether the permission violates the privacy of the user, the permission like setting a system time zone (time zone) does not substantially relate to the privacy of the user and thus belongs to the normal permission, while the permission to read the contact information obviously touches the private data of the user and thus belongs to the dangerous permission.
In a specific implementation, the preset sensitive function library may be established in advance according to the following method:
(1) and acquiring the characteristic information of the preset sensitive function.
The preset sensitive function may be any function marked as a sensitive function, and the preset sensitive function includes a plurality of sensitive functions. The feature information of the preset sensitive function may include a name of the preset sensitive function and a class name of a class to which the preset sensitive function belongs, and of course, the feature information may also include other information, such as description information of the preset sensitive function, a name of a sensitive authority corresponding to the preset sensitive function, and the like, which is not specifically limited herein.
Exemplarily, the characteristic information of the preset sensitive function crawled by the web crawler can be utilized, and then the characteristic information of the preset sensitive function crawled by the web crawler can be obtained; or, the feature information of the preset sensitive function may also be collected in a manual collection manner, for example, the feature information of the preset sensitive function may be sorted out in a manual manner, and then the sorted feature information of the preset sensitive function is uploaded to the server through the terminal, so that the feature information of the preset sensitive function uploaded by the terminal may be acquired; in addition, the feature information of the preset sensitive function crawled by the web crawler and the feature information of the preset sensitive function uploaded by the terminal can be simultaneously obtained, which is not specifically limited herein.
(2) And creating a preset sensitive function library according to the characteristic information of the preset sensitive function.
For example, query information may be constructed according to the feature information of the preset sensitive function, and a preset sensitive function library may be created according to the constructed query information; for example, the constructed query information may be stored in a preset database, so as to obtain a preset sensitive function library.
Specifically, when determining the sensitive function called by the target application program, query information may be extracted from a preset sensitive function library, and the source code file is queried by using the query information, so as to obtain the sensitive function called by the target application program, where the queried sensitive function may include one or more sensitive functions.
And 103, generating a sensitive function detection report for the target application program according to the sensitive function.
For example, the queried sensitive function may be written into a report template, so as to generate a sensitive function detection report.
In a specific embodiment, the server may execute the application processing method provided in the embodiment of the present invention, perform the sensitive function detection on the installation package of each application in advance, store the sensitive function detection report generated for each application, and when receiving a sensitive function detection request for a target application sent by the terminal, query the storage to obtain a corresponding sensitive function detection report, and feed back the obtained sensitive function detection report to the terminal.
In another specific embodiment, the server may further execute the application processing method provided in the embodiment of the present invention when receiving a sensitive function detection request for the target application sent by the terminal, generate a sensitive function detection report for the target application, and feed back the sensitive function detection report to the terminal.
The terminal can display the sensitive function detection report fed back by the server, and the legal compliance department of the enterprise can obtain the sensitive function condition called by the target application program by checking the sensitive function detection report.
In the embodiment of the invention, the installation package of the target application program can be decompiled to obtain the source code file; determining a sensitive function called by a target application program according to the source code file and a preset sensitive function library; generating a sensitive function detection report for the target application program according to the sensitive function; in the embodiment of the invention, the sensitive function called by the target application program can be automatically detected according to the source code file obtained by decompiling and the preset sensitive function library, compared with a manual detection method, the method is more intelligent, and the sensitive function detection efficiency is improved; and by automatically generating the sensitive function detection report, the detection result can be automatically and visually presented, and convenience is provided for auditors.
In a specific embodiment, the query information constructed according to the feature information of the preset sensitive function may be a regular expression, and correspondingly, the preset sensitive function library may be a first sensitive function library, and then the sensitive function may be determined by using a regular matching method and a sensitive function detection report is generated, which may specifically be as shown in fig. 2, and includes the following steps:
In specific implementation, two types of regular expressions can be constructed according to the characteristic information of a preset sensitive function, one type of regular expression is used for querying a class (i.e. the class name of the class to which the query sensitive function belongs), and the type of regular expression can be called as a first regular expression; another type of regular expression is used for query sensitive functions (i.e., the name of the query sensitive function), and this type of regular expression may be referred to as a second regular expression. For example, in determining the sensitive function called by the target application, a first regular expression and a second regular expression may be extracted from a first sensitive function library.
Taking the sensitive function with the description information being "HTTP network connection" as an example, the first regular expression may be expressed as:
r 'http connection | org, apache, http', where HttpURLConnection and org, apache, http are class names;
the second regular expression can be expressed as:
'regex 2'. r 'openConnection | connect | HttpRequest', where openConnection, connect, HttpRequest are the names of sensitive functions.
Wherein, the character r ' in the above expression is used for preventing character escape, if special characters such as ' \ t ' appear in the character string, the \ t will be escaped without adding r ', and the ' \ t ' can keep the original shape after adding r '; backward-stroking is to prevent single character escape, and character r' is used when multiple backslash escape is required.
The first regular expression may have a plurality of class names, the class names are connected by | and the class names are generally package names imported from a source code file generated by decompilation; the second regular expression may have names of multiple sensitive functions, and the names of the multiple sensitive functions are connected by | connection.
That is, data matched with the first regular expression, or matched with the second regular expression, or matched with both the first regular expression and the second regular expression may be queried in the source code file, and the found data is used as the first target data. Taking the example that the sensitive function found by the regular matching method is the first sensitive function, the first target data may include the class to which the first sensitive function belongs and/or the first sensitive function.
In a specific embodiment, taking an example of querying, in a source code file, first target data matched with both a first regular expression (regular expression 1) and a second regular expression (regular expression 2), implementation codes of a query method may be as follows:
Since the first target data may include only the class to which the first sensitive function belongs, only the first sensitive function, and both the class to which the first sensitive function belongs and the first sensitive function. In a specific implementation, when the first target data includes the first sensitive function, the first sensitive function can be directly used as a regular matching sensitive function; when the first target data does not include the first sensitive function but only includes the class to which the first sensitive function belongs, the class to which the first sensitive function belongs may be reflected to obtain the first sensitive function, and then the first sensitive function is taken as a regular matching sensitive function.
For example, the first location information may be a line number of the first target data in the source code file.
And step 205, generating a sensitivity function detection report according to the first position information and the regular matching sensitivity function.
For example, the first location information and the regular matching sensitive function may be written into a report template, so as to generate a sensitive function detection report; for example, the first target data may be marked (e.g., highlighted, distinguished, and displayed) in the source code file according to the first location information, and then the marked source code and the regular matching sensitive function are written into the report template, so as to generate the sensitive function detection report. Therefore, by checking the sensitive function detection report, not only the sensitive function called by the target application program can be obtained, but also which position of the source code the sensitive function is called, and convenience is provided for the application program to be audited by the manager.
For example, an effect diagram of the generated sensitive function detection report may be as shown in fig. 3, in which the position of calling the sensitive function is highlighted in the source code.
In a specific embodiment, the query information constructed according to the feature information of the preset sensitive function may be a character string, and correspondingly, the preset sensitive function library may be a second sensitive function library, and then the sensitive function may be determined by using a character string matching method and a sensitive function detection report is generated, which may specifically be as shown in fig. 4, and includes the following steps:
In specific implementation, two types of character strings can be constructed according to the feature information of a preset sensitive function, one type of character string is used for querying a class (i.e. the class name of the class to which the query sensitive function belongs), and the type of character string can be called as a first character string; another type of string is used for the query sensitive function (i.e., the name of the query sensitive function), and this type of string may be referred to as a second string. For example, when determining the sensitive function called by the target application, the first and second character strings may be extracted from the second sensitive function library.
Taking the sensitive function with the description information as "recorded audio" as an example, the first character string may be represented as:
'string1': android.
The second string may be represented as:
' string2': setAudioSource ', wherein setAudioSource is the name of the sensitive function.
Since a class may include a plurality of sensitive functions, which are functions for calling a certain sensitive authority, the second string may include a plurality of strings, that is, names of a plurality of sensitive functions, and when the second string includes the names of a plurality of sensitive functions, a specific second string may be represented as:
'string_or1':'getLastKnownLocation(',
'string_or2':'requestLocationUpdates(',
'string_or3':'getLatitude(',
'string_or4':'getLongitude(',
wherein, getLastKnownLocation, requestLocationUpdates, getLatitude and getLongitude are all names of sensitive functions.
That is, data matched with the first character string, the second character string, or both the first character string and the second character string may be searched in the source code file, and the searched data is used as the second target data. Taking the example that the sensitive function found by using the string matching method is the second sensitive function, the second target data may include the class to which the second sensitive function belongs and/or the second sensitive function.
It should be noted that, when the second string includes the names of a plurality of sensitive functions, matching with the second string may be matching with the name of at least one sensitive function in the second string.
In a specific embodiment, taking as an example that the second target data matching both the first character string (character string 1) and the second character string (the second character string includes only character string2, that is, the second character string includes only the name of a sensitive function) is queried in the source code file, the implementation code of the querying method may be as follows:
in another specific embodiment, taking the example of querying the second target data in the source code file, where the second target data matches both the first string (string 1) and the second string (the second string includes string _ or1, string _ or2, string _ or3, and string _ or4, that is, the second string includes only names of a plurality of sensitive functions), the implementation code of the query method may be as follows:
and 303, acquiring a character string matching sensitive function according to the second target data.
Since the second target data may include only the class to which the second sensitive function belongs, only the second sensitive function, and both the class to which the second sensitive function belongs and the second sensitive function. In a specific implementation, when the second target data includes the second sensitive function, the second sensitive function can be directly used as a character string matching sensitive function; when the second target data does not include the second sensitive function but only includes the class to which the second sensitive function belongs, the class to which the second sensitive function belongs may be reflected to obtain the second sensitive function, and then the second sensitive function is used as a character string matching sensitive function.
And step 304, acquiring second position information of the second target data in the source code file.
For example, the second location information may be a line number of the second target data in the source code file.
And 305, generating a sensitive function detection report according to the second position information and the character string matching sensitive function.
For example, the second location information and the character string matching sensitive function may be written into a report template, so as to generate a sensitive function detection report; for example, the second target data may be marked (e.g., highlighted, distinguished, and displayed) in the source code file according to the second location information, and then the marked source code and the character string matching sensitive function are written into the report template, so as to generate the sensitive function detection report. Therefore, by checking the sensitive function detection report, not only the sensitive function called by the target application program can be obtained, but also which position of the source code the sensitive function is called, and convenience is provided for the application program to be audited by the manager.
In a specific embodiment, the method of regular matching and the method of string matching may also be used to determine a sensitive function and generate a sensitive function detection report, for example, the position information and the sensitive function obtained by the method of regular matching may be combined with the position information and the sensitive function obtained by the method of string matching, so as to generate a sensitive function detection report, which may specifically be as follows:
calculating a union set of the first position information and the second position information to obtain a position union set;
calculating a union of the regular matching sensitive function and the character string matching sensitive function to obtain a sensitive function union;
and generating a sensitive function detection report according to the position union set and the sensitive function union set.
It can be understood that the sensitivity function is determined from the two dimensions of class and name by adopting a regular matching method and a character string matching method and a sensitivity function detection report is generated, so that the comprehensiveness of the detection result can be improved to a certain extent.
In a specific embodiment, the authority verification may further be performed by combining the detected sensitive function and the applied authority, which may be specifically shown in fig. 5, and includes the following steps:
Illustratively, the sensitive function and the sensitive permission have a corresponding relationship, for example, the sensitive permission corresponding to the sensitive function requestLocationUpdates is ACCESS _ FINE _ LOCATION, the sensitive permission corresponding to the sensitive function CAMERA is measure, the sensitive permission corresponding to the sensitive function setAudioSource is RECORD _ AUDIO, and the sensitive permission corresponding to the sensitive function can be obtained according to the corresponding relationship.
For example, the global configuration file android xml file may be obtained by decompiling an installation package of the target application program by using apktool or AXMLPrinter2, where the global configuration file android xml file is a configuration list file of the application program and includes basic information, component information, authority information, and the like of the application program. Basic information of the application program such as: the method comprises the steps of package name, version code VersionCode, version name VersionName of an application, whether debugging android is allowed or not, debug, application icon android, icon, process of application program running, whether multi-process android is allowed or not, SDK version required in the application, metadata attribute meta-data attribute, wherein the meta-data attribute comprises the name android of a metadata item, name of a resource, reference android of the resource, value of the metadata item and the like. Component information of the application program such as: class information, declaration information, etc. of four major components, active Activity, service, broadcast receiver broadcastreever, and content provider ContentProvider. Rights information of an application such as: the system predefines rights uses-permissions, custom rights permissions, rights group permissions, rights tree permissions-trees, and the like.
Specifically, the system predefined permission uses-permission, that is, the permission that the application applies to the system, may be obtained from the global configuration file.
And step 403, generating an authority auditing report according to the sensitive authority and the application authority.
Illustratively, the method of generating the permission review report may be as follows:
(1) and searching the target authority according to the matching relation between the sensitive authority and the application authority.
For example, the authority that is not matched with the sensitive authority can be searched in the application authority to obtain a redundant application authority, that is, the authority that exists in the application authority but does not exist in the sensitive authority is searched, and the redundant application authority is usually an applied but unused authority and is an unconventional authority;
the authority which is not matched with the application authority can be searched in the sensitive authority to obtain the redundant use authority, namely the authority which exists in the sensitive authority but does not exist in the application authority is searched, and the redundant use authority is usually the authority which is not applied but used and is not in compliance;
the method can search the authority which is matched with the application authority but is not configured with the authorization request information in the sensitive authority to obtain the illegal use authority, namely, the authority which is simultaneously present in the sensitive authority and the application authority but is not configured with the authority notification information is searched, and the illegal use authority is usually the authority which is applied but is also used but does not request authorization to the user or does not notify the user of the use condition and is the non-compliance authority.
(2) And generating an authority auditing report according to the target authority.
For example, the target authority may be marked with an audit mark, where the audit mark includes, but is not limited to, a redundant application authority, a redundant usage authority, an illegal usage authority, a non-compliance authority, and the like, so as to obtain an authority audit report.
For example, for a certain application authority a, if the authority a is not included in the sensitive authority, that is, the function of the authority a is not called in the source code, it indicates that the authority a is not used, and belongs to an over application, and it is regarded as an out-of-compliance authority.
For another example, for a certain application authority a, if the sensitive authority includes the authority a, that is, there is a function calling the authority a in the source code, and the application program has not yet obtained any authority in the authority group to which the authority a belongs, in this case, it is necessary to have explicit authority notification information to notify the user, and if there is no explicit authority notification information to notify the user, it is regarded as a noncompliance authority.
For example, for a sensitive authority B, the authority B does not belong to the applied authority, that is, the authority B has no application but has a call, belongs to a redundant use, and is regarded as an unconventional authority.
In specific implementation, the permission audit report can be sent to the terminal, and a manager can obtain the permission compliance condition by checking the permission audit report, so that convenience is provided for the manager to audit the application program.
For example, a schematic diagram of the effect of the generated permission review report may be as shown in fig. 6, in which the result of the review of some applied permissions is shown.
It should be understood that although the steps in the flowcharts of fig. 2, 4 and 5 are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2, 4, and 5 may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of performing the sub-steps or stages is not necessarily sequential, but may be performed alternately or alternatingly with other steps or at least some of the sub-steps or stages of other steps.
It should be noted that the effect diagrams shown in the embodiments of the present disclosure are intended to illustrate a detection method of a sensitive function, and contents (including but not limited to text, pictures, and the like) presented in a specific page do not constitute a limitation on a scheme.
Fig. 7 is a block diagram of an application processing apparatus according to an embodiment of the present invention, which is adapted to execute the application processing method according to the embodiment of the present invention. As shown in fig. 7, the apparatus may specifically include:
a decompiling module 501, configured to decompile the installation package of the target application to obtain a source code file;
a determining module 502, configured to determine a sensitive function called by the target application program according to the source code file and a preset sensitive function library;
a generating module 503, configured to generate a sensitivity function detection report for the target application according to the sensitivity function.
In one embodiment, the apparatus further comprises:
the creating module is used for acquiring the characteristic information of a preset sensitive function; and creating the preset sensitive function library according to the characteristic information of the preset sensitive function.
In one embodiment, the feature information of the preset sensitive function includes: the name of the preset sensitive function and the class name of the class to which the preset sensitive function belongs.
In an embodiment, the creating module creates the preset sensitive function library according to the feature information of the preset sensitive function, including:
constructing query information according to the characteristic information of the preset sensitive function;
and creating the preset sensitive function library according to the query information.
In an embodiment, the query information includes a regular expression, and correspondingly, the preset sensitive function library includes a first sensitive function library, and/or
The query information comprises a character string, and correspondingly, the preset sensitive function library comprises a second sensitive function library.
In an embodiment, the determining module 502 determines the sensitive function called by the target application according to the source code file and a preset sensitive function library, including:
querying the source code file by a regular matching method according to a regular expression in the first sensitive function library to obtain a regular matching sensitive function; or/and
and querying the source code file by adopting a character string matching method according to the character strings in the second sensitive function library to obtain a character string matching sensitive function.
In an embodiment, the querying, by the determining module 502, the source code file according to the regular expression in the first sensitive function library by using a regular matching method to obtain a regular matching sensitive function, where the method includes:
extracting a first regular expression and a second regular expression from the first sensitive function library, wherein the first regular expression is used for inquiring the class to which the first sensitive function belongs, and the second regular expression is used for inquiring the first sensitive function;
querying first target data matched with the first regular expression and/or the second regular expression in the source code file, and obtaining the regular matching sensitive function according to the first target data, wherein the first target data comprises a class to which the first sensitive function belongs and/or the first sensitive function.
In an embodiment, the determining module 502 obtains the regular matching sensitive function according to the first target data, including:
when the first sensitive function is included in the first target data, taking the first sensitive function as the regular matching sensitive function;
when the first target data does not comprise the first sensitive function, reflecting the class to which the first sensitive function belongs to obtain the first sensitive function, and taking the first sensitive function as the regular matching sensitive function.
In one embodiment, the apparatus further comprises:
and the first acquisition module is used for acquiring first position information of the first target data in the source code file.
In an embodiment, the determining module 502 queries the source code file by using a character string matching method according to the character string in the second sensitive function library to obtain a character string matching sensitive function, including:
extracting a first character string and a second character string from the second sensitive function library, wherein the first character string is used for inquiring the class to which the second sensitive function belongs, and the second character string is used for inquiring the second sensitive function;
second target data matched with the first character string and/or the second character string is inquired in the source code file, and a character string matching sensitive function is obtained according to the second target data, wherein the second target data comprises a class to which the second sensitive function belongs and/or the second sensitive function.
In an embodiment, the determining module 502 obtains the string matching sensitive function according to the second target data, including:
when the second sensitive function is included in the second target data, taking the second sensitive function as the character string matching sensitive function;
and when the second target data does not comprise the second sensitive function, reflecting the class to which the second sensitive function belongs to obtain the second sensitive function, and taking the second sensitive function as the character string matching sensitive function.
In one embodiment, the apparatus further comprises:
and the second acquisition module is used for acquiring second position information of the second target data in the source code file.
In an embodiment, the generating module 503 generates the sensitivity function detection report for the target application according to the sensitivity function, including:
generating the sensitive function detection report according to the first position information and the regular matching sensitive function; or
Generating the sensitive function detection report according to the second position information and the character string matching sensitive function; or
And generating the sensitive function detection report according to the union of the first position information and the second position information and the union of the regular matching sensitive function and the character string matching sensitive function.
In one embodiment, the method further comprises:
the receiving module is used for receiving a sensitive function detection request aiming at the target application program and sent by a terminal;
and the sending module is used for sending the sensitive function detection report to the terminal.
In one embodiment, the generating module 503 is further configured to,
acquiring a sensitive authority corresponding to the sensitive function; acquiring application authority from a global configuration file obtained by decompiling the installation package of the target application program; and generating an authority auditing report according to the sensitive authority and the application authority.
In an embodiment, the generating module 503 generates an authorization audit report according to the sensitive authorization and the application authorization, including:
searching a target authority according to the matching relation between the sensitive authority and the application authority;
and generating the permission auditing report according to the target permission.
In an embodiment, the step of searching for the target permission by the generating module 503 according to the matching relationship between the sensitive permission and the application permission includes:
searching the authority which is not matched with the sensitive authority in the application authority to obtain redundant application authority;
searching the authority which is not matched with the application authority in the sensitive authority to obtain redundant use authority;
and searching the authority which is matched with the application authority but is not configured with the authority notification information in the sensitive authority to obtain the illegal use authority.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the functional module, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
The device of the embodiment of the invention can decompile the installation package of the target application program to obtain the source code file; determining a sensitive function called by a target application program according to the source code file and a preset sensitive function library; generating a sensitive function detection report for the target application program according to the sensitive function; in the embodiment of the invention, the sensitive function called by the target application program can be automatically detected according to the source code file obtained by decompiling and the preset sensitive function library, compared with a manual detection method, the method is more intelligent, and the sensitive function detection efficiency is improved; and by automatically generating the sensitive function detection report, the detection result can be automatically and visually presented, and convenience is provided for auditors.
The embodiment of the present invention further provides an electronic device, which includes a memory, a processor, and a computer program that is stored in the memory and can be run on the processor, and when the processor executes the program, the application processing method provided in any of the above embodiments is implemented.
The embodiment of the invention also provides a computer readable medium, on which a computer program is stored, and the program is executed by a processor to implement the application processing method provided by any one of the above embodiments.
Fig. 8 shows an exemplary system architecture 600 of an application processing method or application processing apparatus to which embodiments of the present invention may be applied.
As shown in fig. 8, the system architecture 600 may include terminals 601, 602, 603, a network 604, and a server 605. The network 604 serves to provide a medium for communication links between the terminals 601, 602, 603 and the server 605. Network 604 may include various types of connections, such as wire, wireless communication links, or fiber optic cables, to name a few.
A user may use the terminals 601, 602, 603 to interact with the server 605 via the network 604 to receive or send messages or the like. The terminals 601, 602, 603 may have various client applications installed thereon, such as an enterprise application client, an e-commerce application client, a web browser application, a search-class application, an instant messaging tool, a mailbox client, and the like.
The terminals 601, 602, 603 may be various electronic devices having display screens and supporting various clients, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 605 may be a server providing various services, such as a background server providing support for detection requests sent by users using the terminals 601, 602, 603. The background server can process the received detection request and feed back the processing result to the terminal.
It should be noted that the application processing method provided by the embodiment of the present invention is generally executed by the server 605, and accordingly, the application processing apparatus is generally disposed in the server 605.
It should be understood that the number of terminals, networks, and servers in fig. 8 is merely illustrative. There may be any number of terminals, networks, and servers, as desired for an implementation.
Referring now to FIG. 9, shown is a block diagram of a computer system 700 suitable for use with the electronic device implementing an embodiment of the present invention. The electronic device shown in fig. 9 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 9, the computer system 700 includes a Central Processing Unit (CPU)701, which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data necessary for the operation of the system 700 are also stored. The CPU 701, the ROM 702, and the RAM 703 are connected to each other via a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program performs the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 701.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules and/or units described in the embodiments of the present invention may be implemented by software, and may also be implemented by hardware. The described modules and/or units may also be provided in a processor, and may be described as: a processor includes a decompilation module, a determination module, and a generation module. Wherein the names of the modules do not in some cases constitute a limitation of the module itself.
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: decompiling an installation package of the target application program to obtain a source code file; determining a sensitive function called by the target application program according to the source code file and a preset sensitive function library; and generating a sensitive function detection report for the target application program according to the sensitive function.
According to the technical scheme of the embodiment of the invention, the installation package of the target application program can be decompiled to obtain the source code file; determining a sensitive function called by a target application program according to the source code file and a preset sensitive function library; generating a sensitive function detection report for the target application program according to the sensitive function; in the embodiment of the invention, the sensitive function called by the target application program can be automatically detected according to the source code file obtained by decompiling and the preset sensitive function library, compared with a manual detection method, the method is more intelligent, and the sensitive function detection efficiency is improved; and by automatically generating the sensitive function detection report, the detection result can be automatically and visually presented, and convenience is provided for auditors.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (21)
1. An application processing method, comprising:
decompiling an installation package of the target application program to obtain a source code file;
determining a sensitive function called by the target application program according to the source code file and a preset sensitive function library;
and generating a sensitive function detection report for the target application program according to the sensitive function.
2. The application processing method according to claim 1, wherein the preset sensitive function library is obtained by:
acquiring characteristic information of a preset sensitive function;
and creating the preset sensitive function library according to the characteristic information of the preset sensitive function.
3. The application processing method according to claim 2, wherein the feature information of the preset sensitive function includes: the name of the preset sensitive function and the class name of the class to which the preset sensitive function belongs.
4. The method for processing the application program according to claim 2 or3, wherein the creating the preset sensitive function library according to the feature information of the preset sensitive function includes:
constructing query information according to the characteristic information of the preset sensitive function;
and creating the preset sensitive function library according to the query information.
5. The application processing method according to claim 4, wherein the query information includes a regular expression, and correspondingly, the preset sensitive function library includes a first sensitive function library; and/or
The query information comprises a character string, and correspondingly, the preset sensitive function library comprises a second sensitive function library.
6. The method for processing the application program according to claim 5, wherein the determining the sensitive function called by the target application program according to the source code file and a preset sensitive function library comprises:
querying the source code file by a regular matching method according to a regular expression in the first sensitive function library to obtain a regular matching sensitive function; or/and
and querying the source code file by adopting a character string matching method according to the character strings in the second sensitive function library to obtain a character string matching sensitive function.
7. The method for processing an application program according to claim 6, wherein the querying the source code file by a regular matching method according to the regular expression in the first sensitive function library to obtain a regular matching sensitive function includes:
extracting a first regular expression and a second regular expression from the first sensitive function library, wherein the first regular expression is used for inquiring the class to which the first sensitive function belongs, and the second regular expression is used for inquiring the first sensitive function;
querying first target data matched with the first regular expression and/or the second regular expression in the source code file, and obtaining the regular matching sensitive function according to the first target data, wherein the first target data comprises a class to which the first sensitive function belongs and/or the first sensitive function.
8. The application processing method of claim 7, wherein the obtaining the canonical match sensitivity function from the first target data comprises:
when the first sensitive function is included in the first target data, taking the first sensitive function as the regular matching sensitive function;
when the first target data does not comprise the first sensitive function, reflecting the class to which the first sensitive function belongs to obtain the first sensitive function, and taking the first sensitive function as the regular matching sensitive function.
9. The application processing method according to claim 7, further comprising:
and acquiring first position information of the first target data in the source code file.
10. The method for processing the application program according to claim 6, wherein the querying the source code file by using a string matching method according to the string in the second sensitive function library to obtain a string matching sensitive function comprises:
extracting a first character string and a second character string from the second sensitive function library, wherein the first character string is used for inquiring the class to which the second sensitive function belongs, and the second character string is used for inquiring the second sensitive function;
second target data matched with the first character string and/or the second character string is inquired in the source code file, and a character string matching sensitive function is obtained according to the second target data, wherein the second target data comprises a class to which the second sensitive function belongs and/or the second sensitive function.
11. The method for processing the application program according to claim 10, wherein the obtaining the string matching sensitive function according to the second target data comprises:
when the second sensitive function is included in the second target data, taking the second sensitive function as the character string matching sensitive function;
and when the second target data does not comprise the second sensitive function, reflecting the class to which the second sensitive function belongs to obtain the second sensitive function, and taking the second sensitive function as the character string matching sensitive function.
12. The application processing method according to claim 10, further comprising:
and acquiring second position information of the second target data in the source code file.
13. The method according to claim 9 or 12, wherein the generating a sensitivity function detection report for the target application according to the sensitivity function comprises:
generating the sensitive function detection report according to the first position information and the regular matching sensitive function; or
Generating the sensitive function detection report according to the second position information and the character string matching sensitive function; or
And generating the sensitive function detection report according to the union of the first position information and the second position information and the union of the regular matching sensitive function and the character string matching sensitive function.
14. The application processing method according to claim 1, further comprising:
receiving a sensitive function detection request aiming at the target application program and sent by a terminal;
and sending the sensitive function detection report to the terminal.
15. The application processing method according to claim 1, further comprising:
acquiring a sensitive authority corresponding to the sensitive function;
acquiring application authority from a global configuration file obtained by decompiling the installation package of the target application program;
and generating an authority auditing report according to the sensitive authority and the application authority.
16. The method for processing the application program according to claim 15, wherein the generating of the permission review report according to the sensitive permission and the application permission comprises:
searching a target authority according to the matching relation between the sensitive authority and the application authority;
and generating the permission auditing report according to the target permission.
17. The method for processing the application program according to claim 16, wherein the searching for the target permission according to the matching relationship between the sensitive permission and the application permission comprises:
searching the authority which is not matched with the sensitive authority in the application authority to obtain redundant application authority;
searching the authority which is not matched with the application authority in the sensitive authority to obtain redundant use authority;
and searching the authority which is matched with the application authority but is not configured with the authority notification information in the sensitive authority to obtain the illegal use authority.
18. An application processing apparatus, comprising:
the decompiling module is used for decompiling the installation package of the target application program to obtain a source code file;
the determining module is used for determining a sensitive function called by the target application program according to the source code file and a preset sensitive function library;
and the generating module is used for generating a sensitive function detection report for the target application program according to the sensitive function.
19. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the application processing method according to any of claims 1 to 17 when executing the program.
20. An application processing system, characterized by comprising a terminal and an electronic device for executing the application processing method according to any one of claims 1 to 17.
21. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out an application processing method according to any one of claims 1 to 17.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110114613.8A CN112817603B (en) | 2021-01-26 | 2021-01-26 | Application processing method, device, electronic equipment, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110114613.8A CN112817603B (en) | 2021-01-26 | 2021-01-26 | Application processing method, device, electronic equipment, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112817603A true CN112817603A (en) | 2021-05-18 |
| CN112817603B CN112817603B (en) | 2023-06-30 |
Family
ID=75860054
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110114613.8A Active CN112817603B (en) | 2021-01-26 | 2021-01-26 | Application processing method, device, electronic equipment, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112817603B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102938040A (en) * | 2012-09-29 | 2013-02-20 | 中兴通讯股份有限公司 | Malicious Android application program detection method, system and device |
| CN103473509A (en) * | 2013-09-30 | 2013-12-25 | 清华大学 | Android platform malware automatic detecting method |
| CN103761475A (en) * | 2013-12-30 | 2014-04-30 | 北京奇虎科技有限公司 | Method and device for detecting malicious code in intelligent terminal |
| CN103902910A (en) * | 2013-12-30 | 2014-07-02 | 北京奇虎科技有限公司 | Method and device for detecting malicious codes in intelligent terminal |
| US20160321453A1 (en) * | 2013-12-30 | 2016-11-03 | Beijing Qihoo Technology Company Limited | Method and device for detecting malicious code in an intelligent terminal |
| CN109492398A (en) * | 2018-11-23 | 2019-03-19 | 北京梆梆安全科技有限公司 | A kind of risk checking method and device of Android application program sensitive behavior |
| CN110225029A (en) * | 2019-06-10 | 2019-09-10 | 北京达佳互联信息技术有限公司 | Detection method for injection attack, device, server and storage medium |
| CN111353143A (en) * | 2020-02-27 | 2020-06-30 | 深圳市腾讯信息技术有限公司 | Sensitive authority detection method and device and storage medium |
| CN111353146A (en) * | 2020-05-25 | 2020-06-30 | 腾讯科技(深圳)有限公司 | Method, device, equipment and storage medium for detecting sensitive permission of application program |
-
2021
- 2021-01-26 CN CN202110114613.8A patent/CN112817603B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102938040A (en) * | 2012-09-29 | 2013-02-20 | 中兴通讯股份有限公司 | Malicious Android application program detection method, system and device |
| CN103473509A (en) * | 2013-09-30 | 2013-12-25 | 清华大学 | Android platform malware automatic detecting method |
| CN103761475A (en) * | 2013-12-30 | 2014-04-30 | 北京奇虎科技有限公司 | Method and device for detecting malicious code in intelligent terminal |
| CN103902910A (en) * | 2013-12-30 | 2014-07-02 | 北京奇虎科技有限公司 | Method and device for detecting malicious codes in intelligent terminal |
| US20160321453A1 (en) * | 2013-12-30 | 2016-11-03 | Beijing Qihoo Technology Company Limited | Method and device for detecting malicious code in an intelligent terminal |
| CN109492398A (en) * | 2018-11-23 | 2019-03-19 | 北京梆梆安全科技有限公司 | A kind of risk checking method and device of Android application program sensitive behavior |
| CN110225029A (en) * | 2019-06-10 | 2019-09-10 | 北京达佳互联信息技术有限公司 | Detection method for injection attack, device, server and storage medium |
| CN111353143A (en) * | 2020-02-27 | 2020-06-30 | 深圳市腾讯信息技术有限公司 | Sensitive authority detection method and device and storage medium |
| CN111353146A (en) * | 2020-05-25 | 2020-06-30 | 腾讯科技(深圳)有限公司 | Method, device, equipment and storage medium for detecting sensitive permission of application program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112817603B (en) | 2023-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8813205B2 (en) | Consolidating disparate cloud service data and behavior based on trust relationships between cloud services | |
| CN109598127B (en) | Privacy risk assessment method and device | |
| US20150059004A1 (en) | System, method, and computer program product for creation, transmission,and tracking of electronic document | |
| CN110765422A (en) | Parameter checking method and device | |
| CN109981322B (en) | Method and device for cloud resource management based on label | |
| CN109522751B (en) | Access right control method and device, electronic equipment and computer readable medium | |
| CN111563015B (en) | Data monitoring method and device, computer readable medium and terminal equipment | |
| CN112000992B (en) | Data leakage prevention protection method and device, computer readable medium and electronic equipment | |
| Schwab et al. | SEER: A security experimentation environment for DETER | |
| CN113849473A (en) | Operation recording method, operation recording device, electronic device, and storage medium | |
| CN112765102B (en) | File system management method and device | |
| US9665732B2 (en) | Secure Download from internet marketplace | |
| CN112559024A (en) | Method and device for generating transaction code change list | |
| CN110716956A (en) | Data request intercepting method and device | |
| CN112835863A (en) | Processing method and processing device of operation log | |
| CN112817603B (en) | Application processing method, device, electronic equipment, system and storage medium | |
| CN112416875B (en) | Log management method, device, computer equipment and storage medium | |
| CN112784272A (en) | Application program processing method and device, electronic equipment, system and storage medium | |
| CN112732581B (en) | SDK detection method, device, electronic equipment, system and storage medium | |
| CN113704222A (en) | Method and device for processing service request | |
| CN111737218A (en) | File sharing method and device | |
| Takahashi et al. | Data model for android package information and its application to risk analysis system | |
| US20180218064A1 (en) | Method and system for the creation and maintenance of a web presence data store built automatically for all entities with a social media presence | |
| CN112241332A (en) | Interface compensation method and device | |
| CN112835609A (en) | Method and device for modifying dependent package download address |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 221, 2 / F, block C, 18 Kechuang 11th Street, Daxing District, Beijing, 100176 Applicant after: Jingdong Technology Holding Co.,Ltd. Address before: Room 221, 2 / F, block C, 18 Kechuang 11th Street, Daxing District, Beijing, 100176 Applicant before: Jingdong Digital Technology Holding Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |