CN113761517B - Method, device, equipment and storage medium for determining third party SDK - Google Patents
Method, device, equipment and storage medium for determining third party SDK Download PDFInfo
- Publication number
- CN113761517B CN113761517B CN202010492839.7A CN202010492839A CN113761517B CN 113761517 B CN113761517 B CN 113761517B CN 202010492839 A CN202010492839 A CN 202010492839A CN 113761517 B CN113761517 B CN 113761517B
- Authority
- CN
- China
- Prior art keywords
- information
- sdk
- application program
- party
- party sdk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The embodiment of the application discloses a method, a device, electronic equipment and a computer readable storage medium for determining a third party SDK, and relates to the field of personal privacy data protection. One embodiment of the method comprises the following steps: acquiring each actual SDK contained in the application program to be tested; determining a third party SDK in each actual SDK by using a pre-constructed knowledge graph; the knowledge graph records the association relationship between each application program and the third party SDK. According to the embodiment, the knowledge graph technology applied to other fields is introduced into a new technical field for identifying the association between the application program and the SDK, and the comprehensive association between the application program and the SDK can be found from a deeper level by means of the sorting and induction capability of the knowledge graph on the association between the application program and the SDK, so that an accurate identification result is obtained, and the security risk management and control of the application program is realized.
Description
Technical Field
The embodiment of the application relates to the technical field of feature recognition, in particular to the field of personal privacy data protection.
Background
With the development of electronic informatization technology, privacy problems of personal data of users are increasingly emphasized by society, and government departments are continuously put forth laws and regulations of personal information protection.
As stated, the operating body of an Application (APP) has security responsibility for the behavior of personal information collected/content transmitted/URL transmitted (Uniform Resource Locator ) by the SDK (Software Development Kit, software development kit) integrated within its APP. The APP developer is certainly quite aware of the behavior of its own SDK (also called the first party SDK), but is very little aware of the behavior of its third party SDK, so it is required that APP should list the personal information categories and purposes collected by the third party SDK one by one in its own privacy policy, etc. To meet this requirement, it is necessary to accurately identify which third party SDKs are integrated in the APP in order to assess the security risk level of the third party SDKs.
The prior art typically determines a third party SDK in an APP by means of feature matching based on the SDK package name.
Disclosure of Invention
The embodiment of the application provides a method, a device, electronic equipment and a computer readable storage medium for determining a third party SDK.
In a first aspect, an embodiment of the present application proposes a method for determining a third party SDK, including: acquiring each actual SDK contained in the application program to be tested; determining a third party SDK in each actual SDK by using a pre-constructed knowledge graph; and the knowledge graph records the association relationship between each application program and the third party SDK thereof.
In a second aspect, an embodiment of the present application proposes an apparatus for determining a third party SDK, including: an actual SDK determining unit configured to acquire each actual SDK included in the application to be tested; a third-party SDK determining unit configured to determine a third-party SDK in each of the actual SDKs using a knowledge graph constructed in advance; and the knowledge graph records the association relationship between each application program and the third party SDK thereof.
In a third aspect, an embodiment of the present application provides an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to implement a method for determining a third party SDK as described in any one of the implementations of the first aspect when executed.
In a fourth aspect, embodiments of the present application provide a non-transitory computer-readable storage medium storing computer instructions for enabling a computer to implement a method for determining a third party SDK as described in any of the implementations of the first aspect when executed.
Because of the complex association between the SDK and the application program, the conventional identification mode through package name has poor effect, and in order to solve the problem, the embodiment of the application provides a method, a device, electronic equipment and a computer-readable storage medium for determining the third party SDK: firstly, acquiring each actual SDK contained in an application program to be tested; then, determining a third party SDK in each actual SDK by using a pre-constructed knowledge graph; the knowledge graph records the association relationship between each application program and the third party SDK.
According to the technical scheme, the knowledge graph technology applied to other fields introduces a new technical field for identifying the association between the application program and the SDK, and the comprehensive association between the application program and the SDK can be found from a deeper level by means of the sorting and induction capability of the knowledge graph on the association between the application program and the SDK, so that a more accurate identification result is obtained, and the security risk management and control of the application program is realized.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the disclosure, nor is it intended to be used to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following specification.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the accompanying drawings in which:
FIG. 1 is an exemplary system architecture in which the present application may be applied;
FIG. 2 is a flow chart of one embodiment of a method for determining a third party SDK in accordance with the present application;
FIG. 3 is a flow chart of another embodiment of a method for determining a third party SDK in accordance with the present application;
FIG. 4 is a schematic diagram of a knowledge graph constructed in one method for determining a third party SDK provided by the present application;
FIG. 5 is a schematic diagram of a representation of association information between an APP and an SDK in a knowledge graph in the method for determining a third party SDK provided by the application;
FIG. 6 is a schematic diagram illustrating the structure of one embodiment of an apparatus for determining a third party SDK in accordance with the present application;
fig. 7 is a block diagram of an electronic device suitable for implementing a method of determining a third party SDK in accordance with an embodiment of the application.
Detailed Description
The application is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. It should be noted that, for convenience of description, only the portions related to the present application are shown in the drawings.
It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments.
FIG. 1 illustrates an exemplary system architecture 100 in which embodiments of a method, apparatus, electronic device, and computer-readable storage medium for determining a third party SDK of the present application may be applied.
As shown in fig. 1, a system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or transmit data or the like. Various applications for implementing data transmission between the terminal devices 101, 102, 103 and the server 105 may be installed on the terminal devices, such as an application program distribution type application, an application program security inspection type application to be distributed, an instant messaging type application, and the like.
The terminal devices 101, 102, 103 and the server 105 may be hardware or software. When the terminal devices 101, 102, 103 are hardware, they may be various electronic devices with display screens, including but not limited to smartphones, tablets, laptop and desktop computers, etc.; when the terminal devices 101, 102, 103 are software, they may be installed in the above-listed electronic devices, which may be implemented as a plurality of software or software modules, or may be implemented as a single software or software module, which is not particularly limited herein. When the server 105 is hardware, it may be implemented as a distributed server cluster formed by a plurality of servers, or may be implemented as a single server; when the server is software, the server may be implemented as a plurality of software or software modules, or may be implemented as a single software or software module, which is not particularly limited herein.
The server 105 may provide various services through various built-in applications, for example, to provide an application security inspection type application to be distributed of the third-party SDK determination service, and the server 105 may achieve the following effects when running the application security inspection type application to be distributed: firstly, receiving an application program to be tested sent by terminal equipment 101, 102 or 103 through a network 104, and then acquiring each actual SDK contained in the application program to be tested; and then, determining the third party SDK in each actual SDK by using a pre-constructed knowledge graph recorded with the association relation between each application program and the third party SDK. That is, the server 105 determines the third party SDK in the application to be side through the above-described processing steps, and outputs it as a result. Further, the application program security audit application to be deployed may further provide a targeted security risk test based on the output third party SDK, so as to finally determine whether the notification of whether the application program to be deployed meets the security rule is returned to the terminal device 101, 102 or 103.
It should be noted that the application to be tested may be stored in advance in the server 105 in various ways, in addition to being received from the terminal devices 101, 102, 103 in real time via the network 104. Thus, when the server 105 detects that such data has been stored locally (e.g., there remains an application under test in the pending queue), the application under test may be obtained directly from the local, in which case the exemplary system architecture 100 may not include the terminal devices 101, 102, 103 and the network 104.
In order to achieve the purpose of accurately determining the third-party SDK, the knowledge graph used in the present application needs to occupy more computing resources and has stronger computing power no matter how to construct and use, so the method for determining the third-party SDK provided in the subsequent embodiments of the present application is generally performed by the server 105 having stronger computing power and having more computing resources, and accordingly, the device for determining the third-party SDK is also generally provided in the server 105. However, it should be noted that, when the terminal devices 101, 102, 103 also have the required computing capability and computing resources, the terminal devices 101, 102, 103 may also complete each operation performed by the server 105 through the application program security inspection type application to be deployed installed thereon, and further output the same result as the server 105. Especially, in the case where there are a plurality of terminal devices having different computing capabilities at the same time, if the application program security inspection application to be deployed determines that the terminal device has a stronger computing capability and more computing resources remain, the terminal device may be allowed to perform the above-mentioned computation, so as to properly reduce the computing pressure of the server 105. Accordingly, the means for determining the third party SDK may also be provided in the terminal devices 101, 102, 103. In this case, the exemplary system architecture 100 may also not include the server 105 and the network 104.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
With continued reference to fig. 2, there is shown an implementation flow 200 of one embodiment of a method for determining a third party SDK in accordance with the present application, including the steps of:
step 201: acquiring each actual SDK contained in the application program to be tested;
this step aims at acquiring each actual SDK contained in the application under test by an execution subject (e.g., server 105 shown in fig. 1) of the method for determining the third-party SDK.
Specifically, in this step, the first hand data obtained by the execution body may be classified into two types according to the specific type of the first hand data, and when the first hand data obtained by the execution body is an application program to be tested (hereinafter, simply referred to as APP to be tested), the operation of determining each actual SDK included therein may be executed by the execution body, or the execution body may forward the received APP to be tested to other execution bodies to complete and receive the determination result thereof, where the features that may be used to determine each actual SDK included therein include, but are not limited to, packet name, flow feature, code feature, and the like of the SDK; secondly, when the executing body can directly acquire each actual SDK contained in the APP to be tested, that is, when the first hand data is the list/set containing each actual SDK, the executing body only needs to receive the ready-made result and does not need other operations.
It should be appreciated that the purpose of this step is to obtain the actual SDK list/set of which SDKs are actually contained in the APP under test, so as to subsequently determine which SDKs in the actual SDK list/set belong to the third party SDKs in the APP under test.
It should be noted that, it can determine which actual SDKs are included in an APP to be tested, but it does not mean that it can directly determine which actual SDKs belong to the third party SDKs in the APP to be tested, because whether an actual SDK is the third party SDKs of the APP to be tested often depends on a very large number of influencing factors, and an accurate determination result can be obtained not only based on the characteristics of the surface layer, such as the package name and the flow of the SDKs.
It should be noted that the APP to be tested or each actual SDK included in the APP to be tested may be obtained directly from a local storage device by the execution body, or may be obtained from a non-local storage device (for example, the terminal devices 101, 102, 103 shown in fig. 1). The local storage device may be a data storage module, such as a server hard disk, disposed in the executing body, where the APP to be tested or each actual SDK included in the APP to be tested may be quickly read locally; the non-local storage device may also be any other electronic device configured to store data, such as some user terminals, etc., in which case the executing entity may acquire the desired APP to be tested or the actual SDKs contained in the APP to be tested by sending an acquisition command to the electronic device.
Step 202: and determining a third party SDK in each actual SDK by using the pre-constructed knowledge graph.
On the basis of step 201, this step aims at determining, by the above-mentioned execution subject, the third party SDKs in each actual SDK using the knowledge graph constructed in advance. In order to achieve the purpose of the step, the application constructs a knowledge graph recorded with the association relation between each APP and the third party SDK in advance.
It should be appreciated that the ability to accurately identify a third party SDK is essential to the APP security, privacy compliance, etc. But the APP is numerous (in the order of tens of millions), the third party SDK is in total thousands. It is relatively easy to identify and obtain information (developer, code, feature, etc.) of the APP or the SDK, that is, it is relatively easy to determine which SDKs are included in the APP based on the identified information of the SDKs, and most difficult is how to determine the relationship between the SDK developer and the APP developer (information for determining the own SDK or the third party SDK), which cannot be obtained by analyzing the APP itself code, or by simply accumulating knowledge, that is, how to determine which of the actual SDKs are the third party SDKs belonging to the APP to be tested are current difficulties.
In order to solve the difficulty, the application introduces the concept of a Knowledge Graph, the Knowledge Graph (knowledgegraph) appears in the book emotion, namely a Knowledge domain visualization map or a Knowledge domain mapping map, is a series of different graphs for displaying the Knowledge development process and the structural relationship, describes Knowledge resources and carriers thereof by using a visualization technology, and mines, analyzes, builds, draws and displays Knowledge and the interrelationship among the Knowledge resources and carriers. The current knowledge graph is mainly applied to: search engines, social networks, human resources and recruitment, finance, insurance, retail, advertising, logistics, communications, IT, manufacturing, media, medical, e-commerce, and logistics fields, among others. The method is mainly applied to the scenes of anti-fraud, anti-money laundering, internet credit, insurance fraud, bank fraud, e-commerce fraud, project audit fraud, enterprise relationship analysis, criminal tracking and the like aiming at the risk control field.
Based on the characteristics of the knowledge graph, the application uses the knowledge graph formed by the nodes and the relations to intuitively model the APP and the SDK with complex association between the nodes and the SDK so as to form a more visual and clear net knowledge structure through analyzing and arranging the association between different knowledge. The process of forming this knowledge graph is essentially to build up the cognitive ability of the machine or automation device to correlate between APP and SDK, and can make this cognitive ability more and more powerful through the accumulation of knowledge.
In order to construct a knowledge graph capable of achieving the objective of this step, it is necessary to find as much information as possible from as many channels as possible to characterize the association relationship between APP and SDK, including but not limited to: version numbers of APP and SDK, package names, application names, class name lists, method lists, certificate signatures, class signatures, authority lists of applications, function call graphs, sensitive API (Application Programming Interface ) call information, UI (User Interface) layout information, icons, resource files, character string resources, accessed web addresses and IP addresses, URIs (Uniform Resource Identifier, uniform resource identifiers) built in programs, personal information protection policies (privacy policies), official web addresses, official server addresses, history versions, distribution channels, user distribution, full names of developers (vendors), aliases, abbreviations, corporate properties, country, corporate registration names, contact addresses, responsible persons, operation ranges, established times, stock right relationships, subsidiary information, parent company information, associated company information. Based on the above, in combination with the construction sequence of the knowledge maps and the actual requirements in the actual application scene, different knowledge maps are flexibly constructed, and the method is not particularly limited herein. Meanwhile, in order to ensure the accuracy of the knowledge graph, the associated information in the knowledge graph can be updated and adjusted in an increment mode according to a preset period, so that the workload of adjustment is reduced as much as possible.
Further, in order to achieve high accuracy of judgment, the method relies on collecting more information and knowledge, and also relies on deep processing of the acquired information and knowledge, for example, a company "XX" may represent a plurality of registered company entities named "XX", and what meaning is specifically represented needs to be analyzed and processed by comprehensively utilizing natural language processing and data analysis technology.
Furthermore, since the third-party SDK is commonly released in JAR or AAR format, the APP developer cannot read the source code, and thus the APP developer does not know the overall function and security risk of the third-party SDK. Meanwhile, the APP and the third party SDK run under the same process, the APP and the third party SDK share rights, the third party SDK can collect personal information under the condition that a user or an APP developer does not know, malicious codes can be embedded, and the existing access control mechanism cannot distinguish the sources of personal information access requests. Therefore, on the basis of accurately identifying the third-party SDK, in order to prevent the APP to be tested containing the third-party SDK with the security risk from being issued to the intelligent mobile terminal of the user, the security risk test can be performed on the third-party SDK based on the preset security risk management and control standard so as to prevent the application program which does not meet the requirements from being issued to the user side.
The present embodiment provides a method for determining a third party SDK: firstly, acquiring each actual SDK contained in an application program to be tested; then, determining a third party SDK in each actual SDK by using a pre-constructed knowledge graph; the knowledge graph records the association relationship between each application program and the third party SDK. According to the technical scheme, the knowledge graph technology applied to other fields introduces a new technical field for identifying the association between the application program and the SDK, and the comprehensive association between the application program and the SDK can be found from a deeper level by means of the sorting and induction capability of the knowledge graph on the association between the application program and the SDK, so that a more accurate identification result is obtained, and safety risk management and control of the application program is realized.
Based on the above embodiment, the present application also provides a flow 300 of another method for determining a third party SDK through fig. 3, and based on the above embodiment, not only provides a specific scheme for constructing a knowledge graph, but also provides a scheme for judging a security risk level and how to perform subsequent processing based on the determined third party SDK, including the following steps:
Step 301: acquiring basic information from each known application information base and known SDK information base;
wherein the basic information includes, but is not limited to: version number, package name, application name, class name list, method list, certificate signature, class signature, authority list of application, function call graph, API call information, UI layout information, icon, resource file, character string resource, accessed website and IP address, URI built in program, personal information protection policy (privacy policy), etc. Besides the fact that the existing basic information can be obtained directly through an information base, the basic information can also be obtained through dynamic and static extraction of the known APP and the known SDK by self, so that the basic information can be used for complementing and improving accuracy through comparison.
Step 302: acquiring other information of each known application program and the known SDK from a preset public channel;
other information refers to information obtained from various authoritative public channels, such as official websites of APP and SDK, various big APP markets, open source technology websites, mobile developer platforms, financial websites, national industrial and commercial administration websites, and the like. Specific other information includes, but is not limited to: APP and SDK files (e.g., APK, IPA, JAR, AAR, ZIP, etc.), package names, application names, official websites, official server addresses, history versions, distribution channels, user profiles, full names of developers (vendors), aliases, acronyms, corporate properties, country, corporate registration names, contact, responsible person, business scope, establishment time, equity relationships, subsidiary information, parent information, associated corporate information, etc. in various formats.
Step 303: according to the basic information and other information, sorting to obtain association information between each application program and the first party SDK and the third party SDK thereof respectively;
this step aims at sorting out the associated information between each application and its first-party SDK (also called own SDK) and third-party SDK, respectively, by the above-described execution subject based on the basic information and other information acquired in steps 301 and 302.
Step 304: constructing and obtaining a knowledge graph according to the characteristics of the knowledge graph according to the associated information;
based on step 303, this step aims to construct and obtain a knowledge graph according to the characteristics of the knowledge graph according to the associated information. In order to more intuitively understand the construction of the knowledge graph, the present application further provides a schematic diagram corresponding to the schemes of steps 301 to 304, please refer to fig. 4.
Meanwhile, based on the characteristic that the knowledge graph is represented by using the relation between nodes, the main entity (node), important attribute and relation in the knowledge graph are exemplified here:
(1) Entity:
APP: the mobile application is an APK format file under an Android system, and an IPA format file under an IOS system;
SDK: is a software development kit that provides certain functions for APP, such as: the GSON library of google provides JSON analysis function for APP, and some mobile statistics SDK provides free mobile application analysis statistics for APP. SDKs can be generally classified into first-party SDKs and third-party SDKs, for example, for some APP, a GSON library is a third-party library (or third-party SDK), which is commonly named as some movement statistics SDK being the first-party SDK of the APP.
(2) Important attributes:
personal information protection policy: the personal information protection policy is responsible for explaining how the APP collects and protects personal information, and also should explain the main third party SDK contained in the APP;
APP name: typically contained within APP files, such as "some map," "some trip," etc.;
APP packet name: the unique identification of APP, typically contained within an APP file, such as com.baidu. Xxx. Yyy;
rights list: access to mobile devices and information typically requires operating system rights, common sensitive system rights such as: access camera rights, access body sensor rights, storage rights, SMS read/write rights, obtain geographical location rights, etc
Class of APP and SDK: by category of functional division, common classifications are: map navigation, network taxi taking, instant messaging, network payment, news information, online shopping and the like
Signing the certificate: the APP certificate generally comprises a secret key, effective year, name of an issuing person, unit, city, province, country and other information;
class name: class name lists in the APP and the program library;
the method comprises the following steps: function name list in APP and program library;
web site: APP and libraries may contain a large number of websites (or URIs, uniform Resource Identifier, uniform resource identifiers) for implementing various functions, uploading data to servers, etc.;
Official website: the APP and the program library are generally provided with official websites for providing development packages or APP file downloading, technical support for developers and users and the like;
company name: the authors of APP and libraries are typically companies (also personal or institutional developers), collectively referred to as company names for convenience. Company names are divided into full names and short names, the full names are names registered by the company, and the company may have a plurality of short names, for example, a certain online network technology (Beijing) wired company may be referred to as a certain company;
(3) Important relation:
the relationship between APP and library can be divided into first and third parties, for example: for some APP, some mobile statistics SDK is a first party program library, and GSON library is a third party library;
corporate linkage relation: for example, company a is a subsidiary of company B, so that the map SDK issued by company a is a first party library of an APP issued by company B;
name peering relationship: full name = abbreviation = alias, such as "some online networking technologies (beijing) limited" and "some company" may be considered different names of the same company. Another example is: there may be a variety of aliases for some movement statistics SDK (some statistics, some statistics SDK, xxxx_static, etc.).
A diagram of a mesh knowledge graph constructed based on the above examples can be seen in fig. 5.
Step 305: acquiring each actual SDK contained in the application program to be tested;
step 306: determining a third party SDK in each actual SDK by using the knowledge graph;
the above steps 305-306 are identical to the steps 201-202 shown in fig. 2, and the same content is referred to the corresponding parts of the previous embodiment, and will not be described again here.
Step 307: determining an actual privacy risk level of the third party SDK;
the step aims at evaluating the actual privacy risk level of the third party SDK determined by the execution subject determining step 306, that is, the actual privacy risk level is mainly evaluated for the threat of the third party SDK to the personal privacy data of the user, and an evaluation rule or an evaluation standard can be preset, which is not limited in detail herein, and can be flexibly formulated in combination with the actual situation.
Step 308: judging whether the actual privacy risk level of the third party SDK is smaller than a preset level, if so, executing step 309, otherwise, executing step 310;
based on step 307, this step is aimed at determining whether the actual privacy risk level of the third party SDK is less than a preset level, where the preset level exists as a boundary for evaluating whether the third party SDK meets the security privacy requirement, and the boundary is included in a preset evaluation rule and evaluation standard, and the actual parameter may be calculated based on a national standard or an industry standard.
Step 309: returning a notice that the application program to be tested meets the safety privacy requirement;
the step is based on the fact that the actual privacy risk level of the third party SDK is smaller than the preset level in the judgment result of step 308, and if the APP to be tested only includes the third party SDK, the actual privacy risk level of the third party SDK is smaller than the preset level, so that it can be judged that the APP to be tested meets the security privacy requirement, and therefore a notification that the APP to be tested meets the security privacy requirement is returned to the end initiating the detection request (for example, the terminal device that sends the APP to be tested). Of course, if the APP to be tested includes a plurality of third party SDKs, it is often still required to determine that the APP to be tested meets the security privacy requirement under the condition that the actual privacy risk levels of all the third party SDKs are smaller than the preset level.
Step 310: and returning a notice that the application program to be tested does not meet the safety privacy requirement.
The step is based on the fact that the actual privacy risk level of the third party SDK is not less than the preset level in the judgment result of step 308, and if the APP to be tested only includes the third party SDK, the actual privacy risk level of the third party SDK is not less than the preset level, it will be judged that the APP to be tested does not meet the security privacy requirement, so that a notification that the APP to be tested does not meet the security privacy requirement will be returned to the end initiating the detection request (e.g., the terminal device that sent the APP to be tested). Of course, if the APP to be tested includes a plurality of third party SDKs, the actual privacy risk level of any third party SDK is not less than the preset level, and the APP to be tested can be determined not to meet the security privacy requirement.
Further, for convenience of modification, information about which third party SDKs are for which reasons to determine that the actual privacy risk level is not less than the preset level may also be returned at the same time. Meanwhile, in order to facilitate identification and subsequent unified processing, an unqualified label can be attached to an application program to be tested, the actual privacy risk level of which is not less than a preset level, and other security detection information of all application programs attached with the unqualified label can be recorded, so that whether other problems exist from other angles or not can be found through the other security detection information.
On the basis of comprising all the beneficial effects of the previous embodiment, the embodiment provides a more specific and convenient-to-carry-out knowledge graph construction scheme, and meanwhile, the judgment of whether the APP to be tested meets the safety privacy requirement is finished through the subsequent processing of the third-party SDK, so that the scheme provided by the application can be used for directly obtaining whether the APP to be tested meets the APP privacy audit and compliance field results.
Further, considering that the information collected from various channels may not be overlapped or inconsistent, the information may be processed in a deep processing manner as far as possible, and one processing manner includes, but is not limited to:
Carrying out standardized processing on various names, abbreviations and non-standard sentences in the basic information and other information through a natural language understanding technology to obtain first standardized information;
carrying out knowledge extraction on various description information, privacy policies, file features and the like in the basic information and other information, and carrying out standardization processing on information obtained after the knowledge extraction to obtain second standardization information;
and according to the first standardized information and the second standardized information, sorting and obtaining the association information between each application program and the first party SDK and the third party SDK respectively.
By carrying out different standardization processing on different types of information and assisting with a knowledge extraction technology, the problem of inconsistent or conflicting information contents of different channels can be eliminated as much as possible.
In order to deepen understanding, the application also provides a specific implementation scheme in combination with a specific application scene:
1) The APP publisher X sends the APP to be published to a security privacy auditing server for publishing auditing;
2) The security privacy auditing server determines that the APP to be issued contains 4 SDKs through packet names, flow characteristics, code characteristics and the like, and the SDKs are respectively denoted by numbers 01, 02, 03 and 04;
3) The security privacy auditing server inputs the information of each numbered SDK into a pre-constructed knowledge graph in sequence;
4) The security privacy auditing server discovers according to the judgment result output by the knowledge graph:
the SDK of number 01 has the same developer signature as the APP to be published, so it is determined that the SDK of number 01 belongs to the own SDK (first party SDK) of the APP to be published;
the SDK of the number 02 is different from the APP to be issued in official website and company profile, and obvious differences exist in similarity of package names, so that the SDK of the number 02 is judged to belong to a third party SDK of the APP to be issued;
the unique package name of the SDK of number 03 appears on the product list of the official website of the developer of the APP to be published a plurality of times, and thus it is determined that the SDK of number 03 belongs to the own SDK (first-party SDK) of the APP to be published;
through testing, the to-be-issued APP has all resolution rights of the SDK of the number 04, so that the SDK of the number 04 is judged to belong to an own SDK (first party SDK) of the to-be-issued APP.
5) The security privacy auditing server tests security privacy risks of the third party SDK of the code 02 according to a preset test case, and finds that the third party SDK of the code 02 can be privately invoked after the APP to be issued runs for 10 minutes, and stops after the acquired user personal account password is sent to a designated mailbox, so that the third party SDK of the code 02 is judged to violate related security privacy regulations;
6) The security privacy audit server returns an audit failed notification to APP developer X that the third party SDK containing number 02 violates the relevant security privacy provisions.
With further reference to fig. 6, as an implementation of the method shown in the foregoing figures, the present application provides an embodiment of an apparatus for determining a third party SDK, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 2, and the apparatus is particularly applicable to various electronic devices.
As shown in fig. 6, the apparatus 600 for determining a third party SDK of the present embodiment may include: an actual SDK determining unit 601 and a third party SDK determining unit 602. Wherein, the actual SDK determining unit 601 is configured to obtain each actual SDK included in the application to be tested; a third-party SDK determining unit 602 configured to determine a third-party SDK in each actual SDK using a knowledge graph constructed in advance; the knowledge graph records the association relationship between each application program and the third party SDK.
In the present embodiment, in the apparatus 600 for determining the third party SDK: the specific processing of the actual SDK determining unit 601 and the third-party SDK determining unit 602 and the technical effects thereof may refer to the relevant descriptions of steps 201 to 202 in the corresponding embodiment of fig. 2, and are not described herein.
In some optional implementations of this embodiment, the apparatus 600 for determining a third party SDK may further include: a basic information acquisition unit configured to acquire basic information from each of the known application information base and the known SDK information base; a other information acquisition unit configured to acquire other information of each known application and the known SDK from a preset disclosure channel; the association information arrangement unit is configured to arrange and obtain association information between each application program and the first party SDK and the third party SDK respectively according to the basic information and other information; and the knowledge graph construction unit is configured to construct a knowledge graph according to the characteristics of the knowledge graph according to the associated information.
In some optional implementations of the present embodiment, the association information grooming unit may be further configured to: carrying out standardized processing on various names, abbreviations and non-standard sentences in the basic information and other information through a natural language understanding technology to obtain first standardized information; carrying out knowledge extraction on various description information, privacy policies, file features and the like in the basic information and other information, and carrying out standardization processing on information obtained after the knowledge extraction to obtain second standardization information; and according to the first standardized information and the second standardized information, sorting and obtaining the association information between each application program and the first party SDK and the third party SDK respectively.
In some optional implementations of this embodiment, the apparatus 600 for determining a third party SDK may further include: an actual privacy risk level determination unit configured to determine an actual privacy risk level of the third party SDK after determining the third party SDK; the notification sending unit is configured to return a notification that the application program to be tested meets the safety privacy requirement when the actual privacy risk level is smaller than the preset level; and the notification sending unit is configured to return a notification that the application program to be tested does not meet the safety privacy requirements when the actual privacy risk level is not less than the preset level.
In some optional implementations of this embodiment, the apparatus 600 for determining a third party SDK may further include: the disqualified label attaching unit is configured to attach disqualified labels to the application program to be tested, the actual privacy risk level of which is not less than the preset level; and an additional security detection information recording unit configured to record additional security detection information of all the applications to which the reject label is attached.
In some optional implementations of this embodiment, the apparatus 600 for determining a third party SDK may further include: and the increment updating and adjusting unit is configured to update and adjust the increment of the associated information in the knowledge graph according to a preset period.
The embodiment exists as an embodiment of a device corresponding to the embodiment of the method, and the device for determining the third party SDK provided by the embodiment introduces the new technical field of identifying the association between the application program and the SDK by applying the knowledge graph technology in other fields through the technical scheme, and finds the more comprehensive association between the application program and the SDK from a deeper level by means of the sorting and summarizing capabilities of the association between the application program and the SDK by the knowledge graph, so that an accurate identification result is obtained, and the security risk management and control of the application program is realized.
According to an embodiment of the present application, the present application also provides an electronic device and a computer-readable storage medium.
Fig. 7 illustrates a block diagram of an electronic device suitable for use in implementing a method for determining a third party SDK in accordance with an embodiment of the application. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the applications described and/or claimed herein.
As shown in fig. 7, the electronic device includes: one or more processors 701, memory 702, and interfaces for connecting the various components, including high-speed interfaces and low-speed interfaces. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions executing within the electronic device, including instructions stored in or on memory to display graphical information of the GUI on an external input/output device, such as a display device coupled to the interface. In other embodiments, multiple processors and/or multiple buses may be used, if desired, along with multiple memories and multiple memories. Also, multiple electronic devices may be connected, each providing a portion of the necessary operations (e.g., as a server array, a set of blade servers, or a multiprocessor system). One processor 701 is illustrated in fig. 7.
Memory 702 is a non-transitory computer readable storage medium provided by the present application. The memory stores instructions executable by the at least one processor to cause the at least one processor to perform the method for determining a third party SDK provided by the present application. The non-transitory computer readable storage medium of the present application stores computer instructions for causing a computer to perform the method for determining a third party SDK provided by the present application.
The memory 702 is used as a non-transitory computer readable storage medium, and may be used to store a non-transitory software program, a non-transitory computer executable program, and modules, such as program instructions/modules corresponding to the method for determining a third-party SDK in the embodiment of the present application (e.g., the actual SDK determining unit 601 and the third-party SDK determining unit 602 shown in fig. 6). The processor 701 executes various functional applications of the server and data processing by running non-transitory software programs, instructions, and modules stored in the memory 702, that is, implements the method for determining the third party SDK in the above-described method embodiment.
Memory 702 may include a storage program area that may store an operating system, at least one application program required for functionality, and a storage data area; the storage data area may store various types of data created by the electronic device when executing the method for determining the third party SDK, and the like. In addition, the memory 702 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid-state storage device. In some embodiments, the memory 702 optionally includes memory remotely located relative to the processor 701, which may be connected via a network to an electronic device adapted to perform the method for determining the third party SDK. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The electronic device adapted to perform the method for determining a third party SDK may further comprise: an input device 703 and an output device 704. The processor 701, the memory 702, the input device 703 and the output device 704 may be connected by a bus or otherwise, in fig. 7 by way of example.
The input device 703 may receive input numeric or character information and generate key signal inputs related to user settings and function control of an electronic device suitable for performing the method for determining a third party SDK, such as a touch screen, a keypad, a mouse, a track pad, a touch pad, a pointer stick, one or more mouse buttons, a track ball, a joystick, etc. input devices. The output device 704 may include a display apparatus, auxiliary lighting devices (e.g., LEDs), and haptic feedback devices (e.g., vibration motors), among others. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device may be a touch screen.
Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, application specific ASIC (application specific integrated circuit), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
These computing programs (also referred to as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented in a high-level procedural and/or object-oriented programming language, and/or in assembly/machine language. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
According to the technical scheme provided by the embodiment of the application, the knowledge graph technology applied to other fields is introduced into a new technical field for identifying the association between the application program and the SDK, and the comprehensive capability of the knowledge graph for sorting the association relationship between the application program and the SDK which are associated can be utilized to find the more comprehensive association relationship between the application program and the SDK from a deeper level, so that an accurate identification result is obtained, and the security risk management and control of the application program is realized.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present application may be performed in parallel, sequentially, or in a different order, provided that the desired results of the disclosed embodiments are achieved, and are not limited herein.
The above embodiments do not limit the scope of the present application. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present application should be included in the scope of the present application.
Claims (12)
1. A method for determining a third party SDK, comprising:
acquiring each actual SDK contained in the application program to be tested;
determining a third party SDK in each actual SDK by using a pre-constructed knowledge graph; wherein, the knowledge graph records the association relation between each application program and the third party SDK;
determining an actual privacy risk level of the third party SDK;
when the actual privacy risk level is smaller than a preset level, returning a notification that the application program to be tested meets the safety privacy requirement;
And when the actual privacy risk level is not less than the preset level, returning a notification that the application program to be tested does not meet the safety privacy requirement.
2. The method of claim 1, wherein the constructing the knowledge-graph comprises:
acquiring basic information from each known application information base and known SDK information base;
acquiring other information of each known application program and the known SDK from a preset public channel, wherein the other information is information except the basic information;
according to the basic information and the other information, the association information between each application program and the first party SDK and the third party SDK of the application program are obtained in a sorting mode;
and constructing and obtaining the knowledge graph according to the characteristic of the knowledge graph according to the association information.
3. The method of claim 2, wherein the associating information between each application program and its first party SDK and third party SDK respectively is obtained by sorting based on the basic information and the other information, including
Carrying out standardized processing on various names, abbreviations and non-standard sentences in the basic information and the other information through a natural language understanding technology to obtain first standardized information;
Carrying out knowledge extraction on various description information, privacy policies and file characteristics in the basic information and the other information, and carrying out standardization processing on information obtained after knowledge extraction to obtain second standardization information;
and according to the first standardized information and the second standardized information, sorting and obtaining association information between each application program and the first party SDK and the third party SDK respectively.
4. The method of claim 1, further comprising:
attaching an unqualified label to the application program to be tested, the actual privacy risk level of which is not less than the preset level;
all other security detection information of the application to which the reject label is attached is recorded.
5. The method of any one of claims 1 to 4, further comprising:
and carrying out incremental updating and adjustment on the associated information in the knowledge graph according to a preset period.
6. An apparatus for determining a third party SDK, comprising:
an actual SDK determining unit configured to acquire each actual SDK included in the application to be tested;
a third-party SDK determining unit configured to determine a third-party SDK in each of the actual SDKs using a knowledge graph constructed in advance; wherein, the knowledge graph records the association relation between each application program and the third party SDK;
An actual privacy risk level determining unit configured to determine an actual privacy risk level of the third party SDK;
the notification sending unit is configured to return a notification that the application program to be tested meets the safety privacy requirement when the actual privacy risk level is smaller than a preset level;
and the notification sending unit is configured to return a notification that the application program to be tested does not meet the safety privacy requirement when the actual privacy risk level is not smaller than the preset level.
7. The apparatus of claim 6, further comprising:
a basic information acquisition unit configured to acquire basic information from each of the known application information base and the known SDK information base;
a further information acquisition unit configured to acquire further information of each known application and a known SDK from a preset disclosure channel, wherein the further information is information other than the basic information;
the association information arrangement unit is configured to arrange and obtain association information between each application program and the first party SDK and the third party SDK respectively according to the basic information and the other information;
and the knowledge graph construction unit is configured to construct the knowledge graph according to the correlation information and the characteristics of the knowledge graph.
8. The apparatus of claim 7, wherein the association information grooming unit is further configured to:
carrying out standardized processing on various names, abbreviations and non-standard sentences in the basic information and the other information through a natural language understanding technology to obtain first standardized information;
carrying out knowledge extraction on various description information, privacy policies and file characteristics in the basic information and the other information, and carrying out standardization processing on information obtained after knowledge extraction to obtain second standardization information;
and according to the first standardized information and the second standardized information, sorting and obtaining association information between each application program and the first party SDK and the third party SDK respectively.
9. The apparatus of claim 6, further comprising:
a reject label attaching unit configured to attach a reject label to the application to be tested, for which the actual privacy risk level is not less than the preset level;
and an additional security detection information recording unit configured to record additional security detection information of all applications to which the reject label is attached.
10. The apparatus of any of claims 6 to 9, further comprising:
And the increment updating and adjusting unit is configured to update and adjust the increment of the associated information in the knowledge graph according to a preset period.
11. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method for determining a third party SDK of any one of claims 1-5.
12. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method for determining a third party SDK of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010492839.7A CN113761517B (en) | 2020-06-03 | 2020-06-03 | Method, device, equipment and storage medium for determining third party SDK |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010492839.7A CN113761517B (en) | 2020-06-03 | 2020-06-03 | Method, device, equipment and storage medium for determining third party SDK |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113761517A CN113761517A (en) | 2021-12-07 |
| CN113761517B true CN113761517B (en) | 2023-08-11 |
Family
ID=78783062
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010492839.7A Active CN113761517B (en) | 2020-06-03 | 2020-06-03 | Method, device, equipment and storage medium for determining third party SDK |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113761517B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114461484B (en) * | 2021-12-20 | 2023-04-25 | 奇安盘古(上海)信息技术有限公司 | Relevance determination method, device, equipment, medium and program for application program |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108804945A (en) * | 2018-06-09 | 2018-11-13 | 海南大学 | Based on data collection of illustrative plates, the information privacy protection method of Information Atlas and knowledge mapping |
| CN109559192A (en) * | 2018-10-25 | 2019-04-02 | 深圳壹账通智能科技有限公司 | Risk checking method, device, equipment and storage medium based on association map |
| CN110348719A (en) * | 2019-06-29 | 2019-10-18 | 上海淇毓信息科技有限公司 | A kind of risk control method based on user information knowledge mapping, device and electronic equipment |
| US10671752B1 (en) * | 2019-11-20 | 2020-06-02 | Capital One Services, Llc | Computer-based methods and systems for managing private data of users |
-
2020
- 2020-06-03 CN CN202010492839.7A patent/CN113761517B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108804945A (en) * | 2018-06-09 | 2018-11-13 | 海南大学 | Based on data collection of illustrative plates, the information privacy protection method of Information Atlas and knowledge mapping |
| CN109559192A (en) * | 2018-10-25 | 2019-04-02 | 深圳壹账通智能科技有限公司 | Risk checking method, device, equipment and storage medium based on association map |
| CN110348719A (en) * | 2019-06-29 | 2019-10-18 | 上海淇毓信息科技有限公司 | A kind of risk control method based on user information knowledge mapping, device and electronic equipment |
| US10671752B1 (en) * | 2019-11-20 | 2020-06-02 | Capital One Services, Llc | Computer-based methods and systems for managing private data of users |
Non-Patent Citations (1)
| Title |
|---|
| 郑树泉,王倩,武智霞,徐侃主编.《工业智能技术与应用》.上海:上海科学技术出版社,2019,第111页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113761517A (en) | 2021-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11811805B1 (en) | Detecting fraud by correlating user behavior biometrics with other data sources | |
| US10560465B2 (en) | Real time anomaly detection for data streams | |
| US10270795B2 (en) | Identifying network security risks | |
| US10121000B1 (en) | System and method to detect premium attacks on electronic networks and electronic devices | |
| US20210314354A1 (en) | Techniques for determining threat intelligence for network infrastructure analysis | |
| US10013458B2 (en) | Detecting logical relationships based on structured query statements | |
| US20150121401A1 (en) | Graph based data model for api ecosystem insights | |
| US11372956B2 (en) | Multiple input neural networks for detecting fraud | |
| US9633115B2 (en) | Analyzing a query and provisioning data to analytics | |
| US11870741B2 (en) | Systems and methods for a metadata driven integration of chatbot systems into back-end application services | |
| US20190130123A1 (en) | Monitoring and preventing unauthorized data access | |
| US20220027428A1 (en) | Security system for adaptive targeted multi-attribute based identification of online malicious electronic content | |
| US11315010B2 (en) | Neural networks for detecting fraud based on user behavior biometrics | |
| US20230244812A1 (en) | Identifying Sensitive Data Risks in Cloud-Based Enterprise Deployments Based on Graph Analytics | |
| CN111654495B (en) | Method, apparatus, device and storage medium for determining traffic generation source | |
| US11108788B1 (en) | Techniques for managing projects and monitoring network-based assets | |
| Bermbach et al. | Benchmarking web API quality-revisited | |
| US20180300572A1 (en) | Fraud detection based on user behavior biometrics | |
| CN113761517B (en) | Method, device, equipment and storage medium for determining third party SDK | |
| US20190286671A1 (en) | Algorithmic computation of entity information from ip address | |
| US20170032292A1 (en) | Method and Apparatus for Extracting Mobile Application Suitability Features for a Mobile Business Application | |
| US20230300156A1 (en) | Multi-variate anomalous access detection | |
| US20210026871A1 (en) | Illuminating data related to application | |
| WO2016090352A1 (en) | Customized synthetic data creation | |
| US11403577B2 (en) | Assisting and automating workflows using structured log events |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |