CN113822036A - Privacy policy content generation method and device and electronic equipment - Google Patents
Privacy policy content generation method and device and electronic equipment Download PDFInfo
- Publication number
- CN113822036A CN113822036A CN202111142435.6A CN202111142435A CN113822036A CN 113822036 A CN113822036 A CN 113822036A CN 202111142435 A CN202111142435 A CN 202111142435A CN 113822036 A CN113822036 A CN 113822036A
- Authority
- CN
- China
- Prior art keywords
- interface
- user information
- application software
- type
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/10—Text processing
- G06F40/166—Editing, e.g. inserting or deleting
- G06F40/186—Templates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
Abstract
The disclosure provides a privacy policy content generation method and device and electronic equipment, relates to the technical field of internet application, and particularly relates to the field of application software. The specific implementation scheme is as follows: detecting the function types of each interface when the application software runs to obtain an information collection interface for collecting user information; determining the type of the user information collected in the information collection interface; and generating privacy policy content corresponding to the user information type based on a preset collection statement template, wherein the preset collection statement template represents a statement template for collecting user information in the privacy policy. The present disclosure enables the generation of content for collecting user information in a privacy policy.
Description
Technical Field
The disclosure relates to the technical field of internet application, and in particular to a privacy policy content generation method and device and electronic equipment.
Background
The privacy policy is a policy for processing user information, which is made by Application software (APP) according to privacy policy, and is listed as a necessary file of the Application software in laws and regulations of major countries and regions, and the form of the policy generally includes a statement on how to collect, process, use, store, share, transfer, disclose, etc. the Application software manages user information data.
Disclosure of Invention
The disclosure provides a privacy policy content generation method, device, equipment and storage medium.
According to an aspect of the present disclosure, there is provided a privacy policy content generating method including:
detecting the function types of each interface when the application software runs to obtain an information collection interface for collecting user information;
determining the type of the user information collected in the information collection interface;
and generating privacy policy content corresponding to the user information type based on a preset collection statement template, wherein the preset collection statement template represents a statement template for collecting user information in the privacy policy.
According to another aspect of the present disclosure, there is provided a privacy policy content generating apparatus including:
the interface detection module is used for detecting the function types of each interface when the application software runs to obtain an information collection interface for collecting user information;
the first type determining module is used for determining the type of the user information collected in the information collecting interface;
and the content generation module is used for generating privacy policy content corresponding to the user information type based on a preset collection statement template, wherein the preset collection statement template represents a statement template for collecting user information in the privacy policy.
According to the privacy policy content generation method provided by the disclosure, the function types of each interface are detected when application software runs, an information collection interface for collecting user information is obtained, the user information type collected in the obtained interface is determined, and then privacy policy content corresponding to the user information type is generated based on a preset collection statement template, so that the generation of the privacy policy content is realized.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
FIG. 1 is a schematic flow diagram of a first embodiment of a privacy policy content generation method provided in accordance with the present disclosure;
FIG. 2 is a schematic flow chart diagram illustrating one possible implementation of step S11 in a privacy policy content generation method provided in accordance with the present disclosure;
FIG. 3 is an information collection interface during the running of application software provided by the present disclosure;
FIG. 4 is a schematic flow diagram of a second embodiment of a privacy policy content generation method provided in accordance with the present disclosure;
FIG. 5 is a schematic flow chart diagram of a third embodiment of a privacy policy content generation method provided in accordance with the present disclosure;
FIG. 6 is a schematic block diagram of a privacy policy content generation apparatus provided in accordance with the present disclosure;
fig. 7 is a block diagram of an electronic device for implementing a privacy policy content generation method of an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The privacy policy needs to accurately describe the purpose, mode, range and the like of the application software for collecting the user information data in the running process of the application software, so as to avoid illegal violation of collecting the user information data and avoid violation of the legitimate rights and interests of the user. However, in actual operation, the update iteration of the application software is frequent, the portions of the application software which are developed by different developers are different, and the privacy policy writer is often not the true developer of the application software, so that it is difficult to accurately and comprehensively grasp the user information data specifically collected when the application software of each update version runs.
In the related technology, the privacy policy content is generally maintained manually, and is updated manually along with the updating iteration of application software; the content of the privacy policy is updated according to the authority information in the installation package of the updated version, but in the actual development process, the content of the user information data collected in the actual operation of the application software cannot be truly, accurately and comprehensively determined, so that the content of the privacy policy is not accurate enough.
To address this issue, the present disclosure provides a privacy policy content generation method, including:
detecting the function types of each interface when the application software runs to obtain an information collection interface for collecting user information;
determining the type of the user information collected in the information collection interface;
and generating privacy policy content corresponding to the user information type based on a preset collection statement template, wherein the preset collection statement template represents a statement template for collecting user information in the privacy policy.
Therefore, by applying the privacy policy content generation method provided by the disclosure, the user information types collected in the information collection interface are obtained by detecting the function types of each interface when the application software runs, and the user information types collected in the application software running process can be determined more comprehensively. According to the preset collection statement template, the privacy policy content corresponding to the user information type is generated, the content of collecting the user information in the privacy policy is automatically generated instead of manual work, and the risk that the user information is illegally collected by application software can be further accurately avoided.
The following describes the privacy policy content generation method provided by the present disclosure in detail by using specific embodiments.
The method of the embodiment of the disclosure is applied to the intelligent terminal, can be implemented through the intelligent terminal, and in the actual use process, the intelligent terminal can be a computer, an intelligent mobile phone, an intelligent watch and the like.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for generating content of a privacy policy according to an embodiment of the present disclosure, including the following steps S11-S13.
Step S11: and detecting the function types of each interface when the application software runs to obtain an information collection interface for collecting user information.
The application software has a plurality of interfaces in the running process, each interface has respective function and type, and not all interfaces collect user information, so that the information collection interface which can collect the user information when the application software runs can be obtained by detecting the function and type of each interface. The above-mentioned each interface is detected, can be according to the graphic characteristics of each interface and the control type and the characters of each interface etc. to the function and the type of each interface discernment, and the identification process can be carried out at the equipment that application software installed is local directly, also can regard as independent service to deploy at the high in the clouds and go on.
In one example, the functions and types of the interfaces can be identified by capturing images of the interfaces of the application software during running, then sending the obtained image captures to the background server, and loading a deep learning model by the background server.
The user information in the embodiment of the application refers to information related to user privacy, and may be personal information of a user, such as an identity card number, a mobile phone number, and the like, information of equipment used by the user, such as a mobile phone model, a mobile phone equipment number, a mobile phone MAC address, and the like, and may also be environment information where the user is located, such as a user location address, and the like.
Step S12: the type of user information collected in the information collection interface is determined.
The user information type indicates the type of user information, such as the type of identity card number of the user, the type of mobile phone model of the user, the type of location address of the user, and the like. The user information of a plurality of user information types can be collected simultaneously in the same information collection interface, and the user information of one user information type can also be collected. The different information collecting interfaces can collect the user information of different user information types, and also can collect the user information of the same user information type.
For example, when the information collection interface is a user login interface, the collected user information type may be a mobile phone number, a user account, a mailbox, a password, and the like of the user; when the information collection interface is a user registration interface, the collected user information types can be names, account numbers, passwords, nicknames, academic calendars, mailboxes, mobile phone numbers and the like of users; when the information collection interface is a hotel reservation interface, the collected user information types can be the identity card number, name, birthday, age, gender and the like of the user; when the information collection interface is a user real-name authentication interface, the collected user information type can be the name, the identity card number, the face identification feature and the fingerprint of the user; when the information collection interface is a network payment interface, the collected user information types can be the bank card number, the credit card validity period, the credit card security code and the like of the user; when the information collection interface is an online inquiry and registration interface, the types of the collected user information can be the height, the weight, the past medical history, the hospitalization record, the disease condition and the like of the user.
Step S13: and generating privacy policy content corresponding to the user information type based on a preset collection statement template.
The preset collection statement template represents a statement template for collecting user information in the privacy policy.
In the privacy policy, the collection of user information for each user information type needs to be documented, and different user information types may use the same collection statement template, i.e., collection statements corresponding to different user information types may differ only in user information type. Therefore, a collection statement template may be set in advance, and after the type of the collected user information is determined, a collection statement corresponding to each user information type may be directly generated based on the collection statement template.
In one example, the preset collection statement may include: the system comprises six elements of business function, collection subject, collection action, personal information type, collection purpose and collection frequency. For example, the preset collection statement may be: when you use the xxx function, xxx may collect x information for xx purposes, n times every s seconds.
After the collection statements corresponding to the user information types are generated, the collection statements can be spliced, so that chapter content about the collected user information in the privacy policy is generated. When the application software has a privacy policy, the generated chapter contents related to the collected user information can be inserted into the original privacy policy to replace the original chapter contents related to the collected user information, that is, the automatic updating of the privacy policy is completed.
Therefore, by applying the privacy policy content generation method provided by the disclosure, the user information types collected in the information collection interface are obtained by detecting the function types of each interface when the application software runs, and the user information types collected in the application software running process can be determined more comprehensively. According to the preset collection statement template, the privacy policy content corresponding to the user information type is generated, the content of collecting the user information in the privacy policy is automatically generated instead of manual work, and the risk that the user information is illegally collected by application software can be further accurately avoided.
In an embodiment of the present disclosure, before detecting the function type of each interface when the application software runs to obtain an information collection interface for collecting user information, the method further includes:
and carrying out automatic operation on the application software by using an automatic operation framework, and traversing each interface of the application software.
The method can detect the function types of the interfaces when the application software runs, can enable the application software to run automatically through an automatic running framework, and can detect the interfaces when the application software runs through a monitoring system. In an example, the automatic operation framework may be a uiautomator (intelligent automatic monitoring), and the uiautomator may scan, analyze, and identify each interface when the application software operates; the service may also be an accessitivyservice (reachability service), and the accessitivyservice may acquire and identify changes in each interface during the running of the application software, so that an information collection interface for collecting user information during the running of the application software may be determined.
In one example, before the application software develops a new version and releases the new version, the application software may be installed on a device such as a real mobile phone, a simulator, a cloud mobile phone, and the like, the application software is automatically run by using an automatic running framework, and after traversing each interface of the application software, an information collection interface for the application software to collect user information and a type of the collected user information are determined, thereby generating content for collecting user information in a privacy policy. And after the privacy policy is generated, releasing the new version of the application software.
Therefore, by applying the privacy policy content generation method provided by the disclosure, the type of the user information collected by the application software can be determined by automatically running the application software, and the complexity and inconvenience of manually determining the user information collected by the application software can be avoided. Meanwhile, each interface of the application software is traversed, and the content of the collected user information in the privacy policy can be generated more comprehensively.
In a possible implementation manner, referring to fig. 2, the step S11 of detecting the function type of each interface when the application software runs to obtain an information collection interface for collecting user information includes:
step S21: and performing input box detection and preset keyword detection on each interface when the application software runs.
Step S22: regarding each interface, under the condition that the interface has an input box and preset keywords, taking the interface as an information collection interface; otherwise, the interface is used as other functional interfaces.
In the running process of the application software, an interface which requires a user to input user information can be provided, and an interface which directly calls the user information without the user inputting the user information can also be provided.
For an interface requiring a user to input user information, there may be an input box for the user to input the user information, and in addition, there may be a keyword for prompting the user to input, and the keyword may indicate the type of the user information. The keywords are different for user information of various user information types. For example, when the user is required to input the identification number, the keyword may be "identification number", and when the user is required to input a telephone number, the keyword may be "mobile phone number".
The keywords may be preset according to various user information types, and the preset keywords may include keywords corresponding to various user information types. When the interface in the running of the application software has an input box and preset keywords, the interface can be considered as an interface requiring a user to input user information, and the interface can be used as an information collection interface. And if the interface of the application software in operation does not have an input box or preset keywords, the interface is considered as other functional interfaces. In one example, the interface may be an interface for directly invoking the user information without the user inputting the user information, or may be another interface.
As shown in fig. 3, fig. 3 shows an information collection interface during the running process of application software, where the interface functions as a predetermined air ticket, there is an input box for a user to input user information, and meanwhile, the preset keyword for prompting the user to input the user information may be a name, a certificate number, a mobile phone, and a card number, which correspond to four user information types, i.e., a name, a certificate number, a mobile phone, and a card number, respectively. The interface may be considered an information gathering interface.
Therefore, by applying the privacy policy content generation method provided by the disclosure, whether the interface is an information collection interface is determined by detecting whether the interface has the input box and the preset keywords during the operation of the application software, and the interface during the operation of the application software can be detected more accurately.
In a possible implementation manner, the step S12 of determining the type of the user information collected in the information collection interface includes:
and determining the type of the user information collected in the information collection interface according to the preset keywords contained in the information collection interface and the corresponding relation between the preset keywords and the user information type.
As mentioned above, the preset keywords may be used to represent the user information types, so that the corresponding relationship between the keywords and the user information types is also preset, and after the information collection interface during the operation of the application software is determined, the user information types collected in the information collection interface may be determined according to each preset keyword included in the information collection interface. For example, when the preset keyword "name" is included in the information collection interface, the type of the user information collected by the interface can be considered as the name of the user.
Therefore, by applying the privacy policy content generation method provided by the present disclosure, the user information type collected in the information collection interface can be determined more accurately through the preset correspondence between the keywords and the user information type and the preset keywords in the information collection interface.
In an embodiment of the present disclosure, referring to fig. 4, the method further includes:
step S41: and monitoring each relevant application called by the application software through the application program interface.
Step S42: and under the condition that the related applications comprise target applications related to the user privacy, determining the user information type corresponding to the target applications according to the preset corresponding relation between the applications and the user information types.
During the running process of the Application software, various third-party related applications can be called through an Application Programming Interface (API). Therefore, the interface for collecting the user information when the application software runs may be that the application software collects the user information itself, or that the application software allows a third party related application to collect the user information. In this case, the correspondence between the relevant application and the user information type may be set in advance based on the user information type that the relevant application can collect by a collection means such as calling or reading.
When the application software runs, the monitoring system can be used for monitoring each related application called by the application software through the API, and when the situation that the related application called by the application software comprises a target application related to user privacy is monitored, the user information type of the target application can be determined according to the preset corresponding relation between the application and the user information type and is used as the user information type collected in the running process of the application software.
For example, the type of the user information collected by the application software through the API call related application may be an Address book, sms and mms contents, a device identification code, a device MAC Address (Media Access Control Address), a hardware serial number, a software installation list, system clipboard contents, location information, a trace track, and the like.
The device Identity may include an IMEI (International Mobile Equipment Identity), an IMSI (International Mobile Subscriber Identity), an Android ID (Android Identity), an IDFA (Identifier for Advertising), a GUID (global Unique Identifier), IMSI information of a SIM card (Subscriber Identity Module), and the like.
The location information may include a precise location, a rough location, latitude and longitude, an IP (Internet Protocol) address, and the like.
In one example, the content of the privacy policy regarding collecting user information may be generated based on a preset collection statement template, which may be different for the type of user information collected by the application software itself and the type of user information collected by the application software by calling the relevant application through the API.
For example, for the type of user information collected by the application software itself, the preset collection statement template may be: when you use xxx functionality, we (app) may need you to provide x information for xxx purposes, n times every t seconds. For the type of user information collected by the application software through API call of the relevant application, the preset collection statement template may be: when you use xxx functionality, a third party application might collect x information for xxx purposes, n times every t seconds.
The air ticket booking interface shown in fig. 3 is a user information type collected by the application software itself, and the collection statement generated based on the preset collection statement template for the interface may be: when you use the air ticket booking function, we may need to provide information such as a real name, an identification number, a mobile phone number, a card number and the like for the real name authentication of the air ticket, and we only need to collect the information once.
In one example, the monitoring of the running of the application software by the monitoring system may be implemented by a HOOK (HOOK) system, and each relevant application called through the API during the running of the application software is determined by capturing the operation of the application software system.
Therefore, by applying the privacy policy content generation method provided by the disclosure, the user information type corresponding to the target application related to the user privacy is determined by monitoring each related application called by the application software through the API, and the user information type collected in the application software running process can be more comprehensively identified, so that the content of collecting the user information in the privacy policy is more comprehensively generated.
In an embodiment of the present disclosure, referring to fig. 5, the method further includes:
step S51: and monitoring the uplink flow of the application software.
Step S52: and determining the user information type corresponding to the privacy information in the uplink traffic under the condition that the privacy information exists in the uplink traffic.
The user information collected by the application software in the running process can be uploaded to the server through the network, at the moment, the uplink flow of the application software can be monitored, and when the situation that the privacy information of the user exists in the uplink flow is monitored, the user information type corresponding to the privacy information in the uplink flow is identified. For example, when it is monitored that the IP address of the user exists in the uplink traffic, the corresponding user information type is identified as the IP address of the user.
In one example, a system application may be installed in a device where application software is installed, and is used to capture all real-time uplink traffic of the device, and upload the captured result to a server for analysis and recognition.
Therefore, by the privacy policy content generation method provided by the disclosure, the user information type corresponding to the privacy information in the uplink flow is determined by monitoring the application software uplink flow, the user information type collected in the application software operation process can be determined in a multi-channel manner, omission of the user information type collected by the application software is avoided, and the content of the user information collected in the privacy policy is generated more accurately.
On the other hand, referring to fig. 6, fig. 6 is a privacy policy content generating apparatus provided by the present disclosure, including:
the interface detection module 601 is configured to detect function types of interfaces when the application software runs, and obtain an information collection interface for collecting user information;
a first type determining module 602, configured to determine a type of user information collected in the information collection interface;
the content generating module 603 is configured to generate a privacy policy content corresponding to the user information type based on a preset collection statement template, where the preset collection statement template represents a statement template for collecting user information in the privacy policy.
Therefore, by applying the privacy policy content generation device provided by the disclosure, the user information types collected in the information collection interface are obtained by detecting the function types of each interface when the application software runs, and the user information types collected in the application software running process can be determined more comprehensively. According to the preset collection statement template, the privacy policy content corresponding to the user information type is generated, the content of collecting the user information in the privacy policy is automatically generated instead of manual work, and the risk that the user information is illegally collected by application software can be further accurately avoided.
In an embodiment of the present disclosure, the apparatus further includes:
and the interface traversing module is used for automatically operating the application software by utilizing an automatic operation framework and traversing each interface of the application software.
Therefore, by applying the privacy policy content generation device provided by the disclosure, the type of the user information collected by the application software can be determined by automatically running the application software, and the tedious and inconvenient manual determination of the user information collected by the application software can be avoided. Meanwhile, each interface of the application software is traversed, and the content of the collected user information in the privacy policy can be generated more comprehensively.
In an embodiment of the present disclosure, the interface detecting module 601 is specifically configured to:
performing input box detection and preset keyword detection on each interface when the application software runs;
regarding each interface, under the condition that the interface has an input box and preset keywords, taking the interface as an information collection interface; otherwise, the interface is used as other functional interfaces.
Therefore, by applying the privacy policy content generation device provided by the disclosure, whether the interface is an information collection interface is determined by detecting whether the interface has the input box and the preset keywords during the operation of the application software, so that the interface during the operation of the application software can be detected more accurately.
In an embodiment of the disclosure, the first type determining module 602 is specifically configured to:
and determining the type of the user information collected in the information collection interface according to the preset keywords contained in the information collection interface and the corresponding relation between the preset keywords and the user information type.
Therefore, by applying the privacy policy content generation device provided by the present disclosure, the type of the user information collected in the information collection interface can be determined more accurately through the preset correspondence between the keywords and the user information types and the preset keywords in the information collection interface.
In an embodiment of the present disclosure, the apparatus further includes:
the application detection module is used for monitoring each relevant application called by the application software through an application program interface;
and the second type determining module is used for determining the user information type corresponding to the target application according to the preset corresponding relation between the application and the user information type under the condition that the related application comprises the target application related to the user privacy.
Therefore, by applying the privacy policy content generation device provided by the disclosure, the user information type corresponding to the target application related to the user privacy can be determined by monitoring each related application called by the application software through the API, so that the user information type collected in the application software running process can be more comprehensively identified, and the content of collecting the user information in the privacy policy can be more comprehensively generated.
In an embodiment of the present disclosure, the apparatus further includes:
the flow monitoring module is used for monitoring the uplink flow of the application software;
and the third type determining module is used for determining the user information type corresponding to the privacy information in the uplink flow under the condition that the privacy information exists in the uplink flow.
Therefore, by applying the privacy policy content generation device provided by the disclosure, the user information type corresponding to the privacy information in the uplink flow is determined by monitoring the application software uplink flow, and the user information type collected in the application software operation process can be determined in multiple channels, so that the content of the user information collected in the privacy policy can be generated more accurately.
In the technical scheme of the disclosure, the collection, storage, use, processing, transmission, provision, disclosure and other processing of the personal information of the related user are all in accordance with the regulations of related laws and regulations and do not violate the good customs of the public order.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.
FIG. 7 illustrates a schematic block diagram of an example electronic device 700 that can be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 7, the device 700 comprises a computing unit 701, which may perform various suitable actions and processes according to a computer program stored in a Read Only Memory (ROM)702 or a computer program loaded from a storage unit 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data required for the operation of the device 700 can also be stored. The computing unit 701, the ROM 702, and the RAM 703 are connected to each other by a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
Various components in the device 700 are connected to the I/O interface 705, including: an input unit 706 such as a keyboard, a mouse, or the like; an output unit 707 such as various types of displays, speakers, and the like; a storage unit 708 such as a magnetic disk, optical disk, or the like; and a communication unit 709 such as a network card, modem, wireless communication transceiver, etc. The communication unit 709 allows the device 700 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server with a combined blockchain.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved, and the present disclosure is not limited herein.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.
Claims (15)
1. A privacy policy content generation method, comprising:
detecting the function types of each interface when the application software runs to obtain an information collection interface for collecting user information;
determining the type of the user information collected in the information collection interface;
and generating privacy policy content corresponding to the user information type based on a preset collection statement template, wherein the preset collection statement template represents a statement template for collecting user information in a privacy policy.
2. The method of claim 1, wherein before the detecting the function type of each interface when the application software runs to obtain the information collection interface for collecting the user information, the method further comprises:
and automatically operating the application software by using an automatic operation framework, and traversing each interface of the application software.
3. The method of claim 1, wherein the detecting the function type of each interface when the application software runs to obtain an information collection interface for collecting user information comprises:
performing input box detection and preset keyword detection on each interface when the application software runs;
and regarding each interface, taking the interface as an information collection interface under the condition that the interface has an input box and preset keywords.
4. The method of claim 3, wherein the determining the type of user information collected in the information collection interface comprises:
and determining the user information type collected in the information collection interface according to the preset keywords contained in the information collection interface and the corresponding relation between the preset keywords and the user information type.
5. The method of claim 1, further comprising:
monitoring each relevant application called by the application software through an application program interface;
and under the condition that the related applications comprise target applications related to the user privacy, determining the user information type corresponding to the target applications according to the preset corresponding relation between the applications and the user information types.
6. The method of claim 1, further comprising:
monitoring the uplink flow of the application software;
and determining the user information type corresponding to the privacy information in the uplink flow under the condition that the privacy information exists in the uplink flow.
7. A privacy policy content generation apparatus comprising:
the interface detection module is used for detecting the function types of each interface when the application software runs to obtain an information collection interface for collecting user information;
the first type determining module is used for determining the type of the user information collected in the information collecting interface;
and the content generation module is used for generating privacy policy content corresponding to the user information type based on a preset collection statement template, wherein the preset collection statement template represents a statement template for collecting user information in a privacy policy.
8. The apparatus of claim 7, further comprising:
and the interface traversing module is used for automatically operating the application software by utilizing an automatic operation framework and traversing each interface of the application software.
9. The apparatus according to claim 7, wherein the interface detection module is specifically configured to:
performing input box detection and preset keyword detection on each interface when the application software runs;
and regarding each interface, taking the interface as an information collection interface under the condition that the interface has an input box and preset keywords.
10. The apparatus of claim 9, wherein the first type determination module is specifically configured to:
and determining the user information type collected in the information collection interface according to the preset keywords contained in the information collection interface and the corresponding relation between the preset keywords and the user information type.
11. The apparatus of claim 7, further comprising:
the application detection module is used for monitoring each relevant application called by the application software through an application program interface;
and the second type determining module is used for determining the user information type corresponding to the target application according to the preset corresponding relation between the application and the user information type under the condition that the related application comprises the target application related to the user privacy.
12. The apparatus of claim 7, further comprising:
the flow monitoring module is used for monitoring the uplink flow of the application software;
and a third type determining module, configured to determine, when there is privacy information in the uplink traffic, a user information type corresponding to the privacy information in the uplink traffic.
13. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-6.
14. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-6.
15. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111142435.6A CN113822036B (en) | 2021-09-28 | 2021-09-28 | Privacy policy content generation method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111142435.6A CN113822036B (en) | 2021-09-28 | 2021-09-28 | Privacy policy content generation method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113822036A true CN113822036A (en) | 2021-12-21 |
| CN113822036B CN113822036B (en) | 2022-07-12 |
Family
ID=78921510
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111142435.6A Active CN113822036B (en) | 2021-09-28 | 2021-09-28 | Privacy policy content generation method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113822036B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114492409A (en) * | 2022-01-27 | 2022-05-13 | 百度在线网络技术(北京)有限公司 | Method and device for evaluating file content, electronic equipment and program product |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112199506A (en) * | 2020-11-10 | 2021-01-08 | 支付宝(杭州)信息技术有限公司 | Information detection method, device and equipment for application program |
| CN112256959A (en) * | 2020-06-11 | 2021-01-22 | 国家计算机网络与信息安全管理中心 | Method for analyzing information collected by WeChat public number small program |
| CN112835613A (en) * | 2021-01-29 | 2021-05-25 | 宝宝巴士股份有限公司 | APP privacy policy content management method |
| CN113254923A (en) * | 2021-06-25 | 2021-08-13 | 南京网眼信息技术有限公司 | Method and system for generating privacy policy text according to APK (android package) |
| CN113326536A (en) * | 2021-06-02 | 2021-08-31 | 支付宝(杭州)信息技术有限公司 | Method and device for judging compliance of application program |
| CN113435173A (en) * | 2021-05-28 | 2021-09-24 | 荣耀终端有限公司 | Text generation method, related device and system |
-
2021
- 2021-09-28 CN CN202111142435.6A patent/CN113822036B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112256959A (en) * | 2020-06-11 | 2021-01-22 | 国家计算机网络与信息安全管理中心 | Method for analyzing information collected by WeChat public number small program |
| CN112199506A (en) * | 2020-11-10 | 2021-01-08 | 支付宝(杭州)信息技术有限公司 | Information detection method, device and equipment for application program |
| CN112835613A (en) * | 2021-01-29 | 2021-05-25 | 宝宝巴士股份有限公司 | APP privacy policy content management method |
| CN113435173A (en) * | 2021-05-28 | 2021-09-24 | 荣耀终端有限公司 | Text generation method, related device and system |
| CN113326536A (en) * | 2021-06-02 | 2021-08-31 | 支付宝(杭州)信息技术有限公司 | Method and device for judging compliance of application program |
| CN113254923A (en) * | 2021-06-25 | 2021-08-13 | 南京网眼信息技术有限公司 | Method and system for generating privacy policy text according to APK (android package) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114492409A (en) * | 2022-01-27 | 2022-05-13 | 百度在线网络技术(北京)有限公司 | Method and device for evaluating file content, electronic equipment and program product |
| CN114492409B (en) * | 2022-01-27 | 2022-12-20 | 百度在线网络技术(北京)有限公司 | Method and device for evaluating file content, electronic equipment and program product |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113822036B (en) | 2022-07-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111160845B (en) | Service processing method and device | |
| US10380590B2 (en) | Transaction authentication based on metadata | |
| US10612940B2 (en) | Flow meter reading with image recognition secured with mask and software connected by mobile device | |
| KR101785481B1 (en) | Method for providing scraping service, server and system thereof | |
| CN107634947A (en) | Limitation malice logs in or the method and apparatus of registration | |
| CN109547426B (en) | Service response method and server | |
| CN113011856B (en) | Online residence method and device for energy enterprise, electronic equipment and medium | |
| CN109002733A (en) | A kind of pair of equipment carries out the method and device of reliability evaluation | |
| CN109241722A (en) | For obtaining method, electronic equipment and the computer-readable medium of information | |
| CN108492393A (en) | Method and apparatus for registering | |
| CN113822036B (en) | Privacy policy content generation method and device and electronic equipment | |
| CN109688096B (en) | IP address identification method, device, equipment and computer readable storage medium | |
| US10742642B2 (en) | User authentication based on predictive applications | |
| CN114186206A (en) | Login method and device based on small program, electronic equipment and storage medium | |
| CN112685255A (en) | Interface monitoring method and device, electronic equipment and storage medium | |
| CN109034759B (en) | Data transfer method and related equipment | |
| CN111400476A (en) | House source identification method and device, readable medium and electronic equipment | |
| CN115904527A (en) | Data processing method, device, equipment and medium | |
| EP4163811A1 (en) | Personal information protection-based speech information processing service provision system | |
| US20190042653A1 (en) | Automatic identification of user information | |
| CN109543398B (en) | Application program account migration method and device and electronic equipment | |
| CN108471635B (en) | Method and apparatus for connecting wireless access points | |
| CN113344064A (en) | Event processing method and device | |
| CN111131369A (en) | APP use condition transmission method and device, electronic equipment and storage medium | |
| CN109542646A (en) | Method and apparatus for calling application programming interface |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |